[keycloak-user] Keycloak 3.2.0.CR2 released

Stian Thorgersen sthorger at redhat.com
Fri Jun 30 08:30:46 EDT 2017


For those wondering. It's CR1, not CR2 as the subject states ;)

On 30 June 2017 at 14:20, Thomas Darimont <thomas.darimont at googlemail.com>
wrote:

> Hello guys,
>
> congratulations to the team for this awesome release! :)
>
> Cheers,
> Thomas
>
> 2017-06-30 13:31 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>
>> We've just released Keycloak 3.2.0.CR1.
>>
>> To download the release go to the Keycloak homepage
>> <http://www.keycloak.org/downloads>.
>> HighlightsFine grained admin permissions
>>
>> This is something that we've wanted to add for a long time! Through our
>> authorization services it's now possible to finely tune permissions for
>> admins. This makes it possible to limit what clients, users, roles, etc.
>> admins have access to. Documentation is missing for this at the moment,
>> but
>> will be added in time for 3.2.0.Final.
>> Docker Registry support
>>
>> It's not possible to secure a Docker Registry with a standard OAuth or
>> OpenID Connect provider. For some strange reason they have only partially
>> followed the specifications and the Docker Registry maintainers refuse to
>> fix this! Fear not, thanks to cainj13 <https://github.com/cainj13> who
>> contributed this we now have a special Docker Registry protocol that can
>> be
>> enabled in Keycloak.
>> Authentication sessions and access tokens
>>
>> In the effort to provide support for running Keycloak in multiple data
>> centers we've done a large amount of work around user sessions. We've
>> introduced authentication sessions that are special sessions used
>> primarily
>> during the authentication flows. There are two main reasons for this.
>> Authentication flows can fairly easily be fixed to a specific node within
>> a
>> specific data center and there is no need to replicate this to other data
>> centers. They are also more write heavy than the user sessions. The
>> introduction of access tokens makes it possible to detach actions (for
>> example verify email) from a user session, which has a number of benefits.
>> More will come in future 3.x releases and by the end of the year we aim to
>> fully support replicating Keycloak cross multiple data centers.
>> Authorization Service improvements
>>
>> There's been a lot of work done to the authorization services in this
>> release. Way to many to list here so check out JIRA
>> <https://issues.jboss.org/browse/KEYCLOAK-5072?jql=project%
>> 20%3D%20keycloak%20and%20fixVersion%20%3D%203.2.0.
>> CR1%20and%20component%20%3D%20Authorization>
>> for
>> details.
>> QuickStarts
>>
>> We've introduced new QuickStarts with the aim to make it even simpler for
>> you to get started securing your applications and services with Keycloak.
>> The QuickStarts have proper tests as well, which can serve as a reference
>> on how to tests your own applications and services secured with Keycloak.
>> Check out the new QuickStarts in the keycloak-quickstarts GitHub
>> repository
>> <https://github.com/keycloak/keycloak-quickstarts>.
>> Upgraded AngularJS and JQuery
>>
>> We've upgraded the versions we use of AngularJS and JQuery as there where
>> a
>> number of known vulnerabilities. We're fairly certain neither of the known
>> vulnerabilities affect Keycloak, but to be on the safe side we decided to
>> upgrade.
>> Updated Password Hashing Algorithms
>>
>> We're still using PBKDF2, but we've added support for SHA256 and SHA512.
>> PBKDF2 is SHA256 is now used by default.
>> Spring Boot QuickStarter
>>
>> We've added a new Spring Boot QuickStarter that makes it super simple to
>> get started securing your Spring Boot applications. For more details check
>> out the blog post about it
>> <http://blog.keycloak.org/2017/05/easily-secure-your-spring-boot.html>.
>> Loads more..
>>
>>    - Partial export of realms in the admin console
>>    - Redirect URI rewrite rules for adapters
>>    - Test email settings in the admin console
>>    - Initial access tokens now persisted to the db
>>
>> The full list of resolved issues is available in JIRA
>> <https://issues.jboss.org/issues/?jql=project%20%3D%20keyclo
>> ak%20and%20fixVersion%20%3D%203.2.0.CR1>
>> .
>> Upgrading
>>
>> Before you upgrade remember to backup your database and check the
>> migration
>> guide
>> <https://keycloak.gitbooks.io/documentation/server_admin/top
>> ics/MigrationFromOlderVersions.html>.
>> Release candidates are not recommended in production and we do not support
>> upgrading from release candidates.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>


More information about the keycloak-user mailing list