Changelog

ZITADEL
Back to all versions

4.6.0

2025-10-29
minor

Security 2

  • Sanitize host headers before use high
    network
  • Respect lockout policy on password change (with old password) and add tar pit for checks high
    login

Features 5

  • Integrate Drupal7 hash verifier from passwap (#10918)
    api
  • Move authorization service to v2 (#10914, #10746)
    Promote authorization service to stable v2 API
    api
  • Move instance service to v2 (#10919)
    Promote instance service to stable v2 API
    api
  • Promote project service v2beta to GA (v2) (#10844, #10772)
    Move project service from v2beta to stable v2 (GA)
    api
  • Add Turkish translation file (#10922, #10851)
    i18n

Bug Fixes 8

  • Check for 2FA even if not enforced medium
    login
  • Login: generate code for passkey (#10966) medium
    login
  • Login: improve duration undefined check (#10949, #10865) medium
    login
  • Login: Improve Passkey Authentication Error Handling & Testing (#10971) medium
    login
  • Login: Prevent double execution of IDP callback token and improve architecture (#10948, #10828) medium
    login
  • Login: Return promise from passkey authentication to fix automatic prompt (#10991, #10971) medium
    login
  • Metrics: incorrect mapping of gRPC status codes in the grpc_server_grpc_status_code_total metric (#10989, #10884) medium
    metrics
  • User: auth option while listing user metadata (#10968, #10925) medium
    user

Deprecations 1

  • Project service v2beta (#10844, #10772)
    Deprecated after promotion to GA v2
    api