v25.4.10

Remove the audience: audit field in some log entries

An experiment was made in the past to use logs for auditing, by having a certain field (i.e. key-value) present in the log entry, e.g. in JSON: "audience": "audit".

However, this approach was never used everywhere (only in some places in Hydra) and it was decided to stop the experiment.

As a result, the "audience": "audit" field is removed from these log entries. The rest of these log entries is unchanged.

Logs not using this field are unchanged.

Example before:

{"audience":"audit","level":"info","msg":"something happened","service_name":"Ory Hydra","service_version":"master","time":"2025-12-19T09:55:39.647379+01:00"}

Example after:

{"level":"info","msg":"something happened","service_name":"Ory Hydra","service_version":"master","time":"2025-12-19T09:55:39.647379+01:00"}

Breaking changes

None.

If you relied on the presence of this field in the logs, we recommend you use events or OpenTelemetry traces instead, which carry much more information.

Stricter URI validation for client metadata

Ory Hydra now enforces stricter validation rules for certain client metadata URIs when creating, updating or patching clients. These fields include policy_uri, tos_uri, client_uri, and logo_uri. The URIs must now be valid URLs with either http or https schemes. This change enhances security and ensures compliance with OAuth 2.0 and OpenID Connect specifications.

v25.4.10​

Remove the audience: audit field in some log entries​

Breaking changes​

Stricter URI validation for client metadata​

Ory Network

v25.4.10

Remove the audience: audit field in some log entries

Breaking changes

Stricter URI validation for client metadata