releases.shpreview

SAML cert timestamps exposed; session token races prevented

@clerk/clerk-js@6.24.0

1 feature1 fixThis release1 featureNew capabilities1 fixBug fixesAI-tallied from the release notes

Minor Changes

  • Add idpCertificateIssuedAt and idpCertificateExpiresAt to SAML enterprise connections, exposing the IdP certificate validity window (#9077) by @LauraBeatris

Patch Changes

  • Prevent a staler session token from overwriting a fresher one on the same tab. Freshness is ranked by the JWT oiat header, then iat; tokens without oiat always pass through. (#9030) by @nikosdouvlis

  • Updated dependencies [1efc7e5, 5028b54, 2e1fec7]:

    • @clerk/shared@4.24.0

Fetched July 6, 2026