fix: resolve ProxyBuilderImpl ClassNotFoundException in parallel import

.env

@@ -1,3 +1,3 @@
 # Used in docker-compose
 # shellcheck disable=SC2034
-KEYCLOAK_VERSION=26.1.0
+KEYCLOAK_VERSION=26.3.3

.github/workflows/ci.yaml

@@ -32,9 +32,6 @@ jobs:
       fail-fast: false
       matrix:
         env:
-          # we keep 18.0.2 for backwards compatibility with RH-SSO 7.6
-          - KEYCLOAK_VERSION: 18.0.2
-            KEYCLOAK_CLIENT_VERSION: 18.0.2
           - KEYCLOAK_VERSION: 21.1.2
             KEYCLOAK_CLIENT_VERSION: 21.1.2
           - KEYCLOAK_VERSION: 22.0.4
@@ -50,17 +47,17 @@ jobs:
           - KEYCLOAK_VERSION: 26.1.0
             KEYCLOAK_CLIENT_VERSION: 26.0.4
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6.0.2
         with:
           fetch-depth: 0
 
       - name: Setup java
-        uses: actions/setup-java@v4.5.0
+        uses: actions/setup-java@v5.2.0
         with:
           distribution: 'temurin'
           java-version: 21
 
-      - uses: actions/cache@v4.2.0
+      - uses: actions/cache@v5.0.3
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}-${{ hashFiles('**/pom.xml') }}
@@ -82,16 +79,11 @@ jobs:
           echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV
           echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV
 
-      - name: Adapt sources for Keycloak versions < 19.0.0
-        if: ${{ matrix.env.KEYCLOAK_VERSION < '19.0.0' }}
-        run: |
-          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak19" >> $GITHUB_ENV
-
       - name: Build & Test
         run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} -Dkeycloak.client.version=${{ matrix.env.KEYCLOAK_CLIENT_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE}
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5.1.1
+        uses: codecov/codecov-action@v5.5.2
         if: github.ref == 'refs/heads/main'
         with:
           file: "${{ github.workspace }}/target/site/jacoco/jacoco.xml"
@@ -103,22 +95,22 @@ jobs:
         run: echo "::set-output name=VERSION::$(tail -n1 .env | cut -d= -f2)"
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v4.0.0
         if: startsWith(github.event.ref, 'refs/tags/v')
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Login to Quay.io
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v4.0.0
         if: startsWith(github.event.ref, 'refs/tags/v')
         with:
           registry: quay.io
           username: ${{ secrets.QUAYIO_USERNAME }}
           password: ${{ secrets.QUAYIO_PASSWORD }}
 
       - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@v3.0.0
+        uses: crazy-max/ghaction-github-runtime@v3.1.0
 
       - name: Compute SemVer parts of Keycloak version
         id: keycloak_semver
@@ -128,7 +120,7 @@ jobs:
 
       - name: Set up Docker Build Metadata
         id: docker_meta
-        uses: docker/metadata-action@v5.6.1
+        uses: docker/metadata-action@v6.0.0
         with:
           images: adorsys/keycloak-config-cli,quay.io/adorsys/keycloak-config-cli
           flavor: |
@@ -146,13 +138,13 @@ jobs:
             maintainer=adorsys GmbH & Co. KG
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.2.0
+        uses: docker/setup-qemu-action@v4.0.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.7.1
+        uses: docker/setup-buildx-action@v4.0.0
 
       - name: Build and push
-        uses: docker/build-push-action@v6.9.0
+        uses: docker/build-push-action@v7.0.0
         with:
           build-args: |-
             KEYCLOAK_VERSION=${{ matrix.env.KEYCLOAK_VERSION }}
@@ -172,7 +164,7 @@ jobs:
           cp target/keycloak-config-cli.jar keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar
           sha256sum keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar > keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}.jar.sha256
 
-      - uses: actions/upload-artifact@v4.4.3
+      - uses: actions/upload-artifact@v7.0.0
         with:
           name: keycloak-config-cli-${{ matrix.env.KEYCLOAK_VERSION }}
           if-no-files-found: error
@@ -188,75 +180,28 @@ jobs:
       matrix:
         java: [17, 21]
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6.0.2
 
       - name: Setup java ${{ matrix.java }}
-        uses: actions/setup-java@v4.5.0
+        uses: actions/setup-java@v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
 
-      - uses: actions/cache@v4.2.0
+      - uses: actions/cache@v5.0.3
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom
 
-      - name: Adapt sources for Keycloak versions < 23.0.0
-        if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
-        run: |
-          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV
-
-      - name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax)
-        if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }}
-        run: |
-          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV
-          echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV
-
-      - name: Build & Test
-        run: ./mvnw ${MAVEN_CLI_OPTS} ${ADJUSTED_RESTEASY_VERSION} clean verify ${COMPATIBILITY_PROFILE} -Djava.version=${{ matrix.java }}
-
-  build-legacy:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    strategy:
-      fail-fast: false
-      matrix:
-        env:
-          - KEYCLOAK_VERSION: 19.0.3
-            KEYCLOAK_CLIENT_VERSION: 19.0.3
-    steps:
-      - uses: actions/checkout@v4.2.2
-
-      - name: Setup java
-        uses: actions/setup-java@v4.5.0
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
-      - uses: actions/cache@v4.2.0
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-keycloak-legacy
-      - name: Adapt sources for Keycloak versions < 23.0.0
-        if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
-        run: |
-          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak23" >> $GITHUB_ENV
-      - name: Adapt sources for Keycloak versions < 22.0.0 (jakarta -> javax)
-        if: ${{ matrix.env.KEYCLOAK_VERSION < '22.0.0' }}
-        run: |
-          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak22" >> $GITHUB_ENV
-          echo "ADJUSTED_RESTEASY_VERSION=-Dresteasy.version=4.7.7.Final" >> $GITHUB_ENV
       - name: Build & Test
-        run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} -Dkeycloak.client.version=${{ matrix.env.KEYCLOAK_CLIENT_VERSION }} -Dkeycloak.dockerTagSuffix="-legacy" ${ADJUSTED_RESTEASY_VERSION} clean verify ${COMPATIBILITY_PROFILE}
+        run: ./mvnw ${MAVEN_CLI_OPTS} clean verify -Djava.version=${{ matrix.java }}
 
   lint-other-files:
     runs-on: ubuntu-22.04
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6.0.2
 
       - name: Lint .github/workflows/*.yaml files
         uses: ibiqlik/action-yamllint@v3.1.1
@@ -274,23 +219,23 @@ jobs:
         run: git fetch --prune --unshallow
 
       - name: Set up Helm
-        uses: azure/setup-helm@v4.2.0
+        uses: azure/setup-helm@v4.3.1
         with:
           version: v3.4.0
 
-      - uses: actions/setup-python@v5.3.0
+      - uses: actions/setup-python@v6.2.0
         with:
           python-version: 3.9
 
-      - uses: actions/cache@v4.2.0
+      - uses: actions/cache@v5.0.3
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-chart-testing-action
           restore-keys: |
             ${{ runner.os }}-pip-chart-testing-action
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
+        uses: helm/chart-testing-action@v2.8.0
 
       - name: Run chart-testing (lint)
         run: ct lint --config contrib/charts/ct.yaml
@@ -301,7 +246,7 @@ jobs:
     needs: [build]
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
-      - uses: actions/download-artifact@v4.1.8
+      - uses: actions/download-artifact@v8.0.0
         with:
           path: assets
           pattern: keycloak-config-cli*
@@ -312,7 +257,7 @@ jobs:
           echo Tag: $Tag
           echo "::set-output name=tag::$TAG"
       - name: Create Release
-        uses: softprops/action-gh-release@v2.1.0
+        uses: softprops/action-gh-release@v2.5.0
         with:
           name: Release ${{ github.ref_name }}
           draft: false
@@ -336,13 +281,13 @@ jobs:
   publish-helm-chart:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
-    needs: [build, build-pom-version, build-legacy, lint-other-files]
+    needs: [build, build-pom-version, lint-other-files]
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6.0.2
         with:
           fetch-depth: 0
       - name: Set up Helm
-        uses: azure/setup-helm@v4.2.0
+        uses: azure/setup-helm@v4.3.1
         with:
           version: v3.4.0
       - name: Publish Helm chart

.gitignore

@@ -1,11 +1,13 @@
 .DS_Store
 .idea/
+.vscode/
 *.iml
 .docker/
 target/
 .project
 .classpath
 .settings/
+.vscode/
 pom.xml.versionsBackup
 pom.xml.releaseBackup
 pom.xml.tag

CHANGELOG.md

@@ -6,10 +6,58 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Fixed
+
+- Prevent querying all clients twice in `findClientComposites`
+
+### Security
+- Fix secrets leak in HTTP debug logs - passwords, tokens, and credentials are now sanitized when `LOGGING_LEVEL_HTTP=debug` is enabled [#1302](https://github.com/adorsys/keycloak-config-cli/issues/1302)
+
+### Fixed
+- fix issue FGAP returns 501 Not implemented for keycloak-26.2.0+ [#1305](https://github.com/adorsys/keycloak-config-cli/issues/1305)
+- Prevent unnecessary authentication flow recreation when only realm-level properties change [#875](https://github.com/adorsys/keycloak-config-cli/issues/875)
+### Added
+- Add subGroups as managed import properties [#1294](https://github.com/adorsys/keycloak-config-cli/pull/1294)
+- Enhance getting all Clients to remove Flow Override by using pagination by 100 to avoid timeout [#1384](https://github.com/adorsys/keycloak-config-cli/issues/1384)
+- JavaScript variable substitution support in configuration files [#934](https://github.com/adorsys/keycloak-config-cli/issues/934)
+- Add support for importing and managing Keycloak Organizations (including identity providers and members)
+- Add support for Keycloak Workflows management
+- Add option to configure ignored user properties during user update (`--import.behaviors.user-update-ignored-properties`) [#910](https://github.com/adorsys/keycloak-config-cli/issues/910)
+
+### Fixed
+- Fix bug where `clientProfiles` and `clientPolicies` were erased when importing multiple realm configuration files
+- Fix Keycloak compatibility by stripping `clientProfiles` and `clientPolicies` from top-level realm updates
+- Improve idempotency for OTP policy, state, and checksum updates to avoid redundant realm updates
+- Fix issue where empty or null composite realm roles were not being cleared during import
+- Increase code point limit to 500MB for import and normalization processes
+- Catch http error 500 from Keycloak when delete Flow trigger the error [#1389](https://github.com/adorsys/keycloak-config-cli/issues/1389)
+- Fix exception in 'isDefaultRole' when description is null
+- Avoid timeout from Keycloak when importing into realm with large amount of groups [#1397](https://github.com/adorsys/keycloak-config-cli/issues/1397)
+
+- Fix issue where import stop on removal of authenticator config already missing [#1382](https://github.com/adorsys/keycloak-config-cli/issues/1382)
+
+### Added
+- Explicitly set the class loader in parallel forEach consumers
+
+### Fixed
+- Fix `ClassNotFoundException: org.jboss.resteasy.client.jaxrs.internal.proxy.ProxyBuilderImpl` exception when using parallel imports [#1107](https://github.com/adorsys/keycloak-config-cli/issues/1107)
+
+## [6.4.1] - 2026-01-28
+
+
+### Added
+- Enhance contributing guidelines and README for clarity and community engagement [#1340](https://github.com/adorsys/keycloak-config-cli/issues/1340)
+
+### Fixed
+- Fix password policy violations gracefully during user import [#1112](https://github.com/adorsys/keycloak-config-cli/issues/1112)
+- fix issue FGAP returns 501 Not implemented for keycloak-26.2.0+ [#1305](https://github.com/adorsys/keycloak-config-cli/issues/1305)
+- Fix 403 Forbidden errors in CI/CD for Keycloak 26.x [#1307](https://github.com/adorsys/keycloak-config-cli/issues/1307)
+
 ## [6.4.0] - 2025-02-21
 ### Added
 - Allow a user's username to be updated through the config [#810](https://github.com/adorsys/keycloak-config-cli/issues/810)
 
+
 ## [6.3.0] - 2025-02-03
 ### Added
 - Improve error logging for Keycloak responses  [1270](https://github.com/adorsys/keycloak-config-cli/issues/1270)
@@ -871,7 +919,8 @@ A lot of import properties are added over the years. this major release of keycl
 
 <!-- @formatter:off -->
 
-[Unreleased]: https://github.com/adorsys/keycloak-config-cli/compare/v6.4.0...HEAD
+[Unreleased]: https://github.com/adorsys/keycloak-config-cli/compare/v6.4.1...HEAD
+[6.4.1]: https://github.com/adorsys/keycloak-config-cli/compare/v6.4.0...v6.4.1
 [6.4.0]: https://github.com/adorsys/keycloak-config-cli/compare/v6.3.0...v6.4.0
 [6.3.0]: https://github.com/adorsys/keycloak-config-cli/compare/v6.2.1...v6.3.0
 [6.2.1]: https://github.com/adorsys/keycloak-config-cli/compare/v6.2.0...v6.2.1