❗️

High-Risk Update: Revoked Access and Session Sync Fix

This update refines how client access revocation is handled to ensure proper session termination and client sync. Failures may result in incomplete logouts or inappropriate retention of access permissions. Please report any issues immediately to ensure platform stability.

The following changes are included in this release of the Next Identity platform.

Enhancements

Unify

• Email Notifications for 2FA Mobile Number Changes: Users will now receive an email notification if their Two-Factor Authentication (2FA) mobile number is registered, modified, or deleted. This immediate alert enhances account security by helping users quickly identify and report unauthorized activity.

Bug Fixes

Unify

• 2-Step Verification Bypass via Back Button: Addressed a security vulnerability where users could bypass the 2-Step Verification screen by using the browser's back button. The verification step is now properly enforced.
• Incorrect Client Association for Revoked Users: Corrected an issue where a user with revoked access to an application was still associated with it after selecting 'Deny' during a login attempt.
• Access Denial No Longer Allows Subsequent Login: Fixed an issue where users could still log in after clicking "Deny" during the access request flow. The session is now properly cleared to prevent unintended access.