v1.36.1 - June 26, 2024

❗️

High-Risk Update: Enhanced Rate Limiting and Persistent Login Feature

This release includes changes to rate limiting for API endpoints and introduces the "Keep Me Logged In" functionality. We are actively monitoring the system post-release and have a 15-minute rollback plan ready to swiftly address any critical issues. Your immediate reporting of anomalies is crucial to ensuring platform stability and security.

The following changes are included in this release of the Next Identity platform.

Enhancements

Analyze

  • Foundation for Integration Insights: Expanded the foundational elements for Integration Insights, with initial features deployed exclusively for internal use. This preparatory work sets the stage for a broader release to all customers, ensuring robustness and utility in the upcoming offering.

Unify

  • Introduction of "Keep Me Logged In": Added a "Keep me logged in" checkbox on the Next Identity hosted login page, allowing users to consent to persistent login cookies. Learn more about this enhancement.

Infrastructure

  • Enhanced Rate Limiting for API Endpoints: Introduced a new user-agnostic rate limit setting for public API endpoints. This new setting limits the number of requests to an endpoint, regardless of the user, to prevent exploits and manage infrastructure costs more effectively.

Bug Fixes

Unify

  • Two-Step Mobile Validation on Profile Update: Resolved an issue where mobile number validation was not occurring on the profile update screen for two-step verification. Now, users are prompted for OTP validation immediately upon updating their mobile number. (removed due to issue during release)
  • Multi-Account Mobile Number Limit: Fixed an issue allowing a mobile number to be used for two-step verification on more than five accounts.

Operate

  • Client Setting Addition Issue: Resolved an issue in the Next Identity Console where internal users were unable to add values for certain settings. Internal users can now successfully add these values.