Skip to main content

TideCloak 0.6.55

An upgrade to underlying Keycloak and a rollout of urgent bug fixes on top of previous release.

Highlights:

  • New pending change requests indicator.
  • Update Keycloak version.

Keycloak update 26.1.4

Minor version update with few notable changes. Find official Keycloak release notes here, here and here.

  • Upgrade to Infinispan 15.0.14
  • Fixed unnamed realm role fetching issue
  • Multiple token revocation requests caused an error - fixed
  • Redirect issue after linking account - fixed
  • User attribute key broken - fixed
  • CVE-2025-0736 Error during JGroups channel creation may reveal secure information - fixed
  • Upgrade to latest JGroups patch version
  • CVE-2024-47072 - XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream - Fixed
  • JDBC Ping with Docker - Fixed
  • Latency issue after Keycloak version upgrade

TideCloak changes

IGA default roles management

Default user-context (Quorum-assured role certification) now correctly generated when new role is added/removed from the realm's default role.

Pending change requests indicator

New visual indicator added on the Change Requests menu label, indicating the number of pending requests in that admin's queue. Known issue: The indicator doesn't update in real-time and requires a manual browser refresh to update.

Approval Pop-up seniority

In specific edge-cases, when multiple IGA approval pop-ups invoked, or manually terminated, TideCloak couldn't differentiate well which specific change request was changed and how, leading to misleading indication of pending states of change request (no actual breach of security, though). This has now been addressed with the pop-up approval windows now reporting full, verifiable change request to update, freeing TideCloak to be stateless and get the state from the pop-up.