Skip to content

v6.1.0

Compare
Choose a tag to compare
@github-actions github-actions released this 07 Aug 10:30
· 964 commits to main since this release

New features

SCIM support

SCIM support for Microsoft Entra and Okta.

Configure SSO options at startup

Simplified setup of self-hosted instances by having SSO available since the first time Unleash boots.

Bug fixes

SDK tokens for deleted projects

In previous versions of Unleash, when a project was deleted, the associated SDK tokens were not removed. This issue has been addressed in the 6.1 version of Unleash.

Unfortunately, if you deleted a project in the past without manually removing the associated tokens, these "orphaned" tokens were automatically converted to “wildcard” tokens, granting access to all feature flags across all projects.

Our assessment indicates this poses a minor security concern due to the following reasons:

  • This issue only affects tokens whose entire project scope has been deleted. 
  • Access requires knowledge of the token.
  • SDK tokens have limited read access and must be assigned to a single environment.

In the SDK tokens overview, orphaned tokens are flagged with a warning. We recommend discontinuing the use of these tokens and creating new, dedicated tokens instead.

With the latest version, when a project is deleted, all API tokens scoped to that project will be removed as well. If you need further assistance, please contact customer support.