= Javascript engine available by default on the classpath In the previous version, when Keycloak was used on Java 17 with Javascript providers (Script authenticator, Javascript authorization policy or Script protocol mappers for OIDC and SAML clients), it was needed to copy javascript engine to the distribution. This is no longer needed as Nashorn javascript engine is available in Keycloak server by default. When you deploy script providers, it is recommended to not copy the nashorn script engine and it's dependencies into the Keycloak distribution. = Change of the default Client ID mapper of Service Account Client Default `Client ID` mapper of `Service Account Client` has been changed. `Token Claim Name` field value has been changed from `clientId` to `client_id`. `client_id` claim is compliant with OAuth2 specifications: - https://datatracker.ietf.org/doc/html/rfc9068#section-2.2[JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens] - https://www.rfc-editor.org/rfc/rfc7662#section-2.2[OAuth 2.0 Token Introspection] - https://datatracker.ietf.org/doc/html/rfc8693#section-4.3[OAuth 2.0 Token Exchange] `clientId` userSession note still exists.