Back to all versions

4.15.3

2024-05-24
patch

Bug Fixes 4

  • Center text alignment for generic IDP buttons in Login V2 (#12211, #12182)
    Generic IDP buttons (OIDC, SAML, LDAP, JWT) used a left-padding hack that caused text misalignment when no icon was present. These buttons now use centered text to ensure visual consistency with branded IDP buttons and parity with Login V1.
    login ui
  • Client and scope validation for token exchange
    Added stricter client and scope validation during the token exchange flow to ensure security and protocol compliance.
    token-exchange
  • Enforce email verification for external user auto-linking
    Fixed a vulnerability where external identities could be automatically linked even if the email address was not verified. Verification is now mandatory before auto-linking.
    login identity-linking
  • Guard defaultRedirectUri in OIDC/SAML FailedPrecondition paths
    Added protection for the defaultRedirectUri when handling FailedPrecondition errors in OIDC and SAML login paths.
    login oidc saml

Contributors 1