From 5f66e20c219c27ab852a541cb2e755d73ac66131 Mon Sep 17 00:00:00 2001 From: Andy Pai Date: Fri, 24 Nov 2023 10:06:35 -0700 Subject: [PATCH] release notes for 1.48.2 (#2690) * draft release notes for 1.48.2 * PR updates * fixed formatting --------- Co-authored-by: Andy Pai --- .../src/content/docs/release-notes/index.mdx | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/astro/src/content/docs/release-notes/index.mdx b/astro/src/content/docs/release-notes/index.mdx index 2f10c34f08..daacc2497b 100644 --- a/astro/src/content/docs/release-notes/index.mdx +++ b/astro/src/content/docs/release-notes/index.mdx @@ -16,6 +16,25 @@ import ReleaseNoteHeading from 'src/components/docs/release-notes/ReleaseNoteHea Looking for release notes older than 1.23.0? Look in the [release notes archive](/docs/release-notes/archive). Looking to be [notified of new releases?](/docs/operate/roadmap/releases#release-notifications) + + +### Fixed +* When paging beyond 10,000 in the FusionAuth admin UI for Users or Entities, the bottom set of pagination controls may not work. If you encounter an error when clicking on the pagination controls, use the top set of controls instead. This bug is specific to the new pagination introduced in version `1.48.0`. + * Resolves [GitHub Issue #2544](https://github.com/FusionAuth/fusionauth-issues/issues/2544) +* In some cases when using with FusionAuth-hosted pages in an non-secure context, such as accessing FusionAuth on `localhost`, the `PublicKeyCredential` JavaScript API will not be available. This may cause an error on your JavaScript console `PublicKeyCredential is not defined`. This error kept the form on the page from correctly submitting. + * Resolves [GitHub Issue #2500](https://github.com/FusionAuth/fusionauth-issues/issues/2500) +* In version `1.48.0` a change was made to reject a link request from an OpenID Connect IdP when the `email_verified` claim is supplied with a value of `false`. An assumption was made that the `email` and `email_verified` claims would both be present in the `Userinfo` response or the `id_token`. Some providers may split these claims, so this assumption has been removed. + * Resolves [GitHub Issue #2542](https://github.com/FusionAuth/fusionauth-issues/issues/2542) + +### Security +* Correct the validation of the `post_logout_redirect_uri` parameter on the OAuth2 Logout request for relative URIs intended for use for FusionAuth applications. + * Resolves [GitHub Issue #2539](https://github.com/FusionAuth/fusionauth-issues/issues/2539) + +### Internal +* Improve our JWT validation for internal security schemes by failing faster on invalid tokens. + * Resolves [GitHub Issue #2555](https://github.com/FusionAuth/fusionauth-issues/issues/2555) + +