The following errors and issues have been resolved:

• SQL injection vulnerabilities have been patched in xml-crypto libraries. (ST-1024, CVE-2025-29774, CVE-2025-29775)

• OneLogin no longer sets the SQL connection 'application name' based on the value of the incoming X-RequestId HTTP header. (CVE-2025-52924)

• An interface error sometimes caused when deleting an application no longer occurs.

• User emails with apostrophes can now be correctly added and notification emails now send correctly to users with apostrophes in their email address. (CR-77747, ST-1143)

• User accounts with single-character last names are no longer prevented from creating passwords including that character. (CR-83007)

• An issue preventing account creation in the EU shard has been resolved.

• A discrepancy in how licensed and enabled users are calculated has been resolved, allowing for more accurate and transparent user license counts. (ST-1070, CR-89125)

• An issue impacting cookie-based authentication with the branding service has been resolved.

• An issue generating a 500 error when saving some app configurations has been resolved. (ST-1021)

• It is no longer possible for administrators to create untitled portal tabs; an error will now appear requiring that the tab be given a title.

• OTP and self-registration emails are now correctly generated with the specified user locale and language.

• Events are now saved with the correct event_timestamp format.

• Usage of the Generate Temp Token API now correctly appears as an API-generated action in logging.

• The Add Privilege option now appears correctly in user details.

• Dropdown menus no longer appear behind other UI elements.

• CSV files now upload correctly when bulk-importing users.

• Reports now correctly generate in the background.

• A manual refresh is no longer required after adding an application to a user profile.

• "Not supported on your browser" text no longer incorrectly appears when copying user credentials.

• An issue causing site timeouts when viewing the user directory in the administration portal has been resolved.

• An error causing third-party certificate validation to fail has been corrected.

• An issue causing registration incompatibility between the current and older versions of OneLogin Protect has been resolved.

• An issue preventing Enterprise sandbox clones from interacting with Vigilance AI has been resolved.

• Email authentication timeouts are now properly handled when called via API. (CR-82373, ST-825)

• The updated_at field is now correctly updated when a user's roles or custom fields are modified via API.

• An issue preventing some users from correctly being deleted from OneLogin has been resolved.

• Groups deleted from Entra ID are now correctly removed from the Group Filter interface.

• The Managed Infrastructure menu no longer appears for users without One Identity PAM privileges.

• An error preventing login settings from being saved in the Branding configuration has been corrected. (ST-914)

• An update banner now correctly appears to confirm the adding or removing of apps from the user portal.

• The password reset page is now fully translated when displaying in Spanish language.

• 422/504 errors are no longer generated by manually adding users to a role.

• Users will no longer be stuck in "Failed" status when provisioning with Zoom.

• Users suspended in OneLogin with LDAP provisioning are now correctly also suspended in G Suite.

• A crash no longer occurs when modifying provisioned users.

• An error causing G Suite refresh entitlements to fail has been corrected.

• Users are no longer incorrectly assigned temporary tokens. (ST-722)

• 90-day inactivity suspensions are now correctly enforced. (ST-950)

• Users suspended in OneLogin are now correctly suspended in G Suite with LDAP provisioning. (ST-920)

• An issue preventing custom parameters from being added to Office 365 v2 app connectors has been resolved.