惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
Security Archives - TechRepublic
Security Archives - TechRepublic
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Last Week in AI
Last Week in AI
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
WordPress大学
WordPress大学
爱范儿
爱范儿
J
Java Code Geeks
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
宝玉的分享
宝玉的分享
博客园 - 【当耐特】
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
月光博客
月光博客
S
Secure Thoughts
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News and Events Feed by Topic
腾讯CDC
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Webroot Blog
Webroot Blog
博客园 - Franky
有赞技术团队
有赞技术团队
美团技术团队
Jina AI
Jina AI
S
Security @ Cisco Blogs
博客园 - 叶小钗
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园_首页
C
CERT Recently Published Vulnerability Notes
T
Threat Research - Cisco Blogs
Project Zero
Project Zero
A
Arctic Wolf
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
小众软件
小众软件
IT之家
IT之家
S
Security Affairs

Clerk Changelog

Largest organizations report Flush elevation option for page-mounted components Groups and custom attributes mapping are now generally available Organizations support in OAuth Applications Improved observability with Application Logs Clerk CLI API Keys General Availability Directory Sync (SCIM) is now generally available Theme Expo native components from a JSON file Infinite scrolling in Overview tables Filter test users in Overview analytics Annual-only plans for Clerk Billing Preview Custom Session Claims Restrict end users from changing their identifiers Clerk Billing now supports plans with seat limits Overview for waitlist mode Clerk is now available in Stripe Projects Organization activity report Create and manage enterprise connections through Clerk's API Native React Native components, Google Sign-In, and Core 3 X social connection improvements JWT format support for M2M tokens Chrome Extension JavaScript SDK support Core 3 Organization retention report Require multi-factor authentication (MFA) on mobile Test enterprise connections with shareable links Clerk Convex integration for Swift and Kotlin Require multi-factor authentication (MFA) Improved visibility into Stripe account status Share Dashboard Analytics iOS and Android SDKs v1 New plans, more value User activity report Clerk Skills for AI Agents Custom plans and prices Automatically create first organization with smart naming User retention report Clerk MCP Server Sign-in with Solana Control available roles per organization with Role Sets Member role can no longer manage secret keys within the Clerk Dashboard JWT format support for OAuth access tokens Hide Incomplete Periods Manually force password resets Organization filters Organization Reports API Keys Public Beta Prebuilt Android Components Debug logs for enterprise connections Vercel SSO Provider Enable organizations from your app during development Manage organization roles and permissions through Clerk's API Use existing Stripe account for Clerk Billing Update billing plan prices Native Sign in with Apple for Expo PKCE support for custom OAuth providers API Version 2025-11-10 Filter growth charts by churned users and organizations Command menu Start free trials without payment methods Organization Growth Analytics LLM Leaderboard M2M Tokens General Availability Infra Changelog - Oct 9, 2025 Clerk Leap Integration Organization slugs disabled by default Infra Changelog - Sep 25, 2025 SAML ForceAuthn Last-used sign-in method badge Android SDK General Availability Fetch user subscription Free trials for subscriptions Sign-in with Base Fetch organization subscription "Personal Accounts" disabled by default User cohorts in growth charts Production Testing Tokens M2M Tokens Public Beta shadcn/ui registry support Enabled ability to fetch billing plans Changes to allowlist and blocklist on sign in Android SDK Beta Prebuilt iOS Views Verified domains in Dashboard and in Backend API Protection against user enumeration Build custom flows with React and Clerk Billing Organization permissions are now unlimited Improved resilience with automatic regional failover MCP Server Support for Express New simple theme for easier customization End billing subscriptions immediately with the new End button Workspace level settings in the Dashboard Button components for Clerk Billing shadcn/ui theme compatibility Dark Mode for the Clerk Dashboard Clerk CSS variables support Clerk is now available on the Vercel Marketplace Organization Invitation Sorting Introducing top-level Features. Plus redesigned Roles & Permissions
Introducing Client Trust: Clerk’s free credential stuffing killer
Tom Milewski, Chris Canin, Colin Sidoti · 2025-11-14 · via Clerk Changelog

Last Friday, Troy Hunt shared that 625 million never-before-leaked passwords had been added to Have I Been Pwned, the password leak detection service. The update brought relief to our team at Clerk, which had been fighting credential stuffing attacks for the two weeks prior.

Attackers were attempting to test millions of stolen passwords in quick bursts, with seemingly endless rotating IPs and TLS fingerprints to slip past rate limiters.

While we were able to mitigate the vast majority of the attack, leaks of this scale mean that even 99.9% effectiveness isn’t enough.

So we decided to kill credential stuffing for good, with a mechanism we’re calling Client Trust.

Introducing Client Trust

Client Trust is Clerk’s new defense against credential stuffing. It works by treating every new device as untrusted until the user has signed in on it.

Client Trust Flow

Here’s what that means in practice:

  1. If a user enters a valid password
  2. and hasn’t enabled two-factor authentication
  3. and is signing in from a new client (device)

Then Clerk will automatically require a second factor, with either a one-time passcode or a magic link, depending on the application’s settings.

That’s it. No extra configuration and no guesswork. Just automatic protection from day one.

Security that adapts to reality

We know that developers don’t want to choose between user experience and security. Client Trust is designed to make that trade-off obsolete.

It’s invisible when it should be, and decisive when it must be. No more leaked-password panics. No more hoping users turned on 2FA.

With Client Trust, your users are protected even when their password is included in a 0-day credential leak.

Free for everyone

Client Trust is included in all Clerk plans, and automatically enabled for new applications.

Existing applications must enable the update manually from the Updates page of the dashboard. For most customers, it’s available as one-click update.