Stay Informed

This week, read about:

• Lucky Backup Might Save 100 Days of Data for InfluxData's GCP Belgium Users.
• Linus Torvalds Calls For Calm as bcachefs filesystem Doesn't Make Linux 6.5.
• Funnily Enough, AI Models Must Follow Privacy Law – Including Right To Be Forgotten.
• The Future of AlmaLinux is Bright.
• Oracle Takes On Red Hat in Linux Code Fight.

Key Security, Maintenance, and Features Releases

Security Based Updates

Redis 7.0.12        
Upgrade urgency SECURITY: See security fixes below.        
Security Fixes:

• (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger        
  a heap overflow in the cjson and cmsgpack libraries, and result in heap        
  corruption and potentially remote code execution. The problem exists in all        
  versions of Redis with Lua scripting support, starting from 2.6, and affects        
  only authenticated and authorized users.
• (CVE-2023-36824) Extracting key names from a command and a list of arguments        
  may, in some cases, trigger a heap overflow and result in reading random heap        
  memory, heap corruption and potentially remote code execution. Specifically:        
  using COMMAND GETKEYS* and validation of key names in ACL rules.

Bug Fixes:

• Re-enable downscale rehashing while there is a fork child
• Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
• Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction
• Fix WAIT to be effective after a blocked module command being unblocked
• Avoid unnecessary full sync after master restart in a rare case

Non-Security Based Updates

Docker compose 2.20.0        
Update:        
Dependencies upgrade: bump docker/cli-docs-tools to v0.6.0        
Dependencies upgrade: bump docker to v24.0.4        
Dependencies upgrade: bump buildx to v0.11.1        

Bug Fixes and Enhancements:       
Introduced the wait command.        
Added support of --builder and BUILDX_BUILDER to the build command.        
Added support for the attach attribute from the Compose Specification.        
Fixed a DryRun mode issue when initializing CLI client.        
Fixed a bug with random missing network when a service has more than one.        
Fixed the Secrets file permission value to comply with the Compose Specification.        
Fixed an issue about no-deps flag not being applied.        
Fixed some source code comments.        
Fixed a bug when --index is not set select.        
Fixed a process leak in the wait e2e test.        
Improved some test speeds.

Etcd 3.4.27       
etcd server:       
Fix corruption check may get a ErrCompacted error when server has just been compacted       
Improve Lease put performance for the case that auth is disabled or the user is admin       
Fix embed: nil pointer dereference when stopServer       
etcdctl v3:       
Add optional --bump-revision and --mark-compacted flag to etcdctl snapshot restore operation.    

Dependencies:       
Compile binaries using go 1.19.10.

Fluentd 1.16.2      
Bug Fix:      
#4208 in_tail: Fix new watcher is wrongly detached on rotation when follow_inodes, which causes stopping tailing the file      
#4237 in_tail: Prevent wrongly unwatching when follow_inodes, which causes log duplication      
#4214 in_tail: Fix warning log about overwriting entry when follow_inodes      
#4239 in_tail: Ensure to discard TailWatcher with missing target when follow_inodes      
#4178 MessagePackFactory: Make sure to reset local unpacker to prevent received broken data from affecting other receiving data      
#4188 Fix failure to launch Fluentd on Windows when the log path isn't specified in the command line      
#4229 logger: Prevent growing cache size of ignore_same_log_interval unlimitedly      
#4225 Update sigdump to 0.2.5 to fix wrong value of object counts      
Misc:      
#4191 in_tail: Check detaching inode when follow_inodes      
#4228 in_tail: Add debug log for pos file compaction      
#4201 #4210 Code improvements detected by RuboCop Performance      
#4159 Add notice for unused argument unpacker of ChunkMessagePackEventStreamer.each

Grafana 10.0.2     
Features and Enhancements:

• Alerting: Add limit query parameter to Loki-based ASH api, drop default limit from 5000 to 1000, extend visible time range for new ASH UI.
• Alerting: Move rule UID from Loki stream labels into log lines.
• Explore: Clean up query subscriptions when a query is canceled.
• Alerting: Allow selecting the same custom group when swapping folders.

Bug Fixes:

• Fix: Change getExistingDashboardByTitleAndFolder to get dashboard by title, not slug.
• Login: Fix footer from displaying under the login box.
• Alerting: Convert 'Both' type Prometheus queries to 'Range' in migration.
• Variables: Detect a name for duplicated variable.
• Logs: Fix wrong before and after texts in log context.
• Elasticsearch: Make it compatible with the new log context functionality.
• Alerting: Fix HA alerting membership sync.
• Alerting: Display correct results when using different filters on alerting panels.
• XYChart: Fix axis range and scale overrides.
• LogContext: Fix filtering out log lines with the same entry.
• Dashboard: Fix issue where a panel with a description and a cached response displays 2 info icons.
• Navigation: Fix toolbar actions flickering on mobile.
• XYChart: Ensure color scale is field-local and synced with data updates.
• Alerting: Fix unique violation when updating rule group with title chains/cycles.
• Alerting: Add file and rule_group query params in request for filtering the res….
• SAML UI: Enforce one option for configuring IdP metadata. (Enterprise)

Plugin Development Fixes & Changes:

• Grafana UI: Fix behaviour regression on Tooltip component.

Jenkins 2.414

• Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message). Use a less dangerous color for the safeRestart banner. Allow setting the full prepareShutdown message instead of only the reason. Show a hint on the "Jenkins Unavailable" page about safe restarts.
• Move the 'Update' and 'Install' buttons to the app bar.
• Improve CSP compatibility by uninlining javascript code.
• Make the style of the legacy API token revoke button consistent with other buttons.

Keycloak 22.0.0    
New Features:    
#8750 Require user to agree to 'terms and conditions' during registration keycloak    
#11089 Securing credentials/passwords not possible with Quarkus distribution keycloak dist/quarkus    
#11632 Enable Horizontal Pod Autoscaling for Keycloak deployed with the new Operator keycloak    
#15101 Support OpenJDK 19 keycloak    
#15910 Hostname debug tool keycloak dist/quarkus    
#17252 Add Keycloak Keystore Vault implementation keycloak dist/quarkus    
#17659 Claim to User Session Note Idp Mapper keycloak oidc    
#19650 Supporting reference access/refresh tokens keycloak    
#19968 Allow changing admin console logo and favicon from theme.properties keycloak    
#20016 Group attribute query is missing QueryParams in java admin client keycloak admin/client-java    
#20262 SSSD integration in Quarkus distribution keycloak    
#20625 Add support to the Operator for setting default labels on Keycloak pods keycloak operator    
#21254 Support for JWE IDToken and UserInfo tokens in OIDC brokers keycloak identity-brokering    
 Enhancements:    
#356 Update QuickStarts documentation to Quarkus distribution keycloak-quickstarts    
#357 Re-enable test that where disabled when updating test for the Quarkus dist keycloak-quickstarts    
#407 Nashorn dependency no longer needed in quickstarts keycloak-quickstarts    
#412 Doublecheck "provider" quickstarts with quarkus3 based Keycloak distribution keycloak-quickstarts    
#416 user-storage-* provider quickstarts keycloak-quickstarts    
#417 Event listener sysout quickstart keycloak-quickstarts    
#421 Event store mem quickstart keycloak-quickstarts    
#428 Extend-account-console quickstart keycloak-quickstarts    
#436 Remove keycloak-remote profile keycloak-quickstarts    
#1791 Clarification on user registration and identity brokering keycloak-documentation    
#8753 Reset Credentials Flow does not delete existing OTP keycloak authentication    
#9075 Remove any unnecessary dependency from distribution keycloak dist/quarkus    
#9434 OTP base32 decode improvements keycloak    
#10285 Expose deployment errors in the status field of Keycloak CR keycloak operator    
#10562 Support multiple KC instances in a single namespace keycloak operator    
#10736 Use SchemaSwap instead of shell script for Realm CRD generatio keycloak operator    
#10911 Use Quarkus JOSDK to generate CSV for OLM in the operator keycloak operator    
#11561 Non ASCII characters in TOTP secret not supported in 2FA configurations keycloak authentication    
#11759 Add support to indicate desired locale on init func with onLoad: 'login-required' options keycloak adapter/javascript    
#12593 Add a name to the keycloak port in the service keycloak    
#13074 Operator CRD status incompatible with kstatus keycloak operator    
#14747 Addition of Custom User Attribute Filter to Users API Count Endpoint keycloak    
#15003 Enable IPv6 dualstack support by default keycloak dist/quarkus    
#15044 Clean `RealmProvider` from methods from other areas keycloak storage    
#15046 Remove methods for old default roles approach keycloak storage    
#15136 Back to Application link should be client specific with the UPDATE_EMAIL feature keycloak    
#15344 Support configurable custom Identity Providers keycloak    
#15434 Customize log messages for user storage LDAP configuration in KC shown in admin UI keycloak    
#15454 Update migration guide with the changes that need to be done for developers using JAX-RS in their extensions keycloak    
#15490 Update Datastore provider to contain full data model keycloak storage    
#15789 "Failed to add user 'admin' ..." should not be an ERROR keycloak dist/quarkus    
#15947 support parameters like "uri" and "matchingUri" in the UMA grant token endpoint keycloak    
#16535 Group Attribute Search Erroneously returns when searching for nested group keycloak storage    
#16800 Operator Support for missing leading slash and present trailing slash in `http-relative-path` keycloak operator    
#16849 Add "Enable new user after creation" option for Active Directory keycloak    
#16902 Refine the set of RPMs included in the keycloak container image keycloak dist/quarkus    
#16967 Minimize the RPM content of the Operator container keycloak operator    
#16977 CRDB optimization: Optimize selects targeting the primary key or unique keys keycloak storage    
#17470 security enhancement : representation of admin events & credentials keycloak    
#17484 Migrate realms if configured to use RH-SSO themes keycloak    
#19792 Javascript example not printing errors keycloak docs    
#19924 Allow pre-filled GitHub issue forms via links from docs keycloak docs    
#19959 Add missing Spanish translations for login keycloak translations    
#19965 Add `lang` attribute to HTML tag of UIs keycloak account/ui    
#19990 Only add Access properties on groups, if the fine grain feature is on keycloak    
#20067 Upgrading to Infinispan 14.0.8 keycloak    
#20191 Conditional login through identity provider keycloak    
#20200 account console v3 theme.properties customizations keycloak    
#20216 Correct formatting in Server Developer guide keycloak    
#20250 Adhere to HTML standard when using `ul`-element keycloak    
#20263 SSSD documentation updated for quarkus distribution keycloak    
#20265 SSSD testing with GH actions keycloak    
#20303 UserPropertyMapper generated exceptions on mapping keycloak    
#20305 Upgrade JNA library keycloak    
#20386 Client executor for reject implicit grant when enabled for clients keycloak oidc    
#20388 Upgrade owasp html sanitizer to newest version keycloak    
#20469 Look ahead window setting in OTP policy is not accurate keycloak admin/ui    
#20486 Enable `simple-cache` for `local-cache` keycloak    
#20496 Move openshift client integration to separate extension keycloak core    
#20497 Move http-challenge authentication flow and the related authenticators to the extension keycloak authentication    
#20548 Also run Cypress tests on Firefox keycloak testsuite    
#20576 Allow custom annotation in Ingress keycloak    
#20582 Show warning message when overriding build options during starts keycloak    
#20623 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request keycloak    
#20674 Increase the length of password hash iterations password-policy input in admin ui keycloak admin/ui    
#20689 Removing unnecessary message from main command help text keycloak    
#20710 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request keycloak    
#20773 Add Hardcoded Group mapper to Identify Provider configuration keycloak    
#20783 Ability for users to view credentials without manage user permissions keycloak admin/api    
#20791 Update docs (and maybe tooltips) for timeout changes keycloak docs    
#20817 Improve start page on the account ui keycloak account/ui    
#20994 Update securing_applications guide for latest adapter changes (community) keycloak docs    
#21064 Allow any JGroups stack with --cache-stack keycloak    
#21163 Support for the `locale` user attribute keycloak    
#21167 Add missing Polish translations keycloak translations    
#21176 Remove adapters from product documentation keycloak docs    
#21272 Upgrade to Quarkus 3.2.0.Final keycloak    
#21283 Add `iat` claim to JWT that is passed to CIBA HttpAuthenticationChannel keycloak    
#21476 When essential claim check fails the error message should provide detailed information keycloak    
#21493 Enable publishNotReadyAddresses for discovery service keycloak    
Bugs:    
#369 Quickstarts for action-token-authenticator / action-token-required-action not working keycloak-quickstarts    
#409 Legacy quickstart tests are failing since quarkus3 upgrade keycloak-quickstarts    
#437 Tests does not work on OpenJDK 17 for quickstarts keycloak-quickstarts    
#9299 Refresh token with offline_access scope affected by session idle/session max keycloak oidc    
#9313 LDAPS Bind test fails with SSLHandshakeException while LDAP connection test works keycloak ldap    
#10110 Unable to add more than 6 acceptable AAGUIDs for WebAuthn keycloak authentication/webauthn    
#10195 User search with LDAP federation not consistent keycloak ldap    
#11079 SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata keycloak saml    
#11728 SSSD Federation fails with NPE after upgrade keycloak authentication    
#11990 Negative refresh token expiration (exp timestamp in the past) keycloak oidc    
#12012 KEYCLOAK-17116 Copy of Browser Flow overrides an original one keycloak authentication    
#12018 Trust Store hostname-verification-policy=ANY seems to be ignored keycloak docs    
#12720 Clearify the use of `db-url-properties` keycloak docs    
#12745 [keycloak-js] multiple init call with onload option as check-sso cause redirects keycloak adapter/javascript    
#12939 importing bin/kc.[sh|bat] import --file doesn't work when using external database keycloak dist/quarkus    
#13542 MigrationTest for KC 17 failures in the pipeline keycloak testsuite    
#13543 RecoveryAuthnCodesAuthenticatorTest failures in the pipeline keycloak testsuite    
#13922 Switching Locale after Completing an admin triggered required action yields an error keycloak authentication    
#14441 Client-secret with special character (+) for authorization is failing in 19.0.2 keycloak oidc    
#14617 ID token is not including roles keycloak oidc    
#14851 Realm update fails when realm has many Identity Providers configured and saves rep. with Admin Events keycloak admin/api    
#14854 Client session lifespan doesn't consider user session lifespan keycloak authentication    
#15337 User Session Note Mapper no longer adds IMPERSONATOR_USERNAME as SAML attribute keycloak saml    
#15536 Able to modify built-in flow keycloak admin/api    
#15782 Unable to perform export when server was started with new storage keycloak dist/quarkus    
#15845 Realm localization: Inconsistent message resolving regarding language fallbacks for different themes keycloak core    
#15853 Incorrect Signature algorithms presented by Client Authenticator keycloak oidc    
#15898 Keycloak Export only accept H2 datase-URL (Datasource: URL format error; must be jdbc:h2 ... but is jdbc:mariadb: ...) keycloak dist/quarkus    
#16165 SSSD User Federation dissapeared in 20.0.1/20.0.2 keycloak authentication    
#16166 Set OpenShift as a "Social Identity Provider" cannot work keycloak identity-brokering    
#16321 Single client export bug keycloak docs    
#16507 Hibernate 6 upgrade: Warning SqmDynamicInstantiation about dynamic Map instantiation keycloak storage    
#16551 Quarkus 3: RealmModelTest.testRealmLocalizationTexts fails keycloak testsuite    
#16577 Setting user password and entering "password confirmation" first leads to blocking of "save" keycloak admin/ui    
#16613 Impossible to update a federated user credential label keycloak admin/api    
#16833 Update documentation around `View all users` behavior in the new admin console keycloak docs    
#16992 upgrading from v18.0.2 to 19.0.3 or 20.0.3 fails with ERROR duplicate key value violates unique constraint "constraint_3c" keycloak core    
#17130 Theme & Provider folder empty in KeyCloak 20.0.3 keycloak docs    
#17288 New Referrer-policy breaks cross-origin SP<->IdP (KC) keycloak saml    
#17294 Make LDAP `searchForUsersStream` consistent with other storages keycloak storage    
#17304 javax.net.ssl.SSLException exceptions because org.keycloak.adapters.HttpClientBuilder ignores connectionTTL setting keycloak oidc    
#17312 Error updating old version (Keycloak 8) to Keycloak 20. NPE thrown due the realm.getDefaultRole() keycloak core    
#17377 Error: realms.removeSession wrong generic type keycloak admin/client-js    
#17388 Incorrect Url on Keycloak Health - Liveness and Readiness, no Startup Probes keycloak operator    
#17581 `JpaUserProvider` count methods are inconsistent with `searchForUser`'s param filter handling keycloak storage    
#19096 Memory issue with PathCache when running the traffic keycloak authorization-services    
#19136 Report an issue link points to Jira instead of GHI keycloak docs    
#19155 Priority not sent to server when adding new RSA key provider keycloak admin/ui    
#19156 Server Deployment documentation is not updated to Quarkus keycloak docs    
#19193 Slow Query Caused By Composite Indexes Order On Broker Link Table keycloak storage    
#19257 User ID is ignored in partial import keycloak import-export    
#19323 Hibernate 6: Entity in Key not returned when querying keycloak storage    
#19368 Facebook identity provider not working keycloak identity-brokering    
#19485 SignatureProvider not showing up in the Default Signature Algorithm list keycloak admin/ui    
#19530 Custom ResetCredentialEmail does not work after upgrade to Keycloak 21 keycloak core    
#19575 Account Console II doesn't remove TOTP from UserStorage keycloak account/api    
#19596 A way to override internal SPI after KC 21 keycloak core    
#19638 Custom User Storage Provider doesn't look up users after saving changes keycloak admin/ui    
#19675 Gzip cache is only invalidated upon Keycloak version changes keycloak core    
#19677 AlreadyLoggedIn when impersonating a user in a SAML client keycloak core    
#19725 Operator restarts occasionally result in recreation of managed keycloak Statefulset Pods keycloak operator    
#19746 Email settings erased after any change on realm settings keycloak admin/ui    
#19763 Documentation for User Storage Spi is incorrect keycloak storage    
#19777 Custom providers are not loaded properly in KC21 keycloak core    
#19805 Custom SignatureProviderFactory is not working as expected after Keycloak 21 upgrade keycloak core    
#19814 Testsuite must rely on IDs from Keycloak keycloak testsuite    
#19818 Support for realm-less entities in login failures keycloak storage    
#19844 NPE when updating a subflow in an authentication flow keycloak admin/api    
#19849 Incorrect HTTP status reported when DNS resolver is not available (and DB connection unavailable due to that) keycloak core    
#19852 Admin UI does not respect default values for custom authenticator configurations keycloak admin/ui    
#19897 Create a Client Policy on realm with client-roles or client-scopes condition raises an expection on the Client details keycloak admin/ui    
#19932 Test app is not functioning - https://www.keycloak.org/app/ keycloak docs    
#19933 Account v3 - account console link redirect to master realm keycloak account/ui    
#19942 New Flow created for Post Login Flow IDP not mark "Used by" at Flows keycloak admin/ui    
#19950 Logout redirect URL truncated since v20 keycloak oidc    
#19957 User search with more than two keywords returns empty list keycloak storage    
#19982 Default Roles show all roles if "Hide inherited roles" is not checked keycloak admin/ui    
#20007 Conditional user attribute authenticator does not match the joined groups keycloak oidc    
#20009 authenticator javaScript Provider always failed the login, user context is lost and break the login keycloak core    
#20013 Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet keycloak ci    
#20020 Cannot find @Generated annotation for ServicesLogger keycloak dependencies    
#20070 Update passthrough behavior and docs keycloak dist/quarkus    
#20077 Conditionally build WildFly adapters for our testsuite keycloak testsuite    
#20085 Custom theme - url.resourcesCommonPath references wrong theme keycloak admin/api    
#20097 FederatedUserLink always points to LDAP keycloak admin/ui    
#20101 Duplicated serverPrincipal property in LDAPStorageProviderFactory keycloak storage    
#20105 Unable to template emails in EventListenerProvider (No realm in provided KeycloakSession) keycloak authentication    
#20119 Support for non-XA databases keycloak storage    
#20182 User defined message bundles do not apply correctly to Admin Console keycloak admin/ui    
#20194 Valid redirect URI & web origin input fields display when "Standard flow" is disabled keycloak admin/ui    
#20202 Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testLazyClientSessionStatsFetching keycloak ci    
#20259 Failing ExternalLinks tests for old Keycloak JIRA Links keycloak docs    
#20261 Quarkus 3 build properties break product build keycloak dist/quarkus    
#20269 Flaky test: org.keycloak.testsuite.model.infinispan.CacheExpirationTest#testCacheExpiration keycloak ci    
#20304 When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable keycloak admin/ui    
#20329 Additional Provider Info only shows at end of list not below provider keycloak admin/ui    
#20331 Keycloak-js crasher: Missing null checks. Websites that have inline scripts without a src attribute as src attributes are not required. keycloak adapter/javascript    
#20332 Error 500 after signin to admin console: NullPointerException keycloak core    
#20349 WebAuthn test fails in the GHA keycloak testsuite    
#20372 keycloak-js-admin-client and keycloak-js-adapter do not build when a maven proxy is configured keycloak    
#20384 Fix User Federation tests after Q3 upgrade keycloak testsuite    
#20385 Servlet tests for JBoss-based adapters with TLS are broken keycloak testsuite    
#20387 Productization issue related to JNA upgrade keycloak dependencies    
#20401 SAML error not shown to user keycloak admin/ui    
#20426 ClientScope changes don't invalidate the realm cache keycloak storage    
#20433 Administration / Keycloak Admin REST API documentation can no longer be generated keycloak docs    
#20443 Avoid NPE while fetching offline sessions keycloak storage    
#20459 Changing the email address has no impact at username regardless "Email as username" toggle keycloak user-profile    
#20481 Fix tests related to file storage keycloak testsuite    
#20489 Admin UI - unable to load user's groups when large number of groups defined for the realm keycloak admin/ui    
#20498 When user federation is enabled, admin console user search doesn't show search field keycloak admin/ui    
#20503 Enabled User Event Types not visible when "Save events" disabled. keycloak admin/ui    
#20506 User events settings - "Save events" toggle doesn't always activate Save button. keycloak admin/ui    
#20510 Ensure proper escaping for LDAP keycloak storage    
#20534 For versions > 18.x.x client mapper is not able to override "name" for OpenID tokens keycloak oidc    
#20536 [Declarative User Profile] Optional attributes become required keycloak admin/ui    
#20540 `register-node-at-startup` in EAP Client Adapter eventually causes "java.lang.OutOfMemoryError: unable to create native thread keycloak adapter/jee    
#20541 Identity providers initialization has to use models keycloak storage    
#20550 Update example custom cache configuration for v>21 keycloak docs    
#20564 keycloak-admin-client does not url-encode client id and secret for basic auth as defined in RFC6749 keycloak admin/client-js    
#20599 Introduced additional dependencies in the testsuite keycloak testsuite    
#20615 Moving a group to root loses all its members keycloak admin/ui    
#20622 FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error keycloak oidc    
#20635 Add back examples for Kubernetes and Openshift to the quickstarts keycloak core    
#20656 Reset password does not show option to sign out from other devices keycloak authentication    
#20670 Could not process response from SAML identity provider because "this.text" is null keycloak identity-brokering    
#20671 Userinfo endpoint doesn't accept charset keycloak oidc    
#20673 Missing SAML Allow ECP Flow option keycloak admin/ui    
#20694 Selecting one mapper and switch page select them all keycloak admin/ui    
#20700 REST API Documentation ref wrong keycloak docs    
#20703 Realm export performance heavily depends on the amount of users per file keycloak import-export    
#20723 Keycloak deployed via new keycloak-operator triggers OpenShift alert `IngressWithoutClassName` keycloak operator    
#20725 Denial of Service/100% CPU usage: CRLUtils in infinite loop if more than one CRL list is used from different CAs keycloak core    
#20732 Keycloak erases form data on validation when `login_hint` is present keycloak account/ui    
#20757 SEND_RESET_PASSWORD event is not stored keycloak admin/api    
#20782 Mappers tab is not reachable on identity provider settings keycloak admin/ui    
#20831 Webauthn signature algorithms are improperly encoded as strings keycloak authentication/webauthn    
#20835 There is no server side pagination for sessions keycloak admin/ui    
#20847 Private key JWT authentication no longer works on Keycloak 21 keycloak authentication    
#20851 Empty shortVerificationUri not the same with default (null) value keycloak authentication    
#20855 Session cross-reference / transaction mismatch keycloak core    
#20878 Emails with non-ascii characters are not allowed since v21.0.0 keycloak user-profile    
#20888 Flaky test: org.keycloak.operator.testsuite.integration.ClusteringTest#testKeycloakScaleAsExpected keycloak operator    
#20895 Keycloak's default http client doesn't check HTTP response code keycloak core    
#20920 keycloak-server from testsuite won't start keycloak testsuite    
#20947 Partial Import is not working for resource Type in keycloak 21.1.1 keycloak import-export    
#20951 Jump links render wrong on small screens keycloak admin/ui    
#20954 Performance degradation when upgrading from RHSSO 7.6 to KC22 caused by TLSv1.3 processing keycloak dist/quarkus    
#20974 Avoid loading classes and resources from new store if legacy is enabled keycloak storage    
#20977 NPE when shutting down JPA after a failed initialization keycloak storage    
#20978 processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager keycloak oidc    
#21045 Custom User Storage Provider gets disabled when saved keycloak admin/ui    
#21047 Role details not visible unless the user has "View Realm" enabled keycloak admin/ui    
#21095 Group list isn't filtered based on permission like user lists keycloak     
#21106 Service Account Impersonation fails and results in weird browser state keycloak core    
#21120 Client scopes mapping not available for users with "view-clients" and "query-clients" keycloak admin/ui    
#21234 custom user storage provider update in admin-ui disables it, and stores value “t” as enabled keycloak admin/ui    
#21242 GroupResource POST /children cannot update existing subgroups keycloak admin/api    
#21263 Broken Links / Redirects Issues in Docs - 2023-06-27 keycloak docs    
#21290 UserSessionConcurrencyTest#testConcurrentNotesChange fails intermittently keycloak testsuite    
#21295 UserSessionProviderModelTest#testRemoteCachesParallel sessions are not removed after the test keycloak testsuite    
#21300 Keycloak Docs for Native App Redirect URI Should Recommend the IP literal keycloak docs    
#21307 3rd party check in iframe not working anymore in safari and keycloak 21.1.2 keycloak oidc    
#21317 [docs] External Links Errors - saml.xml.org http -> https redirect keycloak docs    
#21349 List of tested database in docs doesn't match pom.xml keycloak docs    
#21358 NPE in Edit Identity Provider Mapper on second Save keycloak admin/ui    
#21394 SSSD users with capitals in the email cannot login to keycloak keycloak core    
#21412 JavascriptAdapterTest is broken due to the multiple initialization of JS adapter keycloak testsuite    
#21427 Nexus staging plugin failing after Java 11 deprecation keycloak ci    
#21451 Cookie error on second browser tab keycloak core    
#21456 Quarkus 3.2 changed the property for quarkus.transaction-manager.object-store-directory keycloak dist/quarkus    
#21491 Wrong message for sync actions on LDAP role mapper keycloak admin/ui

AMQP 1.0 Plugin  
Bug Fixes:

• AMQP 1.0 clients that try to publish in a way that results in the message not being routed anywhere are now notified with a more sensible settlement status.

Prometheus Plugin  
Enhancements:

• Prometheus scraping API endpoints now support optional authentication.The plugin now filters out values that are undefined or NaN, simply excluding them from the API endpoint response.
• Previously, if a metric was not computed for any reason (e.g. free disk space monitor was disabled on the node), its value could end up being rendered as undefined or NaN, two values that Prometheus scrapers cannot handle (for numerical types such as gauges).

Management Plugin:  
Bug Fixes:

• It was not possible to close a table column selection pane on screens that had little vertical space.

STOMP Plugin  
Bug Fixes:

• This is a potentially breaking change. The plugin will now enforce maximum STOMP frame size. Frames larger than that size will be rejected. The default maximum size is 4 MiB. It can be increased or decreased:
• # increase maximum supported STOMP frame size to 10 MiB

    stomp.max_frame_size = 10485760

• To reduce it from the default 4 MiB to 2 MiB: 

    # 2 MiB

    stomp.max_frame_size = 2097152

Shovel Plugin  
Bug Fixes:

• Shovel will gracefully stop when its destination (target) does not exist. Such shovels will then be periodically restarted to retry.

Web MQTT Plugin  
Enhacements:

• It is now possible to opt in to deactivate file handle cache use in the plugin:

    web_mqtt.use_file_handle_cache = false

Web STOMP Plugin  
Enhacements:

• It is now possible to opt in to deactivate file handle cache use in the plugin:

   web_stomp.use_file_handle_cache = false

Ansible AWX 22.5.0 
What's Changed:

• Try to fix CI by adding dropped coreapi lib
• Add hashivault option as docker-compose optional container
• Upgrade issue labeler to fix 404 errors
• Use the proper queryset to filter project update events
• Fixed bug where a weekly rrule string without a BYDAY would result in the UI throwing a TypeError
• Add the bulk api swagger topic for API reference docs
• Fix filter experience when assigning access to teams
• Enhance development sidecar containers
• Fix spelling errors in readme of awx_collection/tools
• Fix selinux errors with Redis mount in dev env
• Rename/relocate receptor crt in install bundle
• Add combined roles/collection requirements on project sync
• Add optional pgbouncer to dev environment
• Added CSRF Origin in settings
• Fix DELETE 500 KeyError due to eventless model events
• Schedules form - pass time prop as string.
• Add settings.RECEPTOR_LOG_LEVEL, update work signing key path
• Fix black pre-commit hook