WSO2 Changelog

We are excited to announce a significant update aimed at enhancing the security and integrity of our application and improving ongoing maintenance processes. Organizations today face constant risks from potential cyber attacks that can lead to unauthorized access to sensitive information. Such incidents jeopardize the privacy and security of both the organization and its users. To proactively mitigate these risks, we are implementing the following measures:

• Disabling Access to Compromised Applications/Maintenance
• Preventing Access to User Information: While we already take steps to protect user information, this new feature introduces an additional layer of security. Specifically, when the application is disabled or undergoing maintenance, it will no longer be able to access user information—even if the user has previously given consent.
• Token Invalidation: Invalidate all previously issued tokens (e.g., JWTs) to ensure they can no longer be used to authenticate requests.

Documentation:

• https://wso2.com/asgardeo/docs/guides/applications/#enabledisable-an-application