Auth0 Appliance - Old Releases

Get the latest updates in Auth0

Back to active releases

2016-05-28: Auth0 6975

Changed

  • Appliance

    Performance of the management dashboard and user search improved. User search functionality is reduced as part of the performance improvement. You can now only sort users by email when doing a filtered search, and you can no longer sort by name or login count.


2016-05-20: Auth0 6868

Added

  • Appliance

    The CLI backup capability has been enhanced. You now will designate a specific instance for backup from the CLI. This ensures a backup does not degrade your normal cluster operations during the process. Additionally you must now have a dedicated backup volume on the designated backup instance. This ensures that a backup will not fill up volumes used for normal operations.

  • Appliance

    A CSE can now configure an appliance cluster to distribute load over more cores to support scale up as an alternative to scale out. Some types of authentications require expensive cryptographic operations where scale up may be a more desirable approach.

  • Appliance

    Services are now periodically checked and restarted by an independent process. Typically services do restart automatically, although in some unusual rapid failure modes a service may stop running. The monitoring service checks periodically for this condition and start any services that have failed their normal automatic restart. This additional monitoring function is off by default.

Deprecated

  • Appliance

    In this release a JSONP endpoint used for SSO has been disabled. This endpoint supported browsers before IE9. This exposes some potential vulnerabilities due to the weakness in the JSON protocol. A setting was also added that allows a customer to overrride the JSON disable on a per-tenant basis.


2016-05-02: Auth0 6576

Added

  • Appliance

    The VMWare image (OVA) now supports compatibility level 10. If you have an older version of ESX, we can still provide an OVA with compatibility level 8.

  • Appliance

    Added the ability to re-assign IP addresses for other cluster nodes using the command line interface. When a cluster is moved to a new network, then the nodes need to be provided with the ip addresses of the other nodes in order to re-establish the cluster. With the re-ip command, you can modify a node configuration for the ip addresses of the other nodes in the cluster.

  • Appliance

    Rate limiting is a feature that is now available on the appliance. Rate limiting uses a token bucket approach to limit the rates on various services such as user logins and API invocations. The feature helps prevent against brute force attacks.

  • Server

    Added logout returnTo URL validation. If the returnTo URL is not in the Allowed Logout URLs list, the request will be rejected. See the docs for more information.


2016-03-23: Auth0 5970

Added

  • Appliance

    From the dashboard you can now test connectivity from an appliance instance to an IP address or DNS name and port. This enables you to see if low level connectivity exists between the appliance and other services like smtp or dns.

  • Appliance

    You can now programmatically query healthcheck endpoints (/health/status/) on CPU, memory, disk, services, network, internet, email, database and replica status. The service will return a 204 return code if OK, and a 520 return code if it is failing. If it is queried too frequently you may also get a 429 (Too Many Requests). You need to provide an API key (generated in the dashboard) in order to access these metrics.

  • Appliance

    Added Profile Mapper for the integrated AD-LDAP appliance functionality so you can map attributes coming from your AD-LDAP source to the users Auth0 profile.

  • Appliance

    New command line interface for interacting with nodes in the appliance.

    This is a beta release. The tool lets administrators automate tasks for the appliance and address specific nodes in the cluster. The beta release provides a commands to:

    • ping - Test connectivity to a server. Responds with pong, which confirms the end to end network and security connectivity are in place.
    • create-key - The CLI performs privileged operations, so a public/private key pair are used. You register the public key on the cluster through the dashboard. You can have multiple clients.
    • backup-start - This starts a backup on a cluster instance. If a backup already exists, it will be overwritten.
    • backup-status - Poll appliance for completion status
    • backup-retrieve - Retrieve a backup from the appliance so that you can store it off.

    Right now restores are performed manually working with a CSE if required.

  • Dashboard / Management API

    Users can now specify a list of URLs that are valid to redirect to after logging out from Auth0. The update can be done either from the Dashboard or using the Management API.

  • Enterprise Connections

    Added new ext_nested_groups option to waad connection strategy. When both ext_groups and ext_nested_groups are enabled we return all the groups that the user is a member of instead of only returning the ones that the user is direct member (for more information see this MSDN article)

  • Management API

    The device-credentials endpoint now supports basic authentication to perform GET, POST, and DELETE requests.

  • Management API

    Users can query logs using the Management API v2.

    You can use the new logs endpoints to query logs. This is the new recommended way to query logs. The API v1 logs endpoints will still be functional. See more info in the docs.

Changed

  • Appliance

    Application and setting updates now provide clearer log output.

    Application updates also apply system updates, and apply configuration after update to ensure the appliance is in a consistent state. Application updates at apt-mirror.it.auth0.com which resolves to a small number of IP addresses to whitelist during update. System updates can be overridden to always come from the central mirror using a setting override in the dashboard (mirror url).

    In the future the use of the central mirror will be included automatically for a release into the application update pipeline.

  • Appliance

    The Management Dashboard can be configured to run on a different port than 443. This way the manage dashboard will not be accessible with other services and can be blocked from external access.

  • Auth0 Lock v9

    The flow to reset a password has been updated.

    In this new flow, users enter their username or email address and receive an email with instructions to choose a new password. The old flow which required users to enter their new password and then confirm the change via email is still available but has been deprecated: it is no longer available for new tenants and existing tenants are recommended to disable it.


2016-02-17: Auth0 5590

Added

  • Appliance

    Appliance Configuration has its own landing page. Unauthorized users are redirected to the Dashboard

  • Appliance

    The Management API supports the query ("q") parameter when searching for users

  • Appliance

    Enabled appliance update through a proxy

  • Appliance

    Replica set Health check status available in the Configuration section

  • Appliance

    Added the ability to configure a cluster from the tty1 interface

  • Logout

    Full support for SAMLP logout

  • Users

    Support to handle base64 encoded secret in the SMS provider

Changed

  • Appliance

    Settings page reorganized in logical sections. Federated Logout setting available; if is enabled

  • Appliance

    Moved AD/LDAP connection under the configuration section.

  • Errors

    If a ticket throws an error use the tenant's custom error page (if available)

  • Login-page

    New look & feel for the Password change form and Email verification page

Fixed

  • Api

    In API (v1), profileData is returned for linked identities

  • Dashboard

    Modify User details to not disclose access tokens from IDPs

  • Social-connections

    /authorize endpoint now accepts auth_type parameter for use with Facebook


2016-01-26: Auth0 5394

Added

  • Api

    User status endpoint: GET /api/v2/user-blocks/{id}, DELETE /api/v2/user-blocks/{id}

  • Appliance

    Added support for custom domains https://github.com/auth0/auth0-users/pull/406

  • Appliance

    Possibility to remove an application node under Configuration section

  • Appliance

    Notifications to point to Activity section when it's required

  • Appliance

    Activity section for the appliance which will display the logs for any

  • Appliance

    Ability to reboot instance from dashboard

  • Dashboard

    Change your SAML configuration rule under SAML category

  • Dashboard

    Ability to provide password after mail is sent via a password change link in the body of the mail.

  • Dashboard

    Give the possibility to unblock a user that was automatically blocked by brute force

  • Oauth2

    Use the tenant logo in the authorize consent popup

Changed

  • Dashboard

    Account Settings: when changing from custom error page to generic error page a confirmation dialog is displayed

  • Oidc

    Adds additional claims to /userinfo in OIDC strict mode. If profile scope was granted: given_name, family_name, nickname, picture, gender and locale. If email scope was granted: email and email_verified.

  • Users

    Login screen to Lock 8.1

Fixed

  • Dashboard

    URL to documentation page on some enterprise connections


2015-12-15: Auth0 4975

Added

  • Appliance

    Appliance administrators are now able to select a specific version of Auth0 to update from the tty0

  • Appliance

    You can create custom login domains per tenant from Dashboard

  • Dashboard

    You can configure Mobile settings for iOS and Android from the Apps section

  • Dashboard

    From the General tab within Account Settings, you can configure the "Oops" page for unhandled errors

  • Dashboard

    Passwordless connections are shown in the Third Party Apps section

  • Dashboard

    New switch to enable/disable cache for AD/LDAP connections

  • Dashboard

    Users from a custom agreement with Auth0 are able to create accounts that depends on a parent account

Changed

  • Api

    For /i/authorize endpoint, skips user consent if the user has previously granted it

Fixed

  • Dashboard

    For database connections, when enabling "Use my own database" it automatically disables "Import Users to Auth0" option


2015-11-21: Auth0 4605

Added

  • Api

    /userinfo accepts JWT-encoded access tokens, in addition to existing opaque access tokens

  • Appliance

    Added ability to refresh Health Check records in the Configuration | Troubleshoot tab

  • Appliance

    Added reporting memory available in addition to memory free

  • Appliance

    Added a new console option to display if the instance meets the minimum requirements

  • Dashboard

    Easier access to the built-in webtask account through a new sidebar menu

  • Errors

    New "Oops" page (for unhandled errors) that can be customized for your account

  • Users

    Added the ability to turn off credentials (password hashes) caching for AD/LDAP connections

Changed

  • Appliance

    Improved configuration navigation menu and section

  • Billing

    Users can now checkout a free plan without billing or credit card information

  • Dashboard

    Revamped the UI of the Applications Quick Start section

  • Mfa

    Updated the look and feel for Google Authenticator

  • Oauth2

    Disabled query response mode for implicit authorization request. This only applies to the new pipeline for oauth2/i/authorize

  • Pricing

    New pricing model under the subscription section. Additionally, added the ability to create different account subscriptions on sign-up.

  • Sms

    Updated sms connection to support liquid syntax

  • Social-connections:google

    Return error if audience is not allowed with google access token (this only applies to native mobile use cases)

Fixed

  • Dashboard

    Dwolla and Shopify social connector toggles are now fixed

  • Dashboard

    Fixed dashboard admin applications list not showing for invited users

  • Mfa

    Fixed a bug when the client has RS256 as JWT alg

  • Users

    Fix to support changing email and email_verified for any user identity (not just the main one)

  • Users

    Fixed issue for database connections that caused import users script to not create users when signups were disabled


2015-10-23: Auth0 4341

Fixed

  • On-prem

    Fixes to the appliance update process


2015-10-22: Auth0 4323

Added

  • Saml

    Added SAML signout protocol support

  • Sms

    Added support for multi language SMS templates


2015-10-20: Auth0 4295

Added

  • Api2

    API now supports changing phone_number, phone_number_verified and verify_phone_number when using the PATCH Users endpoint

  • Dashboard

    Display app_metadata.name or user_metadata.name on user profile when available

  • General

    Allowed administrators to disable signup for passwordless

  • On-prem

    Added ability to create diagnostics package in the Configuration screen > Troubleshoot tab for appliance

  • On-prem

    Added version pick list for appliance update

  • Users-search

    Added ability to search users by phone_number

Changed

  • Ad-connector

    Improved error messages when the password expires or when the password change is required

  • Database-connections

    For passwordless emails, HTML+Liquid is the default selected syntax

Docs

Fixed

  • Certificates

    Updated x509 library to support Mac OS X El Capitan

  • On-prem

    Fixed issue when going from multitenant to single tenant

  • Users-search

    Improved the Users search by email

Security

  • General

    Enabled brute force protection by default for passwordless connections and prevent opt out


2015-09-29: Auth0 4013

Added

  • Dashboard

    Dashboard log entries will now include user's IP address

  • Dashboard

    Added ability to edit user's email address in Users screen actions

  • Docs

    Added and refactored documentation on User Profile and Tokens

  • Docs

    Added Nginx API Quickstart.

  • Docs

    Added documentation for android/iOS on how to add whitelist of mobile client IDs for Google authentication for native applications

  • Docs

    Added Falcor API documentation

  • Emails

    liquid support for "Redirect To" url

  • Emails

    Added support for Liquid templates to Subject and From fields in email templates.

  • Emails

    Add support for liquid templates for "from" and "subject" fields in user emails

  • General

    WS-Fed protocol: add more error details in logs

  • Link-accounts

    Improve examples of how to obtain access_token for account linking

  • On-prem

    Improved health check implementation to show multiple appliance nodes

  • On-prem

    Added nodes tab to the appliance configuration page for better visibility.

  • On-prem

    Enable SSO and MFA session timeout configuration for appliance

  • On-prem

    Support multi tenancy enablement in the appliance dashboard

  • On-prem

    Improved display of healthcheck information for appliance

  • On-prem

    UI to manage SSO and MFA session

  • Passwordless

    Add support for passwordless authentication

  • Sso

    Expose clients for a session in the context object so you know which applications a user has logged into

Changed

  • Rules

    Allow a rule to be saved even if it contains an error

Fixed

  • Ad-connector

    Fixed issue with selection of signing key for LDAP connections

  • Api2

    Fix issues with create user when an ID had been used before

  • Apps

    Fix parameter names expected for Layer addon

  • Dashboard

    Fixed issues with enterprise forms not properly updating samlp and fed metadata certs

  • Dashboard

    Fix validation of client IDs for connections to be less restrictive

  • Database-connections

    Fixed an issue with the user_id when "import users" option used with custom database connection.

  • Saml

    Include error information in POST of SAMLResponse StatusCode and StatusMessage fields instead of redirect with error description in query string.

  • Social-connections

    Improve error handling on twitter connections

  • Users-search

    Fix case where empty search parameter passed to User Search

Security

  • General

    Added HSTS header to HTTP responses.

  • Login-page

    Fix XSS in login page with authParams argument.


2015-08-31: Auth0 3615

Added

  • General

    Added support for attribute blacklist (field conn.options.non_persistent_attrs). Attributes blacklisted won’t be persisted in our databases for that connection.

  • Social-connections:twitter

    Added support for Twitter's force_login.

  • Wsfed

    Support for the wauth parameter has been added.


2015-08-28: Auth0 3601

Added

  • Docs

    Added Azure AD native tutorial.

  • Rules

    Added context.sso.with_auth0 and context.sso.with_dbconn attributes (see protocols section).

  • Social-connections:google-oauth2

    Support jwt for google-oauth2 added to POST /oauth/access_token

  • Social-connections:google-oauth2

    Added Allowed Mobile Client IDs setting: Enable restricting connection token audience.

Changed

  • Database-connections

    "Use my own database" (custom database) cannot be enabled for connections containing at least one user.

  • Reset-password

    Change password confirmation links can now only be used once.

Fixed

  • Api2

    PATCH /connections/:id: prevent changing db customization if the connection has users.

  • Api2

    Multiple performance improvements.

  • Connections

    Fixed connection update: custom options from connections were incorrectly removed.

  • Emails

    Added Liquid templating support.

  • Enterprise-connections:ip

    Fixed unhandled error validating ip range.

  • Popup

    Improved error descriptions.


2015-08-14: Auth0 3454

Added

  • Api2

    Added enabled_clients field to PATCH connections responses

  • Api2

    Improved error messages when changing password and deleting users of custom connections.

  • Configuration

    appliance Added timeout setting to the Auth0 Dashboard browser session. session timeout

  • Configuration

    appliance Improved the Auth0 Update UI. Added release notes of the version being downloaded (Online Update only). Added update events to Logs.

  • Custom-oauth

    Added support for predefined authParams and authParamsMap parameters.

  • Database-connections

    Added debug button to custom database connections.

  • Docs

    Added Office 365 provisioning doc

  • Logs

    Added delete user log events

  • Social-connections

    Added support for Untappd as a social connection.

  • Social-connections:facebook

    Improved connection error handling

  • Sso

    Added lastUsedUserID to /user/ssodata response

Changed

  • Keys

    Reading/writing signing keys is no longer allowed.

Fixed

  • Ad-ldap-connector

    Fixed AD/LDAP Connector status not being displayed.

  • Api2

    When duplicate name or client_id occurs patching a connection status code 409 is now returned.

  • Rules

    Added logic to prevent syntax errors in rules and database connection scripts

  • Sso

    SSO between different database connections is now forbidden.


2015-07-24: Auth0 3258

Added

  • Api2

    Added support for encrypted configuration to connections.

  • Api2

    Added support for JWT access tokens issued from Auth0 OAuth 2.0 endpoints

  • Docs

    Documented new events of Auth0 Lock

  • Docs

    Added documentation of tabs in AD/LDAP Connector Admin Console

  • Rules

    Differentiate errors from sandbox from user's script errors.

Changed

  • Api2

    Removed given_name, family_name, name, nickname and picture properties from POST /users. Extra fields in the root user object are not longer allowed.

  • Reset-password

    Replaced reset password bewits with tickets.

Fixed

  • Api2

    Linked users are now taken into account when calculating stats.

  • Api2

    POST /api/connections now returns enabled_clients field in the response body.

  • General

    Performance improvements for database logins.

  • Unlink

    Fixed unlinking users with the following ID format: {provider}|{connection}|{id}.


2015-07-17: Auth0 3191

Added

Changed

  • Api2

    Using azp to retrieve client info for POST users request.

  • Api2

    Deleting an user now returns 204 HTTP status code.

  • General

    Explicitly fail when using JWTs on Headers that are more than 512 bytes long (applies to every endpoint except /ro).

Fixed

  • Errors

    Improved error and log reporting.

  • General

    Multiple performance improvements

  • Impersonate

    Fixed impersonation flow to include all identity-specific fields

  • Login

    rules Improved error handling of rules errors during login.

  • Popup

    Fixed wildcards in subdomains on popup mode

Security

  • Reset-password

    Auth0 bewits are now encrypted

  • Security

    Patched against SSL Alternate Chains Certificate Forgery vulnerability.


2015-07-06: Auth0 3081

Added

Changed

  • Api2

    Removing personal info fields from user patch

  • Api2

    Don't allow changing password and email or email_verified in same request

  • Api2

    Set username for connection without requires_username is now prevented

Fixed

  • Account-linking

    Fixed link account when "sso with auth0" is enabled

  • Api2

    Fixed sort by connection when searching users

  • Login-page

    Fixed utf8 encoding issues

Security

  • Api2

    Fixed out-of-band write in utf8 decoder (v8 vulnerability)

  • Security

    Fixed Logjam vulnerability


2015-06-18: Auth0 2921

Added

  • Api2

    Added updated_at property to users.

  • Api2

    Added schema info for add-ons: Layer, AD RMS, MS CRM, Slack.

  • Dashboard

    Updated rule templates.

  • Database-connections

    Added delete script to custom database connections.

  • Docs

    Updated Auth0 Android documentation.

  • Docs

    Added disable animations in Lock section.

  • Docs

    Added documentation for SalesForce as IDP.

Changed

  • Api2

    GET /users methods now use include_fields instead of exclude_fields.

  • Api2

    Jobs when completed successfully return 200 HTTP status code.

  • General

    Tenant names are now limited to 64 characters.

  • Mfa

    Multifactor Authentication now is featured in a separate section.

Fixed

  • Dashboard

    performance Improved UI performance by fetching resources from CDN.

  • Database-connections

    Performance improvements for Auth0 connections.

  • General

    Fixed IE issues by Added P3P headers.

  • Rules

    Improved error messages when editing rules and deleting users.

  • Samlp

    Fixed multiple issues with samlp logout. (nameid has value only, no attribs)

  • Tenants

    Fixed tenant dropdown menu. (accounts with more than 10 tenants were not displayed correctly).

  • Users-search

    Improved user search indexing.


2015-05-29: Auth0 2783

Added

  • Api2

    Added error codes for every API v2 error.

  • Docs

    AD Connector: Added admin dashboard section.

  • Manage

    When creating an user, a custom made avatar with the initials is used if there is no gravatar picture associated with the email.

Changed

  • Api2

    Changed exclude_fields to include_fields for GET /client endpoints.

  • Api2

    Positive assertions to read/write clients jwtConfiguration.secretNotEncoded and custom_login_page_off.

  • Api2

    POST /identity takes connection_id not connection.

Fixed

  • Api2

    Fixed: Failure to delete an user from auth0 Database Connection resulted in a 500 HTTP Stauts code.

  • Api2

    If email is PATCHed to the same value, and email_verified is not set then email_verified is taken from previous value.


2015-05-22: Auth0 2666

Added

  • Addons

    Added Layer as an app addon

  • Api2

    Added error codes for endpoint logic.

  • Lock

    Updated the Auth0 Lock version appliance uses to 7.5

  • Samlp

    Improved SAMLP logout and added a samlp logout callback: use client.addons.samlp.logout.callback to set the HTTP POST url.

Changed

  • Api2

    Property options.scripts.fetchUserProfile is now mandatory for oauth1/2 connections

  • Api2

    Setting signing_keys client property can only be done on global clients.

  • Api2

    User POST or PATCH of email/password is no longer allowed for disabled connections.

  • Rules

    Now Auth0 API returns and accepts rules in the order they are applied.

Fixed

  • Docs

    Updated iOS, Swift and Objective C mobile documentation.

  • Login-page

    Updated login page template (solves CORS issues). Added polyfills for IE8/9.


2015-05-15: Auth0 2616

Added

Changed

  • Api2

    Response Status Codes: Changed 400: already exists to 409.

  • Api2

    Changed devices endpoints to device-credentials

Fixed

  • Billing

    Do not require state field when country does not have.

Security

  • Login-page

    Fixing XSS by introducing @@config@@ replacement. If you are using the default login page, you are not affected by this vulnerability and there is no action required on your behalf. Note: The previous way of substituting variables in custom login pages will be deprecated by June 8th. For more information contact us at open a support ticket.


2015-05-08: Auth0 2562

Added

  • Api2

    Added POST /api/v2/jobs/verification-email endpoint to send emails to users so they verify their email accounts by clicking a link

  • Custom-oauth

    Added logout for custom oauth1 and oauth2 strategies

  • Docs

    Added section about validating tokens to protocols

  • Logs

    Improved log details

  • Waad

    Add ability to override client id and client secret for Window Azure AD connections.

  • Waad

    Added UI to select protocol (wsfed vs. oidc) for Azure AD connections

Changed

  • Api2

    Ask for connection id instead of name in users bulk import

  • Api2

    Added user_tickets scope

  • Api2

    Moved tickets endpoints to root from /users/{id}/tickets/{type} to /tickets/{type}

  • Api2

    v2 ids are now limited to 16 alphanumeric characters.

  • Waad

    Now OpenID Connect is used by default (before it was WsFed)

Fixed

  • Logs

    Fix log detail description which was shown as object Object.


2015-05-01: Auth0 2516

Added

Changed

  • Logs

    Logs are no longer displayed exclusively to owners.

  • Rules

    Added warning when attempting to overwrite a secure key/value pair.

Fixed

  • Apps

    Fixed dashboard stuck when trying to access to a deleted app.

  • Db-connections

    Disabled toggle and show notice for importing users to Auth0 when custom database is not enabled.

  • Rules

    Fixed when creating a New Rule it can be saved without editing it.

  • Saml

    Added SAML metadata URL in advanced settings.

  • User-metadata

    Preventing saving metadata on invalid json.

  • Users

    Users without names or emails were not editable.

  • Users

    Fixed Users > New User dialog not showing on IE10.


2015-04-25: Auth0 2479

Added

Fixed

  • Manage

    Improved allowed callback URL validations.

  • Users

    Fixed pagination issues on users section. .


2015-04-18: Auth0 2425

Added


2015-04-10: Auth0 2359

Added

Changed

  • Api2

    Email for social users cannot be updated

Fixed

  • Dashboard

    Fixed: Invited users were not able to see custom database rules

  • Samlp

    Fixed certificate upload errors in SAMLP Connections

Security

  • Docs

    Fixed security issue with path browsing when downloading sample projects from docs.


2015-04-03: Auth0 2274

Added

  • Api2

    API Explorer for v2 redesigned

  • Certificates

    Added Certificate Rollover: Auth0 detects when certificates expire on IdPs. When that happens, we automatically update the certificates or, if that is not possible, we send an email to the tenant owners to make manually the change.

  • Database-connections

    Added flag to block accounts after a great number of failed attempts. The email "account blocked" email can be configured.

  • Docs

    Added docs on deployment models

  • Docs

    Added documentation on Email templates, Custom Email Flows and Using custom email providers

  • Email

    Added the ability to configure links TTL from email template

  • Logout

    Added APIv2 /logout endpoint

Fixed

  • Link-accounts

    Credentials are no longer removed when linking a profile


2015-03-27: Auth0 2223

Added

Fixed

  • Dashboard

    Fixed confirm leaving edit user when the details are saved.

  • Import

    Fixed email validation issue for emails with _


2015-03-20: Auth0 2190

Added

Changed

  • Email

    Images are no longer inlined when emails are sent

  • Metadata

    New forbidden metadata fields: user_metadata and app_metadata

Fixed

  • Api2

    Update S3 file when deleting or changing connections

  • Database-connection

    Custom database invalid script broke UI.

  • Database-connection

    Custom DB script timeout error are now visible.

  • Email

    Rejecting invalid emails in PUT /api/users/email

  • General

    Fixed issue with redirect when response_type is token

  • Salesforce

    Error handling improvements

  • Shopify

    Multiple Shopify fixes.

  • Sms

    Remove sms users when removing tenant

  • Sms

    Remove sms users for connection when connection is deleted

Security

  • Custom-login-page

    Fixing XSS in internalOptions field.

  • General

    Updated components to use jsonwebtoken to 4.2.0


2015-03-13: Auth0 2150

Added

Changed

  • Linkedin

    Linkedin emails were always verified

Fixed

  • Adfs

    Fixed page broken when submiting ADFS forms with an invalid file as cerificate

  • Api2

    Fixed issue that caused creation of users in connections that require username to fail (Added max length for connection name)

  • Dashboard

    Performance: reduced number of requests to load connections.

  • Pricing

    Fixed issue with Lock Auth0 badge footer not being hidden on paid accounts.


2015-03-06: Auth0 2086

Added

Changed

  • Dashboard

    Updated Lock versions in docs and dashboard

  • Waad

    Changed to use Open ID Connect instead of oauth2

Fixed

  • Error-reporting

    Fixed html entities escaping on reset and verify email endpoints when tenant or clientID were not found.

  • Performance

    Fixed DELETE /users query performance

  • Social-connections

    Fix for Firefox switchboard checkboxes in Social Connections

  • Wsfed

    Fixed missing clientID on WS-Fed endpoint


2015-02-28: Auth0 2051

Added

Fixed

  • Api

    Fixed PUT /users when payload does not have any properties

  • Api

    Use only global client for find user queries

  • Api2

    When calling /api/v2/clients the callback field was not returned

  • Dashboard

    Fixed broken Twilio doc link

  • Dashboard

    Fixed impersonated users flag

  • Dashboard

    Fixed sap addon settings

  • Dashboard

    Fixed signedUp check

  • Pricing

    Fixed pricing v3 cases

Security

  • General

    Removes SSLv3 support


2015-02-20: Auth0 1999

Added

  • Logs

    Added logging for success signups for non-database connections

Changed

  • Api2

    API Call PATCH /api/v2/users now returns updated user.

  • Samlp

    Parameter samlpOptions is now required to be a valid JSON object.

  • Waad

    Allow whr (Windows Home Realm) in the authParams

  • Waad

    Added wreply to Azure Active Directory connection

Fixed

  • Api

    In some conditions, DELETE /api/users/{user_id} was not removing the user correctly .

  • Billing

    Small fixes

  • Database-connections

    Fixed: Navigating to different connections and then changing the switch for one of them changes it for all the ones visited.

  • Login-page

    Login page parameters were only replaced on their first occurence. For instance if the login page contained: @@auth0Domain@@ @@auth0Domain@@ only the first placeholder was replaced: auth0.com @@auth0Domain@@.

  • Rules

    Error messages are now displayed correctly on fail

  • Rules

    Added geoip property to default context object (without a geoip property, some rules may breaks, for instance: https://github.com/auth0/rules/blob/master/rules/add-country.md)