Changelog August 4, 2023

Nick Parsons

This week we shipped Disposable Email Blocking, Mitigation for Unvalidated Redirect Vulnerabilities, a new JWT template for WunderGraph, and more!

⛔️ Prevent Fake Accounts with Disposable Email Blocking

Prevent Fake Accounts with Clerk's Disposable Email Blocking

Clerk now offers the ability to block disposable and temporary emails during sign-up. When this setting is enabled, emails entered during sign-up will be checked in real-time against a frequently updated database of over 160,000 known disposable email providers. If a match is found, the sign-up is blocked to prevent abuse from invalid accounts.

The setting can be enabled on the Settings page of the Clerk Dashboard →

✨ Other Fixes & Improvements

Enabled the allowedRedirectOrigins prop in Clerk Hosted Pages to mitigate unvalidated redirect vulnerabilities in production instances. With this setting, only same-origin redirects will be allowed from Hosted Pages.
Fixed bugs in username sorting logic for the Users and Members tables in the Clerk Dashboard.
Added a user.hasImage boolean to Clerk's Frontend API and ClerkJS package. This field indicates whether the user has a profile image and, if they do, whether their profile image was uploaded by the user or was sourced from their connected social provider.
- This field can, for example, be used to ensure users have a profile image by allowing you to leverage it to build logic and a UI to display a profile image uploader if the user has signed up without a social provider and has not yet added a profile image.
Added a new JWT template for WunderGraph in the Integrations section of the Clerk Dashboard.

📅 Events

We're excited to announce that Clerk is sponsoring React Rally in Salt Lake City on August 17th and 18th. If you're planning on attending, let us know – we'd love to meet you! We'll have cookies, swag, and a surprise or two. And if you're not sure, there's still time 😉

Grab your ticket here →

📚 Resources

Implementing Role-Based Access Control in the Next.js App Router: In this tutorial written by Eugene Musebe, you will learn how to integrate RBAC in your Next.js app using organizations powered by Clerk.
How to Build an AI Companion: In this 6-hour tutorial on the Code with Antonio YouTube channel, you’ll learn how to build an AI Companion app using Pinecone, Replicate, Planetscale, Shadcn UI, and more!
How We Roll – Chapter 9: Infrastructure: In this chapter of How We Roll, Dev Agrawal provides an in-depth look at the infrastructure that powers Clerk’s authentication capabilities.
A Comprehensive Guide to GDPR-Compliant Auth Solutions: If you’re interested in learning about GDPR compliant auth solutions, you’ll enjoy this in-depth article by MadaShindeInai.
Build and Deploy a Threads App: Learn how to build a full stack Threads App in this YouTube tutorial from JavaScript Mastery using Next.js, Clerk, MongoDB, UploadThing, Zod, and more!

🙌 Community Shoutouts

Kudos to Subham Bharadwaj on launching Scribbly, a digital journal app built with Next.js, Shadcn UI, Tinybird and auth powered by Clerk. Nice work!
Big thank you to Thibault Le Ouay for open sourcing openstatus.dev, a Statuspage alternative built with Clerk! The project is available on GitHub for anyone to check out and contribute. Appreciate you contributing to open source software and giving back to the developer community!
Shout out to Ahmed El Aksaan, the founder of Noodle.run, an open-source platform to help students manage and help super-power their productivity. They have already hit 10,000 GitHub stars, and growing, in record time! Join their waitlist now to get notified when it launches!

Stay tuned for future updates. If you have feedback or suggestions, leave us feedback on the docs via Docsly, tweet us at @ClerkDev, or join the Clerk Community on Discord.