API
🔐 Security
- SAML logins now link to an existing account only when the asserted email domain matches the ACS endpoint and the user is already a member of that domain's tenant, fixing a cross-tenant account takeover (GHSA-h8m9-jgf8-vwvp) bf3b5c2ba713e533014927141b64948c82c8f32e
SDK
🐞 Fixed
- CLI compliance summary tables no longer undercount findings mapped to multiple sections nor double-count a single finding mapped to several requirements within the same group/split, and the Provider column no longer leaks a value from another framework (#11567)