From 49ebcaf31663ef2c5314cefae3f1e763ef0c78ee Mon Sep 17 00:00:00 2001 From: mikkeldamsgaard Date: Thu, 11 Jun 2026 22:01:44 +0200 Subject: [PATCH] chore: prepare keycloak v26.6.3 release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sync chart version with upstream appVersion 26.6.3 (already bumped on main via #100). - Security: Keycloak 26.6.1 → 26.6.3 (~32 upstream CVE fixes) - Fixed: publishNotReadyAddresses on the JGroups headless service (split-brain cluster formation with simultaneous replica starts) Co-Authored-By: Claude Fable 5 --- charts/keycloak/Chart.yaml | 8 +++----- charts/keycloak/tests/serviceaccount_test.yaml | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index d8faf50..8df3528 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: keycloak description: A Helm chart for deploying Keycloak IAM using the upstream quay.io/keycloak/keycloak image on Kubernetes type: application -version: 26.6.1 +version: 26.6.3 appVersion: "26.6.3" keywords: - keycloak @@ -30,9 +30,7 @@ annotations: - name: Source url: https://github.com/KitStream/helms artifacthub.io/changes: | - - kind: changed - description: Bump Keycloak from 26.6.0 to 26.6.1 (security and bugfix release) - kind: security - description: "Upstream security fixes: CVE-2026-4366 (SSRF via HTTP redirect), CVE-2026-4633 (user enumeration via identity-first login)" + description: Bump Keycloak from 26.6.1 to 26.6.3 — ~32 upstream CVE fixes including session fixation, redirect-URI bypass, SSRF, and refresh-token reuse - kind: fixed - description: Fix broken chart icon URL — upstream Keycloak moved keycloak_icon_512px.svg to icon.svg (#64) + description: Publish not-ready addresses on the JGroups headless service so simultaneously started replicas form a single cluster instead of split-brain merging late diff --git a/charts/keycloak/tests/serviceaccount_test.yaml b/charts/keycloak/tests/serviceaccount_test.yaml index 1c15066..3de3429 100644 --- a/charts/keycloak/tests/serviceaccount_test.yaml +++ b/charts/keycloak/tests/serviceaccount_test.yaml @@ -52,6 +52,6 @@ tests: - isSubset: path: metadata.labels content: - helm.sh/chart: keycloak-26.6.1 + helm.sh/chart: keycloak-26.6.3 app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "26.6.3"