- Fix CVE-2025-4802, CVE-2025-31484 and CVE-2025-32990
- Fix an iOS bug that prevents a request from being retried after a challenge resolution
- Fix an iOS bug that prevents a request from being retried after a challenge resolution
- Add support of activation and expiration dates for custom rules
- Update dependencies to fix vulnerabilities
- Add support for account update events
- Add support for password update events
- Add
EventID and Score to the response model
- Add optional
Session, User, and Authentication to login and registration events
- Add
DisplayName, Description, ExternalURLs, PictureURLs, PaymentMethodUpdated to the user model
- Add Client Hints headers to the payload
- Add
useForwarded configuration to handle the Forwarded request header
- Collect
Signature, Signature-Agent, and Signature-Input headers from requests to support HTTP message signatures as defined by RFC 9421
- Ensure consistent field ordering to prioritize
Key, IP, and RequestModuleName in payload to Bot Protect API
- Add support for account update events
- Add support for password update events
- Add optional
Session, User, and Authentication to the login events
- Add
Authentication, DisplayName, Description, ExternalURLs, PictureURLs, PaymentMethodUpdated and Title to the user model
- Add
EventID and Score to the response model
- Add
challenge and review to ResponseAction types
- Add Client Hints headers to the payload
- Fix
Protocol and case of XForwardedForIp and XRealIp in the payload to the Account Protect API
- Collect
Signature, Signature-Agent, and Signature-Input headers from requests to support HTTP message signatures as defined by RFC 9421
- Exclude empty fields from payloads sent to the Bot Protect API
