Upgrading from 10.5.X to 10.6.0#

Removal of the webauthn-json library#

The webauthn-json library is no longer used in the product, because all major browsers now support native APIs that are equivalent to what webauthn-json provided.

The assets/js/lib/webauthn-json.js file has been removed from the server distribution. In addition, the following Velocity templates were updated to remove usages of the library:

  • authenticator/passkeys/js/authenticate-device.vm
  • authenticator/passkeys/js/register.vm
  • authenticator/webauthn/js/add-additional-device.vm
  • authenticator/webauthn/js/authenticate-device.vm
  • authenticator/webauthn/js/register.vm
  • authenticator/webauthn/js/common-js.vm

If any of these templates were customized in your deployment, they need to be updated, namely:

  • Replace usages of webauthnJSON.get with getPublicKeyCredential (defined in common-js.vm)
  • Replace usages of webauthnJSON.create with createPublicKeyCredential (defined in common-js.vm)

Preparing for version 11.0.0#

This section contains important remarks in preparation for the upcoming 11.0.0 major release, scheduled for February 2026.

JDBC Data Source - End of support for deprecated credential storage schema and related credential modes#

Summary:

In version 11.0.0 it will be required to store credentials in the credentials table. The credentials-in-accounts-table and credentials-migration credential modes will no longer be supported. The standard credentials mode will be the only supported mode. If this mode is already being used, no action is needed.

In version 9.0.0 of the Curity Identity Server a new credentials table was introduced to store credentials separately from accounts, and credential modes were added to support the previous database structure as well as transitioning to the new one. In version 10.0.0 the older database schema - where passwords were stored in the accounts table - was deprecated. The corresponding credentials-in-accounts-table and credentials-migration credential modes were also deprecated.

In the upcoming 11.0.0 release the older database schema will no longer be supported. Also, support for the credentials-in-accounts-table and credentials-migration credential modes will be dropped. Any JDBC data source still using the old credentials schema/modes must be upgraded and configured with standard credentials mode before upgrading the server to version 11.0.0. Refer to the upgrade guide for version 9.0.0 for details on how to upgrade the database schema.

If you’re still depending on any of the options only available in the deprecated credential modes (namely credential-query and custom-query-verifies-password), please contact support.

SDK - Removal of the CredentialDataAccessProvider interface#

The changes mentioned in this section are meant for authors of data access plugins, namely when implementing support for Credential Data Access using the CredentialDataAccessProvider interface.

The deprecated CredentialDataAccessProvider interface will be removed in version 11.0.0. The corresponding getCredentialDataAccessProvider method in the DataAccessProviderPluginDescriptor interface will also be removed.

Any data access plugin implementing that interface should be updated to implement one of the subtypes of the CredentialManagementDataAccessProvider interface before upgrading the server to version 11.0.0. Refer to the upgrade guide for version 10.0.0 for details on how to update such plugins.

Was this helpful?