惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google Online Security Blog
Google Online Security Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Stack Overflow Blog
Stack Overflow Blog
GbyAI
GbyAI
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
F
Fortinet All Blogs
N
Netflix TechBlog - Medium
Martin Fowler
Martin Fowler
腾讯CDC
C
CERT Recently Published Vulnerability Notes
博客园 - 聂微东
L
LINUX DO - 热门话题
Y
Y Combinator Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
C
Cisco Blogs
A
Arctic Wolf
Latest news
Latest news
Jina AI
Jina AI
P
Proofpoint News Feed
博客园 - 叶小钗
Vercel News
Vercel News
T
Threat Research - Cisco Blogs
博客园 - 三生石上(FineUI控件)
K
Kaspersky official blog
C
Check Point Blog
H
Heimdal Security Blog
博客园 - Franky
小众软件
小众软件
The Register - Security
The Register - Security
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
aimingoo的专栏
aimingoo的专栏
Project Zero
Project Zero
G
GRAHAM CLULEY
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Scott Helme
Scott Helme
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU

Clerk Changelog

Largest organizations report Flush elevation option for page-mounted components Groups and custom attributes mapping are now generally available Organizations support in OAuth Applications Improved observability with Application Logs Clerk CLI API Keys General Availability Directory Sync (SCIM) is now generally available Theme Expo native components from a JSON file Infinite scrolling in Overview tables Filter test users in Overview analytics Annual-only plans for Clerk Billing Preview Custom Session Claims Restrict end users from changing their identifiers Clerk Billing now supports plans with seat limits Overview for waitlist mode Clerk is now available in Stripe Projects Organization activity report Create and manage enterprise connections through Clerk's API Native React Native components, Google Sign-In, and Core 3 X social connection improvements JWT format support for M2M tokens Chrome Extension JavaScript SDK support Core 3 Organization retention report Require multi-factor authentication (MFA) on mobile Test enterprise connections with shareable links Clerk Convex integration for Swift and Kotlin Require multi-factor authentication (MFA) Improved visibility into Stripe account status Share Dashboard Analytics iOS and Android SDKs v1 New plans, more value User activity report Clerk Skills for AI Agents Custom plans and prices Automatically create first organization with smart naming User retention report Clerk MCP Server Sign-in with Solana Control available roles per organization with Role Sets Member role can no longer manage secret keys within the Clerk Dashboard JWT format support for OAuth access tokens Hide Incomplete Periods Manually force password resets Organization filters Organization Reports API Keys Public Beta Prebuilt Android Components Debug logs for enterprise connections Vercel SSO Provider Enable organizations from your app during development Manage organization roles and permissions through Clerk's API Use existing Stripe account for Clerk Billing Introducing Client Trust: Clerk’s free credential stuffing killer Update billing plan prices Native Sign in with Apple for Expo PKCE support for custom OAuth providers API Version 2025-11-10 Filter growth charts by churned users and organizations Command menu Start free trials without payment methods Organization Growth Analytics LLM Leaderboard M2M Tokens General Availability Infra Changelog - Oct 9, 2025 Clerk Leap Integration Organization slugs disabled by default SAML ForceAuthn Last-used sign-in method badge Android SDK General Availability Fetch user subscription Free trials for subscriptions Sign-in with Base Fetch organization subscription "Personal Accounts" disabled by default User cohorts in growth charts Production Testing Tokens M2M Tokens Public Beta shadcn/ui registry support Enabled ability to fetch billing plans Changes to allowlist and blocklist on sign in Android SDK Beta Prebuilt iOS Views Verified domains in Dashboard and in Backend API Protection against user enumeration Build custom flows with React and Clerk Billing Organization permissions are now unlimited Improved resilience with automatic regional failover MCP Server Support for Express New simple theme for easier customization End billing subscriptions immediately with the new End button Workspace level settings in the Dashboard Button components for Clerk Billing shadcn/ui theme compatibility Dark Mode for the Clerk Dashboard Clerk CSS variables support Clerk is now available on the Vercel Marketplace Organization Invitation Sorting Introducing top-level Features. Plus redesigned Roles & Permissions
Infra Changelog - Sep 25, 2025
Colin Sidoti · 2025-09-25 · via Clerk Changelog

Starting with this post, we will regularly share details about ongoing infrastructure improvements. These updates happen continually behind the scenes, and will not impact end-users beyond improving reliability and performance.

Released this week

Isolated compute for our Session API

Following the incident on June 26, we began isolating our session API infrastructure from the rest of our frontend-facing API, which includes workloads like sign ups, sign ins, user profiles.

To keep our session API running during an incident, we require access to session-relevant storage and compute during that downtime.

We started with storage, which was the more challenging of the two workstreams. Thankfully, this was released ahead of the incident last week, and helped reduce the blast radius.

When queries against our primary database failed, our new “outage resiliency” mechanism kicked in and started working off a read replica to serve session tokens instead. Here’s a chart of the tokens served:

Outage resilience spike

Unfortunately, this chart does not reflect the full volume of session tokens that were requested during the incident, since many failed because our compute was exhausted. Here’s what happened:

  • Clerk uses Google Cloud Run with auto-scaling for compute. It serves all requests for sessions, sign ups, sign ins, organizations, and billing.
  • When the database failed, session requests continued to succeed because of our failover mechanism, but non-session requests got stuck behind query timeouts, and overall request latency increased.
  • Increased request latency triggered auto-scaling of Cloud Run until the configured maximum containers was hit. During this autoscaling, the session requests continued to succeed.
  • Once the maximum was hit, throughput for our frontend API Cloud Run service dropped sharply, and session requests were no longer reliably being served.

The solution to this is to serve session requests from a separate Cloud Run service than the rest of our frontend API. That way, session requests can retain high throughput against the read replica during a primary database incident, while the rest of the of the frontend API can wait for the primary database to recover.

We’ve built this so our session API compute is always on and handling all session requests, so we do not need to wait for a failover of Cloud Run. Here are charts showing our request volume move to the new Cloud Run service for our session API after release:

Frontend API requests - now with session requests removed:

Frontend API decrease

Session API requests running independently:

Session API start

Database tuning

Following the auto-upgrade last week, it was expected that we’d need to retune our database in response to its improved overall performance. Below is the improvement to average query latency after a process of reindexing and adjusting our auto-vacuum settings:

September 18: First full stable day

  • P50: 40μs
  • P95: 115μs
  • P99: 703μs

September 24: Yesterday

  • P50: 40μs (no change)
  • P95: 96μs (16% improvement)
  • P99: 584μs (17% improvement)

In progress

Reducing latency between our compute and our database

Working with GCP support, we learned that there is an opportunity to reduce the network latency between Cloud Run and Cloud SQL, to improve our overall request latency. We expect this to be completed within the next week.

Continued database tuning

We have more database tuning ahead. We expect modest additional improvements as we continue to monitor auto-vacuum settings, and begin adjusting fillfactor settings.

Planned

Where possible, convert high-write workloads from update to append-only

Our original architecture depended on frequent updates, which has become burdensome on our database as we’ve scaled.

Where possible, we plan to reduce our use of this pattern, and instead rely on append-only tables. In the process, we may opt to move these workloads to a time-series database like ClickHouse.

Reduce session API requests

We’ve discovered a bug in our session refresh logic that causes individual devices to send more refreshes than necessary. We believe resolving this bug can significantly reduce our request volume.

Further session API isolation

Currently, the session API must failover to a replica during primary database downtime, which is not ideal since the primary database is still impacted by other workloads. We are pursuing solutions that would lead to a session-specific database.

Additional service isolation

While working to isolate our Session API, we’ve already developed a handful of techniques that can be re-used to isolate other services. When done, we’d like isolated workloads for each of our product areas:

  • Session
  • Sign up
  • Sign in
  • User account management (profile fields)
  • Organizations
  • Billing
  • Fraud

Database restart resilience

Over the last few years, one of the benefits of Cloud SQL has been that it can achieve most database upgrades with only a few seconds of downtime. Clerk has application logic to ensure that requests in these few seconds are retried and unnoticeable to users.

But now, Clerk is rapidly approaching the point where we need to execute operations that require longer primary database downtime. We require additional application logic to handle writes during this downtime without impacting users.

Database connection pooler and major version upgrade

Clerk has historically only used a client-side database pooler inside our Cloud Run containers. Though we’ve known this is non-optimal, we did this because Google did not offer a managed database connection pooler, and we were skeptical of putting a self-hosted service in between two managed services (Cloud Run and Cloud SQL).

In March, Google released a managed connection pooler in Preview, and it reached General Availability this week. However, using the connection pooler will require a major database version upgrade, and in our particular case, a network infrastructure upgrade. We are collaborating with Google to determine how we can achieve both upgrades safely and without downtime.

Simultaneously, we are investigating other database and connection pooler solutions that can run within our VPC.