diff --git a/release_notes/topics/18_0_0.adoc b/release_notes/topics/18_0_0.adoc index 6a07e24d10..a9ca945e12 100644 --- a/release_notes/topics/18_0_0.adoc +++ b/release_notes/topics/18_0_0.adoc @@ -1,6 +1,4 @@ -= Highlights - -== New Operator preview += New Operator preview With this release, we're introducing a brand new {project_operator} as a preview. Apart from being rewritten from scratch, the main user-facing change from the legacy Operator is the used {project_name} distribution – the new Operator @@ -10,20 +8,20 @@ For details, incl. installation and migration instructions, see the https://www. The link:{operatorRepo_link}[legacy Operator] will receive updates until Keycloak 20 when the {project_name} WildFly distribution reaches EOL. -=== OperatorHub versioning scheme +== OperatorHub versioning scheme To avoid version conflicts with the legacy Operator, the 18.0.0 version of the new Operator is released as version `20.0.0-alpha.1` on OperatorHub. The legacy Operator versioning scheme remains the same, i.e. it is released as 18.0.0. The same pattern will apply for future {project_name} 18 and 19 releases, until version 20 where the legacy Operator reaches EOL. -== New Admin Console preview += New Admin Console preview The new Admin Console is now graduated to preview, with the plan for it to become the default admin console in Keycloak 19. If you find any issues with the new console, or have some suggestions for improvements, please let us know through https://github.com/keycloak/keycloak/discussions/categories/new-admin-console[GitHub Discussions]. -== Step-up authentication += Step-up authentication {project_name} now supports Step-up authentication. This feature was added in Keycloak 17, and was further polished in this version. @@ -31,17 +29,17 @@ For more details, see link:{adminguide_link}#_step-up-flow[{adminguide_name}]. Thanks to https://github.com/CorneliaLahnsteiner[Cornelia Lahnsteiner] and https://github.com/romge[Georg Romstorfer] for the contribution. -== Client secret rotation += Client secret rotation {project_name} now supports Client Secret Rotation through customer policies. This feature is now available as a preview feature and allows that confidential clients can be provided with realm policies allowing the use up to two secrets simultaneously. For more details, see link:{adminguide_link}#_secret_rotation[{adminguide_name}]. -== Recovery Codes += Recovery Codes Recovery Codes as another way to do two-factor authentication is now available as a preview feature. -== OpenID Connect Logout Improvements += OpenID Connect Logout Improvements Some fixes and improvements were made to make sure that {project_name} is now fully compliant with all the OpenID Connect logout specifications: @@ -52,7 +50,7 @@ Some fixes and improvements were made to make sure that {project_name} is now fu For more details, see link:{adminguide_link}#_oidc-logout[{adminguide_name}]. -== WebAuthn improvements += WebAuthn improvements {project_name} now supports WebAuthn id-less authentication. This feature allows that WebAuthn Security Key will identify the user during authentication as long as the security key supports Resident Keys. For more details, see link:{adminguide_link}#_webauthn_loginless[{adminguide_name}]. @@ -60,7 +58,7 @@ Thanks to https://github.com/vanrar68[Joaquim Fellmann] for the contribution. There are more WebAuthn improvements and fixes in addition to that. -== The deprecated `upload-script` feature was removed += The deprecated `upload-script` feature was removed The `upload-script` feature has been marked as deprecated for a very long time. In this release, it was completely removed, and it is no longer supported. @@ -73,27 +71,27 @@ If you are using any of these capabilities: You should consider reading this https://www.keycloak.org/docs/latest/server_development/#_script_providers[documentation] in order to understand how to still rely on these capabilities but deploying your scripts to the server rather than managing them through the management interfaces. -== Session limits += Session limits {project_name} now supports limits on the number of sessions a user can have. Limits can be placed at the realm level or at the client level. For more details, see link:{adminguide_link}#_user_session_limits[{adminguide_name}]. Thanks to https://github.com/mfdewit[Mauro de Wit] for the contribution. -== SAML ECP Profile is disabled by default += SAML ECP Profile is disabled by default To mitigate the risk of abusing SAML ECP Profile, {project_name} now blocks this flow for all SAML clients that do not allow it explicitly. The profile can be enabled using _Allow ECP Flow_ flag within client configuration, see link:{adminguide_link}#_client-saml-configuration[{adminguide_name}]. -== Quarkus distribution += Quarkus distribution -=== Import realms at startup +== Import realms at startup The {project_name} Quarkus distribution now supports importing your realms directly at start-up. For more information, check the corresponding https://www.keycloak.org/server/importExport[guide]. -=== JSON and File Logging improvements +== JSON and File Logging improvements The {project_name} Quarkus distribution now initially supports logging to a File and logging structured data using JSON. @@ -105,14 +103,14 @@ The {project_name} Quarkus distribution now supports expanding values in keycloa For more information, check the corresponding https://www.keycloak.org/server/configuration[guide]. -=== New Option db-url-port +== New Option db-url-port You can now change the port of your jdbc connection string explicitly by setting the new `db-url-port` configuration option. As for the other convenience options, this option will be overridden by the value of a full `db-url`, if set. -=== Split metrics-enabled option into health-enabled and metrics-enabled +== Split metrics-enabled option into health-enabled and metrics-enabled The `metrics-enabled` option now only enables the metrics for {project_name}. To enable the readiness and liveness probe, there's the new build option `health-enabled`. This allows more fine-grained usage of these options. -== Other improvements += Other improvements * Account console alignments with latest PatternFly release. * Support for encrypted User Info endpoint response. Thanks to https://github.com/giacomoa[Giacomo Altiero]