Announcing FusionAuth Version 1.55.1 - The Holiday Hippo

FusionAuth v1.55.1 "The Holiday Hippo" brings major updates including SAML encryption support, enhanced API key security with via expiration, configurable lambda timeouts, and more.

Authors

Published: December 23, 2024


We recently released FusionAuth version 1.55.1. You’ll probably remember that 1.54.0 came out only a few short weeks ago. At the time, we promised that we had a bigger release coming soon. Well, soon is now, so let’s get into the details. 

First thing’s first, 1.55.0 is a pretty big release. It seemed only fitting to put it into your hands for the holidays. So we have dubbed this “The Holiday Hippo.” Our hope is that, like Moo Deng, version 1.55.0 brings some unexpected joy to your life.

The Holiday Hippo

SAML Encryption

Good news for you SAML enthusiasts. Version 1.55.1 supports decryption of SAML assertions when FusionAuth is the Service Provider (SP). This means FusionAuth can now handle encrypted messages from external IdPs, giving your users’ PII an extra layer of security. 

This also means that FusionAuth plays nicely with a wider range of systems that insist on or prefer encrypted SAML assertions. Additional integration flexibility is always a good thing. 

API Security

We’ve also taken the opportunity to beef up API key security with this release. As a reminder, API keys allow you to control FusionAuth via our APIs and SDKs, without using our admin UI. They already can be locked to a tenant or tightly scoped to a specific endpoint and HTTP method.

In this release, we have an additional security improvement: 

FusionAuth API keys can now have an expiration time. In the past, these keys were good forever. As of this release, you can set an API key to expire at any date or time in the future, on a per-API key basis. 

In adding the expiration option, we had a decision to make about the default state. In order to make sure that it was compatible with existing automation (and frankly because we couldn’t decide on a good alternative), the default behavior of API keys will still be to never expire. But now you have options!

Lambda Connect and Read Timeouts

Lambdas in FusionAuth are JavaScript functions that you can use to augment or modify the behavior at runtime. This typically happens during a login flow. In fact, you might remember that we added lambda-based login control back in version 1.53.0 to allow you to stop a login based on business logic. 

Because lambda functions execute during the time-sensitive login process, we recommend that any HTTP requests you make return quickly. Because of this, it’s valuable to be able to configure the connect and read timeouts in all lambda functions. This release adds that capability. Before both timeouts were hardcoded to 2 seconds, but now you control the timeout. Use this power wisely.

All the Rest

We’ve also added support for passing parameters to a hosted back end page, a refresh token grace period, squashed a few annoying bugs, improved overall performance, and added the ability to send (or not) usage stats back to us. You can read the details, as always, in the release notes.

Thanks again for trusting FusionAuth. We look forward to bringing you even more auth in 2025.

Subscribe to The FusionAuth Newsletter

A newsletter for developers covering techniques, technical guides, and the latest product innovations coming from FusionAuth.

Just dev stuff. No junk.