[ODM-13113] Security improvements part 1

Author: Oleg Kunitsyn

docs/release-notes/v1.60-v1.69.md

@@ -128,13 +128,18 @@ Starting with this release, the Template Editor includes a new feature to view t
 
 ![PDF Preview](../user-guide/doc-odm-user-guide/doc-odm-user-guide/images/pdf-preview.png)
 
-### Tokens
+### Permanent tokens
 
 * **Instant token display**: When creating an ODM personal access token from the Profile page, the **token value is now shown immediately** after the user confirms creation (and enters their password, if prompted).
 * **Email step removed**: Token creation no longer requires an email with a secure link/code exchange.
 
 ![New token](../user-guide/doc-odm-user-guide/doc-odm-user-guide/images/token.png)
 
+### Access (Bearer) tokens
+
+1. The user identifier for Azure token authentication was changed from `subject` to `oid`, enabling login without defining an Azure app scope.
+2. As a result, all users will need to log in via the UI once to have their records updated in the database.
+
 ### Metadata validity facet
 
 A new default facet has been added to filter Studies by **valid** or **invalid** metadata, validated against the applied template. Metadata is considered **invalid** if at least one field is invalid in any Study entity.
@@ -143,6 +148,10 @@ A new default facet has been added to filter Studies by **valid** or **invalid**
 
 ### Key security improvements
 
+1. Removing the email-based token delivery flow to eliminate a potential attack vector.
+2. Spring Boot upgrade to v4 with updated transitive dependencies resolved plenty of security vulnerabilities.
+3. Three vulnerabilities (SQL injection, path traversal, log injection) identified and fixed by code analysis tools.
+
 ## 1.61
 
 Release 1.61 introduces powerful enhancements focused on improving data governance and preventing common user errors.