jbossorg
diff --git a/‎src/content/posts-aggregator/10.json
+7-6 b/‎src/content/posts-aggregator/10.json
+7-6
diff --git a/‎src/content/posts-aggregator/11.json
+6-7 b/‎src/content/posts-aggregator/11.json
+6-7
diff --git a/‎src/content/posts-aggregator/12.json
+5-5 b/‎src/content/posts-aggregator/12.json
+5-5
@@ -1,13 +1,14 @@
 {
-  "title": "Quarkus 3.19 - UBI 9 images, Micrometer to OpenTelemetry bridge, JEP 483 new AOT cache...",
-  "link": "https://quarkus.io/blog/quarkus-3-19-1-released/",
+  "title": "Keycloak 26.1.3 released",
+  "link": "https://www.keycloak.org/2025/02/keycloak-2613-released",
   "author": [
     {
-      "name": "Guillaume Smet",
+      "name": null,
       "avatar": null
     }
   ],
-  "date": "2025-02-26T00:00:00.000Z",
-  "feed_title": "Quarkus",
-  "content": "Today, we released Quarkus 3.19. Quarkus 3.19 is our first step towards the release of our new 3.20 LTS, as 3.20 LTS will be based on the 3.19 branch.  You can consider that the next LTS is feature complete and we encourage you to adopt 3.19 and share your feedback.  It comes with a lot of enhancements and the following new features:   * - Migrate core extensions to @ConfigMapping   * - Switch to UBI 9 by default   * - Micrometer to OpenTelemetry bridge   * - Introduce support for JEP 483’s new AOT cache   * - WebSockets Next: Allow to send authorization headers from web browsers    using JavaScript clients   * - WebSockets Next: Support permission checkers   * - Support for OAuth2 Demonstrating Proof of Possession   UPDATE  To update to Quarkus 3.19, we recommend updating to the latest version of the Quarkus CLI and run:  quarkus update  Note that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.19.  For more information about the adjustments you need to make to your applications, please refer to the .   WHAT’S NEW?   MIGRATION TO @CONFIGMAPPING  In 2022, we introduced in Quarkus a new configuration infrastructure for extensions based on interfaces annotated with @ConfigMapping. They were a replacement for the legacy config classes that were used in Quarkus extensions, which came with several issues and were specific to extensions (you couldn’t use them in applications).  The new @ConfigMapping infrastructure unifies extension and application configuration on the same infrastructure.  In Quarkus 3.19, we moved all the core extensions to this new infrastructure (except for some classes that were kept for compatibility purposes). This change might impact you if you were consuming the config classes and, if so, we recommend having a look at the .  If you are an extension developer, we encourage you to move to this new infrastructure as, at some point in the future, we will sunset the legacy ones (we will announce a sunsetting plan soon, it will offer you ample time to upgrade).   UBI 9 AS DEFAULT  We updated the default images across Quarkus to UBI 9 (both to build your applications and run your applications).  The will give you ample information on the impact and what you might need to tweak.   MICROMETER TO OPENTELEMETRY BRIDGE  You can now push your Micrometer metrics to OpenTelemetry using a bridge.  Learn more about it in the .   JEP 483’S AOT CACHE  We have support for AppCDS in Quarkus for quite a while and Quarkus 3.19 generalizes it to also support the AOT cache introduced in JEP 483.  It can further improve the startup time, if you generate an AOT cache.   WEBSOCKETS NEXT  Two new features for WebSockets Next:   * The ability to send Authorization headers from web browsers using JavaScript    clients - see the .   * The support for permission checkers, which were already available for your    REST endpoints - see the .   SECURITY  Our OIDC extension now supports for OAuth 2 tokens.  You can find more information about it in our .   PLATFORM COMPONENT UPGRADES  QUARKUS CXF  Quarkus CXF 3.19 was released and is now available in . Check the release notes for more information about what is new in this release.  CAMEL QUARKUS  Camel Quarkus has been upgraded to 3.19.0. You can consult the for more information.   FULL CHANGELOG  You can get the full changelog of , , and on GitHub.   CONTRIBUTORS  The Quarkus community is growing and has now . Many many thanks to each and everyone of them.  In particular for the 3.19 release, thanks to Akulov S V, Ales Justin, Alex Martel, Alex Rovner, Alexey Loubyansky, Andrea Boriero, André Pantaleão, Andy Damevin, Bruno Baptista, Chris Laprun, Clement Escoffier, cmoulliard, Damien Clément d’Huart, David Me, Davide D’Alto, dc1248, Eric Deandrea, Erik Mattheis, Felix König, Foivos Zakkak, franz1981, George Gastaldi, Georgios Andrianakis, Gerhard Flothow, Guillaume Smet, Hannah Arndt, Harald Albers, HerrDerb, Holly Cummins, Ivan Béthus, Ivan Petkov, Jakub Gardo, Jakub Jedlicka, Jan Martiska, Jorge Pinto, Julien Ponge, Katia Aresti, Ladislav Thon, Lars Andringa, Loïc Mathieu, Luis Rubiera, Marc Nuri, Marco Bungart, Marco Sappé Griot, Marek Skacelik, mariofusco, marko-bekhta, Martin Kouba, Martin Panzer, Matej Novotny, Matheus Cruz, Matthias Schorsch, Max Rydahl Andersen, Maximilian Zellhofer, melloware, Michael Edgar, Michal Maléř, Michal Vavřík, Ozan Gunalp, pedro_Simoes, Peter Palaga, Phillip Krüger, Roberto Cortez, Rolfe Dlugy-Hegwer, Romain QUINIO, Rostislav Svoboda, Ryan Dens, Sanne Grinovero, Sergey Beryozkin, Severin Gehwolf, Stephan Strate, Stuart Douglas, Stéphane Épardaud, Tobias Haindl, Vincent Potucek, xstefank, and Yoann Rodière.   COME JOIN US  We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!  If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:   * provide feedback on ;   * craft some code and ;   * discuss with us on and on the ;   * ask your questions on ."
+  "date": "2025-02-28T00:00:00.000Z",
+  "feed_title": "Keycloak Blog",
+  "feed_avatar": "https://www.gravatar.com/avatar/87fe00619f08c241da8dfb23d907ffa2?s=50",
+  "content": "To download the release go to .   HIGHLIGHTS   SEND RESET EMAIL FORCE LOGIN AGAIN FOR FEDERATED USERS AFTER RESET CREDENTIALS  In a new configuration option was added to the reset-credential-email (Send Reset Email) authenticator to allow changing the default behavior after the reset credentials flow. Now the option force-login (Force login after reset) is adding a third configuration value only-federated, which means that the force login is true for federated users and false for the internal database users. The new behavior is now the default. This way all users managed by user federation providers, whose implementation can be not so tightly integrated with Keycloak, are forced to login again after the reset credentials flow to avoid any issue. This change in behavior is due to the secure by default policy.  For more information, see .   UPGRADING  Before upgrading refer to for a complete list of changes.   ALL RESOLVED ISSUES   BUGS   * Invalid migration export for empty database core  * Redirect after linking account account/ui  * Viewing user events requires `view-realm`-role admin/ui  * Keycloak user attribute key broken in Keycloak 26.1.0 admin/ui  * When linking IDP to an organization hide on login sets as off admin/ui  * SAML2 Client Signing Keys Config does not accept PEM import admin/ui  * Comboxes do not display selected option after reset admin/ui  * MeterFilter is configured after a Meter has been registered dist/quarkus  * CVE-2025-0736 Error during JGroups channel creation may reveal secure    information  * Admin console: unable to edit user profile attribute either on the form or    the JSON editor. admin/ui  * CI fails with \"Problem creating zip: Execution exception: Java heap space\" ci  * Error on import of a public key (pem) authentication  * Customized quarkus.properties for MySQL cause \"Unable to find the JDBC driver    (org.h2.Driver)\"，The server fails to start. storage  * Wrong organization claim assignment in JWT access token organizations  * Change default value for force-login option in reset-credential-email    authentication  * Login form can be used to determine which email addresses / usernames are in    the system login/ui  * Problems changing pre-defined user profile attributes admin/ui  * Upgrade to latest JGroups patch version  * CVE-2024-47072 - XStream is vulnerable to a Denial of Service attack due to    stack overflow from a manipulated binary input stream  * Password policies like NoUsername consider case-sensitivity authentication  * External Link Test failing docs  * Property Name Casing Mismatch in ProtocolMapperUtils saml"
 }
@@ -1,14 +1,13 @@
 {
-  "title": "New videos about OpenID Connect and Keycloak from FOSDEM 2025",
-  "link": "https://www.keycloak.org/2025/02/recordings-available-fosdem",
+  "title": "CVE fixes - February 2025",
+  "link": "https://quarkus.io/blog/cve-fixes-feb-2025/",
   "author": [
     {
-      "name": "Alexander Schwartz",
+      "name": "Guillaume Smet",
       "avatar": null
     }
   ],
-  "date": "2025-02-25T00:00:00.000Z",
-  "feed_title": "Keycloak Blog",
-  "feed_avatar": "https://www.gravatar.com/avatar/87fe00619f08c241da8dfb23d907ffa2?s=50",
-  "content": "is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event.  Several talks regarding OpenID Connect and Keycloak have been recorded, and are now available online to re-watch. for the links to the videos.   MEETING THE KEYCLOAK COMMUNITY ON-SITE  As an incubating project of the Cloud Native Computing Foundation (CNCF), we were happy to share the space of their stand. During the two days, we met with hundreds of existing Keycloak users on-site, as well as with people new to the IAM and identity space. It was fun and exciting to learn what people are doing.  We would love to hear more from you about your success stories, what is crucial to your deployments and what can be done better. Fill out the , so we can better understand your use cases, and if you want to share your experience with the wider Keycloak community.     VIDEOS TO RE-WATCH  These four talks mentioned Keycloak in their talk and on their slides, or are related to OpenID Connect. Did we miss a talk that would be interesting to users of Keycloak? Let us know!  Speakers: Takashi Norimatsu, Alexander Schwartz Track: Security   Abstract: OAuth 2.0 uses access tokens to grant access to secured resources. When using Single Page Applications, they are passed from browsers to the servers as bearer tokens using HTTP headers.  While they are secured in transit using TLS, those tokens could be stolen from a browser, replayed, or mis-used by a malicious or vulnerable server. OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) takes this one step further by equipping the client like your Single Page Application with a key pair so that it can show a proof when passing the access token, so no-one else can use the access token. DPoP is part of the FAPI 2.0 Security Profile by the OpenID Foundation. It promotes best practices on how to protect APIs exposing high-value and sensitive (personal and other) data, for example, in finance, e-health and e-government applications.  This talk will explain the concepts and demos how this can be implemented using Keycloak and other open source components. We will also describe the current challenges, limitations and alternatives of the approach.  Speaker: Milan Jakobi Track: Identity and Access Management  Abstract: Modern web applications strongly rely on Authentication/Authorization infrastructures. To address these needs, the OSS community has strongly endorsed open protocols such as OpenIdConnect and OAuth2, on top of JSON and REST. In turn, these protocols have been implemented in software products such as Keycloak, WSO2 or Lemonldap.  OpenId Connect and OAuth2 are authorization protocols, closely aligned with authentication, as provided by Identity Providers. They have been designed within various standardization bodies such as the OpenId foundation or the Internet Engineering Task Force. Understanding these standards is demanding, but needed in order to implement feature-rich solutions, to understand the various options offered to implementers.  This talk will therefore discuss in details OIDC and OAuth : the various flows that exist in order to obtain access tokens for standard clients, and some advanced features enabled by these protocols.  Track: Identity and Access Management  Identity Providers (IdP) based on OAuth 2.0/OIDC and other REST APIs like e.g. Keycloak or Entry ID play a dominant role in the identity management of web-based applications. But organizations which are using IdPs for their internal applications still have to use other services, typically LDAP based, to manage access and authentication to LINUX/POSIX user workstations.  To help to avoid running two services for identity management SSSD started to use IdPs to lookup users and authenticate them against the IdPs. In contrast to LDAP there are no standards and conventions with respect to POSIX users and groups in the IdP world.  This talk will focus on how SSSD is getting user and group information from IdPs, how information required by POSIX, e.g. the numeric user and group IDs, is created and what kind of limitations there are. Additionally it will be explained why the OAuth 2.0 Device Authorization Flow was chosen for authentication and demonstrated.  Speaker: Alexander Schwartz Track: Identity and Access Management  Abstract: Authenticating users can start simple with a username and a password for each user. But you will also need to handle forgotten passwords and user registration. You might also want to validate email addresses, add second factors, have users update their profile information as needed, or even offer password-less authentication.  A single-sign-on system like Keycloak can handle all that for you and will redirect users after they are authenticated to your applications using the industry standards like OpenID Connect and SAML.  Join this talk to see how you can delegate all the tasks around authentication to Keycloak. We will start simple and enable more and more features in our demo to show the functionality and flexibility of Keycloak. We will also look at features of the latest release and the road map ahead.   FOSDEM IS ALL ABOUT DEVROOMS!  FOSDEM is a big event divided into smaller, single-track conferences with their own call for papers and organizers. Here a short list of those dev rooms that might be of interest for you if you are into Keycloak:  Identity and Access Management Devroom is related to operating systems' identity and access management in the free software and open source world.  The Security Devroom covers everything that is relevant to security in the free software and open source world. Talks cover topics like cryptography, supply chain, secure development and hardening.  The Digital Wallets and Verifiable Credentials DevRoom is about digital wallets, verifiable credentials and the ecosystems emerging from these subjects, especially in the EU."
+  "date": "2025-02-27T00:00:00.000Z",
+  "feed_title": "Quarkus",
+  "content": "Today, we released CVE fixes releases for Quarkus 3.8 LTS and 3.15 LTS to address several CVEs.  If you are using these versions and the mentioned components, the update is recommended.  These CVEs are already fixed in Quarkus 3.19.1, so if you are using a non-LTS version, please upgrade to Quarkus 3.19.1 (or to the closest LTS version if you are using an old version).  We addressed the following CVEs:   * - Upstream Netty (only for 3.15)   * - Quarkus REST - Using field injection for request-scoped elements in REST    resources not marked with the request scope could lead to concurrency issues.   * (embargo will be lifted soon) - WebAuthn - The callback endpoint was enabled    by default. It now requires to be .   * (not published yet) - RESTEasy Classic - RESTEasy Classic endpoints may be    affected by memory leaks. If you are exposing REST endpoints publicly using    the quarkus-resteasy extension, the update is highly recommended. Quarkus    REST is NOT affected by this CVE.   COME JOIN US  We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!  If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:   * provide feedback on ;   * craft some code and ;   * discuss with us on and on the ;   * ask your questions on ."
 }
Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,14 @@`
`1`	`1`	`{`
`2`		`- "title": "Quarkus 3.19 - UBI 9 images, Micrometer to OpenTelemetry bridge, JEP 483 new AOT cache...",`
`3`		`- "link": "https://quarkus.io/blog/quarkus-3-19-1-released/",`
	`2`	`+ "title": "Keycloak 26.1.3 released",`
	`3`	`+ "link": "https://www.keycloak.org/2025/02/keycloak-2613-released",`
`4`	`4`	`"author": [`
`5`	`5`	`{`
`6`		`- "name": "Guillaume Smet",`
	`6`	`+ "name": null,`
`7`	`7`	`"avatar": null`
`8`	`8`	`}`
`9`	`9`	`],`
`10`		`- "date": "2025-02-26T00:00:00.000Z",`
`11`		`- "feed_title": "Quarkus",`
`12`		- "content": "Today, we released Quarkus 3.19. Quarkus 3.19 is our first step towards the release of our new 3.20 LTS, as 3.20 LTS will be based on the 3.19 branch. You can consider that the next LTS is feature complete and we encourage you to adopt 3.19 and share your feedback. It comes with a lot of enhancements and the following new features: * - Migrate core extensions to @ConfigMapping * - Switch to UBI 9 by default * - Micrometer to OpenTelemetry bridge * - Introduce support for JEP 483’s new AOT cache * - WebSockets Next: Allow to send authorization headers from web browsers using JavaScript clients * - WebSockets Next: Support permission checkers * - Support for OAuth2 Demonstrating Proof of Possession UPDATE To update to Quarkus 3.19, we recommend updating to the latest version of the Quarkus CLI and run: quarkus update Note that quarkus update can update your applications from any version of Quarkus (including 2.x) to Quarkus 3.19. For more information about the adjustments you need to make to your applications, please refer to the . WHAT’S NEW? MIGRATION TO @CONFIGMAPPING In 2022, we introduced in Quarkus a new configuration infrastructure for extensions based on interfaces annotated with @ConfigMapping. They were a replacement for the legacy config classes that were used in Quarkus extensions, which came with several issues and were specific to extensions (you couldn’t use them in applications). The new @ConfigMapping infrastructure unifies extension and application configuration on the same infrastructure. In Quarkus 3.19, we moved all the core extensions to this new infrastructure (except for some classes that were kept for compatibility purposes). This change might impact you if you were consuming the config classes and, if so, we recommend having a look at the . If you are an extension developer, we encourage you to move to this new infrastructure as, at some point in the future, we will sunset the legacy ones (we will announce a sunsetting plan soon, it will offer you ample time to upgrade). UBI 9 AS DEFAULT We updated the default images across Quarkus to UBI 9 (both to build your applications and run your applications). The will give you ample information on the impact and what you might need to tweak. MICROMETER TO OPENTELEMETRY BRIDGE You can now push your Micrometer metrics to OpenTelemetry using a bridge. Learn more about it in the . JEP 483’S AOT CACHE We have support for AppCDS in Quarkus for quite a while and Quarkus 3.19 generalizes it to also support the AOT cache introduced in JEP 483. It can further improve the startup time, if you generate an AOT cache. WEBSOCKETS NEXT Two new features for WebSockets Next: * The ability to send Authorization headers from web browsers using JavaScript clients - see the . * The support for permission checkers, which were already available for your REST endpoints - see the . SECURITY Our OIDC extension now supports for OAuth 2 tokens. You can find more information about it in our . PLATFORM COMPONENT UPGRADES QUARKUS CXF Quarkus CXF 3.19 was released and is now available in . Check the release notes for more information about what is new in this release. CAMEL QUARKUS Camel Quarkus has been upgraded to 3.19.0. You can consult the for more information. FULL CHANGELOG You can get the full changelog of , , and on GitHub. CONTRIBUTORS The Quarkus community is growing and has now . Many many thanks to each and everyone of them. In particular for the 3.19 release, thanks to Akulov S V, Ales Justin, Alex Martel, Alex Rovner, Alexey Loubyansky, Andrea Boriero, André Pantaleão, Andy Damevin, Bruno Baptista, Chris Laprun, Clement Escoffier, cmoulliard, Damien Clément d’Huart, David Me, Davide D’Alto, dc1248, Eric Deandrea, Erik Mattheis, Felix König, Foivos Zakkak, franz1981, George Gastaldi, Georgios Andrianakis, Gerhard Flothow, Guillaume Smet, Hannah Arndt, Harald Albers, HerrDerb, Holly Cummins, Ivan Béthus, Ivan Petkov, Jakub Gardo, Jakub Jedlicka, Jan Martiska, Jorge Pinto, Julien Ponge, Katia Aresti, Ladislav Thon, Lars Andringa, Loïc Mathieu, Luis Rubiera, Marc Nuri, Marco Bungart, Marco Sappé Griot, Marek Skacelik, mariofusco, marko-bekhta, Martin Kouba, Martin Panzer, Matej Novotny, Matheus Cruz, Matthias Schorsch, Max Rydahl Andersen, Maximilian Zellhofer, melloware, Michael Edgar, Michal Maléř, Michal Vavřík, Ozan Gunalp, pedro_Simoes, Peter Palaga, Phillip Krüger, Roberto Cortez, Rolfe Dlugy-Hegwer, Romain QUINIO, Rostislav Svoboda, Ryan Dens, Sanne Grinovero, Sergey Beryozkin, Severin Gehwolf, Stephan Strate, Stuart Douglas, Stéphane Épardaud, Tobias Haindl, Vincent Potucek, xstefank, and Yoann Rodière. COME JOIN US We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together! If you are a Quarkus user or just curious, don’t be shy and join our welcoming community: * provide feedback on ; * craft some code and ; * discuss with us on and on the ; * ask your questions on ."
	`10`	`+ "date": "2025-02-28T00:00:00.000Z",`
	`11`	`+ "feed_title": "Keycloak Blog",`
	`12`	`+ "feed_avatar": "https://www.gravatar.com/avatar/87fe00619f08c241da8dfb23d907ffa2?s=50",`
	`13`	+ "content": "To download the release go to . HIGHLIGHTS SEND RESET EMAIL FORCE LOGIN AGAIN FOR FEDERATED USERS AFTER RESET CREDENTIALS In a new configuration option was added to the reset-credential-email (Send Reset Email) authenticator to allow changing the default behavior after the reset credentials flow. Now the option force-login (Force login after reset) is adding a third configuration value only-federated, which means that the force login is true for federated users and false for the internal database users. The new behavior is now the default. This way all users managed by user federation providers, whose implementation can be not so tightly integrated with Keycloak, are forced to login again after the reset credentials flow to avoid any issue. This change in behavior is due to the secure by default policy. For more information, see . UPGRADING Before upgrading refer to for a complete list of changes. ALL RESOLVED ISSUES BUGS * Invalid migration export for empty database core * Redirect after linking account account/ui * Viewing user events requires `view-realm`-role admin/ui * Keycloak user attribute key broken in Keycloak 26.1.0 admin/ui * When linking IDP to an organization hide on login sets as off admin/ui * SAML2 Client Signing Keys Config does not accept PEM import admin/ui * Comboxes do not display selected option after reset admin/ui * MeterFilter is configured after a Meter has been registered dist/quarkus * CVE-2025-0736 Error during JGroups channel creation may reveal secure information * Admin console: unable to edit user profile attribute either on the form or the JSON editor. admin/ui * CI fails with \"Problem creating zip: Execution exception: Java heap space\" ci * Error on import of a public key (pem) authentication * Customized quarkus.properties for MySQL cause \"Unable to find the JDBC driver (org.h2.Driver)\"，The server fails to start. storage * Wrong organization claim assignment in JWT access token organizations * Change default value for force-login option in reset-credential-email authentication * Login form can be used to determine which email addresses / usernames are in the system login/ui * Problems changing pre-defined user profile attributes admin/ui * Upgrade to latest JGroups patch version * CVE-2024-47072 - XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream * Password policies like NoUsername consider case-sensitivity authentication * External Link Test failing docs * Property Name Casing Mismatch in ProtocolMapperUtils saml"
`13`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,13 @@`
`1`	`1`	`{`
`2`		`- "title": "New videos about OpenID Connect and Keycloak from FOSDEM 2025",`
`3`		`- "link": "https://www.keycloak.org/2025/02/recordings-available-fosdem",`
	`2`	`+ "title": "CVE fixes - February 2025",`
	`3`	`+ "link": "https://quarkus.io/blog/cve-fixes-feb-2025/",`
`4`	`4`	`"author": [`
`5`	`5`	`{`
`6`		`- "name": "Alexander Schwartz",`
	`6`	`+ "name": "Guillaume Smet",`
`7`	`7`	`"avatar": null`
`8`	`8`	`}`
`9`	`9`	`],`
`10`		`- "date": "2025-02-25T00:00:00.000Z",`
`11`		`- "feed_title": "Keycloak Blog",`
`12`		`- "feed_avatar": "https://www.gravatar.com/avatar/87fe00619f08c241da8dfb23d907ffa2?s=50",`
`13`		- "content": "is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event. Several talks regarding OpenID Connect and Keycloak have been recorded, and are now available online to re-watch. for the links to the videos. MEETING THE KEYCLOAK COMMUNITY ON-SITE As an incubating project of the Cloud Native Computing Foundation (CNCF), we were happy to share the space of their stand. During the two days, we met with hundreds of existing Keycloak users on-site, as well as with people new to the IAM and identity space. It was fun and exciting to learn what people are doing. We would love to hear more from you about your success stories, what is crucial to your deployments and what can be done better. Fill out the , so we can better understand your use cases, and if you want to share your experience with the wider Keycloak community. VIDEOS TO RE-WATCH These four talks mentioned Keycloak in their talk and on their slides, or are related to OpenID Connect. Did we miss a talk that would be interesting to users of Keycloak? Let us know! Speakers: Takashi Norimatsu, Alexander Schwartz Track: Security Abstract: OAuth 2.0 uses access tokens to grant access to secured resources. When using Single Page Applications, they are passed from browsers to the servers as bearer tokens using HTTP headers. While they are secured in transit using TLS, those tokens could be stolen from a browser, replayed, or mis-used by a malicious or vulnerable server. OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) takes this one step further by equipping the client like your Single Page Application with a key pair so that it can show a proof when passing the access token, so no-one else can use the access token. DPoP is part of the FAPI 2.0 Security Profile by the OpenID Foundation. It promotes best practices on how to protect APIs exposing high-value and sensitive (personal and other) data, for example, in finance, e-health and e-government applications. This talk will explain the concepts and demos how this can be implemented using Keycloak and other open source components. We will also describe the current challenges, limitations and alternatives of the approach. Speaker: Milan Jakobi Track: Identity and Access Management Abstract: Modern web applications strongly rely on Authentication/Authorization infrastructures. To address these needs, the OSS community has strongly endorsed open protocols such as OpenIdConnect and OAuth2, on top of JSON and REST. In turn, these protocols have been implemented in software products such as Keycloak, WSO2 or Lemonldap. OpenId Connect and OAuth2 are authorization protocols, closely aligned with authentication, as provided by Identity Providers. They have been designed within various standardization bodies such as the OpenId foundation or the Internet Engineering Task Force. Understanding these standards is demanding, but needed in order to implement feature-rich solutions, to understand the various options offered to implementers. This talk will therefore discuss in details OIDC and OAuth : the various flows that exist in order to obtain access tokens for standard clients, and some advanced features enabled by these protocols. Track: Identity and Access Management Identity Providers (IdP) based on OAuth 2.0/OIDC and other REST APIs like e.g. Keycloak or Entry ID play a dominant role in the identity management of web-based applications. But organizations which are using IdPs for their internal applications still have to use other services, typically LDAP based, to manage access and authentication to LINUX/POSIX user workstations. To help to avoid running two services for identity management SSSD started to use IdPs to lookup users and authenticate them against the IdPs. In contrast to LDAP there are no standards and conventions with respect to POSIX users and groups in the IdP world. This talk will focus on how SSSD is getting user and group information from IdPs, how information required by POSIX, e.g. the numeric user and group IDs, is created and what kind of limitations there are. Additionally it will be explained why the OAuth 2.0 Device Authorization Flow was chosen for authentication and demonstrated. Speaker: Alexander Schwartz Track: Identity and Access Management Abstract: Authenticating users can start simple with a username and a password for each user. But you will also need to handle forgotten passwords and user registration. You might also want to validate email addresses, add second factors, have users update their profile information as needed, or even offer password-less authentication. A single-sign-on system like Keycloak can handle all that for you and will redirect users after they are authenticated to your applications using the industry standards like OpenID Connect and SAML. Join this talk to see how you can delegate all the tasks around authentication to Keycloak. We will start simple and enable more and more features in our demo to show the functionality and flexibility of Keycloak. We will also look at features of the latest release and the road map ahead. FOSDEM IS ALL ABOUT DEVROOMS! FOSDEM is a big event divided into smaller, single-track conferences with their own call for papers and organizers. Here a short list of those dev rooms that might be of interest for you if you are into Keycloak: Identity and Access Management Devroom is related to operating systems' identity and access management in the free software and open source world. The Security Devroom covers everything that is relevant to security in the free software and open source world. Talks cover topics like cryptography, supply chain, secure development and hardening. The Digital Wallets and Verifiable Credentials DevRoom is about digital wallets, verifiable credentials and the ecosystems emerging from these subjects, especially in the EU."
	`10`	`+ "date": "2025-02-27T00:00:00.000Z",`
	`11`	`+ "feed_title": "Quarkus",`
	`12`	+ "content": "Today, we released CVE fixes releases for Quarkus 3.8 LTS and 3.15 LTS to address several CVEs. If you are using these versions and the mentioned components, the update is recommended. These CVEs are already fixed in Quarkus 3.19.1, so if you are using a non-LTS version, please upgrade to Quarkus 3.19.1 (or to the closest LTS version if you are using an old version). We addressed the following CVEs: * - Upstream Netty (only for 3.15) * - Quarkus REST - Using field injection for request-scoped elements in REST resources not marked with the request scope could lead to concurrency issues. * (embargo will be lifted soon) - WebAuthn - The callback endpoint was enabled by default. It now requires to be . * (not published yet) - RESTEasy Classic - RESTEasy Classic endpoints may be affected by memory leaks. If you are exposing REST endpoints publicly using the quarkus-resteasy extension, the update is highly recommended. Quarkus REST is NOT affected by this CVE. COME JOIN US We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together! If you are a Quarkus user or just curious, don’t be shy and join our welcoming community: * provide feedback on ; * craft some code and ; * discuss with us on and on the ; * ask your questions on ."
`14`	`13`	`}`