Unleash 4.10: Flexibility and security

The newly released Unleash 4.10 provides increased flexibility and security around API Tokens and improved admin UI usability. It’s already been rolled out to most of our hosted customers; self-hosting users can go and grab it right away! Here’s some highlights from this release!

Describe legal values

The new context field creation form with legal values with descriptions

When using custom context fields, you can give them a set of legal values. This lets you say “this context field should always have one of these values”.

Prior to 4.10, Unleash would only show you the values themselves. In cases where the values aren’t human-readable (such as 782a35c8-3eb7-4be4-ae61-021c8dcd429e), it can get real tricky to remember what each value actually means. To make it easier to tell the values apart, we’ve added an optional description field which will be displayed alongside the value.


User administration: filter and sort

The new user filtration and sorting system

It’s easy enough to find the user you’re looking for when you only have five members. But if you’re a larger organization with thousands of users,  a static list won’t cut it. That’s why we now let you sort and filter the list of users on your Unleash instance! Check it out on the Users page of the admin menu.

API token visibility

We’re serious about security. It used to be that anyone with access to an Unleash instance could see and copy client tokens (importantly: not admin tokens). In Unleash 4.10, we’ve made this a bit more stringent. Users with the viewer role will no longer be able to see any tokens on the API access page. Admins and editors can still see the same tokens as before. Refer to the RBAC documentation for more information on the available roles.

Multi-project API tokens

An input control that allows you to select any desired subset of projects

Before Unleash 4.10, a client API token would be valid for either:

  • a single project
  • all current and future projects

This time around, we’ve added a new possibility: make a token valid for a specified subset of projects. When you create a client token, you must choose which project(s) it should be valid for. You can still select a single project or all projects (as before), but you can now select any number of projects. For instance, if you want it to be valid for projects A and B, but not C, that’s perfectly possible (and new)!

Refer to the API tokens documentation for more information about client tokens and client token formats.


These are just the highlights; Unleash 4.10 also contains more (visible and invisible) features and improvements that we’re very excited about. Take it for a spin and let us know what you think and if you’re missing something!


Share this article