Release notes

The release notes describe new features, enhancements, and fixes for the ReachFive platform. The latest release notes are found below. For previous releases, check out the sidebar.

For upcoming changes that require your attention, see the Attention page.

Other releases

The following shows other ReachFive releases for your convenience.

SDK repository Latest version Docs

SDK repository	Latest version	Docs
Core SDK		Core SDK
UI SDK		UI SDK
Android SDK	MavenCentral `10.1.0`	Android SDK
iOS SDK		iOS SDK
SFCC Cartridge	SFCC Cartridge `20.9.1`	Salesforce cartridge

identity core

identity ui

MavenCentral 10.1.0

Reach5

SFCC Cartridge 20.9.1

Salesforce cartridge

26 March 2026 (v2.154)

Production ✅

ReachFive v2.154 brings a few new features:

MFA orchestrated flow
Naver Connecting Information (CI)
Line Profile
UI SDK updates

As always, we fixed a few items for you.

MFA orchestrated flow

We have enhanced our SDK process for MFA orchestrated flows. To prevent users from being prematurely redirected due to typos, the SDKs now silently pre-validate the verification code under the hood.

When your application triggers the MFA verification step, the SDK automatically checks the code via the API before attempting any redirects.

This allows you to easily build a seamless user experience:

Automatic Pre-validation: The SDK ensures the code is correct before finalizing the passwordless verify redirection.
Graceful Error Handling: If a user submits an invalid code, the SDK returns the error directly to your UI, keeping the user on the current page.
Built-in Attempt Limits: Your UI can now easily catch and display inline errors for the first two attempts, and show a final lockout message on the third failed attempt, all without breaking the orchestrated flow.

For details on how to handle these SDK error responses, see the Handling orchestrated MFA flows documentation.

Naver Connecting Information (CI)

You can now retrieve the Naver Connecting Information (CI) for users who log in with Naver. This information is stored in the provider_metadata field in the user profile.

Example

"provider_metadata": {
        "naver": {
            "naver_age_range": "30-39",
            "ci": "V2/abc123def456.." (1)
        }

1	Connecting Information (CI): An encrypted string used to securely verify a user’s real-world identity. Your Naver Developer application must be explicitly approved for the CI scope to receive this data.

Line Profile

You can now retrieve additional profile information from users who log in with Line including Line Profile by requesting the appropriate scopes.

For Line Profile , the openid scope is required. Additionally, there are several new scopes required to retrieve the following new profile fields:

Format: Profile field (scope)

Given name pronunciation (real_name)
Middle name (real_name)
Family name (real_name)
Family name pronunciation (real_name)
Gender (gender)
Date of Birth (birthdate)
Phone Number (phone)
Address (address)

For full details, see Line Connect.

UI SDK updates

With our 1.42.0 UI SDK release, we support using both an email and a phone number at the same time as part of the authentication journey for your users.

You can do this by passing an array in the authType field. When you pass an array, the widget parses the user input from a single text area:

If a phone number is detected, we initiate the passwordless flow with a phone_number.
Otherwise, we initiate the passwordless flow with an email.

client.showPasswordless({
  container: 'passwordless-container',
  authType: ['sms', 'magic_link'], (1)
...
})

1	Passing both `sms` and `magic_link` as an array allows your users to enter either an email or a phone number in the same input field.

See showPasswordless.authType for full details.

Enable verification code

You can now optionally pass the enableVerificationCode boolean as a property in showPasswordless().

This attribute allows you to explicitly control whether users can manually enter a 6-digit verification code in the widget, independently of the authType used.

If set to true: Verification code entry is enabled for both email and SMS.
If set to false: Verification code entry is disabled. The widget expects the user to authenticate by clicking a link, whether they use SMS or email.
If undefined: The widget defaults to its legacy behavior to prevent breaking changes (codes are only accepted for sms, and links are only expected for magic_link).

client.showPasswordless({
  container: 'passwordless-container',
  authType: ['sms', 'magic_link'],
  enableVerificationCode: true, (1)
...
})

1	Explicitly allows the entry of a verification code in the UI, regardless of whether the user inputs an email or a phone number.

See showPasswordless.enableVerificationCode for more details.

Fixes

Item	Fixed
We fixed several issues related to the Attribute-Based Access Control (ABAC) feature, including a few UI bugs in the ReachFive Console and some issues with user error messages.	✓

Item

Fixed

We fixed several issues related to the Attribute-Based Access Control (ABAC) feature, including a few UI bugs in the ReachFive Console and some issues with user error messages.

✓