New features
SCIM support
SCIM support for Microsoft Entra and Okta.
Configure SSO options at startup
Simplified setup of self-hosted instances by having SSO available since the first time Unleash boots.
Bug fixes
SDK tokens for deleted projects
In previous versions of Unleash, when a project was deleted, the associated SDK tokens were not removed. This issue has been addressed in the 6.1 version of Unleash.
Unfortunately, if you deleted a project in the past without manually removing the associated tokens, these "orphaned" tokens were automatically converted to “wildcard” tokens, granting access to all feature flags across all projects.
Our assessment indicates this poses a minor security concern due to the following reasons:
- This issue only affects tokens whose entire project scope has been deleted.
- Access requires knowledge of the token.
- SDK tokens have limited read access and must be assigned to a single environment.
In the SDK tokens overview, orphaned tokens are flagged with a warning. We recommend discontinuing the use of these tokens and creating new, dedicated tokens instead.
With the latest version, when a project is deleted, all API tokens scoped to that project will be removed as well. If you need further assistance, please contact customer support.