Skip to content

Use versioned FreeMarker Configuration defaults#50099

Open
MdTanwer wants to merge 1 commit into
keycloak:mainfrom
MdTanwer:fix/freemarker-versioned-config
Open

Use versioned FreeMarker Configuration defaults#50099
MdTanwer wants to merge 1 commit into
keycloak:mainfrom
MdTanwer:fix/freemarker-versioned-config

Conversation

@MdTanwer

@MdTanwer MdTanwer commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown

Summary

  • Replace deprecated new Configuration() with new Configuration(Configuration.VERSION_2_3_32) in DefaultFreeMarkerProvider.
  • Avoid legacy FreeMarker 2.3.0 defaults and opt into the bundled FreeMarker version’s security/correctness improvements.

Fix #49922

@MdTanwer @cursoragent
Use versioned FreeMarker Configuration defaults
0eaf9a5 
Initialize FreeMarker with the bundled VERSION_2_3_32 to avoid legacy 2.3.0 defaults and opt into current security and correctness improvements.

Co-authored-by: Cursor <cursoragent@cursor.com>
@MdTanwer MdTanwer marked this pull request as ready for review June 18, 2026 06:38
@MdTanwer MdTanwer requested a review from a team as a code owner June 18, 2026 06:38
Copilot AI review requested due to automatic review settings June 18, 2026 06:38
Copilot AI reviewed Jun 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Keycloak’s FreeMarker configuration initialization to use a versioned Configuration constructor, ensuring FreeMarker runs with defaults aligned to the bundled engine version rather than legacy 2.3.0 “incompatible improvements” behavior.

Changes:

  • Replaced deprecated new Configuration() with new Configuration(Configuration.VERSION_2_3_32) in DefaultFreeMarkerProvider.
  • Ensures FreeMarker defaults match the project’s bundled FreeMarker version (<freemarker.version>2.3.32</freemarker.version> in the root pom.xml), aligning with security/correctness improvements gated by version flags.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

FreeMarker: deprecated no-arg Configuration constructor pins engine to legacy 2.3.0 defaults

2 participants

@MdTanwer