Releases: auth0/nextjs-auth0
Releases · auth0/nextjs-auth0
v4.15.0
v4.15.0
Added
- feat: MFA APIs #2502 (tusharpandey13)
- feat: Base MFA support #2480 (tusharpandey13)
- Add TTL to /auth/access-token and optional full client response #2505 (nandan-bhat)
v4.14.1
Fixed
- fix: do not throw ERR_JWE_DECRYPTION_FAILED, but catch it and ignore the cookie. #2487 (frederikprijck)
- fix: avoid headers.append error when using getAccessToken with refresh in Next.js 16 proxy #2495 (nandan-bhat)
- fix: removed un-intended class/type exports from the SDK #2475 (nandan-bhat)
v4.14.0
v4.13.3
v4.13.3 (2025-12-12)
Fixed
- bugfix: session write not happening for pages router with chunked cookies #2447 (tusharpandey13)
Security
- Security: Update Next.js peer dependencies for CVE-2025-55184 and CVE-2025-55183 #2457 (tusharpandey13)
v4.13.2
Changed
- Updated peer dependency
- Next:
^14.2.25 || ~15.0.5 || ~15.1.9 || ~15.2.6 || ~15.3.6 || ~15.4.8 || ~15.5.7 || ^16.0.7 - React:
^18.0.0 || ~19.0.1 || ~19.1.2 || ^19.2.1 - React-DOM:
^18.0.0 || ~19.0.1 || ~19.1.2 || ^19.2.1
- Next:
v4.13.1
Added
- docs: Add docs for silent authentication #2422 (tusharpandey13)
Fixed
- fix: broken next-16 app when basePath is used #2424 (nandan-bhat)
v4.13.0
Added
- feat: add support
scopesparameter for connected accounts #2407 (guabu) - Adding support for Next 16 #2405 (nandan-bhat)
Fixed
- fix: merge sessionChanges before finalizing session after refresh (#2401) #2414 (Clone of #2401 by wolfgangGoedel )
- fix: prevent OAuth parameter injection via returnTo (#2381) #2413 (Clone of #2381 by MegaManSec)
v4.12.1
Changed
- Remove TokenRequestCache when calling getAccessToken
v4.11.2
Changed
- Remove TokenRequestCache when calling getAccessToken
v4.12.0
Added
- feat: Proxy handler support enabling My Account and My Org #2400 (tusharpandey13)