Security Updates for Keycloak


I might just overlooked the documentation but how is the policy for security updates for Keycloak Major versions.

  • If I run Keycloak 11.0.2 do I have the latest security patches included?
  • When does a Keycloak major version get deprecated? (or do I have to always use the latest version right now 14.0.0)

Any advice / direction is welcome

There is no real/official update-policy.
As Keycloak is an open source software with only “community support”, it is recommended to use always the most recent version to get the latest bugfixes and security patches.
As soon as there is a new major version, the previous version won’t be maintained anymore.

See also Keycloak - Blog - Keycloak Releases and Versioning

There is also a product with commercial support, fully based on Keycloak, called “Red Hat Single Sign On”. For RH-SSO other update policies apply!

Thank you - so as i assumed to be secure we would have to always use the latest version as of now 14.0.0