Skip to main content

Technical Advisory 10014

Date​

Versions: >= v2.67.3, v2.66 >= v2.66.6

Date: 2025-01-17

Description​

Prior to version v2.66.0, some project grants were incorrectly created under the granted organization instead of the project owner's organization. To find these grants, users had to set the x-zitadel-orgid header to the granted organization ID when using the ListAllProjectGrants gRPC method.

Zitadel v2.66.0 corrected this behavior for new grants. However, existing grants were not automatically updated. Version v2.66.6 corrects the owner of these existing grants.

Impact​

After the release of v2.66.6, if your application uses the ListAllProjectGrants method with the x-zitadel-orgid header set to the granted organization ID, you will not retrieve any results.

Mitigation​

To ensure your application continues to function correctly after the release of v2.66.6, implement the following changes:

  1. Conditional Header: Only set the x-zitadel-orgid header to the project owner's organization ID if the user executing the ListAllProjectGrants method belongs to a different organization than the project.
  2. Use grantedOrgIdQuery: Utilize the grantedOrgIdQuery parameter to filter grants for the specific granted organization.