Changelog August 4, 2023


This week we shipped Disposable Email Blocking, Mitigation for Unvalidated Redirect Vulnerabilities, a new JWT template for WunderGraph, and more!

⛔️ Prevent Fake Accounts with Disposable Email Blocking

Clerk now offers the ability to block disposable and temporary emails during sign-up. When this setting is enabled, emails entered during sign-up will be checked in real-time against a frequently updated database of over 160,000 known disposable email providers. If a match is found, the sign-up is blocked to prevent abuse from invalid accounts.

The setting can be enabled on the Settings page of the Clerk Dashboard

✨ Other Fixes & Improvements

  • Enabled the allowedRedirectOrigins prop in Clerk Hosted Pages to mitigate unvalidated redirect vulnerabilities in production instances. With this setting, only same-origin redirects will be allowed from Hosted Pages.
  • Fixed bugs in username sorting logic for the Users and Members tables in the Clerk Dashboard.
  • Added a user.hasImage boolean to Clerk's Frontend API and ClerkJS package. This field indicates whether the user has a profile image and, if they do, whether their profile image was uploaded by the user or was sourced from their connected social provider.
    • This field can, for example, be used to ensure users have a profile image by allowing you to leverage it to build logic and a UI to display a profile image uploader if the user has signed up without a social provider and has not yet added a profile image.
  • Added a new JWT template for WunderGraph in the Integrations section of the Clerk Dashboard.

📅 Events

We're excited to announce that Clerk is sponsoring React Rally in Salt Lake City on August 17th and 18th. If you're planning on attending, let us know – we'd love to meet you! We'll have cookies, swag, and a surprise or two. And if you're not sure, there's still time 😉

Grab your ticket here

📚 Resources

🙌 Community Shoutouts

Stay tuned for future updates. If you have feedback or suggestions, leave us feedback on the docs via Docsly, tweet us at @ClerkDev, or join the Clerk Community on Discord.