Release notes

The release notes describe new features, enhancements, and fixes for the ReachFive platform. The latest release notes are found below. For previous releases, check out the sidebar.

For upcoming changes that require your attention, see the Attention page.

Other releases

The following shows other ReachFive releases for your convenience.

Latest version Release page Docs

Latest version	Release page	Docs
	Core SDK	Core SDK
	UI SDK	UI SDK
MavenCentral `9.4.1`	Android SDK	Android SDK
	iOS SDK	iOS SDK
SFCC Cartridge `20.8.1`	SFCC Cartridge	Salesforce cartridge

identity core

Core SDK

identity ui

UI SDK

MavenCentral 9.4.1

Android SDK

Reach5

iOS SDK

SFCC Cartridge 20.8.1

SFCC Cartridge

Salesforce cartridge

7 November 2024 (v2.123)

ReachFive v2.123 introduces a few improvements and needed bug fixes. We’re happy to introduce our Data Breach Detection feature. We now retrieve an additional field from Kakao. You can also now filter users by MFA credentials on the ReachFive Console.

As always, we made some general improvements and fixed a few items for you.

Release highlight

Data Breach Detection

Our Data Breach Detection feature enhances your security by identifying leaked passwords before they lead to unauthorized access on your site. The feature actively scans for known leaked credentials and cross-references them with attempts to sign in, sign up, or update a password. When a leaked password is detected, authentication is automatically suspended (if configured), preventing potential security risks.

When you choose to add the Data Breach Detection feature to your ReachFive integration, you get added protection against data breaches, ensuring your users know your brand is dedicated to mitigating security risks on their behalf. Staying on top of leaked passwords builds trust and ensures valuable user information isn’t put at risk.

Enable the protection directly in the ReachFive Console knowing user events are logged to mark when leaked credentials are in use and deleted for further auditing purposes. Automatically notify users with dedicated email and SMS templates (Sign in option).

For more, see Data Breach Detection.

Kakao verified phone numbers

You are now able to retrieve and leverage the phone_number_verified information from KakaoTalk. The information below outlines what happens when users authenticate using Kakao with ReachFive.

If the phone_number scope does not exist for the account, neither the phone_number or phone_number_verified fields are retrieved or valued inside the ReachFive profile for the user.

For more details, see Kakao Connect.

SMS feature enabled: If the SMS feature is enabled and the phone_number scope exists, we retrieve the phone_number_verified and set the boolean on their ReachFive profile to the appropriate value true if verified and false if unverified.
SMS feature not enabled: If the SMS feature is not enabled, even if the phone_number scope exists, phone_number_verified remains false.

Kakao App requirement

You must enable OpenID Connect Activation on your Kakao Login application in order to retrieve the phone_number_verified information.

Where do I enable this? 🤔

As of this date (7 November 2024), you can find this inside your Kakao Developers portal:

Go to Kakao Login.
Toggle the OpenID Connect Activation State to On.

Filter by MFA users

You can now filter users by those who have enrolled their identifier (email or phone number) for Multi-factor Authentication. This can help you analyse or produce reports of how many of your users are using MFA. This includes filtering by the MFA credential type, when it was created, and the phone number. Email is the email associated with the user account and is returned as normal in a search.

This is available for filtering:

User profiles on the ReachFive Console
Pre and post-event webhooks
Pub/Sub hooks
With the GET api/v2/users endpoint using the MFA credential object.
Example
```
GET api/v2/users?filter=credentials.type=="email"
```

Example scenario

You want to get a quick reference of how many of your users have enrolled their mobile or email for MFA.

Go to your ReachFive Console.
Navigate to Analytics Profiles.
Click Filter.
In the field, type MFA and you see the options to filter by the following:
- User - MFA - Type (Authentication)
- User - MFA - Email - Created At
- User - MFA - Phone Number - Created At
- User - MFA - Phone Number - Value
  
  See the MFA credentials object for details on each of these fields.

General improvements

We made some improvements to ensure that external_id is valued and retained properly in the User profile object.

Fixes

Item Fixed

Item	Fixed
The `logout` user event wasn’t being properly displayed under Recent activity on the ReachFive Console.	✓
There were some role issues for users authenticating to the ReachFive Console with Azure.	✓
There was temporarily an access issue for those using MFA on the ReachFive Console.	✓
There was a brief issue with updating roles for clients in the ReachFive Console.	✓
For a brief period, you could not save changes to Email templates.	✓

The logout user event wasn’t being properly displayed under Recent activity on the ReachFive Console.

✓

There were some role issues for users authenticating to the ReachFive Console with Azure.

✓

There was temporarily an access issue for those using MFA on the ReachFive Console.

✓

There was a brief issue with updating roles for clients in the ReachFive Console.

✓

For a brief period, you could not save changes to Email templates.

✓