惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
The Hacker News
The Hacker News
S
Securelist
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
人人都是产品经理
人人都是产品经理
V
Visual Studio Blog
V
Vulnerabilities – Threatpost
C
Cisco Blogs
Scott Helme
Scott Helme
Project Zero
Project Zero
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
N
News | PayPal Newsroom
博客园_首页
Cyberwarzone
Cyberwarzone
T
Tailwind CSS Blog
Last Week in AI
Last Week in AI
有赞技术团队
有赞技术团队
Security Latest
Security Latest
V
V2EX
AI
AI
大猫的无限游戏
大猫的无限游戏
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
W
WeLiveSecurity
Jina AI
Jina AI
博客园 - Franky
J
Java Code Geeks
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
PCI Perspectives
PCI Perspectives
Help Net Security
Help Net Security
V2EX - 技术
V2EX - 技术
月光博客
月光博客
博客园 - 司徒正美
Schneier on Security
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
N
News and Events Feed by Topic
I
Intezer
The Cloudflare Blog
Apple Machine Learning Research
Apple Machine Learning Research
P
Privacy International News Feed
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
雷峰网
雷峰网
A
Arctic Wolf
L
LangChain Blog
罗磊的独立博客

Clerk Changelog

Largest organizations report Flush elevation option for page-mounted components Groups and custom attributes mapping are now generally available Organizations support in OAuth Applications Improved observability with Application Logs Clerk CLI API Keys General Availability Directory Sync (SCIM) is now generally available Theme Expo native components from a JSON file Infinite scrolling in Overview tables Filter test users in Overview analytics Annual-only plans for Clerk Billing Preview Custom Session Claims Restrict end users from changing their identifiers Clerk Billing now supports plans with seat limits Overview for waitlist mode Clerk is now available in Stripe Projects Organization activity report Create and manage enterprise connections through Clerk's API Native React Native components, Google Sign-In, and Core 3 X social connection improvements JWT format support for M2M tokens Chrome Extension JavaScript SDK support Core 3 Organization retention report Require multi-factor authentication (MFA) on mobile Test enterprise connections with shareable links Clerk Convex integration for Swift and Kotlin Require multi-factor authentication (MFA) Improved visibility into Stripe account status Share Dashboard Analytics iOS and Android SDKs v1 New plans, more value User activity report Clerk Skills for AI Agents Custom plans and prices Automatically create first organization with smart naming User retention report Clerk MCP Server Sign-in with Solana Control available roles per organization with Role Sets Member role can no longer manage secret keys within the Clerk Dashboard JWT format support for OAuth access tokens Hide Incomplete Periods Manually force password resets Organization filters Organization Reports API Keys Public Beta Prebuilt Android Components Debug logs for enterprise connections Vercel SSO Provider Enable organizations from your app during development Manage organization roles and permissions through Clerk's API Use existing Stripe account for Clerk Billing Introducing Client Trust: Clerk’s free credential stuffing killer Update billing plan prices Native Sign in with Apple for Expo PKCE support for custom OAuth providers API Version 2025-11-10 Filter growth charts by churned users and organizations Command menu Start free trials without payment methods Organization Growth Analytics LLM Leaderboard M2M Tokens General Availability Infra Changelog - Oct 9, 2025 Clerk Leap Integration Organization slugs disabled by default Infra Changelog - Sep 25, 2025 SAML ForceAuthn Last-used sign-in method badge Android SDK General Availability Fetch user subscription Free trials for subscriptions Sign-in with Base Fetch organization subscription "Personal Accounts" disabled by default User cohorts in growth charts Production Testing Tokens M2M Tokens Public Beta shadcn/ui registry support Enabled ability to fetch billing plans Changes to allowlist and blocklist on sign in Android SDK Beta Prebuilt iOS Views Verified domains in Dashboard and in Backend API Build custom flows with React and Clerk Billing Organization permissions are now unlimited Improved resilience with automatic regional failover MCP Server Support for Express New simple theme for easier customization End billing subscriptions immediately with the new End button Workspace level settings in the Dashboard Button components for Clerk Billing shadcn/ui theme compatibility Dark Mode for the Clerk Dashboard Clerk CSS variables support Clerk is now available on the Vercel Marketplace Organization Invitation Sorting Introducing top-level Features. Plus redesigned Roles & Permissions
Protection against user enumeration
Daniel Moerner, Austin Calvelage · 2025-08-07 · via Clerk Changelog

At Clerk, our priority is to provide customers with safe, secure, and easy-to-deploy tools for user management and authentication. When it comes to authentication, each stage of the sign in or sign up flow is designed to minimize friction and get people using your application.

For example, if a user attempts to sign in with an identifier that does not match an existing account on your Clerk application, we inform the user that this identifier doesn't match an existing account. This immediate feedback fits the expectations of ordinary users, who may not remember how or whether they have signed up for your application.

Some of our customers also have a need to protect against user enumeration – when a malicious actor takes advantage of the fact that the error message discloses whether an account exists for a given identifier (like an email or phone number) to create a list of all of the accounts that exist within an application. We already offer all our customers protection against such attacks using a variety of rate limiting techniques.

However, some customers would prefer to remove the ability to determine whether an account exists entirely. Some examples of apps that might fall in this category are financial institutions concerned about targeted phishing attacks, or any website for which an existing account being associated with a given email or phone number is intended to be private to that user, such as perhaps a dating app. To accommodate these needs, we are excited to announce that a set of enhanced protections against user enumeration attacks can now be enabled in the Clerk Dashboard, under the Attack Protection page.

Clerk Dashboard Enumeration Protection feature

With Enumeration Protection enabled, users attempting to sign in or sign up will no longer receive feedback that reveals if their identifier matches an existing account. Instead, they will be advanced to the next stage of the sign in or sign up flow, but attempts to complete the sign in or sign up will be rejected if the account does not exist, in the same way they would be if the credential in the next step, for example, a password, was incorrect. This makes it such that Clerk's response is the same whether or not a user account already exists, enhancing your application's protection against user enumeration attacks.

User security is our priority, and we are happy to bring these opt-in, enhanced protections against user enumeration attacks to our customers who need them.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。