chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.3 #4

Open
sa-renovate wants to merge 1 commit from renovate/ghcr.io-zitadel-zitadel-login-4.x into main
Member

This PR contains the following updates:

Package Update Change
ghcr.io/zitadel/zitadel-login minor v4.13.1v4.15.3

Release Notes

zitadel/zitadel (ghcr.io/zitadel/zitadel-login)

v4.15.3

Compare Source

Bug Fixes
  • added client and scope validation for token exchange (e2886a6)
  • ensure external user's email is verified before auto-linking (c97012f)
  • login: center text for generic IDP buttons without icons (#​12211) (aadc664), closes #​12182
  • login: guard defaultRedirectUri in OIDC/SAML FailedPrecondition paths (0382659)

v4.15.2

Compare Source

Bug Fixes
  • always validate exp and iat claims of JWT IdPs (4925fab)
  • client_id verification during code exchange and refresh token flows (5624030)
  • connection handling in setup after migration steps 40, 64 and 70 (#​12293) (c53d977)
  • eventstore: allow overwriting resource owner of events (#​12261) (a939b84)
  • idp: apply PKCE when building OAuth and OIDC providers (#​12247) (ab7c6c0), closes #​12036 #​12054
  • jwt idp: manage and validate audience (999e2bb)
  • login: accept IDP sessions on passkey registration (#​12275) (add46e0)
  • login: load custom font from branding settings and allow in CSP (#​12279) (9f1561d), closes #​11200
  • remove unnecessary entry from default denylist (#​12294) (1ca1fbd)
  • use protected http client for outgoing connections (b6f7808)

v4.15.1

Compare Source

Bug Fixes

v4.15.0

Compare Source

Bug Fixes
Features
Performance Improvements

v4.14.0

Compare Source

Bug Fixes
Features

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/zitadel/zitadel-login](https://github.com/zitadel/zitadel) | minor | `v4.13.1` → `v4.15.3` | --- ### Release Notes <details> <summary>zitadel/zitadel (ghcr.io/zitadel/zitadel-login)</summary> ### [`v4.15.3`](https://github.com/zitadel/zitadel/releases/tag/v4.15.3) [Compare Source](https://github.com/zitadel/zitadel/compare/v4.15.2...v4.15.3) ##### Bug Fixes - added client and scope validation for token exchange ([e2886a6](https://github.com/zitadel/zitadel/commit/e2886a61670ca8fd41c9434f87036546e5620bcc)) - ensure external user's email is verified before auto-linking ([c97012f](https://github.com/zitadel/zitadel/commit/c97012f0c5dc2fe960ae6e940cbea23229f0557f)) - **login:** center text for generic IDP buttons without icons ([#&#8203;12211](https://github.com/zitadel/zitadel/issues/12211)) ([aadc664](https://github.com/zitadel/zitadel/commit/aadc664a206ebdf6bfd85145e9c6fcdc165a6cee)), closes [#&#8203;12182](https://github.com/zitadel/zitadel/issues/12182) - **login:** guard defaultRedirectUri in OIDC/SAML FailedPrecondition paths ([0382659](https://github.com/zitadel/zitadel/commit/038265925a3b05ac1df8aad461ab071983e9eb85)) ### [`v4.15.2`](https://github.com/zitadel/zitadel/releases/tag/v4.15.2) [Compare Source](https://github.com/zitadel/zitadel/compare/v4.15.1...v4.15.2) ##### Bug Fixes - always validate exp and iat claims of JWT IdPs ([4925fab](https://github.com/zitadel/zitadel/commit/4925fab849d39a88674485d937b79e54318b48a8)) - client\_id verification during code exchange and refresh token flows ([5624030](https://github.com/zitadel/zitadel/commit/562403079a98cf2059cdac11865a45e2f285be71)) - connection handling in setup after migration steps 40, 64 and 70 ([#&#8203;12293](https://github.com/zitadel/zitadel/issues/12293)) ([c53d977](https://github.com/zitadel/zitadel/commit/c53d9774d4272d3cebeee4131012c20bd77b9dfb)) - **eventstore:** allow overwriting resource owner of events ([#&#8203;12261](https://github.com/zitadel/zitadel/issues/12261)) ([a939b84](https://github.com/zitadel/zitadel/commit/a939b847d90c3370bd162064e57764b89c01be46)) - **idp:** apply PKCE when building OAuth and OIDC providers ([#&#8203;12247](https://github.com/zitadel/zitadel/issues/12247)) ([ab7c6c0](https://github.com/zitadel/zitadel/commit/ab7c6c09d3bb34ac3ec18fc9e0c72d810a614263)), closes [#&#8203;12036](https://github.com/zitadel/zitadel/issues/12036) [#&#8203;12054](https://github.com/zitadel/zitadel/issues/12054) - **jwt idp:** manage and validate audience ([999e2bb](https://github.com/zitadel/zitadel/commit/999e2bbc81b56fca693ccc87a863fdfc182b1316)) - **login:** accept IDP sessions on passkey registration ([#&#8203;12275](https://github.com/zitadel/zitadel/issues/12275)) ([add46e0](https://github.com/zitadel/zitadel/commit/add46e0c8be3dbf014f77f4ca264f832e4ee49b0)) - **login:** load custom font from branding settings and allow in CSP ([#&#8203;12279](https://github.com/zitadel/zitadel/issues/12279)) ([9f1561d](https://github.com/zitadel/zitadel/commit/9f1561dc8e56419bba816f5f003e96c606c9f5b1)), closes [#&#8203;11200](https://github.com/zitadel/zitadel/issues/11200) - remove unnecessary entry from default denylist ([#&#8203;12294](https://github.com/zitadel/zitadel/issues/12294)) ([1ca1fbd](https://github.com/zitadel/zitadel/commit/1ca1fbdab4aea43aac76e66abeda3dd3238afc84)) - use protected http client for outgoing connections ([b6f7808](https://github.com/zitadel/zitadel/commit/b6f78086913b8d916bce9ab2e049ab0d84f947fd)) ### [`v4.15.1`](https://github.com/zitadel/zitadel/releases/tag/v4.15.1) [Compare Source](https://github.com/zitadel/zitadel/compare/v4.15.0...v4.15.1) ##### Bug Fixes - **api:** check permission based on provided data on user updates ([a1748b2](https://github.com/zitadel/zitadel/commit/a1748b2f0326ddf7be0de44b4f980ae2c07c0151)) - **login:** apply custom request headers from environment variable in proxy ([#&#8203;12144](https://github.com/zitadel/zitadel/issues/12144)) ([aad90ce](https://github.com/zitadel/zitadel/commit/aad90ce380b94d4aa5262ca4c40c661b462707b2)), closes [#&#8203;12125](https://github.com/zitadel/zitadel/issues/12125) - **login:** redirect to email verification when forced MFA has no visible factors ([#&#8203;12060](https://github.com/zitadel/zitadel/issues/12060)) ([9618e33](https://github.com/zitadel/zitadel/commit/9618e33ff235f6ab3eaf23f018663989dd164fd7)), closes [#&#8203;11536](https://github.com/zitadel/zitadel/issues/11536) - **login:** retry logic for session creation after registration on NotFound ([#&#8203;12189](https://github.com/zitadel/zitadel/issues/12189)) ([53d6439](https://github.com/zitadel/zitadel/commit/53d64399ca3e223bfcf1686445e6a7aa106e4218)), closes [#&#8203;12173](https://github.com/zitadel/zitadel/issues/12173) - update dependencies ([#&#8203;12216](https://github.com/zitadel/zitadel/issues/12216)) ([787886d](https://github.com/zitadel/zitadel/commit/787886d5d404e09ebfac0da68e8367b3517ec1af)) ### [`v4.15.0`](https://github.com/zitadel/zitadel/releases/tag/v4.15.0) [Compare Source](https://github.com/zitadel/zitadel/compare/v4.14.0...v4.15.0) ##### Bug Fixes - **console:** delete role assignment in admin profile [#&#8203;10376](https://github.com/zitadel/zitadel/issues/10376) ([#&#8203;11867](https://github.com/zitadel/zitadel/issues/11867)) ([c1e62e1](https://github.com/zitadel/zitadel/commit/c1e62e1c4a9efd2b158678bec0760774f5ec6468)) - **console:** display actions v1 with correct permissions [#&#8203;12001](https://github.com/zitadel/zitadel/issues/12001) ([#&#8203;12068](https://github.com/zitadel/zitadel/issues/12068)) ([1358d08](https://github.com/zitadel/zitadel/commit/1358d08ce81501998aa13578175184a5ac28aff4)) - **ldap:** escape username filter ([a56d4bf](https://github.com/zitadel/zitadel/commit/a56d4bf0bc9212a25f11ad073c0172d3124e5414)) - **login:** lru-cache compatibility, improve session error handling ([#&#8203;12099](https://github.com/zitadel/zitadel/issues/12099)) ([760cd7e](https://github.com/zitadel/zitadel/commit/760cd7efa114525d914670c510b60dd0353e3e89)) - **login:** resolve localized legal links in signup ([#&#8203;11913](https://github.com/zitadel/zitadel/issues/11913)) ([73f8e28](https://github.com/zitadel/zitadel/commit/73f8e284fb240e65e587c98a9cdfcc562be2727b)), closes [#&#8203;11907](https://github.com/zitadel/zitadel/issues/11907) ##### Features - **console:** improve client details dialog ux [#&#8203;11834](https://github.com/zitadel/zitadel/issues/11834) ([#&#8203;11836](https://github.com/zitadel/zitadel/issues/11836)) ([c32b880](https://github.com/zitadel/zitadel/commit/c32b880806ba60005a6f771e9d5b48e47dd092e2)) ##### Performance Improvements - optimize docs static generation cost ([#&#8203;12108](https://github.com/zitadel/zitadel/issues/12108)) ([aac5305](https://github.com/zitadel/zitadel/commit/aac530552502e640e9a11c60274734436c1d341b)) ### [`v4.14.0`](https://github.com/zitadel/zitadel/releases/tag/v4.14.0) [Compare Source](https://github.com/zitadel/zitadel/compare/v4.13.1...v4.14.0) ##### Bug Fixes - **console:** always show settings page to admin ([#&#8203;11779](https://github.com/zitadel/zitadel/issues/11779)) ([2f81454](https://github.com/zitadel/zitadel/commit/2f81454fe31541f53e31cf76c1e46687cd59c4b0)), closes [#&#8203;10912](https://github.com/zitadel/zitadel/issues/10912) - **console:** disallow smtp double create [#&#8203;8964](https://github.com/zitadel/zitadel/issues/8964) ([#&#8203;11868](https://github.com/zitadel/zitadel/issues/11868)) ([aeddf0e](https://github.com/zitadel/zitadel/commit/aeddf0ef91141052dea94ce5fae4f227047c95a0)) - **console:** Fix onboarding link for user login guide ([#&#8203;11958](https://github.com/zitadel/zitadel/issues/11958)) ([677450e](https://github.com/zitadel/zitadel/commit/677450eec28ac84a2c049fe94ac476aa0da2ca66)) - **console:** jwt provider callback urls [#&#8203;11589](https://github.com/zitadel/zitadel/issues/11589) ([#&#8203;11966](https://github.com/zitadel/zitadel/issues/11966)) ([bfbf943](https://github.com/zitadel/zitadel/commit/bfbf943d7af61c3f9dd380efae726ee3752dd38a)) - **console:** normalize empty OIDC redirect uri updates [#&#8203;12053](https://github.com/zitadel/zitadel/issues/12053) ([#&#8203;12067](https://github.com/zitadel/zitadel/issues/12067)) ([c16667b](https://github.com/zitadel/zitadel/commit/c16667b67bd0067fab0fb0f0e2437d061f312d07)) - **console:** pass data to user delete dialog ([#&#8203;11595](https://github.com/zitadel/zitadel/issues/11595)) ([4706a80](https://github.com/zitadel/zitadel/commit/4706a806145cc381e45d85097a85392d0090b69f)) - **console:** update protoc-gen-js ([#&#8203;12046](https://github.com/zitadel/zitadel/issues/12046)) ([a1cd331](https://github.com/zitadel/zitadel/commit/a1cd33140893933dc84ba02d2762b27cc57cb9ab)) - **grpc:** increase MaxSendMsgSize ([#&#8203;12066](https://github.com/zitadel/zitadel/issues/12066)) ([31ac2a4](https://github.com/zitadel/zitadel/commit/31ac2a49eac9907492ef0ecb1f55bf5e94b1ea36)) - **grpc:** return 401 for unauthenticated v1 gateway errors ([#&#8203;11786](https://github.com/zitadel/zitadel/issues/11786)) ([5b4e6ec](https://github.com/zitadel/zitadel/commit/5b4e6ec4ee4afea0251f2d5e309a3a909926d969)), closes [#&#8203;11730](https://github.com/zitadel/zitadel/issues/11730) - invalid jwt assertion error handling ([#&#8203;11933](https://github.com/zitadel/zitadel/issues/11933)) ([1c04220](https://github.com/zitadel/zitadel/commit/1c0422031bbe12d94c603dca515a77f5355c9d7e)), closes [/github.com/zitadel/oidc/blob/main/pkg/oidc/verifier.go#L195](https://github.com//github.com/zitadel/oidc/blob/main/pkg/oidc/verifier.go/issues/L195) - **login:** add OIDC/SAML requestId to resend invite / resend email code ([#&#8203;11927](https://github.com/zitadel/zitadel/issues/11927)) ([501091c](https://github.com/zitadel/zitadel/commit/501091c9be37fbdc9593fffcd2f4f4ad5a6b05fc)) - **login:** ClassifiedConnectError breaking ConnectError instanceof checks ([#&#8203;12022](https://github.com/zitadel/zitadel/issues/12022)) ([72bbfd4](https://github.com/zitadel/zitadel/commit/72bbfd47b70e6a7d7a539008c4bd71354e56516e)), closes [#&#8203;11903](https://github.com/zitadel/zitadel/issues/11903) [#&#8203;11926](https://github.com/zitadel/zitadel/issues/11926) - **login:** improve error classification ([#&#8203;11926](https://github.com/zitadel/zitadel/issues/11926)) ([6b9062f](https://github.com/zitadel/zitadel/commit/6b9062f58baee4ed5497d208e53ff8feb23c7070)), closes [#&#8203;11923](https://github.com/zitadel/zitadel/issues/11923) - **login:** invite flow instead of email verification for users with no primary method, improve sending behaviour ([#&#8203;11837](https://github.com/zitadel/zitadel/issues/11837)) ([fa1d9e8](https://github.com/zitadel/zitadel/commit/fa1d9e8e03e11ba709cd42b13531b075c0665821)), closes [#&#8203;10929](https://github.com/zitadel/zitadel/issues/10929) - **login:** load SSL\_CERT\_DIR certificates without requiring hashed filenames ([#&#8203;12029](https://github.com/zitadel/zitadel/issues/12029)) ([95f61c7](https://github.com/zitadel/zitadel/commit/95f61c769d52771bccb6f816581397dfa10bc576)) - **login:** preserve OIDC request context during email verification ([#&#8203;11990](https://github.com/zitadel/zitadel/issues/11990)) ([b61ad1e](https://github.com/zitadel/zitadel/commit/b61ad1e5ae08b7abbbc0177d92db89a137a24ee4)) - **login:** prevent duplicate email-code verification issue ([#&#8203;11893](https://github.com/zitadel/zitadel/issues/11893)) ([c1919db](https://github.com/zitadel/zitadel/commit/c1919dbe9a3cfe08506d434436ae204c8f1b7a0f)), closes [#&#8203;11857](https://github.com/zitadel/zitadel/issues/11857) - **login:** replace custom SWR cache with lru-cache ([#&#8203;11945](https://github.com/zitadel/zitadel/issues/11945)) ([c3b0982](https://github.com/zitadel/zitadel/commit/c3b098201f5133f56a9b27bb0a1a7e21e72d8f42)) - **login:** respect branding themeMode for theme toggle, fix CSP ([#&#8203;11903](https://github.com/zitadel/zitadel/issues/11903)) ([643088f](https://github.com/zitadel/zitadel/commit/643088ffd504c361545c438b95a6b2df4dcb4dd7)), closes [#&#8203;11721](https://github.com/zitadel/zitadel/issues/11721) - **oidc:** use authenticated encryption for opaque tokens ([#&#8203;12017](https://github.com/zitadel/zitadel/issues/12017)) ([4ad07d2](https://github.com/zitadel/zitadel/commit/4ad07d22398bf8b2d6655439529a8bb8997758df)), closes [#&#8203;11315](https://github.com/zitadel/zitadel/issues/11315) - propagate non-NotFound errors from instance interceptor ([#&#8203;12019](https://github.com/zitadel/zitadel/issues/12019)) ([52f9d7e](https://github.com/zitadel/zitadel/commit/52f9d7eab6805436b93c6b631caa7319a2bce280)) ##### Features - add option to use x.509 certificate system-api-user tokens ([#&#8203;11876](https://github.com/zitadel/zitadel/issues/11876)) ([9a00c49](https://github.com/zitadel/zitadel/commit/9a00c493366fba456716100517d1c8f2bda60686)), closes [#&#8203;11442](https://github.com/zitadel/zitadel/issues/11442) - allow ECDSA and [`ED25519`](https://github.com/zitadel/zitadel/commit/ED25519) public keys ([#&#8203;11819](https://github.com/zitadel/zitadel/issues/11819)) ([bce7c48](https://github.com/zitadel/zitadel/commit/bce7c48bfa13e0db8d1b35e6b0a22233551bfb6c)), closes [#&#8203;8433](https://github.com/zitadel/zitadel/issues/8433) [#&#8203;8433](https://github.com/zitadel/zitadel/issues/8433) - **console:** improve org search performance in create project grant page [#&#8203;11121](https://github.com/zitadel/zitadel/issues/11121) ([#&#8203;12057](https://github.com/zitadel/zitadel/issues/12057)) ([7e20724](https://github.com/zitadel/zitadel/commit/7e207245f270c5e4d21a4caa5cb2e7482af0a14c)) - **login:** add Portuguese (pt) translations for Login V2 ([#&#8203;11897](https://github.com/zitadel/zitadel/issues/11897)) ([88ba29c](https://github.com/zitadel/zitadel/commit/88ba29ce85684709b420c12fd5cf219e360a0d23)), closes [#&#8203;11782](https://github.com/zitadel/zitadel/issues/11782) [#&#8203;11782](https://github.com/zitadel/zitadel/issues/11782) - **login:** add ZITADEL\_API\_AWAITINITIALCONN support ([#&#8203;12032](https://github.com/zitadel/zitadel/issues/12032)) ([ad6b5b1](https://github.com/zitadel/zitadel/commit/ad6b5b143795996981d6398029822a04c7dae905)) - **login:** simplify login client auth and support PKCS[#&#8203;1](https://github.com/zitadel/zitadel/issues/1) keys ([#&#8203;11888](https://github.com/zitadel/zitadel/issues/11888)) ([810b344](https://github.com/zitadel/zitadel/commit/810b344686ffcd5c18c11294a40cdc091105cfb9)) - support standard OTEL env vars via autoexport ([#&#8203;11864](https://github.com/zitadel/zitadel/issues/11864)) ([3f1a29f](https://github.com/zitadel/zitadel/commit/3f1a29f3b38ccda3183c854033ebd27b49664a10)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDkuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIzNC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.0
All checks were successful
ci / validate (pull_request) Successful in 12s
44e5fc14f5
sa-renovate changed title from chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.0 to chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.1 2026-06-09 03:17:48 +00:00
sa-renovate force-pushed renovate/ghcr.io-zitadel-zitadel-login-4.x from 44e5fc14f5
All checks were successful
ci / validate (pull_request) Successful in 12s
to 7a57aed251
All checks were successful
ci / validate (pull_request) Successful in 12s
2026-06-09 03:17:48 +00:00
Compare
sa-renovate changed title from chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.1 to chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.2 2026-06-18 03:23:51 +00:00
sa-renovate force-pushed renovate/ghcr.io-zitadel-zitadel-login-4.x from 7a57aed251
All checks were successful
ci / validate (pull_request) Successful in 12s
to 49a61ee25e
All checks were successful
ci / validate (pull_request) Successful in 1m27s
2026-06-18 03:23:51 +00:00
Compare
sa-renovate force-pushed renovate/ghcr.io-zitadel-zitadel-login-4.x from 49a61ee25e
All checks were successful
ci / validate (pull_request) Successful in 1m27s
to 92ae5abe85
All checks were successful
ci / validate (pull_request) Successful in 1m18s
2026-06-23 03:15:46 +00:00
Compare
sa-renovate changed title from chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.2 to chore(deps): update ghcr.io/zitadel/zitadel-login docker tag to v4.15.3 2026-06-23 03:15:47 +00:00
All checks were successful
ci / validate (pull_request) Successful in 1m18s
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/ghcr.io-zitadel-zitadel-login-4.x:renovate/ghcr.io-zitadel-zitadel-login-4.x
git switch renovate/ghcr.io-zitadel-zitadel-login-4.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/ghcr.io-zitadel-zitadel-login-4.x
git switch renovate/ghcr.io-zitadel-zitadel-login-4.x
git rebase main
git switch main
git merge --ff-only renovate/ghcr.io-zitadel-zitadel-login-4.x
git switch renovate/ghcr.io-zitadel-zitadel-login-4.x
git rebase main
git switch main
git merge --no-ff renovate/ghcr.io-zitadel-zitadel-login-4.x
git switch main
git merge --squash renovate/ghcr.io-zitadel-zitadel-login-4.x
git switch main
git merge --ff-only renovate/ghcr.io-zitadel-zitadel-login-4.x
git switch main
git merge renovate/ghcr.io-zitadel-zitadel-login-4.x
git push origin main
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
DevFW-CICD/zitadel-bootstrap!4
No description provided.