Red Hat build of Keycloak Life Cycle and Support Policies
Overview
The Red Hat build of Keycloak is Red Hat's Identity and Access Management commercial offering based on the open source Keycloak community project.
The Red Hat build of Keycloak is tested, certified and supported on various platforms and JVMs, as described on the Red Hat build of Keycloak Supported Configurations page.
Red Hat provides a published product life cycle for Red Hat build of Keycloak in an effort to provide as much transparency as possible to customers and partners, enabling them to effectively plan, deploy, and support their infrastructure. Red Hat provides a time-delineated, phased life cycle, wherein at least two (2) major.minor release versions of Red Hat build of Keycloak are supported at any time.
Contents
- Overview
- Major versions
- Minor versions
- Backwards compatibility in between releases
- Deprecation and Removal of features, components, and supported configurations
- Life Cycle Phases and Support Policy
- Product Life Cycle Dates
- Release Planning Timeline
Major versions
Starting from the Red Hat build of Keycloak 26.x, a major version indicates a support life cycle (full and maintenance) of a minimum of 2 years (for 26.x) or 3 years (for the following 27.x and onwards). We end full support of the current major version when a new major release version is available. If the next major version is not ready when full support ends, the current version will remain in full support until a new major version is available. When a new major version is released, the previous major version goes into maintenance for at least six months so customers can upgrade to the new major release.
The lifecycle of the Red Hat build of Keycloak 24 major release remains unchanged, and lasts for approximately 12 months. However, the maintenance support for the Red Hat build of Keycloak 22 has been extended for additional 3 months, hence providing customers with the option to directly upgrade from version 22 to the newer version 26 when it is available.
Minor versions
Starting from the Red Hat build of Keycloak 26.x, Minor versions are now where we introduce new features and changes that are usually considered not to be backward-breaking.
Minor versions of the Red Hat build of Keycloak are produced approximately every six (6) months. A minor release will be supported for maintenance update until a second subsequent minor release is available. These Red Hat build of Keycloak minor versions will be based on the upstream community Keycloak minor release versions with even numbers (e.g. 26.0, 26.2, 26.4, 27.0, 27.2, 27.4, etc.), so skipping the quarterly-released community Keycloak minor versions with odd numbers (e.g. 26.1, 26.3, 27.1, 27.3, etc.).
Backwards compatibility in between releases
Red Hat build of Keycloak Major releases may introduce breaking changes, and as such they are not always backward compatible.
However, the Red Hat build of Keycloak product team aims to keep features, components, and supported platforms as consistent as possible throughout the entire life cycle of a given major release stream (e.g 26.x). We will continue to bring new features and enhancements to Red Hat build of Keycloak in each minor release of a given major stream, and we are committed to doing so in a backwards compatible way, making it seamless and easy to upgrade between minor releases.
When a minor comes with breaking changes, such changes will be opt-in. This will be driven through versioning where the currently default version for a Feature or an API can not change in a minor release, and there will be a new version that can be explicitly enabled. The current version of a Feature or API can be deprecated in a minor, but will not be removed until the next major version. This will allow customers to gradually roll-out new Feature or API versions separately from upgrading. Customers can choose to get ready for the next major release early, or wait and do it in one go.
Backwards compatibility guarantees will only be given to Features and APIs that are fully supported. Preview features or preview APIs, as well as non-public APIs may change at any time. Also, absolute backward compatibility cannot be 100% guaranteed in between minor versions. An example where keeping backward compatibility may not be always possible is in security fixes.
Deprecation and Removal of features, components, and supported configurations
Deprecated features, components, and supported platforms are fully supported, which means that they are tested and maintained, and their support status remains unchanged within the current Red Hat build of Keycloak major version in which they are marked deprecated but not removed. They will likely not be supported in the next major version release, and may be removed from the same. Hence, they are not recommended for new production deployments on the current or future major versions of Red Hat build of Keycloak.
For the most recent list of deprecated functionalities within a particular major release, see the latest version of such a release documentation, as well as to refer to the supported configurations. There might be some exceptional situations where we may have to deprecate and remove a component or support for a platform within a given major release life cycle. For example, when a supported platform (Java version, OS version, Database version, etc.) goes out of support, we also stop testing and verifying that platform.
Life Cycle Phases and Support Policy
The life cycle for a major release of Red Hat build of Keycloak product is divided into two primary phases: the Full Support Phase and the Maintenance Phase.
Red Hat build of Keycloak conforms to the following life cycle phases:
Phase 1: Full Support
Full support is provided according to the published Scope of Coverage and Service Level Agreement. Likewise, Development Support is provided according to the published Scope of Coverage and Service Level Agreement.
Full Support starts with a new Red Hat build of Keycloak major release and ends when a newer Red Hat build of Keycloak major version is made generally available.
In a Full Support Phase of a given Red Hat build of Keycloak major release stream, minor versions are the primary sources for software enhancements or new features addition. All available and qualified patches will be applied via periodic micro release updates and patches, or as required for qualified security patches.
Phase 2: Maintenance Support
Maintenance support is provided according to the published Scope of Coverage and Service Level Agreement. Likewise, Development Support is provided according to the published Scope of Coverage and Service Level Agreement.
During the maintenance phase, qualified security patches of Critical or Important impact, as well as selected mission-critical and important bug-fix patches will be released through periodic micro updates, or as required for qualified security patches.
The following table details each type of software maintenance performed during a typical life cycle:
| Life-Cycle Phase | ||
|---|---|---|
| Description | Full Support | Maintenance Support |
| Unlimited-incident technical support1 | Yes | Yes |
| Access to Product Knowledgebase | Yes | Yes |
| Access to Product Downloads | Yes | Yes |
| Access to Product Discussions | Yes | Yes |
| Access to Support, Configuration, and Troubleshooting Tools | Yes | Yes |
| Patch Releases2 | Yes | Yes |
| Critical and Important security fixes3 | Yes | Yes |
| Moderate CVE fixes | Yes | At Red Hat's discretion |
| Software Enhancements (or New Features addition)4 | Yes | No |
| New Certifications (JVMs, DBs, etc.) | Yes | No |
- Full details of support services are provided as part of the Subscription Agreement.
- All available and qualified patches will be applied via periodic product updates and patches, or as required for qualified security patches. Red Hat may also choose to address highest severity issues with significant business impact for the customer through a hotfix (or “one-off”) patch as a temporary measure while the permanent bug-fix patch is being created. Subsequent bug-fix releases will include issues previously provided as hotfixes.
- Latest security update information available at: access.redhat.com/site/security/updates/.
- Minor releases are the primary source for software enhancements that do not usually break backward compatibility. Software enhancements that break backward compatibility are typically reserved for major versions.
Product Life Cycle Dates
Listed below are the life cycle dates for the currently supported Red Hat build of Keycloak Releases.
To compare the Red Hat build of Keycloak life cycle to those of other products, please use the tool on the Product Life Cycles page.
Red Hat build of Keycloak |
|||
|---|---|---|---|
| Version | General availability | Full Support ends | Maintenance Support ends |
| 26.x | November 13, 2024 | May 13, 2026 (depends on RHBK 27.0 GA date) | November 13, 2026 (depends on RHBK 27.0 GA date) |
| 24.0 | April 29, 2024 | November 13, 2024 (depends on RHBK 26.0 GA date) | May 13, 2025 (depends on RHBK 26.0 GA date) |
| 22.0 | November 15, 2023 | April 29, 2024 | January 31, 2025 (extended from October 30, 2024) |
Note: All future dates mentioned are close approximations, non definitive, and subject to change.
Release Planning Timeline (subject to change)
