Requests to the /authorize endpoint would incorrectly prioritize values from the URI query parameter, rather than the request JWT. For more information, see the documentation for that endpoint. (OKTA-187642)
When multiple attempts were simultaneously made to update a user's phone number for the SMS or Call Factor, an HTTP 500 error was sometimes returned. (OKTA-188112)
In some situations SHA-256 password imports would not work. SHA-256 password import now requires the salt to be base64-encoded.
Previously Released Early Access Features 2018.39 Update
The following features have already been released as Early Access. To enable them, contact Support.