Not sure if this change is safe. Seems like newer versions of BC are more memory demanding (see a failing test without this change). Is that something we want to risk as it might be directly affecting users.

That's good point. Hopefully it affects just the app-server (which may not be that important AFAIK due the adapter tests executed on embedded undertow by default?).

Isn't it possible that app-server has both jdk15on and jdk18on dependencies and that being the cause of those issues?

We run with app-server-wildfly by default.

I did a little bit more digging into this. I realized we're actually not including any BC dependencies with the WF/EAP adapter. We use the default BC module that's already present in WF. You can simply double check that by building the adapters dist and checking the JARs included. There are actually no 3rd party deps bundled in our adapters dist. That means WF/EAP adapter should not be affected by this change at all.

The reason for the out of memory test failures is that we're including the BC deps in our test app WARs. The newer versions of BC libs are a few MBs larger. Hence I believe we're reaching the memory limit because of this.

However, where we are also including the BC deps is the Tomcat and Jetty adapters. Those are affected by this upgrade. This is NOT tested in GHA. @mposolda @miquelsi Do we need to run the full internal pipeline to test this?

Running internal adapter pipeline can be nice, however our java adapters are deprecated. So not 100% sure it is strictly needed if it is too much work... IMO any performance/memory "regression" specific only to java adapters is fine due their deprecation (as long as it does not affect the Keycloak server).

@mposolda Are you then fine with merging this? :) It'd be nice to have it in 22.0.1 to fix #21664

Yes, ok. I am approving