libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Update migration guide and release notes for ubi9-micro

Browse source
This commit is contained in:
Alex Szczuczko 2023-03-01 09:37:12 -07:00 committed by Václav Muzikář
parent 2e81fe4cc0
commit fa2daf53a4
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
release_notes/topics/21_0_0.adoc
View file

@ -76,6 +76,16 @@ For more details, see the https://www.keycloak.org/server/reverseproxy[Using a r
Please, make sure your proxy is also overriding the `Forwarded` header when making requests to Keycloak nodes.
= The container image is now based on ubi9-micro
To enhance security, the https://quay.io/repository/keycloak/keycloak?tab=info[Keycloak Container Image] has been modified in two ways: First, it is now based on UBI9, rather than UBI8. Second, we have switched to `+-micro+`, whereas `+-minimal+` was used before.
The change to UBI9 will not have any impact on most users. In rare cases the glibc error https://github.com/keycloak/keycloak/issues/17290[CPU does not support x86-64-v2] may appear. `+x86-64-v2+` has been available from processors since 2009. You're most likely to encounter this issue when your virtualization environment is misconfigured.
The change from `+-minimal+` to `+-micro+` has more potential impact. Users making simple customizations to the image won't notice any difference, however any user that installs RPMs will need to change how they do that. The https://www.keycloak.org/server/containers[container guide] has been updated to show you how.
As a result of these changes, there has been an 82% reduction in known CVEs affecting the Keycloak Container Image!
= Other improvements
* Option to disable client registration access token rotation. Thanks to https://github.com/reda-alaoui[Réda Housni Alaoui]

4
upgrading/topics/keycloak/changes-21_0_0.adoc
View file

@ -62,3 +62,7 @@ and now has been removed. Javadoc of these methods contained a corresponding rep
The old admin console, which was deprecated in previous versions, was finally removed. This also means that your custom themes, which were using it as parent theme or importing from it, won't work.
It is highly recommended to not deploy such themes at all as extending old admin console is not applicable anymore and there can be issues in Keycloak (at least warnings or errors in the logs) with
such themes deployed.
= Curl has been removed from the container
The https://quay.io/repository/keycloak/keycloak?tab=info[Keycloak Container Image] has been modified to enhance security. As a result, `+curl+` and other CLI tools have been removed, which you may have been using in your customized image. See the updated https://www.keycloak.org/server/containers[container guide] for information on how to handle this change.