Skip to content
Tools
/
zitadel
/
Releases
ZI
Release history
zitadel releases
ZITADEL - Identity infrastructure, simplified for you.
v3.4.10
Bug fix
·
1mo
Fixed LDAP username filter escaping.
3.4.10 (2026-05-04)Bug Fixes
ldap: escape username filter (59fa301 )
v4.15.0
Bug fix
·
1mo
Notable features
Improved client details dialog UX in console
4.15.0 (2026-05-04)Bug Fixes
Features
Performance Improvements
v4.14.0
New feature
·
1mo
Security fixes
OIDC opaque token encryption Invalid JWT assertion error handling
Notable features
x.509 certificate system-api-user tokens ECDSA and ED25519 public keys PKCS#1 key support
4.14.0 (2026-04-24)Bug Fixes
console: always show settings page to admin (#11779 ) (2f81454 ), closes #10912 console: disallow smtp double create #8964 (#11868 ) (aeddf0e )console: Fix onboarding link for user login guide (#11958 ) (677450e )console: jwt provider callback urls #11589 (#11966 ) (bfbf943 )console: normalize empty OIDC redirect uri updates #12053 (#12067 ) (c16667b )console: pass data to user delete dialog (#11595 ) (4706a80 )console: update protoc-gen-js (#12046 ) (a1cd331 )grpc: increase MaxSendMsgSize (#12066 ) (31ac2a4 )grpc: return 401 for unauthenticated v1 gateway errors (#11786 ) (5b4e6ec ), closes #11730 invalid jwt assertion error handling (#11933 ) (1c04220 ), closes /github.com/zitadel/oidc/blob/main/pkg/oidc/verifier.go#L195
login: add OIDC/SAML requestId to resend invite / resend email code (#11927 ) (501091c )login: ClassifiedConnectError breaking ConnectError instanceof checks (#12022 ) (72bbfd4 ), closes #11903 #11926 login: improve error classification (#11926 ) (6b9062f ), closes #11923 login: invite flow instead of email verification for users with no primary method, improve sending behaviour (#11837 ) (fa1d9e8 ), closes #10929 login: load SSL_CERT_DIR certificates without requiring hashed filenames (#12029 ) (95f61c7 )login: preserve OIDC request context during email verification (#11990 ) (b61ad1e )login: prevent duplicate email-code verification issue (#11893 ) (c1919db ), closes #11857 login: replace custom SWR cache with lru-cache (#11945 ) (c3b0982 )login: respect branding themeMode for theme toggle, fix CSP (#11903 ) (643088f ), closes #11721 oidc: use authenticated encryption for opaque tokens (#12017 ) (4ad07d2 ), closes #11315 propagate non-NotFound errors from instance interceptor (#12019 ) (52f9d7e )
Features
v4.13.1
Bug fix
·
2mo
Fixed admin initialization emails not being sent, enabled recovery codes to be active on creation, and reverted feature key naming for backward compatibility.
v4.13.0
New feature
·
2mo
Security fixes
tar and rollup vulnerabilities
Notable features
Webkeys v2 API migration LDAP flow updates HTTP/2 memory leak fix
v3.4.9
Security relevant
·
2mo
Fixed organization scope enforcement to prevent cross-organization access vulnerabilities.
v4.12.3
Security relevant
·
2mo
Fixed organization scope enforcement to prevent cross-organization access and prevented potential nil pointer panics in command handling logic.
v3.4.8
Bug fix
·
2mo
Fixed management API endpoint permission checks, improved auth middleware path encoding handling, and corrected webauthn invite code expiration validation logic.
v4.12.2
Bug fix
·
2mo
Fixed management API endpoint permission checks, improved auth middleware path encoding handling, and corrected webauthn invite code expiration validation logic.
v4.12.1
Security relevant
·
3mo
Fixed request handling panic recovery and secured server action invocations to prevent unauthorized server-side page rendering in registration flows.
v4.12.0
New feature
+1 more
·
3mo
Notable features
login_hint parameter support for IdP routing Framework listing improvements Email notification link fixes
v3.4.7
Security relevant
·
3mo
Fixed user update permission checks based on provided data and improved token subject validation logic.
v4.11.1
Security relevant
·
3mo
Notable features
Action target URL denylist
v4.11.0
Security relevant
·
3mo
Notable features
xOAuth for SMTP authentication OIDC back-channel logout URI management Cross-app distributed tracing
v4.10.1
Bug fix
·
4mo
Fixed NX build caching issues and updated OpenAPI protoc plugin to versioned release for improved build reliability and documentation generation.
v4.10.0
New feature
·
4mo
Notable features
SMS country code selector for OTP Arabic language support App filtering by client ID
v4.9.2
Bug fix
·
4mo
Incremented feature version to handle removed event types correctly during upgrades.
v3.4.6
Security relevant
·
4mo
Fixed membership role synchronization from projections and generalized error messages on code verification endpoints for better user experience.
v4.9.1
Security relevant
·
4mo
Fixed SMTP configuration to allow optional passwords, added missing admin list filters to management API, and improved ID token hint handling in authentication.
v4.9.0
New feature
·
4mo
Notable features
Recovery code MFA support Ukrainian language support French and Dutch localization
v4.8.1
Bug fix
·
4mo
Fixed SMTP email handling to properly accept SMTPUTF8 encoded international email addresses with non-ASCII characters.
© 2026 releaseport. All rights reserved.
Feed
Tools
Feeds
Security
Brief
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for "
⌘K to open
↑↓ navigate
⏎ open
