Release 3.0.11
Release Date: 11-12-2025
Release Notes
This release includes a critical security enhancement to our customer data access framework. The update strengthens token-based authorization to ensure customer tokens are scoped exclusively to their own personal account data.
Whats Fixed
Previously, certain API paths did not fully enforce token-scoped access restrictions, which could allow a valid customer token to fetch, delete, or add personal account data belonging to another customer under specific conditions. This patch corrects that behavior by applying strict token-to-customer binding across all relevant operations.
Impact of the Fix
Each customer token is now cryptographically and logically restricted to that customer’s own data only. Attempts to access another customer’s records—whether fetching, deleting, or adding—are now blocked automatically by the authorization layer.
Upgrade Notes
The sequence of steps to follow to upgrade are:
Image list
| Microservice name | Image tag |
|---|---|
| Core Microservice | omnumisandbox.azurecr.io/core:3.0.12-deliverable |
| Card Isser Service Microservice | omnumisandbox.azurecr.io/omnumi-card-issuer-service:3.0.12-deliverable |
| Card Reservation Service Microservice | omnumisandbox.azurecr.io/omnumi-card-reservation:3.0.12-deliverable |