Stay Informed

This week, read about:

• Tiny Core Linux 15 Stuffs Modern Computing in a Nutshell.
• India Demands Beta AIs Secure Government Permission Before Going Public.
• Over 100 Malicious AI/ML Models Found on Hugging Face Platform.
• Interview with Javier Perez on the 2024 State of Open Source Report.
• Download the 2024 State of Open Source Report.

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

• expat-2.0.1-13_ol003.el6
  • Backported security fix for CVE-2022-25235 from https://github.com/libexpat/libexpat/pull/562/files
  • Backported security fix for CVE-2022-25315 from https://github.com/libexpat/libexpat/pull/559/files
• CVE-2023-4911
  • CentOS 8 
    • glibc-2.28-164_ol002.el8
• CVE-2018-25032 
  • CentOS 8 
    • zlib-1.2.11-17_ol002.el8
• CVE-2022-2526
  • CentOS 8
    •  systemd-239-51_ol001.el8_5.2 
• CVE-2021-4157 
  • CentOS 8
    • kernel-4.18.0-348.7.1_ol001.el8_5
• CentOS 6 
  •  tzdata-2023c-1_ol001.el6

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

Linux kernel vulnerabilities

• CVE-2023-52440 - Linux Kernel ksmbd Session Key Exchange Heap-based Buffer Overflow Remote Code Execution Vulnerability
• CVE-2023-52441 - Linux Kernel ksmbd Negotiate Request Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2023-52442 - Linux Kernel ksmbd Chained Request Improper Input Validation Information Disclosure Vulnerability

Non-Security Based Updates

Angular 17.2.3

• COMMON
  • (perf - 1a526f2881) | AsyncPipeshould not callmarkForCheckon subscription (#54554)
• COMPILER-CLI
  • (fix - 2aefed8763) | catch function instance properties in interpolated signal diagnostic (#54325)
  • (fix - 48aec63ee4) | identify aliased initializer functions (#54480)
  • (fix - daf7c611b2) | identify aliased initializer functions (#54609)
• CORE
  • (fix - 57123524a2) | collect providers from NgModules while rendering@deferblock (#52881)
  • (fix - 79a32816dc) | fix typo in injectors.svg file (#54596)
• MIGRATIONS
  • (fix - dbe673b027) | resolve infinite loop for a single line element with a long tag name and angle bracket on a new line (#54588)

Ansible-Core 2.16.4
Bugfixes:

• Fix loading vars_plugins in roles.
• Expect - fix argument spec error using timeout=null.
• Include_vars - fix calculating ``depth`` relative to the root and ensure all files are included.
• Templating - ensure syntax errors originating from a template being compiled into Python code object result in a failure.

Ansible AWX 23.9.0
What's Changed:
* Updated the release doc to check for awxkit tar files 
* Removed `tower_legacy` module_utils that appears unused 
* Added tests for websocket endpoints 
* Disabled ``install_bundle`` endpoint for ingress node 
* Updated release notes so they do not require maintenance 
* Fixed problems with workflow nodes information section 
* Labeled any changes to requirements folder with dependencies label 
* Allowed dev image to build on fork
* Added YAML tab for Job Output event modal
* Added the ability to use awxkit with websocket custom URLs 
* Fixed login rerouting on the user's current tab 
* Fixed typo in French message
* Added new French translations on various UI screen messages 
* Fixed error in French message translation of the User Details screen 
* Added support for Terraform credentials in awxkit
* Added multi-arch build for AWX images in ghcr.io
* Fixed graphics, illustrations, tables, examples, and sizing associated with the Managing Capacity with Instances chapter of the *Administration Guide*
* Improved the performance for migration middleware
* Enhanced the dashboard Job Summary endpoint to contain canceled and error job counts 
* Fixed ``project_update`` role/collection install
* Added ``# -*-coding:utf-8-*-`` to allow users to have Japanese, Chinese, and Korean characters in email messages 
* Removed ability to use the bulky test-playbooks in tests where possible
* Sent ``QUIT`` to worker before terminating 
* Fixed diagram for hop node in Instances chapter of the *Administration Guide* and added introduction text to LDAP chapter to fix formatting abnormality
* Fixed CVEs and bump receptorctl version
* Fixed ``ui_next`` banner in the AWX User Interface
* Published multi-arch manifest of AWX 
* Published multi-arch for AWX execution environments 

Jenkins 2.447
1. Use the symbol for parameters in build history of pending jobs. (pull 8977))
2. Do not show empty tooltips. (issue 71148))
3. Developer: Update Stapler from 1822.v120278426e1c to 1839.ved17667b_a_eb_5 to no longer generate line JavaScript with Stapler bound objects to improve compatibility with ContentSecurityPolicy Plugin. (Stapler 1839.ved17667b_a_eb_5 Release Notes))

Keycloak 24.0.0
Highlights:

• Supported user profile and progressive profiling
• The user profile preview feature is promoted to be fully supported and user profile is enabled by default.
• In the past months, the Keycloak team spent a huge amount of effort in polishing the user profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and polishing were done based on the thorough testing and feedback from our awesome community.

The following are a few highlights of this feature;

• Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.
• Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.
• Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.
• Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a particular attribute to be a URL or number.
• Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.
• Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of scope parameter. This effectively allow progressive profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client applications that are used by the user.
• Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the Upgrading Guide.
• The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.

All resolved issues
New features:
#15190 RestAPI endpoint "send-verify-email" sending execute actions email template. admin/api
#19586 @keycloak/keycloak-admin-client doesn't provide an ability to use optional client scope for access token admin/client-js
#23539 User profile attributes should only accept a single value unless configured otherwise user-profile
#25167 Implement POST logout in Keycloak JS adapter/javascript
#25446 CORS SPI oidc
#25676 Introduce new CLI config options for Infinispan remote store dist/quarkus
#25702 Encrypt network communication in JGroups dist/quarkus
#25733 Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x
#25903 Create new landing page for admin console
#25941 Issue Verifiable Credentials in the JWT-VC format core
#26028 Remove conditional statements about Windows / Linux from the docs docs
#26250 OAuth 2.0 Grant Type SPI oidc
#26455 Supported option to specify maximum threads used to handle HTTP requests dist/quarkus
#26456 Supported option to specify resource management for pods in Keycloak CR dist/quarkus
#26458 Support custom Infinispan configuration file in Keycloak CR operator
#26460 Supported option to specify site name for multi-site deployments dist/quarkus
#26500 Cookie Provider
#26936 Support EC Key-Imports for the JavaKeystoreKeyProvider
#27186 Meta description of admin-ui and account-ui cannot be changed in theme.properties

Enhancements:
#9508 Rename "Resident key" to "Discoverable Credential" docs
#9758 User attributes with a text more than 255 characters storage
#9784 Add truststore options to Keycloak CR operator
#10794 Support importing Kubernetes CA operator
#12009 Support for scope parameter in the refresh flow oidc
#12352 Align Operator config naming with Quarkus distribution operator
#12946 Add X509 thumbprint to JWT when using private_key_jwt  oidc
#13250 --verbose option doesn't work in Quarkus distribution dist/quarkus
#15000 Add EdDSA/Ed25519 to WebAuthn Signature algorithms authentication/webauthn
#15714 Supporting EdDSA oidc
#16629 Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations authentication
#17574 Add failedLoginNotBefore field to existing brute force detection status API
#17735 Admin-UI: Show realm display name in realm drop down instead of realm id if available admin/ui
#19190 Add "amr" to already implemented "acr" support
#19285 Disable Groovy Closures when bootstrapping Picocli dist/quarkus
#20125 Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 admin/ui
#21074 Identity providers: pagination in admin console
#21343 Upgrade welcome theme to PatternFly 5 welcome/ui
#21559 Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation
#21578 Scope parameter in Oauth 2.0 token exchange
#21771 List reload button for admin panel admin/ui
#22436 Query users by 'LDAP_ID' is not working ldap
#22922 Use Infinispan BOM instead of direct Infinispan dependencies storage
#23057 Localization tabs admin/ui
#23431 Allow user to select between `Forwarded` or `X-Forwarded-*` header
#23470 Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc authorization-services
#23854 Use upstream Quarkus functionality for non-blocking probes dist/quarkus
#23878 User profile configuration scoped to user-federation provider user-profile
#23896 Changes in declarative user profile should result in admin events user-profile
#24094 Map Store Removal: Delete map profiles from testsuite storage
#24097 Map Store Removal: Delete container providers that were added to the base testsuite storage
#24102 Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages storage
#24103 Map Store Removal: Delete GlobalLockProvider storage
#24105 Map Store Removal: Rename Legacy* classes storage
#24107 Map Store Removal: Revert deprecated modules in model/legacy and rename "legacy" to "storage" storage
#24148 Add config property to specify a list of truststores
#24202 Cache stampede after client invalidation storage
#24245 Parse default UserProfile configuration in the build time
#24250 Allow selecting attributes from user profile when managing token mappers user-profile
#24344 Enhance error logs and error events during UserInfo endpoint and Token Introspection failure
#24412 Accessibility of 2FA method selection login/ui
#24422 UMA 2 not evaluating as expected when using permission tickets authorization-services
#24424 Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 saml
#24567 Map Store Removal: Revert changes related to map store in test classes in base testsuite storage
#24668 Features versioning
#24793 Map Store Removal: Remove `LockObjectsForModification` storage
#24798 Add truststores to keycloak cr
#24860 Initialize Infinispan earlier in the build chain dist/quarkus
#24926 Add polish translations admin/ui
#24995 Avoid deprecated API usage in testsuite/integration-arquillian/tests/base core
#25058 Add Polish Translations to Account UI account/ui
#25074 Update Kerberos provider for user-profile user-profile
#25075 Update SSSD provider for user-profile user-profile
#25103 Remove product from server info admin/ui
#25113 Add a test for the LoadBalancerCheck
#25146 Decouple "factory" methods from the "provider" methods on UserProfileProvider implementation user-profile
#25149 Replace the existing themes with the dynamic templates from user profile user-profile
#25236 Documentation about Australia Consumer Data Right security profile
#25238 Add missing Arabic messages
#25287 Upgrade Infinispan to 14.0.21.Final
#25288 Map Store Removal: Remove protostream dependency storage
#25300 Deprecate offline session preloading infinispan
#25308 Map Store Removal: Revert changes made to backchannelLogout storage
#25309 Map Store Removal: Remove ResponseSessionTask storage
#25314 Supporting OAuth 2.1 for confidential clients oidc
#25315 Client policies : executor for enforcing DPoP oidc
#25316 Supporting OAuth 2.1 for public clients oidc
#25328 Tests for client scopes/evaluate tab are missing
#25375 Extra tests for realm roles
#25388 Enable concurrent remote operations for Infinispan storage
#25403 Implements attributes field in KeycloakProfile interface admin/client-js
#25404 Adapt incremental build for latest changes in themes module ci
#25415 Describe how to use Infinispan Batch CRs for automation with the external Infinispan storage
#25416 Update UserProfileProvider.setConfiguration to accept UPConfig instead of String
#25487 Add extra tests for realm-settings in admin-ui
#25637 Client policies: executor for validate and match a redirect URI oidc
#25638 Keycloak native implementation of SD-JWT core
#25666 [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider
#25691 More info on UserProfileContext user-profile
#25738 Tooltips improvements when configuring user profile attribute user-profile
#25770 X509 client certificate login label extends out of form login/ui
#25823 Ability to declare a default "First broker login flow" per Realm
#25872 Make the `user` attribute available to the `idp-review-user-profile.ftl` template
#25882 RealmResourceProvider is not working as expected since version 23.0.0 core
#25897 Admin UI: Show realm display name on welcome page admin/ui
#25908 Could not format default value for log formats dist/quarkus
#25915 Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures docs
#25935 Create Infinispan metrics with labels instead of long metric names
#25962 Missing localization of cs+sk messages
#25979 User profile attribute names with strange characters docs
#25985 Enable verify-profile required action by default user-profile
#26068 Reduce internal unsupported options in the Keycloak HA documentation
#26083 Change RHDG references to Infinispan
#26092 Do not use raw parameterized PropertyMapper dist/quarkus
#26146 Migration docs for https://github.com//issues/15190 docs
#26172 Permanently lock users out after X temporary lockouts during a brute force attack authentication
#26198 Comprehensive log for the LoggingDistTest and Quarkus IT testsuite
#26220 Don't differentiate Windows for getting started docs
#26223 Use `--http-max-queued-requests` option in Keycloak HA documentation docs
#26241 Do not use general debug log level for tests  testsuite
#26315 Fully remove reasteasy-core
#26320 Allow formating numbers when rendering attributes user-profile
#26325 Remove unused HttpResponse.setWriteCookiesOnTransactionComplete
#26402 Improve wording in Concepts for configuring thread pools section in documentation
#26416 Remove support for old cookie path
#26430 Implement stricter controls at token endpoint for PKCE verification
#26457 Remove support for multiple AUTH_SESSION_ID cookies
#26469 Documentation for verify-profile required action enabled by default docs
#26485 Add missing Arabic translations translations
#26489 Ability to have alternative default user-profile configuration user-profile
#26530 Map Store Removal: Remove `RealmModel` from authorization services interfaces storage
#26552 Do we need to hide "required" settings for email? user-profile
#26570 Upgrade liquibase to 4.25.1
#26585 Improve UX of read-only attributes user-profile
#26587 Documentation for SuppressRefreshTokenRotationExecutor oidc
#26589 Allow Case-Insensitive Search on Provider Info Page in Admin UI admin/ui
#26598 Map Store Removal: deprecate model legacy module storage
#26626 Brute force detection should issue event for temporary lockout core
#26634 Documentation for default validation changes due user-profile enabled docs
#26683 Remove explicitly set `lit-element` version dist/quarkus
#26689 Update Maven dependency versions for docs docs
#26701 Upgrade to Quarkus 3.7.1 dist/quarkus
#26730 Add Multi-AZ Aurora DB to CI store-integration-tests
#26776 Update documentation to use new Infinispan configuration options
#26781 Update HA guide about non-blocking probes docs
#26810 Shorter lifespan for offline session cache entries in memory storage
#26812 Upgrade to embedded Infinispan 14.0.24 storage
#26819 Use version specific tag for Keycloak images in the docs docs
#26859 Upgrade to Quarkus 3.8 dist/quarkus
#26898 User profile: Add regression test for select inputs
#26910 Keycloak Operator should add service-ca.crt to the truststore operator
#26916 Upgrade to Quarkus 3.7.2 dist/quarkus
#26919 doc: add a clear mention in the documentation about the storage of the refresh and access token docs
#26921 Use latest OLM version for Operator CI testsuite
#26929 Ignore unrecognized truststore formats if `--truststore-paths` is a directory dist/quarkus
#26967 Aurora Postgres IT: Upload flaky and surefire test reports
#27036 Upgrade to Quarkus 3.7.3 dist/quarkus
#27048 Add Amazon Aurora PostgreSQL to the list of tested databases
#27078 Update Keycloak HA Guide new resource limit settings
#27084 Remove the preview note from Keycloak's HA guide
#27093 "Open ID Connect" in docs / UIs should be "OpenID Connect"
#27105 Add New User Registration Option on WebAuthn Authentication UI authentication/webauthn
#27121 Remove references to Quarkus docs and absolute URLs from HA Guide docs
#27123 Use AWS JDBC Wrapper in CI tests
#27125 Add warning about too long attribute values
#27143 Distinguish user registration action label from the security key registration action's one authentication/webauthn
#27147 Replace "Security Key" with "Passkey" in WebAuthn UIs and their documents authentication/webauthn
#27148 Allow overriding the default validators added to attributes user-profile
#27169 Tweak the default memory request and limit in the Operator operator
#27190 a11y improvements on login page
#27226 Upgrade to Quarkus 3.7.4 dist/quarkus
#27238 Add option to clients to use lightweight access token oidc
#27280 Upgrade to Infinispan 14.0.25
#27281 Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. identity-brokering
#27315 Change docker image to container image
#27324 Remove RHSSO product documentation from upgrading guide docs
#27326 Edit Keycloak 24.0 release notes docs
#27327 Harmonize behaviour of different CertificateUtilsProvider implementations
#27440 Edit Keycloak 23.x Release Notes
#27452 Edit Keycloak 24 Upgrade guide

Bugs:
#9871 Remove Infinispan workarounds introduced to prevent deadlocks storage
#11178 Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response saml
#13080 Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 authentication
#13368 Issue when using DenyAuthenticator in direct-grant flow authentication
#14448 Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) testsuite
#14581 HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added dist/quarkus
#14776 Mail verification isn't working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) authentication
#16260 Incorrect handling of OptionParserException in kcadm admin/cli
#17155 UPDATED_PASSWORD user action shouldn't be triggered when login with linked IdP user-profile
#17449 Removing the Realm ID and saving causes the realm to be vanished from the list of the realms admin/api
#19183 token-exchange does apply clientScopes of the origin client token-exchange
#19294 Error on starting keycloak when foldername contains ")" using kc.bat.  dist/quarkus
#19886 Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards authentication
#20304 When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable admin/ui
#20867 Control redirect after password reset core
#21127 During password reset, the baseURL is not shown on the info page after browser restart authentication
#21151 Realm import stack overflow import-export
#21409 Brute Force Detection is disabled when updating frontenUrl via admin client authentication
#21542 Context path missing in URL on OTP page to switch between QR code and manual code core
#21730 v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step core
#21951 Unable to use `<` as part of a password admin/cli
#22082 Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes storage
#22401 Common resources in Welcome page didn't resolve correctly welcome/ui
#22431 Localization: Admin UI doesn't pick up message bundles from realms other than master  admin/ui
#22507 User profile attributes not localized in account console V3 user-profile
#22540 Description of "Configuring sources for Keycloak" inconsistent / misleading docs
#22555 Docs: server_development/topics/identity-brokering.adoc docs
#22660 Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI admin/ui
#22691 Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes authentication
#22836 Invalid redirect uri when identity provider alias has spaces identity-brokering
#22904 Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode ci
#22958 KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null authentication
#23023 Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution core
#23056 Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently storage
#23217 NoSuchFileException with ${kc.home.dir} on Windows dist/quarkus
#23229 Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address admin/api
#23268 New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  storage
#23399 Audience is lost after refreshing a RPT authorization-services
#23683 Default-Value in UI for krbPrincipalAttribute is error prone admin/ui
#23699 Account v3 theme - Localization not working on account console account/ui
#23786 Failure: FipsDistTest ci
#23966 Group members are displayed incorrectly when using LDAP in READ_ONLY mode admin/api
#24082 Selected locale is not taking into accoun in  `keycloak.v3 account` theme account/ui
#24141 LDAP user mapper for username: user appears twice in the GUI ldap
#24144 Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company core
#24200 NPE in User Session Note mapper on Token Exchange token-exchange
#24219 admin-fine-grained-authz + client authorization settings requires view-client role admin/ui
#24323 Refresh request ignores scope parameter from refresh request oidc
#24353 Keycloak operator tries to manipulate Secret which is not managed by Keycloak operator
#24361 Adding scopes via registration_client_uri does not work when using Dynamic Client Registration admin/api
#24369 UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event user-profile
#24459 Keycloak fails to start when uninstalling custom provider dist/quarkus
#24464 Tabbing is not working in forms inside dropdown admin/ui
#24485 NullPointerException when key is not available in the database oidc
#24506 Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 dependencies
#24508 Deadlock when pre-loading remote sessions from external Infinispan storage
#24595 Leaving Single Sign Out page open for too long and then confirming logout leads to error page authentication
#24626 Upgrade testsuite to use SpringBoot 2.7 ci
#24651 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. authorization-services
#24652 SAML decryption fails if keycloak.saml.deprecated.encryption flag is set saml
#24718 Mapper Option "Add to access token" Toggled Off Despite Claim Added to Token admin/ui
#24767 Improve LDAP Condition implementations ldap
#24783 Keycloak Admin UI - Help text not localized in Realm Events Setting UI admin/ui
#24923 Importing Keycloak breaks typescript in esModule  adapter/javascript
#24960 OpenAPI spec doesn't match the admin API admin/api
#24961 Keycloak not able to handle multiple validating X509 certificates when public key are the same saml
#24980 The `DefaultActionToken` serializes a JSON Object with duplicate keys oidc
#24986 `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive core
#25001 Client redirect_uri check must be compared using exact string matching oidc
#25016 Make password visibility css classes configurable for themes login/ui
#25033 Typo in the balloon help of SAML Username Template Importer core
#25041 Incomplete Spanish translations for Admin UI translations
#25051 Unexpected Application Error when clicking "Cancel" on user creation page admin/ui
#25054 Read Only Access of the realm users' "Role mapping" tab is broken for Admin Console admin/ui
#25060 fix debug log string core
#25078 Log Injection during WebAuthn authentication/registration authentication
#25096 Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups admin/api
#25110 User Profile attribute with "Options" shows options of another attribute if none set on it user-profile
#25111 RealmAdminResource.getGroupByPathGroup does not work with space in path parameter admin/api
#25173 Make sure username is lowercase when normalizing attributes user-profile
#25183 NullPointerException thrown for UPConfig.getGroups() user-profile
#25208 GH Actions -> Keycloak CI -> MSSQL docker images fails during startup ci
#25231 CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol oidc
#25235 Unable to start after updating Docker container dist/quarkus
#25290 Social Login Tests unable to retrieve Federated Access Token from user session testsuite
#25294 Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off ldap
#25322 Warning "Event object wasn't available in remote cache" when using remote store
#25392 Admin Console: Realm Dropdown should only show the realms the user has access to admin/ui
#25417 Avoid keycloak-admin-client in UI to call admin console UI extension admin/ui
#25423 Confusing error message by pr-backport.sh when not authenticated to gh ci
#25433 Key provider UI issue while saving - RSA admin/ui
#25449 Clean up translations for DE/EN/NL for a first test-run of Weblate translations
#25451 Admin cli failing when adding roles to a 3rd group in a list admin/cli
#25463 Unnecessary user profile metdata sent on user update user-profile
#25475 User Profile: If required roles ("user") and reqired scopes are set, the required scopes have no effect user-profile
#25502 Account v3 theme - theme.properties Custom theme scripts not loading account/ui
#25515 Deleting an atribute from the UI  is reseting the unmanaged attribute policy user-profile
#25544 Post Logout Redirect URIs "+" behavior is inconsistent with other usages (i.e. Web Origins) oidc
#25565 OpenAPI: POST for /admin/realms response is 201 admin/api
#25566 Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile testsuite
#25584 iss not returned as query param in redirect to app when using "prompt=none" and user is not authenticated oidc
#25601 OpenAPI: POST /admin/realms/{realm}/clients response is 201 admin/api
#25604 OpenAPI: Client authz endpoints without responses admin/api
#25628 Translations missing in user details role mapping admin/ui
#25633 Parsing of labels issue IDs doesn't work with colons and the "fixes" keyword ci
#25636 "Disable realm?" displayed when disabling client admin/ui
#25642 Failure in KeycloakDistConfiguratorTest's 'missingHostname' check testsuite
#25649 OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. admin/api
#25656 OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 admin/api
#25660 Incorrect version of the fix in release notes
#25677 Removing all group attributes no longer works with keycloak-admin-client (java) admin/client-java
#25679 `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn't have access to see admin/ui
#25699 Flaky test Job URL missing on some runs ci
#25704 Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL user-profile
#25714 Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet ci
#25731 /admin/realms/{realm}/groups Endpoint is slow admin/api
#25746 Using kcadm.sh create components result to 400 Bad Request admin/cli
#25752 [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest storage
#25753 Backchannel logout token is missing the "exp" claim oidc
#25783 Since 23, start-dev command line arguments parsing is buggy dist/quarkus
#25789 User events: labels overlap content admin/ui
#25827 admin ui uses hyphen instead of dot as realm attribute separator admin/ui
#25853 Timeouts after upgrade of download action v4 ci
#25878 HTML emails in Catalan don't contain links translations
#25883 ldap-group-mapper fails when empty member: attribute is present ldap
#25891 Optimize handling of terms and conditions during registration core
#25892 Test suite depends on artifacts built only when distribution profile is active ci
#25909 Keycloak HA Guide uses token for cross-site setup that expires
#25912 LDAP federation reports "Creating new LDAP Store..." on every login ldap
#25927 UI crash after using breadcrumb group navigation during an active group search admin/ui
#25934 On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template authentication
#25939 Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. user-profile
#25951 Masthead tests fail often admin/ui
#25961 Native SQL Schema names broken on MySQL storage
#25977 No error message displayed when trying to add read-only attribute to some user in `Attributes` tab user-profile
#25980 Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols saml
#25981 GitHub Status check is green if the build fails ci
#26021 `mvn clean` does not work in js directory account/ui
#26032 Duplicate tooltip/label for refresh button on device activity page account/ui
#26036 subgroups clickopen not working admin/ui
#26040 Subgroups-check is incorrect, and therefore subgroups are not clickable admin/ui
#26051 Name ID Format field is confusing for User Attribute Mapper For NameID saml
#26052 Configure OTP Form regenerates Secret on reload authentication
#26059 Attempting to update settings for realm with "dots" in the name fails due to client side validation admin/ui
#26060 Various Localization tab issues
#26075 Next time you start message references the wrong command dist/quarkus
#26088 Rest custom JAX-RS resource in kc 23: Method not allowed core
#26131 Localization: Realm overrides subtab  admin/ui
#26132 Localization: Effective message bundles subtab admin/ui
#26148 Keycloak JavaScript CI: client_scopes_test.spec.ts ci
#26156 A11y critical violation in ProviderId form field admin/ui
#26168 KC_DB_DRIVER is not propagated properly admin/cli
#26177 Invalidate authentication session on repeated OTP failures authentication
#26180 Invalidate authentication session on repeated Recovery Code failures authentication
#26228 With fine grained permissions enabled, the grouptree rights check is not working correctly admin/ui
#26231 keycloak-admin-client missing recent changes to group query parameters admin/client-js
#26236 Ensure community-maintained translations are not part of product build account/ui
#26266 Importing Realm with declarative user profile attributes fails user-profile
#26281 Incorrect example in the Keycloak operator configuration operator
#26291 Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode ci
#26295 Incomplete Chinese Translation for Login Page translations
#26308 Error when migrating from a realm where the user profile component does not hold any entry in the configuration user-profile
#26323 Reset credentials action fails when triggered from first broker login flow identity-brokering
#26330 HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 saml
#26334 Resource and permission titles missing for a new client admin/ui
#26335 Bind flow modal broken admin/ui
#26337 Write tests to cover binding a flow testsuite
#26350 Fix more A11y violations admin/ui
#26358 Apparently incorrect tooltip on "type" field for a "resource" in a client admin/ui
#26363 Search dialog for authorization policy is wrong? admin/ui
#26374 Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode ci
#26375 The role Unassign button enabled in admin console even if no roles are selected admin/ui
#26383 Labels for WebAuthN missing in Account Console account/ui
#26390 More A11y Violations Detected admin/ui
#26400 Workflow failure: Admin UI E2E - realm_test.spec.ts  ci
#26407 Typo in disable dialog admin/ui
#26409 Duplicate `key` for credentials on sign in page account/ui
#26418 Failed to link identity broker to user with a verified email by IdP email verification flow identity-brokering
#26420 Labels for WebAuthN Passwordless missing in Account Console account/ui
#26427 Operator CSV uses wrong format for `createdAt` field operator
#26452 Row remains selected when "cancel" clicked on deleting translation in the Localization/Realm Overrides tab admin/ui
#26464 "Test connection" on LDAPS URI does not test TLS handshake admin/api
#26468 SPI-truststore-file-type option appears to be invalid docs
#26490 Update Keycloak sizing guide after change of default hashing configuration core
#26507 Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. storage
#26529 Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode ci
#26549 Mysterious settings changes due to Keycloak cluster changes admin/ui
#26564 Issues related to IDNHomographValidator user-profile
#26584 User details locale select broken in realm specific admin console admin/ui
#26588 Infinite loop during X509 authentication authentication
#26597 Keycloak UI meets "Internal Sever Error" after save "Refresh Token Max Reuse" number core
#26604 Arc container is null dist/quarkus
#26609 allow sending realm in request without changing the kc admin object admin/client-js
#26612 Wrong delete messages in Realm overrides admin/ui
#26618 CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) storage
#26631 Keycloak HA guide with blank and callout docs
#26635 Account UI ships too much Beer in user attributes user-profile
#26636 Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow admin/ui
#26643 Replace "message bundle" text to "translation" in realm overrides admin/ui
#26649 PhantomJS does not send secure cookies over http://localhost core
#26651 [keycloak.js] useNonce parameter is all-or-nothing adapter/javascript
#26653 Disallow removing required filters when searching for effective message bundle. admin/ui
#26665 Unable to modify access token lifespan at realm level. Keycloak stops working. core
#26668 Wrong help for "Create initial access token" expiration field admin/ui
#26686 Not possible to build documentation after quarkus upgrade docs
#26697 When creating a user federation mapper changing the type doesn't change User Roles Retrieve Strategy admin/ui
#26716 User Profile Applies Validation To Service Account Users user-profile
#26727 Auto layout of authenticator flow graph only applies the second time admin/ui
#26747 Tooltip for attribute name in user-profile configuration is incorrect user-profile
#26750 Empty error message when validation issue due the PersonNameProhibitedValidator validation user-profile
#26782 Accessing userinfo fails with CORS when token is expired or session is deleted oidc
#26790 Workflow failure: Operator IT on OpenShift ci
#26792 User profile 'uri' validator not working user-profile
#26816 Keycloak server admin docs needs change with the new hashing iteration changes docs
#26818 bug in operator example yaml operator
#26826 Freemarker erroneously escapes/sanitizes URL in template.ftl (&) login/ui
#26830 Duplicate "Refresh" buttons present in admin-ui admin/ui
#26834 Disabling "Reset OTP" in "Reset credentials" flow throws error on "forgot password" authentication
#26853 Fixing anchors in security apps guide in prod profile docs
#26856 Remove custom user attributes section in server developer guide user-profile
#26937 Once all default client scopes are deleted from the realm we can't create a new custom role. core
#26941 When loading entries from a remote store at startup, no lifespan or expiry is set core
#26951 Roles admin REST API for creating roles: Composite roles are expanded admin/api
#26983 Group not found in list after creation core
#27002 Refresh doesn't work in Localization/Effective message bundles admin/ui
#27005 Unable to approve/deny permission requests account/ui
#27031 Having read-only attributes stored at a user leads to validation warning on every login  user-profile
#27095 Cache Keys for Group pagination and other entries cannot be invalidated and updated infinispan
#27120 Microsoft social login failure testsuite
#27133 Workflow failure: Keycloak CI - Store IT (aurora-postgres) ci
#27137 Users with fine-grained permissions can not create a user admin/ui
#27140 Locale selector is unnecessarily visible without rights to locales admin/ui
#27162 Default locale is set to null when not explicitly choosing a locale admin/ui
#27173 Newly created authentication subflow is always disabled admin/ui
#27234 Cannot update email in account console with `update-email` feature enabled account/ui
#27243 Account console not working when lightweight-access-tokens used oidc
#27271 AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo core
#27284 FolderTheme does not support Locales with extensions core
#27290 AWS JDBC driver throws ConcurrentModificationException storage
#27297 Check for duplicated usernames and emails when Login with email option is enabled user-profile
#27316 Server admin guide not building downstream due to missing IDs docs
#27337 Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled admin/ui
#27344 Secure Redirect URI executor issues oidc
#27345 Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI ci
#27406 JavaDocs generation broken after removal of resteasy-core
#27409 Apply remote store workaround also for configuration via CLI options
#27412 OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor oid

Wildfly 31.0.0.
Feature Request:
[WFLY-15405] - Add support for AMQP Connector in MP Reactive Messaging
[WFLY-18838] - Preview support for Jakarta MVC 2.1
[WFLY-18866] - Update WF feature pack to use preview stability level

Enhancement: 
[WFLY-18383] - Quickstart for MicroProfile LRA
[WFLY-18460] - bmt Quickstart Common Enhancements CY2023Q3
[WFLY-18463] - ee-security Quickstart Common Enhancements CY2023Q3
[WFLY-18465] - ejb-remote Quickstart Common Enhancements CY2023Q3
[WFLY-18466] - ejb-security-context-propagation Quickstart Common Enhancements CY2023Q3
[WFLY-18467] - ejb-security-programmatic-auth Quickstart Common Enhancements CY2023Q3
[WFLY-18468] - ejb-throws-exception Quickstart Common Enhancements CY2023Q3
[WFLY-18469] - ejb-timer Quickstart Common Enhancements CY2023Q3
[WFLY-18473] - helloworld-jms Quickstart Common Enhancements CY2023Q3
[WFLY-18477] - helloworld-singleton Quickstart Common Enhancements CY2023Q3
[WFLY-18478] - helloworld-ws Quickstart Common Enhancements CY2023Q3
[WFLY-18405] - JCA: make sure WorkManager doesn't relate on jboss-threads executor's blocking API
[WFLY-18480] - hibernate Quickstart Common Enhancements CY2023Q3
[WFLY-18481] - http-custom-mechanism Quickstart Common Enhancements CY2023Q3
[WFLY-18482] - jaxrs-client Quickstart Common Enhancements CY2023Q3
[WFLY-18483] - jaxrs-jwt Quickstart Common Enhancements CY2023Q3
[WFLY-18484] - jaxws-ejb Quickstart Common Enhancements CY2023Q3
[WFLY-18485] - jaxws-retail Quickstart Common Enhancements CY2023Q3
[WFLY-18487] - jta-crash-rec Quickstart Common Enhancements CY2023Q3
[WFLY-18488] - jts Quickstart Common Enhancements CY2023Q3
[WFLY-18490] - logging Quickstart Common Enhancements CY2023Q3
[WFLY-18491] - mail Quickstart Common Enhancements CY2023Q3
[WFLY-18494] - microprofile-fault-tolerance Quickstart Common Enhancements CY2023Q3
[WFLY-18495] - microprofile-health Quickstart Common Enhancements CY2023Q3
[WFLY-18499] - microprofile-rest-client Quickstart Common Enhancements CY2023Q3
[WFLY-18502] - remote-helloworld-mdb Quickstart Common Enhancements CY2023Q3
[WFLY-18504] - servlet-async Quickstart Common Enhancements CY2023Q3
[WFLY-18505] - servlet-filterlistener Quickstart Common Enhancements CY2023Q3
[WFLY-18506] - servlet-security Quickstart Common Enhancements CY2023Q3
[WFLY-18508] - spring-resteasy Quickstart Common Enhancements CY2023Q3
[WFLY-18512] - todo-backend Quickstart Common Enhancements CY2023Q3
[WFLY-18513] - websocket-endpoint Quickstart Common Enhancements CY2023Q3
[WFLY-18514] - websocket-hello Quickstart Common Enhancements CY2023Q3
[WFLY-18544] - managed deployment in content repository duplicated in tmp/vfs/temp directory
[WFLY-18578] - Allow channel-based overriding of the org.jboss.as.product data
[WFLY-18644] - Remove xerces from distribution
[WFLY-18743] - Change NoAuditLogTestCase class to use the system default encoding to read the log file
[WFLY-18768] - Add Micrometer quickstart
[WFLY-18769] - Publish Quickstarts docs
[WFLY-18790] - Convert testsuite provisioning from galleon-maven-plugin to wildfly-maven-plugin
[WFLY-18792] - External configuration of channels to use when testing
[WFLY-18793] - Dynamic configuration of channels to use when testing
[WFLY-18819] - Quickstart READMEs XML snippets for server provisioning/bootable jar should not specify layers
[WFLY-18856] - Document stability levels
[WFLY-18890] - "docs/schema" does not contain "orm_3-1.xsd"
[WFLY-18901] - OpenShift CI support for MicroProfile LRA Quickstart

Bug:
[WFLY-14769] - Lookup of txn:LocalUserTransaction makes it possible to illegally use UserTransaction in a CMT context
[WFLY-16929] - ForwardedHandlerTestCase fails with security manager
[WFLY-17349] - WebJPATestCase intermittently fails
[WFLY-18009] - WildFly lacks support for LZ4 compression, which is needed by Kafka clients
[WFLY-18054] - Operations on any child resource of an Undertow servlet container fail with DuplicateServiceException
[WFLY-18215] - license correction for jipijapa-hibernate6 + wildfly-jpa
[WFLY-18240] - org.apache.activemq.artemis is required as an explicit dependency for some deployments
[WFLY-18384] - [CLUSTERING] File containing session data is never shrunk or deleted
[WFLY-18397] - Fix Standalone Old Faces 4.0 TCK 26 failures
[WFLY-18533] - Simplest JAXRS app is failing when deployed in server provisioned with jaxrs
[WFLY-18560] - Galleon layers reference javax API alias packages
[WFLY-18639] - Improve resiliency of reflection based-externalizers and marshallers
[WFLY-18653] - i18n of exception messages in ApplicationClientParsingDeploymentProcessor
[WFLY-18654] - i18n of exception message in WildFlyJobXmlResolver
[WFLY-18656] - i18n of exception messages in connector
[WFLY-18657] - i18n of exception messages in ee
[WFLY-18658] - i18n of exception messages in ejb3
[WFLY-18659] - i18n of exception messages in jpa
[WFLY-18660] - i18n of exception messages in messaging-activemq
[WFLY-18661] - i18n of exception messages in naming
[WFLY-18662] - i18n of exception messages in pojo
[WFLY-18663] - i18n of exception messages in sar
[WFLY-18665] - i18n of exception messages in webservices
[WFLY-18666] - i18n of exception messages in weld
[WFLY-18667] - i18n of exception messages in xts
[WFLY-18683] - Blocked JDBC store threads prevent shutdown
[WFLY-18694] - Broken link in Application Client documentation
[WFLY-18702] - In WildFly Preview jaxrs-server layer does not provision MP Rest Client
[WFLY-18703] - Misleading error message for XA DataSource class
[WFLY-18708] - Disable counter-productive "distributable" behavior in Mojarra
[WFLY-18718] - license.xml has different line endings when provisioned on Windows
[WFLY-18726] - Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions when started by ps1 script
[WFLY-18727] - ATTRIBUTE granularity distributed sessions should always replicate on setAttribute(...)
[WFLY-18733] - Deployments of SharedClientContextTestCase should be undeployed
[WFLY-18736] - Remove okhttp dependency
[WFLY-18740] - On cache writes, Infinispan store=hotrod throws ISE: Only byte[] instances are supported currently
[WFLY-18742] - Provisioning micrometer and opentelemetry layers issue
[WFLY-18746] - Revisit telemetry layers inclusion rules.
[WFLY-18756] - WildFly throws UnknownHostExceptions and XARecovery fails when Connected to an AMQ Cluster in OpenShift
[WFLY-18775] - Intermittent NPE in distributed timers TimerScheduler
[WFLY-18782] - Dependency tree - wildfly-model-test & commons-text should only be in test scope
[WFLY-18785] - Client fail rate degradation in tests with Oracle database: IJ000453: Unable to get managed connection for ... + StoreUnavailableException
[WFLY-18787] - WFLY-18683 fix causes marshalling errors when SQLExceptions are propagated to caller
[WFLY-18800] - Misleading example in "Configure Authentication with Certificates" section of Elytron security doc
[WFLY-18811] - Reduce visibility org.infinispan module to only those packages containing public API
[WFLY-18813] - Predicates not applied correctly to gzip filters
[WFLY-18814] - A typo in run-integration-tests-with-provisioned-server.adoc
[WFLY-18820] - Queue creation might fail if auto-create-addresses is set to false
[WFLY-18823] - Fix Flaky AbstractValidationUnitTest
[WFLY-18844] - Invalid XmlMerge output on Windows
[WFLY-18849] - Official installation modules can produce installations with a '.galleon/history' folder
[WFLY-18853] - QS websocket-hello, websocket-endpoint and servlet-async are missing wildfly-maven-plugin in pluginManagement section in pom.xml
[WFLY-18855] - MicroProfile spec support table is out of date
[WFLY-18868] - Ensure MMR delegates implement getStability()
[WFLY-18869] - max-active-sessions=-1 causes ISPN000424 error for distributable webapp
[WFLY-18873] - Missing client dependency in user BOM
[WFLY-18880] - missing dependency to org.wildfly.clustering.marshalling.spi in clustering.ee.cache module.xml
[WFLY-18882] - JCA: resource adapter subsystem dependency should be added based on capabilities
[WFLY-18883] - Install and Deploy fails. due to duplicated artifacts attached
[WFLY-18885] - Unable to look up deployed datasource when name differs from runtime-name
[WFLY-18887] - todo-backend quickstart CI test fails
[WFLY-18897] - testsuite manual-expansion is missing the parsson dependency.
[WFLY-18914] - Shared distributed session manager triggers duplicate expiration listeners
[WFLY-18922] - Give the Apache Lucene module access to jdk.management
[WFLY-18931] - Galleon layers doc does not list the microprofile-telemetry layer as a dependency of observability
[WFLY-18936] - NetworkHealthTestCase doesn't cleanup it's configuration affecting other tests
[WFLY-18941] - Update jipijapa EclipseLink reference in documentation as refers to transformed version

Components Upgrade:
[WFLY-18406] - Upgrade ironjacamar to 3.0.6.Final
[WFLY-18442] - Upgrade MP Config API to 3.1 (MP 6.1)
[WFLY-18443] - Upgrade MP Telemetry API to 1.1 (MP 6.1)
[WFLY-18555] - Upgrade to Hibernate 6.4.1.Final release
[WFLY-18630] - Upgrade Infinispan to 14.0.20.Final
[WFLY-18645] - Upgrade openjdk-orb to 10.0.0.Final
[WFLY-18646] - Upgrade Jastow to 2.2.7.Final
[WFLY-18647] - Upgrade HAL to 3.6.16.Final
[WFLY-18655] - Upgrade Eclipse ECJ to 3.32.0
[WFLY-18674] - Bump version.com.fasterxml.jackson from 2.15.2 to 2.15.3
[WFLY-18679] - Upgrade jaxbintros from 2.0.0 to 2.0.1
[WFLY-18682] - Upgrade WildFly Http Client to 2.0.5.Final
[WFLY-18685] - Upgrade santuario to 3.0.3 (addresses CVE-2023-44483)
[WFLY-18688] - Update JBeret to 2.1.3.Final
[WFLY-18690] - Upgrade the Jakarta XML Binding API to 4.0.1 and the Implementation to 4.0.4
[WFLY-18693] - Upgrade to SmallRye Reactive Messaging 4.11.0
[WFLY-18704] - Upgrade Artemis to 2.31.2 (resolves CVE-2023-46604)
[WFLY-18707] - Upgrade WildFly Core to 23.0.0.Beta1
[WFLY-18713] - Upgrade RESTEasy to 6.2.6.Final
[WFLY-18714] - Upgrade Galleon to 5.2.2.Final and Galleon plugins to 6.5.3.Final
[WFLY-18725] - Upgrade WildFly Http Client to 2.0.6.Final
[WFLY-18729] - Upgrade Netty from 4.1.100 to 4.1.104
[WFLY-18732] - Upgrade SmallRye Config to 3.4.3
[WFLY-18735] - Upgrade to SmallRye OpenTelemetry 2.6.0
[WFLY-18738] - Upgrade to Mojarra 4.0.5
[WFLY-18750] - Upgrade to MP Config 3.0.3
[WFLY-18751] - Upgrade RxJava to 3.1.8
[WFLY-18752] - Upgrade Jakarta JSTL Implementation to 3.0.1
[WFLY-18754] - Upgrade WSS4j from 3.0.1 to 3.0.2
[WFLY-18755] - Upgrade stax2-api from 4.2.1 to 4.2.2
[WFLY-18760] - Upgrade smallrye-open-api to 3.7.0
[WFLY-18767] - Upgrade Byteman to 4.0.22
[WFLY-18772] - Upgrade the WildFly Maven Plugin to 4.2.1
[WFLY-18774] - Upgrade Infinispan to 14.0.21.Final
[WFLY-18777] - Upgrade joda-time:joda-time from 2.12.1 to 2.12.5
[WFLY-18778] - Upgrade Jakarta JSP API to 3.1.1
[WFLY-18779] - Upgrade WildFly Core to 23.0.0.Beta2
[WFLY-18795] - Bump jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api from 3.0.2 to 3.0.3
[WFLY-18797] - Upgrade to SmallRye Config 3.4.4
[WFLY-18804] - Upgrade to Hibernate Search 7.0
[WFLY-18805] - Upgrade to Elasticsearch client 8.11
[WFLY-18806] - Upgrade to Lucene 9.8
[WFLY-18810] - Update Micrometer to 1.12.0
[WFLY-18826] - Upgrade smallrye-health to 4.0.4
[WFLY-18833] - Upgrade ironjacamar to 3.0.7.Final
[WFLY-18836] - Upgrade WildFly Core to 23.0.0.Beta3
[WFLY-18841] - Upgrade com.sun.xml.fastinfoset:FastInfoset from 2.1.0 to 2.1.1
[WFLY-18842] - Upgrade mod_cluster to 2.0.4.Final
[WFLY-18845] - Upgrade wildfly-transaction-client to 3.0.3.Final
[WFLY-18861] - Upgrade WildFly Core to 23.0.0.Beta4
[WFLY-18904] - Update ANTLR to 4.13.0 for Hibernate 6.4
[WFLY-18905] - Upgrade JBeret to 2.2.0.Final
[WFLY-18906] - Upgrade WildFly Core to 23.0.0.Beta5
[WFLY-18915] - Upgrade HAL to 3.6.17.Final
[WFLY-18916] - Upgrade RESTEasy from 6.2.6.Final to 6.2.7.Final
[WFLY-18917] - Upgrade RESTEasy MicroProfile from 2.1.4.Final to 2.1.5.Final
[WFLY-18923] - Upgrade to WildFly Glow 1.0.0.Beta5
[WFLY-18924] - Upgrade ironjacamar to 3.0.8.Final
[WFLY-18926] - Upgrade com.github.luben:zstd-jni from 1.5.2-1 to 1.5.5-11
[WFLY-18927] - Upgrade to Hibernate 6.4.2.Final release
[WFLY-18928] - Upgrade H2 to 2.2.224
[WFLY-18930] - Upgrade mvc-krazo integration to 0.8.2.Final
[WFLY-18934] - Upgrade WildFly Core to 23.0.0.Final
[WFLY-18940] - Upgrade WildFly Core to 23.0.1.Final

Task:
[WFLY-15723] - Some Java source files use Red Hat Middleware LLC in copyright header
[WFLY-17755] - Better handling of licenses
[WFLY-17772] - Migrate from Apache DS to Apache Kerby for Kerberos testing
[WFLY-18332] - Update LayersTestBase and LayersTestCase(s)
[WFLY-18430] - Rework Galleon provisioning in tests to not specify Galleon layers
[WFLY-18574] - Get todo-backend working on OpenShift CI
[WFLY-18651] - Remove org.wildfly.build plugins from the poms
[WFLY-18673] - Reduce the number of GitHub CI jobs that run
[WFLY-18677] - Disable testsuite/layers[-expansion] provisioning if -DskipTests is set
[WFLY-18687] - Some add-ons in Galleon layer metadata are missing a description
[WFLY-18689] - Quickstarts CI: input param to customize matrix.jdk
[WFLY-18691] - Add documentation for adding integrity checking for an existing filesystem realm to wildfly docs
[WFLY-18692] - Simplify helloworld, removing CDI
[WFLY-18697] - Switch ejb subsystem test dep from groovy-all to groovy
[WFLY-18699] - Adapt WildFly to use ModuleSpecification.getMutableUserDependencies returning a Collection interface
[WFLY-18709] - Drop obsolete workaround for WFLY-3044
[WFLY-18712] - Quickstarts CI support for non root deployment dir
[WFLY-18717] - Update the WildFly vs WildFly Preview document for current differences
[WFLY-18728] - Control the maven repos used by dependabot
[WFLY-18737] - Remove shopping-cart quickstart
[WFLY-18741] - Add a github action shared file to build and test WildFly
[WFLY-18757] - Update WildFly docs to add instructions for converting cli scripts generated by elytron-tool to be used in domain mode
[WFLY-18758] - Use PermissionUtils to create permissions.xml
[WFLY-18759] - Move MicroProfile tck artifacts from boms/common-expansion to boms/standard-test-expansion
[WFLY-18764] - Update HostExcludesTestCase configuration to work with WF31
[WFLY-18770] - Remove WFCORE-6591 workaround in LayersTestCase
[WFLY-18771] - Remove libthrift from dependencyManagement
[WFLY-18791] - Create channel and manifest artifacts for the three feature packs
[WFLY-18799] - Fix linking for distributed-realm and failover-realm so their documentation is rendered
[WFLY-18808] - Remove uses of deprecated ModuleSpecification API
[WFLY-18822] - Remove bean-validation-custom-constraint quickstart
[WFLY-18840] - Remove obsolete RedHat URLs
[WFLY-18850] - Rework testsuite/preview/basic
[WFLY-18852] - Clean up exclusions in galleon-shared/pom.xml
[WFLY-18854] - Classes still have LGPL header
[WFLY-18858] - Do not deploy channel manifests
[WFLY-18908] - Update version.org.eclipse.microprofile to 6.1
[WFLY-18920] - Remove DomainTestSupport.stop() method usage

Sub-task:
[WFLY-16887] - Modify description in jaxrs of subsystem to its correct sentence
[WFLY-16890] - Modify description in datasources of subsystem to its correct sentence
[WFLY-16895] - Modify description in ejb3 of subsystem to its correct sentence
[WFLY-17760] - Upgrade licenses-plugin to make use of known licenses
[WFLY-18562] - Reevalute test exclusions in the integration/basic module
[WFLY-18605] - Reevalute test exclusions in the integration/elytron module
[WFLY-18606] - Reevalute test exclusions in the integration/web module
[WFLY-18642] - Reevalute test exclusions in the integration/microprofile module
[WFLY-18788] - Replace Consumers/Functions with utility methods from wildfly-common
[WFLY-18871] - Replace capability name resolvers with versions from wildfly-controller
[WFLY-18879] - Consolidate CommandDispatcherFactory interfaces from API vs SPI modules
[WFLY-18893] - Pass Platform TCK Signature Tests on Java 21

Wildfly 31.0.0
Bug:
[WFLY-18700] - java.lang.OutOfMemoryError: Direct buffer memory
[WFLY-18959] - Mail Quickstart maven dependencies have wrong scope
[WFLY-18969] - Give the Apache Lucene module access to jdk.unsupported
[WFLY-19010] - SSL Client context not loaded with AMQP Connector used in bootable jar
[WFLY-19019] - Exception that happened during deployment is being hidden
[WFLY-19020] - JakartaEE application client: module "org.hibernate" is not added to classpath
[WFLY-19040] - Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan

Task:
[WFLY-19029] - Hibernate ORM 6.4+ should export services to consumer classpath

Component upgrade:
[WFLY-18946] - Upgrade Infinispan to 14.0.22.Final
[WFLY-18977] - Upgrade jgroups-kubernetes to 2.0.2.Final
[WFLY-18989] - Upgrade to Hibernate 6.4.4.Final release
[WFLY-19003] - Upgrade Netty to 4.1.106
[WFLY-19032] - Upgrade Snappy Java to 1.1.10.5 (CVEs CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-43642)
[WFLY-19034] - Upgrade nimbus-jose-jwt to 9.37.3 [CVE-2023-52428]
[WFLY-19042] - Upgrade HAL to 3.7.0.Final (WildFly 31.0.1.Final)
[WFLY-19045] - Upgrade Infinispan to 14.0.24.Final
[WFLY-19046] - Upgrade JGroups to 5.2.22.Final
[WFLY-19048] - Upgrade WildFly Core to 23.0.2.Final
[WFLY-19058] - Upgrade WildFly Core to 23.0.3.Final

Enhancement:
[WFLY-18956] - Add sha1 to Quickstart's dist module