v11.33.0

Important

This release contains a change to how custom signup fields are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.

If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our issue tracker.

Changed

• ui box - div replaced by main #2114 (piwysocki)
• More complete support for custom passwordless connections #2105 (peter-isgfunds)

Fixed

• fix: initialize reset password inside componentDidMount #2111 (stevehobbsdev)

Security

• [Snyk] Upgrade dompurify from 2.3.4 to 2.3.5 #2101 (snyk-bot)

v11.32.2

Changed

• align german loginWithLabel translation with Apple Guidelines #2097 (Steffen911)

Fixed

• SDK-3087 Captcha for single enterprise AD connections #2096 (stevehobbsdev)

Security

• [Snyk] Upgrade qs from 6.10.2 to 6.10.3 #2095 (snyk-bot)
• Bump cached-path-relative from 1.0.2 to 1.1.0 #2091 (dependabot[bot])

v11.32.1

This release includes [email protected], which by default stores additional cookies for backward compatibility when using the SameSite attribute, for those older browsers that do not understand SameSite=None. As well as creating the normal transaction cookies with Secure=true and SameSite=none, it also stores a _x_compat cookie (where x is the name of the original cookie) which only sets Secure=true.

If the generation of these extra cookies is undesirable or unnecessary for your use case, you can turn them back off by setting legacySameSiteCookie: false in the SDK configuration.

Changed

• Update auth0-js and support legacySameSiteCookie option #2089 (stevehobbsdev)

Security

• Bump log4js from 6.3.0 to 6.4.0 #2087 (dependabot[bot])
• Security upgrade node-fetch to 2.6.7 #2085 (evansims)
• [Snyk] Upgrade prop-types from 15.7.2 to 15.8.0 #2083 (snyk-bot)
• Bump engine.io from 4.1.1 to 4.1.2 #2082 (dependabot[bot])
• Bump follow-redirects from 1.14.4 to 1.14.7 #2081 (dependabot[bot])

v11.32.0

Fixed

• SDK-2970 Remove captcha for enterprise SSO connections #2071 (stevehobbsdev)
• Add ID attributes to password field + submit button #2072 (stevehobbsdev)

v11.31.1

Fixed

• Guard references to window on module load #2057 (stevehobbsdev)
• Ensure Captcha is completed before authenticating with enterprise SSO connection #2060 (stevehobbsdev)

v11.31.0

Added

• SDK-2295 Add forceAutoHeight property to UI config #2050 (stevehobbsdev)

Fixed

• SDK-2823 Fix password reset when using custom connection resolver #2048 (stevehobbsdev)

v11.30.6

This release intends to fix the build for Bower users, whilst upgrading some development-time dependencies and build configuration. There are no other functionality changes.

Part of the new releasing strategy for this library going forward is to include the build assets in the release PR, which when tagged will enable Bower to work again.

v11.30.5

Changed

[SDK-2708] Use domain value for client assets download instead of cdn.*.auth0.com #2029 (stevehobbsdev)

Fixed

Inline util.format and replace usage of global for window #2030 (stevehobbsdev)

v11.30.4

Fixed

• Updated Dutch translations #2013 (erombouts)

v11.30.3

Fixed

• Fix country dialing code dropdown #2009 (adamjmcgrath)