releases.shpreview

IPC requests validated against subframe token theft

@clerk/electron@0.0.16

1 fixThis release1 fixBug fixesAI-tallied from the release notes

Patch Changes

  • Validate that token-cache and OAuth-transport IPC requests originate from a top-level window's main frame. This prevents untrusted content in subframes or <webview>s that share the Clerk preload from reading the persisted client JWT or driving the OAuth transport. (#9167) by @dominic-clerk

Fetched July 17, 2026

IPC requests validated against subframe token theft… — releases.sh