Keycloak 3.0.0.CR1 is released. Even though we've been busy wrapping up Keycloak 2.5 we've managed to include quite a few new features.
To download the release go to the Keycloak homepage.
This release is the first that comes without Mongo support.
Highlights
- No import option for LDAP - This option allows consuming users from LDAP without importing into the Keycloak database
- Initiate linking of identity provider from application - In the past adding additional identity brokering accounts could only be done through the account management console. Now this can be done from your application
- Hide identity provider - It's now possible to hide an identity provider from the login page
- Jetty 9.4 - Thanks to reneploetz we now have support for Jetty 9.4
- Swedish translations - Thanks to Viktor Kostov for adding Swedish translations
- Checksums for downloads - The website now has md5 checksums for all downloads
- BOMs - We've added BOMs for adapters as well as Server SPIs
The full list of resolved issues is available in JIRA.
Upgrading
Before you upgrade remember to backup your database and check the migration guide.
MD5? Why not something better?
ReplyDeleteIt's a file checksum! No need for something better.
DeleteWell, it is possible to create modifications to a file that preserves the MD5 hash. Se for example: https://natmchugh.blogspot.no/2015/05/how-to-make-two-binaries-with-same-md5.html
DeleteSHA1 good enough then?
DeleteProbably, but it might be best to go for something even stronger: https://sites.google.com/site/itstheshappening/
DeleteBut I guess the best reason is that both MD5 and SHA1 has a bad rep these days, even if the attack is not likely on this particular usecase.
DeleteActually thinking more about this and there's simply no point in having "safer" checksum. To be safe simply make sure you download Keycloak from trusted sources (https://downloads.jboss.org). If that was compromised and someone somehow uploaded a compromised version there they could just as easily replace the checksum.
DeleteI'll keep it as a md5 as that does the job of file integrity.
Standalone server distribution 3.0.0.CR1 not found, cannot download at home page
ReplyDeletethe download link is wrong, should be keycloak-3.0.0.CR1.zip
ReplyDeletehttps://downloads.jboss.org/keycloak/3.0.0.CR1/keycloak-3.0.0.CR1.zip.zip
Download links are incorrect
ReplyDeletechange it from
https://downloads.jboss.org/keycloak/3.0.0.CR1/keycloak-3.0.0.CR1.zip.zip
to
https://downloads.jboss.org/keycloak/3.0.0.CR1/keycloak-3.0.0.CR1.zip
Download links fixed
ReplyDelete