v12.107.6
·
2160 commits
to main
since this release
Immutable
release. Only release title and notes can be modified.
🆕 Changelog
Fixed
- Enforced two-factor authentication (2FA) requirements at the organization level across all permission checks
- Enforced password policy compliance for organization members accessing protected resources
- Required recent reauthentication (within 5 minutes) when users delete their accounts
- Corrected device usage metrics calculation to count unique devices by their first appearance date
- Fixed admin role inheritance so organization-level admins now have admin rights over apps within their organization
- Resolved query ambiguities in permission checks and organization lookups
- Optimized database function performance by caching
auth.uid()results - Prevented HTML injection in user-submitted text fields (names, emails, icons, logos) with automatic sanitization
Security
- Added HTML stripping to all user-facing text fields to prevent cross-site scripting (XSS) attacks
- Strengthened account deletion protection by requiring fresh password confirmation
🔗 Full Changelog: v12.107.5...v12.107.6