Skip to content

1.4.0-beta1

Pre-release
Pre-release
Compare
Choose a tag to compare
@SailReal SailReal released this 31 Oct 14:11
· 1 commit to develop since this release
1.4.0-beta1
4b7d0b5

What's Changed

  • Introduces a trusted network model (Web of Trust) allowing user-verifiable trust chains (#281)
  • Provides a new role (create-vaults) configuration option that allows granular control over vault creation permissions (#296)
  • Update Keycloak to 25.0.6
  • Introduce CHANGELOG file

Full Changelog: 1.3.4...1.4.0-beta1

Important Considerations for the 1.4.0 Update

1. Optionally configuring Web of Trust Parameters

With Web of Trust (WoT), two new configuration options are now available:

  • wot_max_depth (default: 3): Defines the maximum number of graph edges between two users to establish a trust chain.
  • wot_id_verify_len (default: 2): Sets the required number of characters to be entered during user fingerprint verification.

Note: Currently, both of these parameters can only be modified within the database. A future update will introduce user-friendly configuration options (see Issue #297).

2. Vault Creation Permissions

Starting with version 1.4.0, only users with the admin role can create vaults by default. However, you may configure the create-vaults role to extend this capability to specific users or groups.

To restore the pre-1.4.0 behavior where all users can create vaults:

  1. Log in to Keycloak with admin privileges.
  2. Navigate to Realm Settings > User Registration > Assign Role.
  3. Select and apply the create-vaults role.

This setting grants both new and existing users the create-vaults role.

Recommended Steps for the 1.4.0 Update

We highly recommend updating Keycloak to version 25.0.6. Prior to the update, please verify the following changes:

  1. Health Check URL Update
    Modify the Keycloak health check URL as follows:

    - http://localhost:8080/health/live
    + http://localhost:9000/health/live
  2. Environment Variable Adjustments
    Update the Keycloak environment variables to the following values:

    - KC_HOSTNAME: keycloak_url
    - KC_PROXY: edge
    + KC_HOSTNAME: https://keycloak_url
    + KC_PROXY_HEADERS: xforwarded

Implementing these changes ensures that Keycloak will start correctly under the new configuration.