This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Affected surfaces
Summary
AI summaryPublishes @logto/[email protected] to add missing CSP utilities and bring downstream packages back in sync.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Bugfix | Medium |
Publishes @logto/[email protected] to correct missed version bump and restore missing exports. Publishes @logto/[email protected] to correct missed version bump and restore missing exports. Source: llm_adapter@2026-05-29 Confidence: high |
— |
Full changelog
Patch Changes
This is a patch release to correct a missed version bump for @logto/core-kit, again...
In v1.40.0, new @logto/core-kit exports were introduced for Custom UI CSP utilities and protected app additional scopes, but the changeset did not make it into the release. As a result, @logto/core-kit stayed at 2.9.0 while downstream packages were already expecting the new exports. JavaScript package graphs are forgiving about many things; missing exports are not one of them.
v1.40.1 publishes @logto/[email protected] so the released packages are back in sync.
@logto/[email protected]
- Add custom CSP utility methods
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About logto
Authentication and authorization infrastructure for SaaS and AI apps, built on OIDC and OAuth 2.1 with multi-tenancy, SSO, and RBAC.
Related context
Related tools
Earlier breaking changes
- v1.40.0 Database migration required after upgrade; run alteration command before starting new version.
Beta — feedback welcome: [email protected]