Release notes

The release notes describe new features, enhancements, and fixes for the ReachFive platform. The latest release notes are found below. For previous releases, check out the sidebar.

For upcoming changes that require your attention, see the Attention page.

Other releases

The following shows other ReachFive releases for your convenience.

SDK repository Latest version Docs

identity core

identity ui

MavenCentral 9.9.0

Reach5

SFCC Cartridge 20.8.3


28 August 2025 (v2.141)

ReachFive v2.141 introduces an improvement for MFA retries in Risk-based authentication flows.

And of course, as always, we fixed a few items for you.


Step-up token can now be reused for MFA retries

When Risk-based Authentication requires Multi-factor Authentication, the step_up token is no longer limited to a single use. You can now reuse the same step_up token to request a new code (for example, if the user did not receive the first one), ensuring your users don’t need to restart the entire authentication process over each time.

The verification code requests in the MFA flow are subject to a limit. This limit helps protect against abuse and can be configured by ReachFive administrators. If you’d like details on the limit or to adjust this setting, contact your ReachFive representative.

See Retry MFA step-up for more details.

retry token flow



Fixes

Item Fixed

For a brief time, the MFA flow wasn’t working as expected in web sessions for the iOS and Android SDKs.

We now ensure the step-up token contains an Orchestration Token at the startPasswordless point.

ReachFive Console

We corrected a small wording issue in the MFA Session duration in hours section of Settings  MFA  Settings.