- Telemetry: Add stable Secure Orchestrator ID (
soid) to all log entries and OTel telemetry (service.instance.id) for deployment correlation - OIDC Connector: Add configurable error handling for authentication callbacks
- OIDC Provider: Fix state parameter encoding in form post response mode
- Security: Resolved security issues
- MCP Proxy: Gracefully re-establish session with the upstream MCP server and retry the request when the session is terminated
- Proxy Apps: Allow service extensions to be reused across all application types by loosening namespace validation
- Connectors: HYPR connector now reads custom HTML files from the configuration bundle
- MCP Proxy: Gracefully re-establish sessions with upstream and retry requests when a session is terminated
- Proxy Apps: Allow service extensions to be reused across all app types
- Connectors: Support reading custom HTML files from the configuration bundle for Hypr integrations
- TLS: Add max version configuration for all TLS settings
- Session: Fixed an issue where empty sessions were persisted when the SLO endpoint terminated an unestablished session
- MCP Proxy: Add configurable scopes and token lifetimes for all MCP protocol operations
- Security: Resolved security issues
- Security: Resolved CVE-2026-2405
- MCP Proxy: Respect outbound authorization policy when making list tools requests
- SAML Apps: Enable claims mapping and the BuildClaims service extension to be used together
- MCP Proxy: Explicitly handle session termination errors that are returned from the upstream
- OIDC Connector: Add client assertion authentication mechanism (rfc 7523)
- OIDC Connector: Add support for JWT client assertion authentication as part of the token exchange grant
- OIDC Provider: Demonstrate JWT client authentication can be used with authcode, token-exchange grants
- OIDC Provider: Make openid scope and scope param optional
- SAML Provider: Ensure SAML Response elements are ordered correctly
- OIDC Provider: Add Subject and Actor token claims to token minting policy