Changelog

All notable changes to BastionAuth are documented here.

[0.1.0] - 2026-01-02

🎉 Initial Public Beta Release

We're excited to announce the first public beta of BastionAuth!

Added

Core Authentication

• Email/password authentication with secure Argon2id hashing
• Breached password detection via HaveIBeenPwned API
• JWT-based sessions with RS256 signing
• Refresh token rotation for enhanced security
• Session management with device tracking

Multi-Factor Authentication

• TOTP authenticator app support
• QR code generation for easy setup
• 10 single-use backup codes
• Replay attack protection

OAuth & Social Login

• Google OAuth integration
• GitHub OAuth integration
• Microsoft OAuth integration
• Apple Sign In (coming soon)
• LinkedIn OAuth (coming soon)

Organizations & Multi-tenancy

• Create and manage organizations
• Role-based access control (Owner, Admin, Member)
• Email domain restrictions
• Member invitations with expiry

Admin Dashboard

• User management (view, search, delete)
• Organization management
• Session monitoring
• Error logging and monitoring
• Settings configuration

SDKs

• @bastionauth/core - Core utilities and types
• @bastionauth/react - React hooks and components
• @bastionauth/nextjs - Next.js middleware and server utilities

Developer Experience

• Pre-built UI components (Sign In, Sign Up, User Button)
• TypeScript support throughout
• Comprehensive API documentation
• Self-hosting guide

Security Features

• Rate limiting on sensitive endpoints
• CSRF protection
• AES-256-GCM encryption for sensitive data
• Audit logging

Infrastructure

• Docker Compose deployment
• PostgreSQL database
• Redis for sessions and caching
• Nginx Proxy Manager support

Roadmap

Coming in v0.2.0

• Passkey/WebAuthn support
• Magic link authentication
• Email templates customization
• Webhook management UI
• API key management

Coming in v0.3.0

• Enterprise SSO (SAML)
• Custom domains per organization
• Advanced audit logs
• User impersonation (admin)
• Kubernetes Helm chart

Future Plans

• Mobile SDKs (React Native, Flutter)
• Edge deployment support
• SOC 2 Type II certification
• Enterprise support plans

Versioning

BastionAuth follows Semantic Versioning (opens in a new tab):

• Major (1.0.0): Breaking changes
• Minor (0.1.0): New features, backward compatible
• Patch (0.0.1): Bug fixes, backward compatible

During beta (0.x.x), minor versions may include breaking changes. We recommend pinning versions in production.

Upgrade Guide

From Pre-release to 0.1.0

If you were using a pre-release version:

1. Backup your database

   pg_dump $DATABASE_URL > backup.sql

2. Pull latest code

   git pull origin main

3. Run migrations

   pnpm db:migrate

4. Rebuild containers

   docker compose -f docker/docker-compose.prod.yml build --no-cache
   docker compose -f docker/docker-compose.prod.yml up -d

Subscribe to Updates

• ⭐ Star us on GitHub (opens in a new tab) to get notified of releases
• 📧 Join our mailing list (opens in a new tab) for major announcements
• 💬 Discord community (opens in a new tab) for real-time updates