chore(jans-keycloak-integration): downgrade kc version to 25.0.6 #9767

[uprightech]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #issue-number-here

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The provided code change updates the keycloak-server.version property in the jans-keycloak-integration project's pom.xml file from 26.0.0 to 25.0.6, which should be reviewed for potential security implications, compatibility, and regression testing.

Expand for full summary

Summary:

The provided code change is a modification to the pom.xml file in the jans-keycloak-integration project, where the keycloak-server.version property has been updated from 26.0.0 to 25.0.6. From an application security perspective, this change is worth reviewing for a few reasons:

1. Dependency Version Updates: Updating dependencies, especially for security-critical components like Keycloak, is an important security practice. The version change from 26.0.0 to 25.0.6 should be reviewed to understand the reasons behind the change and whether it addresses any known security vulnerabilities.

2. Potential Impact on Security Features: Keycloak is a widely used identity and access management (IAM) solution, and changes to the version used can impact the security features and functionality of the integrated application. The changes should be carefully evaluated to ensure that there are no regressions in security-related features or functionality.

3. Compatibility and Regression Testing: Updating a major dependency like Keycloak can have broader implications for the application's functionality and stability. It's important to ensure that the application continues to function as expected and that there are no regressions or unintended consequences introduced by the version change.

Files Changed:

• jans-keycloak-integration/pom.xml: This file has been modified to update the keycloak-server.version property from 26.0.0 to 25.0.6. This change should be carefully reviewed to understand the reasons behind the version update and to ensure that the application's security posture is maintained or improved as a result of the change.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[sonarqubecloud]

Quality Gate passed for 'keycloak-integration-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate passed for 'orm'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud