[keycloak-dev] PR - Remove Keycloak version from resource paths
Stian Thorgersen
sthorger at redhat.com
Thu Nov 14 06:36:37 EST 2019
Today, Keycloak includes the Keycloak version in resource paths to make
sure browsers fetch the new versions of resources after an upgrade.
It is not good practice to expose the version of software on public
endpoints, as such we need to change this behavior.
To achieve this I've updated the migration model to create a random 5
character URL friendly id that is persisted in the database, which is then
used in place of the Keycloak version.
That means there will be a unique resource version for each installation of
Keycloak, which is updated when Keycloak is upgraded. To prevent conflicts
the previous versions are not deleted from the migration model.
PR is here: https://github.com/keycloak/keycloak/pull/6473
More information about the keycloak-dev
mailing list