Changelog

Track the evolution of our platform with detailed release notes.

March 15, 2024

OpenID Connect Support Added

New Features Authentication Authentication Oidc Features

We're excited to announce full OpenID Connect (OIDC) support is now available in both our open-source and cloud versions. This update brings standardized authentication flows that comply with the OpenID Connect specification.

Key improvements:

Complete OIDC discovery endpoint
JWT-based ID tokens
Support for authorization code flow with PKCE
Dynamic client registration
Userinfo endpoint implementation

This release significantly improves interoperability with external identity providers and modernizes our authentication infrastructure.

March 1, 2024

Critical Security Patch: JWT Signing Algorithm Vulnerability

Security Bug Fixes Security Jwt Bug Fix

A critical security vulnerability was discovered in our JWT signing implementation. This patch fixes the issue where certain edge cases could allow token forgery under specific conditions.

Security impact:

Severity: High
CVSS Score: 8.3
Affected versions: 2.0.0 - 2.4.3

Fix details:

Updated RSA key validation logic
Enhanced signature verification
Improved error handling in token parsing

All users running affected versions must update immediately to ensure secure authentication.

February 20, 2024

SAML 2.0 Integration Released

New Features Enterprise Saml Enterprise Sso

Enterprise customers can now leverage SAML 2.0 for seamless single sign-on integration. This release brings comprehensive support for the SAML protocol, including:

Features:

SP-initiated and IdP-initiated flows
Custom attribute mapping
SAML metadata XML generation
JIT user provisioning
Support for major identity providers (Okta, Azure AD, OneLogin)

This update significantly enhances our enterprise authentication capabilities and simplifies integration with existing corporate infrastructure.

February 10, 2024

Performance Improvements: Session Management Optimization

Performance Updates Performance Optimization Backend

We've completely overhauled our session management system, resulting in significant performance improvements across the board.

Performance gains:

Session read operations: 500% faster
Write operations: 300% faster
Memory usage reduced by 60%
Redis connection pooling optimization

Technical improvements:

Implemented session data compression
Optimized database queries
Added intelligent caching layer
Reduced network overhead

These optimizations particularly benefit high-traffic applications and improve overall system responsiveness.

January 25, 2024

WebAuthn and Passkeys Support Added

New Features Security Webauthn Passwordless Security

We're thrilled to announce support for WebAuthn and Passkeys, enabling true passwordless authentication for your users.

Features included:

Platform authenticator support (Face ID, Touch ID, Windows Hello)
Cross-platform authenticator support (YubiKey, security keys)
Passkeys synchronization across devices
Fallback authentication methods

Implementation details:

FIDO2 compliant
Attestation format validation
Challenge generation and verification
User-friendly registration flow

This update represents a major step forward in authentication security and user experience.

January 15, 2024

Bug Fix: Rate Limiting Bypass Vulnerability

Security Bug Fixes Security Bug Fix Api

We've identified and fixed a security vulnerability in our rate limiting implementation that could allow bypass under certain conditions.

Issue details:

Rate limits could be bypassed using custom X-Forwarded-For headers
Affected endpoints: /auth/login, /auth/register, /auth/password-reset
Impact: Potential brute force attacks

Fix summary:

Enhanced header validation
Improved IP extraction logic
Added additional safeguards for proxy detection

Update to version 2.4.4 or later to ensure proper rate limiting protection.

January 5, 2024

Multi-Factor Authentication Enhancements

Security Updates Mfa Security Features

Our MFA implementation has been significantly enhanced with new verification methods and improved user experience.

New features:

Authenticator app support (TOTP)
SMS verification with retry logic
Email-based verification codes
Backup codes generation
Grace period configuration

Technical improvements:

TOTP drift tolerance adjustment
SMS delivery reliability improvements
Enhanced recovery flow
MFA policy customization

These enhancements provide more flexibility in implementing multi-factor authentication while maintaining robust security.

December 20, 2023

Database Migration: PostgreSQL 15 Support

Infrastructure Updates Database Postgresql Infrastructure

Our authentication system now fully supports PostgreSQL 15, bringing significant improvements to performance and reliability.

Key benefits:

15% faster query performance
Improved JSON/JSONB operations
Enhanced security features
Better parallel query execution

Migration notes:

Zero-downtime migration supported
Backward compatibility maintained
New index optimization
Updated connection pooling

The migration ensures better scalability and performance for growing authentication workloads.