You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Disable Local Password Change/Reset for LDAP Users,Administrators can now prevent local password changes and resets for back-office users whose accounts are synchronized from LDAP, avoiding conflicts with centrally managed credentials. When enabled, LDAP users cannot change their own password or request a local password reset, and administrators cannot change or reset passwords for LDAP users through the back-office. Password management behavior for non-LDAP users remains unchanged and continues to follow existing login and SSO configuration settings [BAP-23238]
Enable MCP Server for Back-Office and Storefront. MCP Server support for both Back-Office and Storefront, providing a unified integration layer to securely connect tools and services, streamline workflows, and improve extensibility across the AI powered platform [BAP-23213]
OIDC Identity Providers Management for Back-Office Users. Administrators can now manage OpenID Connect (OIDC) identity providers making it easier to configure SSO for back-office users [BAP-23169]
Users provisioning and deprovisioning via SCIM. OroCommerce now supports SCIM-based user and group provisioning, enabling automatic synchronization with identity providers such as Microsoft Entra ID or Okta. When SCIM is enabled, administrators can define default roles, organization access, and name-handling strategies for newly provisioned users. This simplifies user lifecycle management and ensures that provisioned and deprovisioned accounts stay aligned with your IAM configuration [BAP-23145]
Add AI Smart Agent Integration API label and description on OpenAPI management page [BAP-23253]
Add note to API docs when a discount is represented as negative value [BAP-23246]
Replace "tmpnam" and "sys_get_temp_dir" with "tmpfile". Temporary file handling has been improved by replacing manual use of "tmpnam" and "sys_get_temp_dir" with "tmpfile". This ensures that temporary files, particularly in import and export workflows, are automatically cleaned up when a PHP process terminates, including in the event of unexpected errors or crashes [BAP-23198]
Confusing messaging for users log in without assigned organization business unit. User login handling has been improved for accounts without assigned organization business units by providing clear, actionable messaging both during authentication and in access settings, explaining that at least one organization business unit is required in order to log in [BAP-12161]
List of fixed issues
Platform and OroCRM:
DIC building log is not created [BAP-23241]
Back-office "Remember Me" ignored when 2FA is used. The back-office login flow has been corrected so that the "Remember Me" option is honored when two-factor authentication is enabled. If a user selects "Remember Me" on the initial login screen, the persistent session cookie is now preserved after successful 2FA verification, aligning the behavior with non-2FA logins [BAP-23240]
Slow DB queries during oro:website-search:reindex [BAP-23190]
Error/Exception is not logged when DB connection issue [BAP-23009]
Import fails on unexpected value type in column [BAP-22324]
