Updated release notes for Keycloak 20 (#1712)
* Updated release notes for Keycloak 20 Closes #1711 * Update release_notes/topics/20_0_0.adoc
This commit is contained in:
Stian Thorgersen
GitHub
parent
e6791d7093
commit
a0926e0022
1 changed files with 70 additions and 14 deletions
|
|
@ -1,12 +1,36 @@
|
|||
= WildFly distribution removed
|
||||
|
||||
With this release, we are removing the WildFly distribution which was already deprecated for some time. In case you are still using it, see our https://www.keycloak.org/migration/migrating-to-quarkus[Migration Guide] for switching to Quarkus distribution.
|
||||
In Keycloak 17.0.0 the new Quarkus based distribution of Keycloak, while the WildFly based distribution was deprecated.
|
||||
With this release the WildFly distribution has been removed, and is no longer supported.
|
||||
|
||||
With that, we are also removing the legacy Kubernetes Operator and keeping only the new Quarkus-based Operator (see below for its release notes).
|
||||
If you are still using the WildFly distribution we highly encourage migrating to the Quarkus distribution as soon as
|
||||
possible, see the https://www.keycloak.org/migration/migrating-to-quarkus[Migration Guide] for more details.
|
||||
|
||||
= Allow setting a base URL when configuring the hostname
|
||||
= New Keycloak Operator upgrade
|
||||
|
||||
In this release, we are introducing two additional server options to set a base URL for front end and Admin Console URLs.
|
||||
We are happy to announce that the new Keycloak Operator for the Quarkus based distribution is no longer a preview
|
||||
feature. We added new functionality as well as a number of improvements, some which has resulted in breaking changes.
|
||||
|
||||
== Realm Operator
|
||||
|
||||
As the new Operator currently lacks some of the CRs (e.g. Client and User), we're introducing a temporary workaround in
|
||||
the form of a Realm Operator. Please see its https://github.com/keycloak/keycloak-realm-operator[GitHub Repository] for
|
||||
more details. See also https://www.keycloak.org/2022/09/operator-crs["The future of Keycloak Operator CRs" blogpost].
|
||||
|
||||
= Supported OpenJDK versions
|
||||
|
||||
Keycloak now supports OpenJDK 17 both for the server and adapters.
|
||||
|
||||
With the removal of the WildFly based distribution there is no longer support for running the Keycloak server on OpenJDK 8.
|
||||
We also plan to remove support for Keycloak adapters on OpenJDK 8 in Keycloak 21.
|
||||
|
||||
Starting with Keycloak 22 we plan to only support the latest OpenJDK LTS release and aiming to quickly also support the
|
||||
latest OpenJDK release. That means we will be also removing OpenJDK 11 support for the Keycloak server in Keycloak 22.
|
||||
|
||||
= Hostname provider now supports configuring the complete base URL
|
||||
|
||||
In this release, we are introducing two additional server options to set the base URL for frontend request and the Admin
|
||||
Console:
|
||||
|
||||
* `hostname-url`
|
||||
* `hostname-admin-url`
|
||||
|
|
@ -19,24 +43,56 @@ In this release, we are making important changes to `kc.bat` to give the same ex
|
|||
|
||||
= Upgrade of embedded H2 database
|
||||
|
||||
{project_name} ships for development purposes with an H2 database driver. As it is intended for development purposes only, it should never be used in a production environment.
|
||||
{project_name} ships for development purposes with an H2 database driver. As it is intended for development purposes
|
||||
only, it should never be used in a production environment.
|
||||
|
||||
In this release, the H2 driver has been upgraded from version 1.x to version 2.x.
|
||||
See link:{upgradingguide_link}[{upgradingguide_name}] for details on how to migrate.
|
||||
|
||||
= New Keycloak Operator upgrade
|
||||
= Feature guard for hosting the Keycloak JavaScript adapter
|
||||
|
||||
We are happy to announce that the new Quarkus-based Keycloak Operator is no longer a tech preview feature. We added new functionality as well as the quality of life improvements. Some of them resulted in breaking changes.
|
||||
Applications are able to load `keycloak.js` directly from the Keycloak server. As it's not considered a best-practice
|
||||
to load JavaScript libraries this way there is now a feature guard that allows disabling this ability.
|
||||
|
||||
It’s important to emphasize that none of these breaking changes will come into effect automatically. Please, read our link:{upgradingguide_link}[{upgradingguide_name}] for more information.
|
||||
In Keycloak 21 we will deprecate this option, and in Keycloak 22 we plan to completely remove the ability to load
|
||||
`keycloak.js` from the Keycloak server.
|
||||
|
||||
== Realm Operator
|
||||
= OTP Application SPI
|
||||
|
||||
As the new Operator currently lacks some of the CRs (e.g. Client and User), we're introducing a temporary workaround in the form of Realm Operator. Please see its https://github.com/keycloak/keycloak-realm-operator[GitHub Repository] for more details. See also https://www.keycloak.org/2022/09/operator-crs["The future of Keycloak Operator CRs" blogpost].
|
||||
In previous releases the list of OTP applications displayed to users was hard-coded in Keycloak. With the introduction of
|
||||
the OTP Application SPI it is now possible to disable built-in OTP applications, as well as adding custom OTP Applications.
|
||||
|
||||
= Custom Identity Providers can now set an icon for the provider
|
||||
|
||||
A custom identity provider can now set the icon used on the login pages. Thanks to https://github.com/klausbetz[Klaus Betz],
|
||||
who happens also to maintain
|
||||
https://github.com/klausbetz/apple-identity-provider-keycloak[an extension to Keycloak to support log in with AppleID].
|
||||
|
||||
= Open Banking UK support
|
||||
|
||||
Keycloak is now compliant with Open Banking UK.
|
||||
Thanks to https://github.com/tnorimat[Takashi Norimatsu] for this contribution.
|
||||
|
||||
= FIPS 140-2 experimental support
|
||||
|
||||
There is now experimental support for deploying Keycloak into a FIPS 140-2 enabled environment. There will be a blog post
|
||||
with the details shortly after the release with the details how you can try it. Feedback is welcome!
|
||||
|
||||
Thanks to https://github.com/david-rh[David Anderson], who contributed parts of this feature. Also, thanks to
|
||||
https://github.com/sudeepd[Sudeep Das] and https://github.com/isaacjensen[Isaac Jensen] for their initial prototype
|
||||
effort, which was used as an inspiration.
|
||||
|
||||
= Search groups by attribute
|
||||
|
||||
It is now possible to search groups by attribute through the Admin REST API. Thanks to
|
||||
https://github.com/Redhat-Alice[Alice] for this contribution.
|
||||
|
||||
= View group membership in the account console
|
||||
|
||||
It is now possible to allow users to view their group memberships in the account console. Thanks to
|
||||
https://github.com/cgeorgilakis[cgeorgilakis] for this contribution.
|
||||
|
||||
= Deprecated methods from data providers and models were removed
|
||||
|
||||
Several deprecated methods were removed from data providers and models.
|
||||
If not done already, their usage needs to be replaced with the corresponding
|
||||
replacement documented in Javadoc of Keycloak 19 release. See
|
||||
Several deprecated methods were removed from data providers and models. If not done already, their usage needs to be
|
||||
replaced with the corresponding replacement documented in Javadoc of Keycloak 19 release. See
|
||||
link:{upgradingguide_link}[{upgradingguide_name}] for more details.
|
||||
|
|
|
|||
Loading…
Reference in a new issue