Release v11.33.0 · auth0/lock

Important

This release contains a change to how custom signup fields are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.

If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our issue tracker.

Changed

ui box - div replaced by main #2114 (piwysocki)
More complete support for custom passwordless connections #2105 (peter-isgfunds)

Fixed

fix: initialize reset password inside componentDidMount #2111 (stevehobbsdev)

Security

[Snyk] Upgrade dompurify from 2.3.4 to 2.3.5 #2101 (snyk-bot)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v11.33.0