Release notes
The release notes describe new features, enhancements, and fixes for the ReachFive platform. The latest release notes are found below. For previous releases, check out the sidebar.
For upcoming changes that require your attention, see the Attention page.
Other releases
The following shows other ReachFive releases for your convenience.
| SDK repository | Latest version | Docs |
|---|---|---|
|
||
|
||
MavenCentral |
||
|
||
SFCC Cartridge |
28 August 2025 (v2.141)
ReachFive v2.141 introduces an improvement for MFA retries in Risk-based authentication flows.
And of course, as always, we fixed a few items for you.
Step-up token can now be reused for MFA retries
When Risk-based Authentication requires Multi-factor Authentication, the step_up token is no longer limited to a single use.
You can now reuse the same step_up token to request a new code (for example, if the user did not receive the first one), ensuring your users don’t need to restart the entire authentication process over each time.
The verification code requests in the MFA flow are subject to a limit. This limit helps protect against abuse and can be configured by ReachFive administrators. If you’d like details on the limit or to adjust this setting, contact your ReachFive representative.
See Retry MFA step-up for more details.
Fixes
| Item | Fixed |
|---|---|
For a brief time, the MFA flow wasn’t working as expected in web sessions for the iOS and Android SDKs. We now ensure the step-up token contains an Orchestration Token at the |
✓ |
ReachFive Console |
|
We corrected a small wording issue in the MFA Session duration in hours section of . |
✓ |