Release Notes

Version Next

Pending Release

  • Something awesome I’m sure…​


  • When editing the JWT settings in the FusionAuth application the UI a JavaScript error may cause some of the settings to not render properly. This error was introduced in version 1.3.0.

  • Added missing properties to the Application view dialog in the FusionAuth UI.

Version 1.3.0

December 5th, 2018


  • An Application may disable the issue of refresh tokens through configuration. See oauthConfiguration.generateRefreshTokens in the Application API or the Generate refresh tokens toggle in the FusionAuth UI when editing an application.

  • The OAuth2 client secret may be optionally regenerated using the FusionAuth UI during Application edit.

  • Support for OAuth2 confidential clients, this is supported by optionally requiring client authentication via configuration. See oauthConfiguration.requireClientAuthentication in the Application API or the Require authentication toggle in the FusionAuth UI when editing an application.


  • Calling the Introspect endpoint with a JWT returned from the Issue API may fail due to the missing aud claim.

  • The MySQL schema previously was using random_bytes which is not available in MariaDB. These usages have been replaced with an equivalent that will function the same in MySQL and MariaDB.

  • When editing or adding a new user in the FusionAuth UI, the Birthdate field may get set automatically before the date selector is utilized. A JavaScript error was causing this condition and it has been fixed.

Version 1.2.2

November 27th, 2018


  • Add X-FusionAuth-TenantId to allowed CORS headers.

  • When FusionAuth is running behind a proxy such as an AWS ALB / ELB the redirect URI required to complete login may not be resolved correctly. This may cause the redirect back to the FusionAuth UI login to fail with a CSRF exception. If you encounter this issue you may see an error message that says Something doesn’t seem right. You have been logged out of FusionAuth. The work-around for this issue if you encounter it will be to perform the redirect from HTTP to HTTPS in your load balancer.

  • Some minor usability issues in the Identity Provider configuration UI.

Version 1.2.1

November 16th, 2018


  • Better error handling when an API caller sends invalid JSON messages. Prior to this enhancement if FusionAuth did not provide a specific error message for a particular field a 500 HTTP status code was returned if the JSON could not be parsed properly. This enhancement will ensure that sending a FusionAuth API invalid JSON will consistently result in a 400 status code with a JSON body describing the error.

  • Allow an Identity Provider to be enabled and disabled from the UI. You may still choose to enable or disable a specific Application for use with an Identity Provider, but with this enhancement you may not turn off an Identity Provider for all Applications with one switch.


  • Preserve Application Identity Provider configuration for disabled Applications when editing a Identity Provider from the UI.

Version 1.2.0

November 15th, 2018


  • Add TTL configuration for Refresh Tokens to the Application configuration. When you enable JWT configuration per Application this value will override the global setting.


  • An error in the Twitter OAuth v1 workflow has been resolved.

Version 1.1.1

November 13th, 2018


  • If you were to have an Identity Provider for federated third party JSON Web Tokens configured prior to upgrading to 1.1.0 FusionAuth may fail during the database migration to version 1.1.0.

Version 1.1.0

November 13th, 2018

Database migration

The database schema has changed and an upgrade is required for this version of FusionAuth. You will be prompted to upgrade the database by maintenance mode before you may login.

See Upgrades/Patches for more information about database migrations.


  • Social login support

  • Full theme support for login. See the Login Theme tutorial for additional information and examples.

  • Better localization support in the FusionAuth UI. You now have the option to set or modify your preferred language for use in the FusionAuth UI. Providing a preferred language will cause dates to be formatted based upon your preference. For example, the default data format is M/D/YYYY, but if you are not in the United States this may not be the way you expect a date to be formatted. If you set your locale to French you will now see a more appropriate format of D/M/YYYY. This value is stored on the User Registration for FusionAuth in the preferredLanguages field.


  • When viewing sessions (refresh tokens) on the Manage User panel, the start and expiration times will be displayed.

Version 1.0.18

October 29th, 2018


  • If FusionAuth starts up in maintenance mode and stays there for an extended period of time without the User completing the configuration from the web browser, FusionAuth may get stuck in maintenance mode. If you encounter this issue, where you seemingly are entering the correct credentials on the Database configuration page and are unable to continue, restart FusionAuth and the issue will be resolved.

Version 1.0.17

October 5th, 2018


Version 1.0.16

October 5th, 2018


  • Better support for running in Docker. Enhanced silent configuration capability for database and search engine boot strap configuration in Docker Compose to be more resilient.


  • If custom data is added to an Application, Group or Tenant before editing the corresponding object in the UI, the custom data may be lost.

Version 1.0.15

October 1st, 2018


  • Better support for running in Docker. Configuration can be override using environment variables. See Docker Install for additional information.


  • The first time a user reached the failed login threshold and a 409 response code was returned the response body was empty. Subsequent login requests correctly returned the JSON response body with the 409, now the JSON response body is correctly returned the first time the user reaches the failed login threshold.

Version 1.0.14

September 17th, 2018


  • When using PostgreSQL an exception may occur during an internal cache reload request. If you encounter this issue you will see a stack trace in the fusionauth-app.log. If you see this error and need assistance, please open an issue in the FusionAuth Issues GitHub project.

Unexpected error. We’re missing an internal API key to notify distributed caches.

Version 1.0.13

September 12th, 2018


  • General availability release