Changelog

This changelog documents all notable changes to the Keycloak app. Keep a Changelog is the format and this project adheres to Semantic Versioning.

Please also consider the upstream release notes.

Version 26.6.1-ucs1

Released: 22. Apr 2026

• The app updates to Keycloak version 26.6.1: https://www.keycloak.org/docs/26.6.1/release_notes/

• The container base image has been updated to include the latest security updates.

• This version fixes the following CVEs:

  • CVE-2025-14083

  • CVE-2026-1002

  • CVE-2026-3429

  • CVE-2026-3872

  • CVE-2026-4282

  • CVE-2026-4325

  • CVE-2026-4366

  • CVE-2026-4633

  • CVE-2026-4634

  • CVE-2026-4636

Version 26.5.6-ucs2

Released: 27. Mar 2026

• Version 26.5.6-ucs1 mistakenly contained an older Keycloak version.

• The app updates to Keycloak version 26.5.6: https://www.keycloak.org/docs/26.5.6/release_notes.

• This version fixes the following CVEs:

  • CVE-2025-14082

  • CVE-2025-14777

  • CVE-2026-1035

  • CVE-2026-1180

  • CVE-2026-2366

  • CVE-2026-3121

  • CVE-2026-3190

  • CVE-2026-3911

Version 26.5.6-ucs1

Released: 25. Mar 2026

• The app updates to Keycloak version 26.5.6: https://www.keycloak.org/docs/26.5.6/release_notes

• This version fixes the following CVEs:

  • CVE-2025-14082

  • CVE-2025-14777

  • CVE-2026-1035

  • CVE-2026-1180

  • CVE-2026-2366

  • CVE-2026-3121

  • CVE-2026-3190

  • CVE-2026-3911

Version 26.5.5-ucs1

Released: 10. Mar 2026

• The app updates to Keycloak version 26.5.5:

  • https://www.keycloak.org/docs/26.5.5/release_notes

  • https://www.keycloak.org/2026/03/keycloak-2655-released

• This release of the Keycloak app includes log level settings for JBoss Logging SPI audit events.

• This version fixes the following CVEs:

  • CVE-2026-2092

  • CVE-2026-2603

  • CVE-2026-3009

  • CVE-2026-3047

Version 26.5.4-ucs1

Released: 2. Mar 2026

• The app updates to Keycloak version 26.5.4:

  • https://www.keycloak.org/docs/26.5.4/release_notes

  • https://www.keycloak.org/2026/02/keycloak-2654-released

• This version fixes the following CVES:

  • CVE-2025-5416

  • CVE-2026-0707

  • CVE-2026-1190

  • CVE-2026-2575

  • CVE-2026-2733

Version 26.5.3-ucs1

Released: 11. Feb 2026

• The app updates to Keycloak version 26.5.3:

  • https://www.keycloak.org/docs/26.5.3/release_notes

  • https://www.keycloak.org/2026/02/keycloak-2653-released

• This version fixes an issue where, in some environments, the Apache configuration used for Keycloak interfered with Let’s Encrypt certificate validation (ACME HTTP-01 challenges) by incorrectly redirecting required HTTP requests.

• This version fixes the following CVEs:

  • CVE-2025-14778

  • CVE-2026-1486

  • CVE-2026-1529

  • CVE-2026-1609

Version 26.5.2-ucs2

Released: 30. Jan 2026

• The app updates to Keycloak version 26.5.2:

  • https://www.keycloak.org/docs/26.5.2/release_notes

  • https://www.keycloak.org/2026/01/keycloak-2652-released

• This version fixes the following CVEs:

  • CVE-2025-14082

  • CVE-2025-14559

  • CVE-2025-66560

  • CVE-2025-67735

Version 26.4.7-ucs1

Released: 10. Dec 2025

• The app updates to Keycloak version 26.4.7:

  • https://www.keycloak.org/docs/26.4.7/release_notes

  • https://www.keycloak.org/2025/12/keycloak-2647-released

• This version fixes CVE-2025-13467.

Version 26.4.4-ucs1

Released: 18. Nov 2025

• The app updates to Keycloak version 26.4.4:

  • https://www.keycloak.org/docs/26.4.4/release_notes

  • https://www.keycloak.org/2025/11/keycloak-2644-released

• This version fixes a bug where LDAP federated users with capital letters in their usernames experienced login problems.

Version 26.4.2-ucs1

Released: 05. Nov 2025

• The app updates to Keycloak version 26.4.2:

  • https://www.keycloak.org/docs/26.4.2/release_notes

  • https://www.keycloak.org/2025/10/keycloak-2642-released

• This version fixes the following CVEs:

  • CVE-2025-7962

  • CVE-2025-11419

  • CVE-2025-11429

  • CVE-2025-48924

Version 26.3.5-ucs1

Released: 14. Oct 2025

• This version updates the ACL that control the access to the database password.

• The app updates to Keycloak version 26.3.5:

  • https://www.keycloak.org/docs/26.3.5/release_notes

  • https://www.keycloak.org/2025/09/keycloak-2635-released

• This version fixes the following CVEs:

  • CVE-2025-58056

  • CVE-2025-58057

Version 26.3.3-ucs1

Released: 15. Sep 2025

• The app updates to Keycloak version 26.3.3 (https://www.keycloak.org/docs/26.3.3/release_notes). (https://www.keycloak.org/2025/08/keycloak-2633-released).

• This version fixes CVE-2025-8419.

Version 26.3.1-ucs1

Released: 14. Aug 2025

• The app updates to Keycloak version 26.3.1:

  • https://www.keycloak.org/docs/26.3.1/release_notes

  • https://www.keycloak.org/2025/07/keycloak-2631-released

• This version fixes the following CVEs:

  • CVE-2025-7365

  • CVE-2025-7784

Version 26.2.5-ucs1

Released: 19. June 2025

• The app updates to Keycloak version 26.2.5:

  • https://www.keycloak.org/docs/26.2.0/release_notes

  • https://www.keycloak.org/docs/26.2.5/release_notes

Version 26.1.4-ucs2

Released: 08. May 2025

• This release of the Keycloak app includes again the SPI extension for so called ad-hoc provisioning.

Version 26.1.4-ucs1

Released: 22. April 2025

• The app updates to Keycloak version 26.1.4.

• This version of Keycloak requires higher versions for the database backends:

  • At least version 12 for PostgreSQL.

  • At least version 10.0.4 for MariaDB.

• In the configuration for the LDAP federation Keycloak no longer allows connectionPooling=true together with startTLS=true. The default in UCS is now connectionPooling=false and startTLS=true.