Keycloak 1.9.5.Final has just been released. There's one change worth
highlighting in this release. We've increased the default password hashing
intervals to 20000. Yes, you read that right. We've actually recommended
using 20000 for a while now, but the default was only 1. This is a clear
trade-off between performance and how secure passwords are stored. With 1
password hashing interval it takes less than 1 ms to hash a password, while
with 20000 it takes tens of ms.
For the full list of resolved issues check out JIRA
<
https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...
and
to download the release go to the Keycloak homepage
<
http://www.keycloak.org/downloads>.