Back to all versions
4.15.3
2024-05-24 patch
Bug Fixes 4
- Generic IDP buttons (OIDC, SAML, LDAP, JWT) used a left-padding hack that caused text misalignment when no icon was present. These buttons now use centered text to ensure visual consistency with branded IDP buttons and parity with Login V1.login ui
- Client and scope validation for token exchangeAdded stricter client and scope validation during the token exchange flow to ensure security and protocol compliance.token-exchange
- Enforce email verification for external user auto-linkingFixed a vulnerability where external identities could be automatically linked even if the email address was not verified. Verification is now mandatory before auto-linking.login identity-linking
- Guard defaultRedirectUri in OIDC/SAML FailedPrecondition pathsAdded protection for the defaultRedirectUri when handling FailedPrecondition errors in OIDC and SAML login paths.login oidc saml