4.7.6

2025-12-17

patch

ZITADEL v4.7.6 is a critical security release addressing React Server Components vulnerabilities and a session handling bug in Login V1. Immediate upgrade is strongly recommended for all deployments. This release contains no breaking changes and requires no migration steps.

Security 1

React Server Components denial of service and source code exposure (#11197, #11192) critical

Fixed critical security vulnerabilities in React Server Components that could lead to denial of service attacks and potential source code exposure. Updated React from 19.1.2 to 19.1.4+.

react frontend

Bug Fixes 2

Login V1 password verification handling (#11202) medium

Corrected handling to only update existing sessions instead of creating new session entries on failed password attempts. This prevents session table bloat and improves database efficiency.

authentication login
React Server Components security vulnerabilities (#11197, #11192) critical

Updated pnpm, react, and react-dom to latest versions (React 19.1.4+) to address critical security vulnerabilities including denial of service and source code exposure in React Server Components.

frontend dependencies

Contributors 3

L @livio-a P @peintnermax S @steled

Upgrade Warnings

• Critical security vulnerabilities are addressed in this release. Upgrade immediately to prevent potential denial of service attacks and source code exposure.