keycloak

Secrets & Credentials

Open source Identity and Access Management (IAM) platform that adds authentication and authorization to applications with minimal effort

Track releases GitHub Website

Java Latest 26.6.2 · 15d ago Security brief →

Features

User federation across multiple identity stores
Strong authentication mechanisms (password, OTP, social login)
Comprehensive user management and role‑based access control

Recent releases

View all 11 releases →

Upgrade now

26.6.2 Breaking risk 15d

Auth RBAC Crypto / TLS +1 more

CVE fixes

Open

26.6.1 Breaking risk 1mo

Breaking changes

MigrateTo26_6_0 modifies custom browser flows, breaking existing realm authentication

Security fixes

CVE-2026-4366: Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling
CVE-2026-4633: Keycloak user enumeration via identity-first login

Notable features

Database data at rest encryption
CloudNativePG updated to 1.29

View release on GitHub

26.6.0 1mo

Based on the provided changelog, here is a summary of the key changes, categorized by their impact: ### 🚀 Key Improvements & Features * **New Capabilities:** Added support for-related features such as managing credentials/secrets via LDAP and potential new automation for developers. * **Performance & Efficiency:** * Significant optimizations for resource management, including smarter handling of JDBC connections and reduced thread consumption. * Improved database connection mana

View release on GitHub

26.5.7 Security relevant 2mo

Security fixes

CVE-2025-14083 Improper Access Control in Admin REST API leads to information disclosure
CVE-2026-1002 Static handler component cache manipulation enables denial of static file access
CVE-2026-3429 Improper Access Control for Level of Assurance during credential deletion

View release on GitHub

26.5.6 Security relevant 2mo

Security fixes