Changelog for Ory Kratos OEL
2025-07-25
Tag: beebb63c5cd4a58b218a792027b34d231735dc05
Support for External Identity IDs
Identity admins can now set an external_id field on an identity. If set, the external ID must be unique within the project. Admins
can retrieve an identity by external ID through the /admin/identities/by/external/{id} endpoint. In responses, the external_id
is contained in all identity and session responses. When tokenizing a session, the external_id is available in the Jsonnet
context. Optionally, admins can set the subject_source option on the tokenization config to external_id, in which case the sub
claim will be the external ID. Note that in this case tokenization fails if the external ID is not set for the identity bound to
that session.
Read more about the external ID feature in our documentation: https://www.ory.sh/docs/kratos/manage-identities/external-id
This release needs previous version (097934fff2bda05c808d962a92f52140f80dff83) to be applied first
Tag: 097934fff2bda05c808d962a92f52140f80dff83
Improved SQL queries to gracefully handle new columns added via future migrations, preventing upgrade-time failures due to schema changes.
2025-06-11
Tag: 290abca8469dc46c1ba07708849fed28fdbc1b69
Make code submission attempt limit configurable
Previously the maximum number of submission attempts for codes (e.g., 2FA codes, email verification codes) was set to 5 in Ory Kratos. This release allows the submission attempts to be configurable for system administrators based on specific security policies or business requirements, the default value of 5 remains. To find out more how to configure it please read our documentation https://www.ory.sh/docs/identities/sign-in/code-submission-limit
2025-05-27
Initial Ory Kratos OEL release
Changes:
- fix high security vulnerability CVE-2025-22871
No specific upgrade steps are required for this release. The Ory Kratos OEL image is now available in the Ory Enterprise Docker Registry.