Happy Holidays, Apiman fans!
I’ve released Apiman 2.2.0.Final to upgrade Keycloak to 15.1.1 and WildFly to 23.0.2.Final. This is primarily because of another significant security vulnerability that has been disclosed in those platforms.
As we currently bundle an all-in-one Keycloak + Apiman quickstart distribution, we are required to keep our WildFly versions in sync with Keycloak. Hence WildFly has been bumped to 23.0.2.Final to match Keycloak 15.1.1.
If you are using the Apiman WildFly distribution and customised
apiman-standalone.xml you may need to update your configuration file. This is because of changes in the WildFly platform rather than Apiman itself.
Please refer to the Apiman migration guide to understand any changes you may need to make to
apiman-standalone.xml (mostly in relation to SSL/TLS).
Most production deployments should unbundle Keycloak and Apiman (both for security and practical reasons).
In a release in the near future, we will stop bundling Keycloak and Apiman in the quickstarts, and instead we will provide a Docker Compose definition that is much more representative of a real-world deployment.
This will also mean Apiman is not forced to stay in sync with Keycloak Server releases. We hope this will be more convenient for Apiman users and the Apiman team.
All the best for 2022.