github AzureAD/microsoft-identity-web 4.11.0
on GitHub

5 hours ago

What's Changed

  • Bump vitest from 3.2.4 to 4.1.0 in /tests/DevApps/SidecarAdapter/typescript by @dependabot[bot] in #3836
  • Bump MSAL.NET to 4.84.2 and align OWIN binding redirects by @gladjohn with @Copilot in #3844
  • docs(design): devex proposal for mTLS PoP on Managed Identity and FIC by @gladjohn in #3832
  • Prevent OpenIdConnectMiddlewareDiagnostics from logging sensitive values by @iarekk in #3850
  • Add MSI mTLS PoP support: pure MI + FIC-with-MI (impl for devex #3832) by @gladjohn in #3839
  • docs(design): devex proposal for Bearer tokens with bound credentials by @gladjohn in #3833
  • Add bound-credential support for Bearer tokens (cert + mTLS) by @gladjohn in #3835
  • Upgrade IdWeb Sidecar to .NET 10 (LTS) by @soodt in #3841
  • MTLS Without Tokens Support - MicrosoftIdentityMessageHandler Support by @tlupes in #3815
  • fix: include isTokenBinding in CCA cache key to prevent bearer/PoP collision by @gladjohn in #3867
  • Test + doc: x-ms-tokenboundauth header for AKV mTLS PoP via ExtraHeaderParameters by @gladjohn in #3864
  • Add mTLS PoP Copilot skill (certificate, MSI, FIC) by @gladjohn in #3872
  • Fix CVE-2026-48109: Pin MessagePack to patched version 2.5.301 by @soodt in #3865
  • Sidecar: gate agent identity parameters behind AllowOverrides by @iNinja in #3871
  • Bump System.Formats.Asn1 base version to 10.0.2 by @iarekk in #3875
  • Bump Microsoft.IdentityModel.* from 8.18.0 to 8.19.1 by @iarekk in #3879
  • Use IIdentityLogger for MSAL logging in TokenAcquisition and ManagedIdentityClientAssertion (#3820) by @neha-bhargava in #3880
  • Update Microsoft.Identity.Abstractions to 12.2.0 and MSAL to 4.85.0 by @neha-bhargava in #3881
  • Surface MSAL AuthenticationResultMetadata + exception details on AcquireTokenResult by @neha-bhargava in #3856
  • Flow outgoing request to header providers via AcquireTokenOptions by @neha-bhargava in #3876
  • Throw on Authority vs Instance/TenantId conflict (OIDC + MSAL parity) by @iarekk in #3873
  • Delete .github/workflows/evergreen.yml by @bgavrilMS in #3803
  • Add comprehensive authority configuration and precedence documentation by @jmprieur with @Copilot in #3617
  • Bump js-yaml from 4.1.1 to 4.2.0 in /tests/DevApps/SidecarAdapter/typescript by @dependabot[bot] in #3862
  • Move authority docs into docs/authority-configuration/ subfolder by @iarekk in #3885
  • Revert "Throw on Authority vs Instance/TenantId conflict (#3873)" by @iarekk in #3888
  • Update Microsoft.Identity.Client to 4.85.1 by @neha-bhargava in #3889
  • Enable E2E test coverage on internal Azure DevOps pipelines by @gladjohn in #3883
  • Bump esbuild and tsx in /tests/DevApps/SidecarAdapter/typescript by @dependabot[bot] in #3859
  • Skip AcquireTokenWithMtlsPop test: AAD westus3 test slice returns Bearer by @neha-bhargava in #3892

New Contributors

Full Changelog: 4.10.0...4.11.0

Check out latest releases or
releases around AzureAD/microsoft-identity-web 4.11.0

Don't miss a new microsoft-identity-web release

NewReleases is sending notifications on new releases.

Get notifications