keycloak/docs/documentation/release_notes/topics/26_5_0.adoc

// Release notes should contain only headline-worthy new features,
// assuming that people who migrate will read the upgrading guide anyway.

= Preview of enhanced HTTP performance

You can now enable a more efficient way to handle JSON data in the HTTP layer.
This change increases throughput by ~5%, stabilizes response times, and reduces system resource usage.

In order to apply it, you need to explicitly enable the feature `http-optimized-serializers`.

NOTE: This feature is *preview*.
ifeval::[{project_community}==true]
We gather more feedback about potential issues in https://github.com/keycloak/keycloak/discussions/43484[this discussion]. We appreciate any feedback.
endif::[]

For more details, see the https://www.keycloak.org/server/configuration-production[Configuring Keycloak for production] guide.

= Breaking Fix for Windows in Loopback Hostname Verification

This release introduces a breaking change for Windows users: setups that previously relied on custom machine names or non-standard hostnames for loopback (e.g., `127.0.0.1` resolving to a custom name) may require updates to their trusted domain configuration. Only `localhost` and `*.localhost` are now recognized for loopback verification.

Keycloak now consistently normalizes loopback addresses to `localhost` for domain verification across all platforms. This change ensures predictable behavior for trusted domain checks, regardless of the underlying OS.

= Export traces with custom request headers

It is now possible to set request headers for exporting traces via Open Telemetry Protocol (OTLP).
It is mainly useful for providing tokens in the request.

You can specify these headers via the `tracing-header-<header>` wildcard option, accepting any custom header name.

For more details, see the  link:{tracingguide_link}[{tracingguide_name}] guide.

= Enable/disable features via a single option

You can now enable or disable individual features using the `feature-<name>` option (like `feature-spiffe=enabled`).

This provides a more fine-grained way to manage features and eliminates the need to maintain long lists of enabled or disabled features.

The `feature-<name>` option takes precedence over both `features` and `features-disabled`.

For more details, see the https://www.keycloak.org/server/features[Enabling and disabling features] guide.

== MDC Logging feature (supported)

The `log-mdc:v1` feature has been promoted from a preview feature to a supported feature.

MDC enables Keycloak to enrich log entries with contextual information such as realm, client, user ID and IP address, significantly improving debugging and observability.

For more details, see the https://www.keycloak.org/server/logging#_adding_context_for_log_messages[Adding context for log messages] guide.

= Organization invitation management

Organization administrators can now manage organization invitations through both the Admin Console and REST API:

* View all sent invitations with their current status (Pending, Expired)
* Resend pending invitations to recipients
* Delete invitation records from the system
* Filter invitations by status for easier management

All invitations are now persistently stored in the database, providing better tracking and management capabilities.

The invitation management features are available in the *Invitations* tab when managing an organization in the Admin Console, and through the Organizations REST API endpoints under `/admin/realms/{realm}/orgs/{orgId}/invitations`.

= Logout confirmation

The client logout configuration page now includes an option to enable logout confirmation. When enabled, users will see "You are logged out" confirmation page upon successful logout.