From 9f949cf525888d40d6e4dccf125e807bde8f8321 Mon Sep 17 00:00:00 2001
From: Daniel DeGroff <daniel@fusionauth.io>
Date: Fri, 27 Oct 2023 11:47:23 -0500
Subject: [PATCH 1/5] update release notes to remove EAP notes and update
 release date.

---
 astro/src/content/docs/release-notes/index.mdx | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/astro/src/content/docs/release-notes/index.mdx b/astro/src/content/docs/release-notes/index.mdx
index 020249ee5b..6bf0a8bf2e 100644
--- a/astro/src/content/docs/release-notes/index.mdx
+++ b/astro/src/content/docs/release-notes/index.mdx
@@ -17,15 +17,7 @@ import ReleaseNoteHeading from 'src/components/docs/release-notes/ReleaseNoteHea
 
 Looking for release notes older than 1.23.0? Look in the [release notes archive](/docs/release-notes/archive). Looking to be [notified of new releases?](/docs/operate/roadmap/releases#release-notifications)
 
-<ReleaseNoteHeading version="1.48.0-EAP.20231021" releaseDate="October 21st, 2023" />
-
-<Aside type="caution">
-  **Early Access**
-
-  This is an early access build. Please review the [EAP rules](/docs/operate/roadmap/releases#early-access-program) to understand the limitations of this release before upgrading.
-</Aside>
-
-<br/>
+<ReleaseNoteHeading version="1.48.0" releaseDate="October 27th, 2023" />
 
 <DatabaseMigrationWarning/>
 

From d88a6df811c728c5539c45acff231efe8e9e5fe0 Mon Sep 17 00:00:00 2001
From: John Jeffers <john.jeffers@fusionauth.io>
Date: Fri, 27 Oct 2023 10:47:42 -0600
Subject: [PATCH 2/5] Redirect lambda (#2614)

* add terraform module to manage the lambda

* reduce the repo checkout size
---
 .../lambda-site-origin-request-handler.yaml   | 60 +++++++++++++
 .../publish-site-redirect-rules.yaml          |  6 +-
 .gitignore                                    |  3 +
 .../README.md                                 |  2 +-
 .../data/redirects.json                       |  0
 .../package-lock.json                         | 84 +++++++++---------
 .../package.json                              |  4 +-
 .../src/index.mjs                             |  2 +-
 .../terraform/.terraform.lock.hcl             | 85 +++++++++++++++++++
 .../terraform/main.tf                         | 35 ++++++++
 .../terraform/providers.tf                    | 44 ++++++++++
 .../test/index.test.mjs                       |  0
 12 files changed, 276 insertions(+), 49 deletions(-)
 create mode 100644 .github/workflows/lambda-site-origin-request-handler.yaml
 rename src/lambdas/{fusionauth-site-origin-handler => site-origin-request-handler}/README.md (91%)
 rename src/lambdas/{fusionauth-site-origin-handler => site-origin-request-handler}/data/redirects.json (100%)
 rename src/lambdas/{fusionauth-site-origin-handler => site-origin-request-handler}/package-lock.json (97%)
 rename src/lambdas/{fusionauth-site-origin-handler => site-origin-request-handler}/package.json (83%)
 rename src/lambdas/{fusionauth-site-origin-handler => site-origin-request-handler}/src/index.mjs (98%)
 create mode 100644 src/lambdas/site-origin-request-handler/terraform/.terraform.lock.hcl
 create mode 100644 src/lambdas/site-origin-request-handler/terraform/main.tf
 create mode 100644 src/lambdas/site-origin-request-handler/terraform/providers.tf
 rename src/lambdas/{fusionauth-site-origin-handler => site-origin-request-handler}/test/index.test.mjs (100%)

diff --git a/.github/workflows/lambda-site-origin-request-handler.yaml b/.github/workflows/lambda-site-origin-request-handler.yaml
new file mode 100644
index 0000000000..d2ebe6e387
--- /dev/null
+++ b/.github/workflows/lambda-site-origin-request-handler.yaml
@@ -0,0 +1,60 @@
+---
+name: lambda-site-origin-request-handler
+
+env:
+  AWS_REGION: us-east-1
+
+on:
+  push:
+    branches:
+      - development
+    paths:
+      - 'src/lambdas/site-origin-request-handler/src/index.mjs'
+      - 'src/lambdas/site-origin-request-handler/terraform/**'
+  pull_request:
+    branches:
+      - development
+    paths:
+      - 'src/lambdas/site-origin-request-handler/src/index.mjs'
+      - 'src/lambdas/site-origin-request-handler/terraform/**'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: fusionauth-standard
+    container: 752443094709.dkr.ecr.us-west-2.amazonaws.com/gha-runner-ubuntu-22.04:bootstrap-05
+    steps:
+
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            src
+
+      - name: set aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-chaining: true
+          role-to-assume: arn:aws:iam::752443094709:role/github-actions
+          role-session-name: github-actions
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: setup terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.6.2
+
+      - name: terraform plan
+        if: github.event_name == 'pull_request'
+        working-directory: src/lambdas/site-origin-request-handler/terraform
+        shell: bash
+        run: terraform init && terraform plan
+
+      - name: terraform apply
+        if: github.event_name == 'push'
+        working-directory: src/lambdas/site-origin-request-handler/terraform
+        shell: bash
+        run: terraform init && terraform apply -auto-approve
diff --git a/.github/workflows/publish-site-redirect-rules.yaml b/.github/workflows/publish-site-redirect-rules.yaml
index 5889d5637d..7d63b5564c 100644
--- a/.github/workflows/publish-site-redirect-rules.yaml
+++ b/.github/workflows/publish-site-redirect-rules.yaml
@@ -10,7 +10,7 @@ on:
     branches:
       - development
     paths:
-      - 'src/lambdas/fusionauth-site-origin-handler/data/redirects.json'
+      - 'src/lambdas/site-origin-request-handler/data/redirects.json'
 
 permissions:
   id-token: write
@@ -34,6 +34,6 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
 
       - name: upload file to s3
-        working-directory: src/lambdas/fusionauth-site-origin-handler/data
+        working-directory: src/lambdas/site-origin-request-handler/data
         run: |
-          aws s3 cp ./redirects.json s3://fusionauth-dev-us-east-1-artifacts/lambda/fusionauth-site-origin-handler/redirects.json
+          aws s3 cp ./redirects.json s3://fusionauth-dev-us-east-1-artifacts/lambda/site-origin-request-handler/redirects.json
diff --git a/.gitignore b/.gitignore
index 536ea73e7c..01c579d456 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,3 +50,6 @@ node_modules
 .savant/cache
 
 astro/.astro
+
+# Local .terraform directories
+**/.terraform/*
diff --git a/src/lambdas/fusionauth-site-origin-handler/README.md b/src/lambdas/site-origin-request-handler/README.md
similarity index 91%
rename from src/lambdas/fusionauth-site-origin-handler/README.md
rename to src/lambdas/site-origin-request-handler/README.md
index 2ee26bb016..a9994b8b87 100644
--- a/src/lambdas/fusionauth-site-origin-handler/README.md
+++ b/src/lambdas/site-origin-request-handler/README.md
@@ -1,4 +1,4 @@
-# fusionauth-site-origin-handler
+# site-origin-request-handler
 
 This is a Lambda@Edge function that handles redirects for fusionauth.dev.
 
diff --git a/src/lambdas/fusionauth-site-origin-handler/data/redirects.json b/src/lambdas/site-origin-request-handler/data/redirects.json
similarity index 100%
rename from src/lambdas/fusionauth-site-origin-handler/data/redirects.json
rename to src/lambdas/site-origin-request-handler/data/redirects.json
diff --git a/src/lambdas/fusionauth-site-origin-handler/package-lock.json b/src/lambdas/site-origin-request-handler/package-lock.json
similarity index 97%
rename from src/lambdas/fusionauth-site-origin-handler/package-lock.json
rename to src/lambdas/site-origin-request-handler/package-lock.json
index 29f7a1201c..f9817af6a4 100644
--- a/src/lambdas/fusionauth-site-origin-handler/package-lock.json
+++ b/src/lambdas/site-origin-request-handler/package-lock.json
@@ -1,11 +1,11 @@
 {
-  "name": "fusionauth-site-origin-handler",
+  "name": "site-origin-request-handler",
   "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "fusionauth-site-origin-handler",
+      "name": "site-origin-request-handler",
       "version": "1.0.0",
       "license": "Apache-2.0",
       "dependencies": {
@@ -142,16 +142,16 @@
       "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
     },
     "node_modules/@aws-sdk/client-s3": {
-      "version": "3.436.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.436.0.tgz",
-      "integrity": "sha512-4F/eg9caxUxRU9za+nppiq4VnjTy+QKc4V2A7bI+7N4GBXl/Ye8Q9zBjbEDpGBmZBHbuO/RtBtyf/ZyrYntEvA==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.437.0.tgz",
+      "integrity": "sha512-KCocXvRH3pCTJNeNivDJN9mygK0B4Uvp5POWlCXgOj5iQU2U/sEpr+LqAwQZiZZjE7crcsAf0FPKMyk6/oMXHQ==",
       "dependencies": {
         "@aws-crypto/sha1-browser": "3.0.0",
         "@aws-crypto/sha256-browser": "3.0.0",
         "@aws-crypto/sha256-js": "3.0.0",
-        "@aws-sdk/client-sts": "3.436.0",
+        "@aws-sdk/client-sts": "3.437.0",
         "@aws-sdk/core": "3.436.0",
-        "@aws-sdk/credential-provider-node": "3.436.0",
+        "@aws-sdk/credential-provider-node": "3.437.0",
         "@aws-sdk/middleware-bucket-endpoint": "3.433.0",
         "@aws-sdk/middleware-expect-continue": "3.433.0",
         "@aws-sdk/middleware-flexible-checksums": "3.433.0",
@@ -164,11 +164,11 @@
         "@aws-sdk/middleware-ssec": "3.433.0",
         "@aws-sdk/middleware-user-agent": "3.433.0",
         "@aws-sdk/region-config-resolver": "3.433.0",
-        "@aws-sdk/signature-v4-multi-region": "3.433.0",
+        "@aws-sdk/signature-v4-multi-region": "3.437.0",
         "@aws-sdk/types": "3.433.0",
         "@aws-sdk/util-endpoints": "3.433.0",
         "@aws-sdk/util-user-agent-browser": "3.433.0",
-        "@aws-sdk/util-user-agent-node": "3.433.0",
+        "@aws-sdk/util-user-agent-node": "3.437.0",
         "@aws-sdk/xml-builder": "3.310.0",
         "@smithy/config-resolver": "^2.0.16",
         "@smithy/eventstream-serde-browser": "^2.0.12",
@@ -208,9 +208,9 @@
       }
     },
     "node_modules/@aws-sdk/client-sso": {
-      "version": "3.436.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.436.0.tgz",
-      "integrity": "sha512-MM59VTikuehbN/iLz0rH0MhvUb9ngG9rB129darJkNBWNBQDNnQHox/31dm/Hyfq++YUf6GREsfW8r9HMMfLdg==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.437.0.tgz",
+      "integrity": "sha512-AxlLWz9ec3b8Bt+RqRb2Q1ucGQtKrLdKDna+UTjz7AouB/jpoMiegV9NHXVX64N6YFnQnvB0UEGigXiOQE+y/g==",
       "dependencies": {
         "@aws-crypto/sha256-browser": "3.0.0",
         "@aws-crypto/sha256-js": "3.0.0",
@@ -223,7 +223,7 @@
         "@aws-sdk/types": "3.433.0",
         "@aws-sdk/util-endpoints": "3.433.0",
         "@aws-sdk/util-user-agent-browser": "3.433.0",
-        "@aws-sdk/util-user-agent-node": "3.433.0",
+        "@aws-sdk/util-user-agent-node": "3.437.0",
         "@smithy/config-resolver": "^2.0.16",
         "@smithy/fetch-http-handler": "^2.2.4",
         "@smithy/hash-node": "^2.0.12",
@@ -253,14 +253,14 @@
       }
     },
     "node_modules/@aws-sdk/client-sts": {
-      "version": "3.436.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.436.0.tgz",
-      "integrity": "sha512-DJKvvtcjIziD8FMGIURwesrKdZcfTx0dZ3juBg8I0q2Y+kQYx1xFqy4dl9V/lQLBRWk1hku0iM+J/TI1YjlOrQ==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.437.0.tgz",
+      "integrity": "sha512-ilLcrCVwH81UbKNpB9Vax1Fw/mNx2d/bWXkCNXPvrExO+K39VFGS/VijOuSrru2iBq844NlG3uQV8DL/nbiKdA==",
       "dependencies": {
         "@aws-crypto/sha256-browser": "3.0.0",
         "@aws-crypto/sha256-js": "3.0.0",
         "@aws-sdk/core": "3.436.0",
-        "@aws-sdk/credential-provider-node": "3.436.0",
+        "@aws-sdk/credential-provider-node": "3.437.0",
         "@aws-sdk/middleware-host-header": "3.433.0",
         "@aws-sdk/middleware-logger": "3.433.0",
         "@aws-sdk/middleware-recursion-detection": "3.433.0",
@@ -271,7 +271,7 @@
         "@aws-sdk/types": "3.433.0",
         "@aws-sdk/util-endpoints": "3.433.0",
         "@aws-sdk/util-user-agent-browser": "3.433.0",
-        "@aws-sdk/util-user-agent-node": "3.433.0",
+        "@aws-sdk/util-user-agent-node": "3.437.0",
         "@smithy/config-resolver": "^2.0.16",
         "@smithy/fetch-http-handler": "^2.2.4",
         "@smithy/hash-node": "^2.0.12",
@@ -327,13 +327,13 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-ini": {
-      "version": "3.436.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.436.0.tgz",
-      "integrity": "sha512-VWemmELcB+WSvP+hPk5CTlIYZMZdjcPFeoWrv11tpVqQ4be33AM1LEC1sTSU8fXKSgIL/tz7ilqp11fWm0MQwA==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.437.0.tgz",
+      "integrity": "sha512-UybiJxYPvdwok5OcI9LakaHmaWZBdkX0gY8yU2n7TomYgWOwDJ88MpQgjXUJJ249PH+9/+How5H3vnFp0xJ0uQ==",
       "dependencies": {
         "@aws-sdk/credential-provider-env": "3.433.0",
         "@aws-sdk/credential-provider-process": "3.433.0",
-        "@aws-sdk/credential-provider-sso": "3.436.0",
+        "@aws-sdk/credential-provider-sso": "3.437.0",
         "@aws-sdk/credential-provider-web-identity": "3.433.0",
         "@aws-sdk/types": "3.433.0",
         "@smithy/credential-provider-imds": "^2.0.0",
@@ -347,14 +347,14 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-node": {
-      "version": "3.436.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.436.0.tgz",
-      "integrity": "sha512-ZQIqR11TPU03RGI/eynOCMmH8FK4J+IxdDEsv2FBcxkuFl990CangoeEziRhVsw+a68TWVZA65kVv+oUX2u8Sw==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.437.0.tgz",
+      "integrity": "sha512-FMtgEe/me68xZQsymEpMcw7OuuiHaHx/Tp5EqZP5FC0Yv1yX3qr/ncIWU2zY3a9K0iLERmzQI1g3CMd8r4sy8A==",
       "dependencies": {
         "@aws-sdk/credential-provider-env": "3.433.0",
-        "@aws-sdk/credential-provider-ini": "3.436.0",
+        "@aws-sdk/credential-provider-ini": "3.437.0",
         "@aws-sdk/credential-provider-process": "3.433.0",
-        "@aws-sdk/credential-provider-sso": "3.436.0",
+        "@aws-sdk/credential-provider-sso": "3.437.0",
         "@aws-sdk/credential-provider-web-identity": "3.433.0",
         "@aws-sdk/types": "3.433.0",
         "@smithy/credential-provider-imds": "^2.0.0",
@@ -383,12 +383,12 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-sso": {
-      "version": "3.436.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.436.0.tgz",
-      "integrity": "sha512-40exwlz6Xfc/28e1dfpHP7vwK04gATWEQ1dBb30d0zXASpn0Z0PWyNgAO2owcGsw4TdceSREV1mj8HwYkl8+BA==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.437.0.tgz",
+      "integrity": "sha512-kijtnyyA6/+ipOef4KACsLDUTFWDZ97DSWKU0hJFyGEfelaon6o7NNVufuVOWrBNyklNWZqvPLuwWWQCxb6fuQ==",
       "dependencies": {
-        "@aws-sdk/client-sso": "3.436.0",
-        "@aws-sdk/token-providers": "3.435.0",
+        "@aws-sdk/client-sso": "3.437.0",
+        "@aws-sdk/token-providers": "3.437.0",
         "@aws-sdk/types": "3.433.0",
         "@smithy/property-provider": "^2.0.0",
         "@smithy/shared-ini-file-loader": "^2.0.6",
@@ -607,9 +607,9 @@
       }
     },
     "node_modules/@aws-sdk/signature-v4-multi-region": {
-      "version": "3.433.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.433.0.tgz",
-      "integrity": "sha512-wl2j1dos4VOKFawbapPm/0CNa3cIgpJXbEx+sp+DI3G8tSuP3c5UGtm0pXjM85egxZulhHVK1RVde0iD8j63pQ==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.437.0.tgz",
+      "integrity": "sha512-MmrqudssOs87JgVg7HGVdvJws/t4kcOrJJd+975ki+DPeSoyK2U4zBDfDkJ+n0tFuZBs3sLwLh0QXE7BV28rRA==",
       "dependencies": {
         "@aws-sdk/types": "3.433.0",
         "@smithy/protocol-http": "^3.0.8",
@@ -622,9 +622,9 @@
       }
     },
     "node_modules/@aws-sdk/token-providers": {
-      "version": "3.435.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.435.0.tgz",
-      "integrity": "sha512-JZKqsuoK321ozp2ufGmjfpbAqtK1tYnLn0PaePWjvDL48B5A5jGNqFyP3/tg7LFP7vTp9O3pJ7ln0QLh8FpsjQ==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.437.0.tgz",
+      "integrity": "sha512-nV9qIuG0+6XJb7hWpCC+/K7RoY3PZUWndP8BRQv7PQhhpd8tG/I5Kxb0V83h2XFBXyyjnv0aOHO8ehz3Kfcv2Q==",
       "dependencies": {
         "@aws-crypto/sha256-browser": "3.0.0",
         "@aws-crypto/sha256-js": "3.0.0",
@@ -636,7 +636,7 @@
         "@aws-sdk/types": "3.433.0",
         "@aws-sdk/util-endpoints": "3.433.0",
         "@aws-sdk/util-user-agent-browser": "3.433.0",
-        "@aws-sdk/util-user-agent-node": "3.433.0",
+        "@aws-sdk/util-user-agent-node": "3.437.0",
         "@smithy/config-resolver": "^2.0.16",
         "@smithy/fetch-http-handler": "^2.2.4",
         "@smithy/hash-node": "^2.0.12",
@@ -725,9 +725,9 @@
       }
     },
     "node_modules/@aws-sdk/util-user-agent-node": {
-      "version": "3.433.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.433.0.tgz",
-      "integrity": "sha512-yT1tO4MbbsUBLl5+S+jVv8wxiAtP5TKjKib9B2KQ2x0OtWWTrIf2o+IZK8va+zQqdV4MVMjezdxdE20hOdB4yQ==",
+      "version": "3.437.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.437.0.tgz",
+      "integrity": "sha512-JVEcvWaniamtYVPem4UthtCNoTBCfFTwYj7Y3CrWZ2Qic4TqrwLkAfaBGtI2TGrhIClVr77uzLI6exqMTN7orA==",
       "dependencies": {
         "@aws-sdk/types": "3.433.0",
         "@smithy/node-config-provider": "^2.1.3",
diff --git a/src/lambdas/fusionauth-site-origin-handler/package.json b/src/lambdas/site-origin-request-handler/package.json
similarity index 83%
rename from src/lambdas/fusionauth-site-origin-handler/package.json
rename to src/lambdas/site-origin-request-handler/package.json
index b53929a453..ccabd80c5b 100644
--- a/src/lambdas/fusionauth-site-origin-handler/package.json
+++ b/src/lambdas/site-origin-request-handler/package.json
@@ -1,7 +1,7 @@
 {
-  "name": "fusionauth-site-origin-handler",
+  "name": "site-origin-request-handler",
   "version": "1.0.0",
-  "description": "Cloudfront origin handler for fusionauth-site",
+  "description": "Cloudfront origin request handler for fusionauth-site",
   "main": "index.mjs",
   "scripts": {
     "test": "mocha --require mocha-suppress-logs"
diff --git a/src/lambdas/fusionauth-site-origin-handler/src/index.mjs b/src/lambdas/site-origin-request-handler/src/index.mjs
similarity index 98%
rename from src/lambdas/fusionauth-site-origin-handler/src/index.mjs
rename to src/lambdas/site-origin-request-handler/src/index.mjs
index 498687f33b..404130d995 100644
--- a/src/lambdas/fusionauth-site-origin-handler/src/index.mjs
+++ b/src/lambdas/site-origin-request-handler/src/index.mjs
@@ -3,7 +3,7 @@ const s3 = new S3Client({ region: 'us-east-1' });
 
 // Location of the file containing the redirect rules.
 const fileBucket = 'fusionauth-dev-us-east-1-artifacts';
-const fileKey = 'lambda/fusionauth-site-origin-handler/redirects.json';
+const fileKey = 'lambda/site-origin-request-handler/redirects.json';
 
 let redirectRules = null;
 
diff --git a/src/lambdas/site-origin-request-handler/terraform/.terraform.lock.hcl b/src/lambdas/site-origin-request-handler/terraform/.terraform.lock.hcl
new file mode 100644
index 0000000000..3f1637b952
--- /dev/null
+++ b/src/lambdas/site-origin-request-handler/terraform/.terraform.lock.hcl
@@ -0,0 +1,85 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.22.0"
+  constraints = ">= 4.63.0, ~> 5.22.0"
+  hashes = [
+    "h1:XuU3tsGzElMt4Ti8SsM05pFllNMwSC4ScUxcfsOS140=",
+    "zh:09b8475cd519c945423b1e1183b71a4209dd2927e0d289a88c5abeecb53c1753",
+    "zh:2448e0c3ce9b991a5dd70f6a42d842366a6a2460cf63b31fb9bc5d2cc92ced19",
+    "zh:3b9fc2bf6714a9a9ab25eae3e56cead3d3917bc1b6d8b9fb3111c4198a790c72",
+    "zh:4fbd28ad5380529a36c54d7a96c9768df1288c625d28b8fa3a50d4fc2176ef0f",
+    "zh:54d550f190702a7edc2d459952d025e259a8c0b0ff7df3f15bbcc148539214bf",
+    "zh:638f406d084ac96f3a0b0a5ce8aa71a5a2a781a56ba96e3a235d3982b89eef0d",
+    "zh:69d4c175b13b6916b5c9398172cc384e7af46cb737b45870ab9907f12e82a28a",
+    "zh:81edec181a67255d25caf5e7ffe6d5e8f9373849b9e8f5e0705f277640abb18e",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a66efb2b3cf7be8116728ae5782d7550f23f3719da2ed3c10228d29c44b7dc84",
+    "zh:ae754478d0bfa42195d16cf46091fab7c1c075ebc965d919338e36aed45add78",
+    "zh:e0603ad0061c43aa1cb52740b1e700b8afb55667d7ee01c1cc1ceb6f983d4c9d",
+    "zh:e4cb701d0185884eed0492a66eff17251f5b4971d30e81acd5e0a55627059fc8",
+    "zh:f7db2fcf69679925dde1ae326526242fd61ba1f83f614b1f6d9d68c925417e51",
+    "zh:fef331b9b62bc26d900ae937cc662281ff30794edf48aebfe8997d0e16835f6d",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/external" {
+  version     = "2.3.1"
+  constraints = ">= 1.0.0"
+  hashes = [
+    "h1:gznGscVJ0USxy4CdihpjRKPsKvyGr/zqPvBoFLJTQDc=",
+    "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54",
+    "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee",
+    "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd",
+    "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2",
+    "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df",
+    "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e",
+    "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326",
+    "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05",
+    "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8",
+    "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.4.0"
+  constraints = ">= 1.0.0"
+  hashes = [
+    "h1:ZUEYUmm2t4vxwzxy1BvN1wL6SDWrDxfH7pxtzX8c6d0=",
+    "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
+    "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
+    "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
+    "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
+    "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
+    "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
+    "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
+    "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
+    "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
+    "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+  version     = "3.2.1"
+  constraints = ">= 2.0.0"
+  hashes = [
+    "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
+    "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
+    "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
+    "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
+    "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
+    "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
+    "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
+    "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
+    "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
+    "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
+    "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
+  ]
+}
diff --git a/src/lambdas/site-origin-request-handler/terraform/main.tf b/src/lambdas/site-origin-request-handler/terraform/main.tf
new file mode 100644
index 0000000000..6316bdf8a6
--- /dev/null
+++ b/src/lambdas/site-origin-request-handler/terraform/main.tf
@@ -0,0 +1,35 @@
+resource "aws_iam_policy" "lambda_execution_policy" {
+  name = "site-origin-request-handler-s3"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "s3:GetObject"
+        ]
+        Resource = [
+          "arn:aws:s3:::fusionauth-dev-us-east-1-artifacts/*",
+        ]
+      }
+    ]
+  })
+}
+
+module "lambda" {
+  source  = "terraform-aws-modules/lambda/aws"
+  version = "6.0.1"
+
+  lambda_at_edge = true
+
+  function_name = "site-origin-request-handler"
+  description   = "origin-request handler for fusionauth-site cloudfront behaviors"
+  handler       = "index.handler"
+  runtime       = "nodejs18.x"
+  architectures = ["x86_64"]
+
+  source_path = "../src/index.mjs"
+
+  attach_policy = true
+  policy        = aws_iam_policy.lambda_execution_policy.arn
+}
diff --git a/src/lambdas/site-origin-request-handler/terraform/providers.tf b/src/lambdas/site-origin-request-handler/terraform/providers.tf
new file mode 100644
index 0000000000..9faa66e4c3
--- /dev/null
+++ b/src/lambdas/site-origin-request-handler/terraform/providers.tf
@@ -0,0 +1,44 @@
+#
+# Terraform provider configuration
+#
+terraform {
+  required_version = "~> 1.6.2"
+
+  backend "s3" {
+    bucket         = "fusionauth-svc-terraform-state"
+    region         = "us-west-2"
+    dynamodb_table = "terraform-state"
+    encrypt        = true
+    key            = "fusionauth-site/172023253951-us-east-1/lambdas/site-origin-request-handler/terraform.tfstate"
+    role_arn       = "arn:aws:iam::752443094709:role/github-actions"
+  }
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.22.0"
+    }
+  }
+}
+
+#
+# Define the AWS Provider
+#
+provider "aws" {
+  region = "us-east-1"
+  assume_role {
+    role_arn     = "arn:aws:iam::172023253951:role/github-actions"
+    session_name = "fusionauth-site"
+  }
+
+  default_tags {
+    tags = {
+      managedBy       = "terraform"
+      terraformRepo   = "fusionauth-site"
+      terraformConfig = "src/lambdas/site-origin-request-handler/terraform"
+      environment     = "dev"
+      team            = "support"
+      service         = "fusionauth-site"
+    }
+  }
+}
diff --git a/src/lambdas/fusionauth-site-origin-handler/test/index.test.mjs b/src/lambdas/site-origin-request-handler/test/index.test.mjs
similarity index 100%
rename from src/lambdas/fusionauth-site-origin-handler/test/index.test.mjs
rename to src/lambdas/site-origin-request-handler/test/index.test.mjs

From df1ceef2810fa828f47059da1b35aeae69474fe0 Mon Sep 17 00:00:00 2001
From: Lyle Schemmerling <lyle.schemmerling@fusionauth.io>
Date: Fri, 27 Oct 2023 12:05:50 -0600
Subject: [PATCH 3/5] various cosmetic fixes

---
 .../components/api/APIAuthentication.astro    |   4 +-
 astro/src/components/nav/ArticleNav.astro     |   6 +-
 astro/src/components/nav/BlogNav.astro        |   6 +-
 astro/src/components/nav/ComposableNav.astro  |  38 +-
 astro/src/components/nav/DevToolsNav.astro    |   6 +-
 .../_shared/_premium-edition-blurb-api.astro  |   4 +-
 .../src/content/docs/apis/actioning-users.mdx |   2 +-
 astro/src/content/docs/apis/audit-logs.mdx    |   2 +-
 .../lambdas/self-service-registration.mdx     |   6 +-
 .../content/docs/release-notes/archive.mdx    | 913 +++++++++---------
 .../src/content/docs/release-notes/index.mdx  |   1 +
 astro/src/layouts/Default.astro               |   3 +-
 12 files changed, 501 insertions(+), 490 deletions(-)

diff --git a/astro/src/components/api/APIAuthentication.astro b/astro/src/components/api/APIAuthentication.astro
index f1f3893c69..db96e41366 100644
--- a/astro/src/components/api/APIAuthentication.astro
+++ b/astro/src/components/api/APIAuthentication.astro
@@ -14,9 +14,9 @@ const hrefMap = {
 }
 ---
 <div class="border-b-2 flex flex-row font-bold">
-  <div class="mr-2">
+  <div class="mr-2 not-prose">
     { icons.map(i =>
-      <a class="mx-1" href={hrefMap[i]}>
+      <a class="mx-1 no-underline" href={hrefMap[i]}>
         <Icon name={i}/>
       </a>
     )}
diff --git a/astro/src/components/nav/ArticleNav.astro b/astro/src/components/nav/ArticleNav.astro
index 6ab077cf70..7b081e9a32 100644
--- a/astro/src/components/nav/ArticleNav.astro
+++ b/astro/src/components/nav/ArticleNav.astro
@@ -14,11 +14,11 @@ const categoryItems = [
 
 const moreItems = [
   {name: 'Quickstarts', href: '/docs/quickstarts'},
-  {name: 'SDKs', href: '/docs/v1/tech/client-libraries'},
+  {name: 'SDKs', href: '/docs/sdks'},
   {name: 'Downloads', href: '/download'},
   {name: 'Docs', href: '/docs/'},
-  {name: 'API Docs', href: '/docs/v1/tech/apis/'},
-  {name: 'Release Notes', href: '/docs/v1/tech/release-notes'},
+  {name: 'API Docs', href: '/docs/apis'},
+  {name: 'Release Notes', href: '/docs/release-notes'},
   {name: 'Blog', href: '/blog/'},
   {name: 'Developer Tools', href: '/dev-tools/'},
 ];
diff --git a/astro/src/components/nav/BlogNav.astro b/astro/src/components/nav/BlogNav.astro
index ff9f16c0d8..cadf32999e 100644
--- a/astro/src/components/nav/BlogNav.astro
+++ b/astro/src/components/nav/BlogNav.astro
@@ -14,11 +14,11 @@ const categoryItems = [
 
 const moreItems = [
   {name: 'Quickstarts', href: '/docs/quickstarts'},
-  {name: 'SDKs', href: '/docs/v1/tech/client-libraries'},
+  {name: 'SDKs', href: '/docs/sdks'},
   {name: 'Downloads', href: '/download'},
   {name: 'Docs', href: '/docs/'},
-  {name: 'API Docs', href: '/docs/v1/tech/apis/'},
-  {name: 'Release Notes', href: '/docs/v1/tech/release-notes'},
+  {name: 'API Docs', href: '/docs/apis'},
+  {name: 'Release Notes', href: '/docs/release-notes'},
   {name: 'Articles', href: '/articles/'},
   {name: 'Developer Tools', href: '/dev-tools/'},
 ];
diff --git a/astro/src/components/nav/ComposableNav.astro b/astro/src/components/nav/ComposableNav.astro
index cad31a7a76..dc1984de6f 100644
--- a/astro/src/components/nav/ComposableNav.astro
+++ b/astro/src/components/nav/ComposableNav.astro
@@ -38,9 +38,9 @@ const {sectionTitle, breadcrumbs, sectionTitleHref, categoryItems, moreItems, ca
     </div>
 
     <nav id="header-nav"
-         class="absolute hidden left-0 right-0 top-16 p-0 bg-slate-900 lg:bg-transparent lg:flex lg:h-auto lg:items-center lg:ml-auto lg:p-0 lg:static lg:dark:bg-transparent">
+         class="absolute hidden left-0 right-0 top-16 p-0 bg-slate-900 lg:bg-transparent lg:flex lg:h-auto lg:items-center lg:ml-auto lg:p-0 lg:static lg:dark:bg-transparent z-50">
 
-      <div class="menu-group-container group lg:float-left lg:inline-block lg:relative lg:mx-3 lg:z-50">
+      <div class="menu-group-container group lg:float-left lg:flex lg:flex-col lg:relative lg:mx-3 lg:h-full lg:justify-center">
         <div class="menu-button-container hidden lg:block">
           <div class="mb-1 text-base lg:mb-0">
             <button type="button" class="font-medium gap-x-1.5 group hover:text-indigo-500 inline-flex text-base text-white"
@@ -56,24 +56,28 @@ const {sectionTitle, breadcrumbs, sectionTitleHref, categoryItems, moreItems, ca
         </div>
 
         <div
-          class="menu-content-container lg:origin-top-left lg:opacity-0 lg:group-hover:opacity-100 lg:group-hover:scale-100 lg:scale-[.25] lg:z-10 lg:mr-3 lg:absolute lg:duration-300 menu-content lg:transition lg:bg-white lg:-mt-1 lg:outline-none lg:right-0 lg:rounded-md lg:shadow-xl lg:text-base lg:top-10 lg:w-48"
+          class="menu-content-container lg:origin-top-left lg:opacity-0 lg:group-hover:opacity-100 lg:group-hover:scale-100 lg:scale-[.25] lg:z-10 lg:mr-3 lg:absolute lg:duration-300 menu-content lg:transition lg:bg-white lg:-mt-1 lg:outline-none lg:right-0 lg:rounded-md lg:shadow-xl lg:text-base lg:top-12 lg:w-48"
           role="menu" aria-orientation="vertical" aria-labelledby="menu-button" tabindex="-1" id="category-menu">
           <ul class="mb-5 ml-4 lg:mb-0 lg:ml-0 lg:space-y-0 lg:flex lg:flex-col">
             {categoryItems && categoryItems.map((item ,idx) =>
               <li class:list={[
-                idx === 0 ? "lg:pt-4" : "lg:pt-2",
-                idx === categoryItems.length - 1 ? "lg:pb-4" : "lg:pb-2",
-                "lg:border-l-0 lg:hover:border-l-0 lg:block lg:font-medium lg:hover:text-indigo-500 lg:px-4  lg:text-slate-700 lg:text-sm",
-                "block border-l-2 border-slate-700 border-solid font-semibold hover:border-indigo-500 hover:border-l-2 hover:border-solid hover:ease-linear hover:text-indigo-500 hover:transition-colors px-3 py-2 relative text-base text-white"
+                "lg:border-l-0 lg:hover:border-l-0 lg:block lg:font-medium lg:hover:text-indigo-500 lg:px-0 lg:text-slate-700 lg:text-sm",
+                "block border-l-2 border-slate-700 border-solid font-semibold hover:border-indigo-500 hover:border-l-2 hover:border-solid hover:ease-linear hover:text-indigo-500 hover:transition-colors relative text-base text-white"
               ]}>
-                <a href={item.href}>{item.name}</a>
+                <a class:list={[
+                  idx === 0 ? "lg:pt-4" : "lg:pt-2",
+                  idx === categoryItems.length - 1 ? "lg:pb-4" : "lg:pb-2",
+                  "block w-full px-3 lg:pl-4 py-2"]} href={item.href}
+                >
+                  {item.name}
+                </a>
               </li>
             )}
           </ul>
         </div>
       </div>
 
-      <div class="menu-group-container group lg:float-right lg:inline-block lg:relative lg:mx-3 lg:z-50">
+      <div class="menu-group-container group lg:float-right lg:flex lg:flex-col lg:relative lg:mx-3 lg:h-full lg:justify-center">
 
         <div class="menu-button-container hidden lg:block">
           <div class="mb-1 text-base lg:mb-0">
@@ -90,17 +94,21 @@ const {sectionTitle, breadcrumbs, sectionTitleHref, categoryItems, moreItems, ca
         </div>
 
         <div
-          class="menu-content-container lg:origin-top-right lg:opacity-0 lg:group-hover:opacity-100 lg:group-hover:scale-100 lg:scale-[.25] lg:z-10 lg:mr-3 lg:absolute lg:duration-300 menu-content lg:transition lg:bg-white lg:-mt-1 lg:outline-none lg:right-0 lg:rounded-md lg:shadow-xl lg:text-base lg:top-10 lg:w-48"
+          class="menu-content-container lg:origin-top-right lg:opacity-0 lg:group-hover:opacity-100 lg:group-hover:scale-100 lg:scale-[.25] lg:z-10 lg:mr-3 lg:absolute lg:duration-300 menu-content lg:transition lg:bg-white lg:-mt-1 lg:outline-none lg:right-0 lg:rounded-md lg:shadow-xl lg:text-base lg:top-12 lg:w-48"
           role="menu" aria-orientation="vertical" aria-labelledby="menu-button" tabindex="-1" id="more-menu">
           <ul class="mb-5 ml-4 lg:mb-0 lg:ml-0 lg:space-y-0 lg:flex lg:flex-col">
             {moreItems && moreItems.map((item, idx) =>
               <li class:list={[
-                idx === 0 ? "lg:pt-4" : "lg:pt-2",
-                idx === moreItems.length - 1 ? "lg:pb-4" : "lg:pb-2",
-                "lg:border-l-0 lg:hover:border-l-0 lg:block lg:font-medium lg:hover:text-indigo-500 lg:px-4 lg:text-slate-700 lg:text-sm",
-                "block border-l-2 border-slate-700 border-solid font-semibold hover:border-indigo-500 hover:border-l-2 hover:border-solid hover:ease-linear hover:text-indigo-500 hover:transition-colors px-3 py-2 relative text-base text-white"
+                "lg:border-l-0 lg:hover:border-l-0 lg:block lg:font-medium lg:hover:text-indigo-500 lg:px-0 lg:text-slate-700 lg:text-sm",
+                "block border-l-2 border-slate-700 border-solid font-semibold hover:border-indigo-500 hover:border-l-2 hover:border-solid hover:ease-linear hover:text-indigo-500 hover:transition-colors relative text-base text-white"
               ]}>
-                <a href={item.href}>{item.name}</a>
+                <a class:list={[
+                  idx === 0 ? "lg:pt-4" : "lg:pt-2",
+                  idx === categoryItems.length - 1 ? "lg:pb-4" : "lg:pb-2",
+                  "block w-full px-3 lg:pl-4 py-2"]} href={item.href}
+                >
+                  {item.name}
+                </a>
               </li>
             )}
           </ul>
diff --git a/astro/src/components/nav/DevToolsNav.astro b/astro/src/components/nav/DevToolsNav.astro
index 8e804a43df..9c0155733b 100644
--- a/astro/src/components/nav/DevToolsNav.astro
+++ b/astro/src/components/nav/DevToolsNav.astro
@@ -11,11 +11,11 @@ const categoryItems = [
 
 const moreItems = [
   {name: 'Quickstarts', href: '/docs/quickstarts'},
-  {name: 'SDKs', href: '/docs/v1/tech/client-libraries'},
+  {name: 'SDKs', href: '/docs/sdks'},
   {name: 'Downloads', href: '/download'},
   {name: 'Blog', href: '/blog/'},
-  {name: 'API Docs', href: '/docs/v1/tech/apis/'},
-  {name: 'Release Notes', href: '/docs/v1/tech/release-notes'},
+  {name: 'API Docs', href: '/docs/apis'},
+  {name: 'Release Notes', href: '/docs/release-notes'},
   {name: 'Articles', href: '/articles/'},
   {name: 'Docs', href: '/docs/'},
 ];
diff --git a/astro/src/content/docs/_shared/_premium-edition-blurb-api.astro b/astro/src/content/docs/_shared/_premium-edition-blurb-api.astro
index 53c9bc65ce..2a4fccc808 100644
--- a/astro/src/content/docs/_shared/_premium-edition-blurb-api.astro
+++ b/astro/src/content/docs/_shared/_premium-edition-blurb-api.astro
@@ -1,6 +1,6 @@
 ---
 const { feature } = Astro.props;
 ---
-{feature && <><strong>Note:</strong>A paid plan is required to utilize {feature}.</>}
-{!feature && <><strong>Note:</strong>A paid plan is required to utilize <slot></slot>.</>}
+{feature && <><strong>Note:</strong> A paid plan is required to utilize {feature}.</>}
+{!feature && <><strong>Note:</strong> A paid plan is required to utilize <slot></slot>.</>}
 
diff --git a/astro/src/content/docs/apis/actioning-users.mdx b/astro/src/content/docs/apis/actioning-users.mdx
index 71720591c8..be60d0dea6 100644
--- a/astro/src/content/docs/apis/actioning-users.mdx
+++ b/astro/src/content/docs/apis/actioning-users.mdx
@@ -1,5 +1,5 @@
 ---
-title: Actioning Users
+title: Actioning Users APIs
 description: Learn how the FusionAuth API can be used to take actions on users
 section: apis
 ---
diff --git a/astro/src/content/docs/apis/audit-logs.mdx b/astro/src/content/docs/apis/audit-logs.mdx
index 574ab98ec3..015199d36b 100644
--- a/astro/src/content/docs/apis/audit-logs.mdx
+++ b/astro/src/content/docs/apis/audit-logs.mdx
@@ -1,5 +1,5 @@
 ---
-title: Audit Logs
+title: Audit Logs APIs
 description: The APIs for adding entries to, searching, and exporting the audit log
 section: apis
 ---
diff --git a/astro/src/content/docs/extend/code/lambdas/self-service-registration.mdx b/astro/src/content/docs/extend/code/lambdas/self-service-registration.mdx
index 12c6ea5260..d417ac8245 100644
--- a/astro/src/content/docs/extend/code/lambdas/self-service-registration.mdx
+++ b/astro/src/content/docs/extend/code/lambdas/self-service-registration.mdx
@@ -46,7 +46,7 @@ First you need to set up an advanced registration form with two steps. The lambd
 
 You will also add appropriate messaging to your theme.
 
-<img src="/img/docs/extend/code/lambdas/self-service-reg-messages.png" alt="Self-Service registration example theme messages" width="600" role="bottom-cropped top-cropped" />
+<img src="/img/docs/extend/code/lambdas/self-service-reg-messages.png" alt="Self-Service registration example theme messages" width="800" role="bottom-cropped top-cropped" />
 
 Then you will supply the following lambda code for the validation
 
@@ -70,9 +70,9 @@ function validate(result, user, registration, context) {
 
 When a user goes to register they will see this form step
 
-<img src="/img/docs/extend/code/lambdas/self-service-reg-form-blank.png" alt="Self-Service registration example blank form step" width="600" role="bottom-cropped top-cropped" />
+<img src="/img/docs/extend/code/lambdas/self-service-reg-form-blank.png" alt="Self-Service registration example blank form step" width="800" role="bottom-cropped top-cropped" />
 
 When the user submits the wrong future auth provider FusionAuth will trigger the validation and supply the error message
 
-<img src="/img/docs/extend/code/lambdas/self-service-reg-form-invalid.png" alt="Self-Service registration example invalid form step" width="600" role="bottom-cropped top-cropped" />
+<img src="/img/docs/extend/code/lambdas/self-service-reg-form-invalid.png" alt="Self-Service registration example invalid form step" width="800" role="bottom-cropped top-cropped" />
 
diff --git a/astro/src/content/docs/release-notes/archive.mdx b/astro/src/content/docs/release-notes/archive.mdx
index 214622a2f9..0fc306822c 100644
--- a/astro/src/content/docs/release-notes/archive.mdx
+++ b/astro/src/content/docs/release-notes/archive.mdx
@@ -2,6 +2,7 @@
 title: Archived Release Notes
 description: Release notes for each version of FusionAuth
 section: release notes
+disableTOC: true
 ---
 import DatabaseMigrationWarning from 'src/content/docs/release-notes/__database-migration-warning.mdx';
 import GeneralMigrationWarning from 'src/content/docs/release-notes/__general-migration-warning.mdx';
@@ -19,26 +20,26 @@ Looking for release notes newer than 1.22.2? Look at the latest [release notes](
 
 ### Fixed
 * When using a connector, if the provided password does not meet the configured password constraints the login attempt will fail. This is by design, however because FusionAuth is not the Source of Record (SoR) it should not be required that the password to meet the configured password constraints. The current SoR should enforce their own own password constraints. If the connector is configured to migrate the user, and the tenant policy is configured to validate password constraints on login, the password will be validated according to this policy.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1020[GitHub Issue #1020], thanks to https://github.com/ckolbeck-streem[@ckolbeck-streem] for the help!
+  * Resolves [GitHub Issue #1020](https://github.com/FusionAuth/fusionauth-issues/issues/1020), thanks to [@ckolbeck-streem](https://github.com/ckolbeck-streem) for the help!
 * Using the Verify Email workflow on the FusionAuth themed pages when the email address has a plus sign (`+`) in the local part of the address may fail to send the user an email.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1034[GitHub Issue #1034]
+  * Resolves [GitHub Issue #1034](https://github.com/FusionAuth/fusionauth-issues/issues/1034)
 
 
 <ReleaseNoteHeading version="1.22.1" releaseDate="December 8th, 2020" />
 
 ### Fixed
 * When endpoint discovery is disabled, OpenID Connect endpoint validation errors may be hidden when editing the OpenID Connect IdP configuration in the UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/794[GitHub Issue #794]
+  * Resolves [GitHub Issue #794](https://github.com/FusionAuth/fusionauth-issues/issues/794)
 * The Manage User page may fail to render when the user has an action or comment made by a user without an email address.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1012[GitHub Issue #1012], nice catch by https://github.com/pamcpd[@pamcpd]!
+  * Resolves [GitHub Issue #1012](https://github.com/FusionAuth/fusionauth-issues/issues/1012), nice catch by [@pamcpd](https://github.com/pamcpd)!
 * The `tenantId` parameter may not be preserved correctly in a multi-tenant configuration during the Device authorization grant.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1016[GitHub Issue #1016], thanks to https://github.com/JediSquirrel[@JediSquirrel] and https://github.com/jerryhopper[@jerryhopper] for reporting!
+  * Resolves [GitHub Issue #1016](https://github.com/FusionAuth/fusionauth-issues/issues/1016), thanks to [@JediSquirrel](https://github.com/JediSquirrel) and [@jerryhopper](https://github.com/jerryhopper) for reporting!
 
 ### Enhancements
 * Limit the origin validation during OAuth2 grants that occur as a result of a redirect from FusionAuth.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1018[GitHub Issue #1018], thanks to our Icelandic friend https://github.com/eirikur-grid[@eirikur-grid] for reporting.
+  * Resolves [GitHub Issue #1018](https://github.com/FusionAuth/fusionauth-issues/issues/1018), thanks to our Icelandic friend [@eirikur-grid](https://github.com/eirikur-grid) for reporting.
 * Expose the default signing key Id as a Kickstart variable. See the [Kickstart installation guide](/docs/get-started/download-and-install/development/kickstart#reference) for additional detail.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1026[GitHub Issue #1026], thanks to https://github.com/dan-barrett[@dan-barrett] for the request!
+  * Resolves [GitHub Issue #1026](https://github.com/FusionAuth/fusionauth-issues/issues/1026), thanks to [@dan-barrett](https://github.com/dan-barrett) for the request!
 
 
 <ReleaseNoteHeading version="1.22.0" releaseDate="December 1st, 2020" />
@@ -47,39 +48,39 @@ Looking for release notes newer than 1.22.2? Look at the latest [release notes](
 
 ### Changed
 * The Application and Tenant domain objects now contain a `state` field that will be returned on the API response.
-** This new `state` field replaces the `active` boolean on the Application object and API. The `active` field is now deprecated, and backwards compatibility will be preserved.
+  * This new `state` field replaces the `active` boolean on the Application object and API. The `active` field is now deprecated, and backwards compatibility will be preserved.
 
 ### Fixed
 * When viewing a form in the UI, the required column value may not be correct.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/975[GitHub Issue #975]
+  * Resolves [GitHub Issue #975](https://github.com/FusionAuth/fusionauth-issues/issues/975)
 * Unable to request a second 2FA code on the themed login page during a 2FA login request. See the linked GitHub isssue for a work around.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/980[GitHub Issue #980], thanks to https://github.com/DaviddH[@DaviddH] for reporting the issue!
+  * Resolves [GitHub Issue #980](https://github.com/FusionAuth/fusionauth-issues/issues/980), thanks to [@DaviddH](https://github.com/DaviddH) for reporting the issue!
 * A missing message may cause an exception during a login attempt when using an LDAP connector.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/981[GitHub Issue #981], thanks to https://github.com/ruckc[@ruckc] for letting us know.
+  * Resolves [GitHub Issue #981](https://github.com/FusionAuth/fusionauth-issues/issues/981), thanks to [@ruckc](https://github.com/ruckc) for letting us know.
 * Incorrect message shown on a registration form when no fields have been added, this is purely a cosmetic issue.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/983[GitHub Issue #983]
+  * Resolves [GitHub Issue #983](https://github.com/FusionAuth/fusionauth-issues/issues/983)
 * The view dialog for an a Google IdP incorrectly shows the client secret for both the Client Id and the Client secret fields.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/999[GitHub Issue #999]
+  * Resolves [GitHub Issue #999](https://github.com/FusionAuth/fusionauth-issues/issues/999)
 * Selecting a preferred language during login may append this value to the user's configuration allowing for possible duplicate locales.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1006[GitHub Issue #1006], thanks to https://github.com/arni-inaba[@arni-inaba] for reporting the issue.
-* Using the Import API to import users to a tenant other than the default tenant when more than one tenant is configured may fail validation. This issue was introduced in version 1.20.0 under https://github.com/FusionAuth/fusionauth-issues/issues/915[GitHub Issue #915].
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1008[GitHub Issue #1008]
+  * Resolves [GitHub Issue #1006](https://github.com/FusionAuth/fusionauth-issues/issues/1006), thanks to [@arni-inaba](https://github.com/arni-inaba) for reporting the issue.
+* Using the Import API to import users to a tenant other than the default tenant when more than one tenant is configured may fail validation. This issue was introduced in version 1.20.0 under [GitHub Issue #915](https://github.com/FusionAuth/fusionauth-issues/issues/915).
+  * Resolves [GitHub Issue #1008](https://github.com/FusionAuth/fusionauth-issues/issues/1008)
 * Logging out of FusionAuth SSO when you have a webhook configured to receive the Refresh Token Revoke event, may cause an exception that will be found in an event log.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1017[GitHub Issue #1017]
+  * Resolves [GitHub Issue #1017](https://github.com/FusionAuth/fusionauth-issues/issues/1017)
 
 ### New
 * The Elasticsearch index name can now be configured. This may be helpful if you wish to run multiple instances of FusionAuth on the same Elasticsearch cluster. See `fusionauth-app.user-search-index.name` in the FusionAuth configuration for additional details.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/631[GitHub Issue #631], thanks to https://github.com/chrishare08[@chrishare08] for the suggestion.
+  * Resolves [GitHub Issue #631](https://github.com/FusionAuth/fusionauth-issues/issues/631), thanks to [@chrishare08](https://github.com/chrishare08) for the suggestion.
 * Add async support for the Delete Tenant API. Deleting a tenant can take a very long time, so when deleting a tenant from the UI, FusionAuth will use the new async option. If you are making an API request to delete a tenant with many users, you may wish to use the async option. See the Tenant API for additional details.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/990[GitHub Issue #990]
+  * Resolves [GitHub Issue #990](https://github.com/FusionAuth/fusionauth-issues/issues/990)
 
 ### Enhancements
 * The Elasticsearch reindex operation is now much faster, especially when re-indexing more than 1 million users. On a reasonably fast system, 1 million users can be re-indexed in approximately 3 minutes, this time is linear as you increase the user count. In general there is no need to re-index in production, but in a development phase or as part of a database migration it may be necessary to re-index the FusionAuth users.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/918[GitHub Issue #918]
+  * Resolves [GitHub Issue #918](https://github.com/FusionAuth/fusionauth-issues/issues/918)
 * When configuring an IdP that requires additional CORS configuration to operate properly, FusionAuth will display a warning message in the UI. This message has been updated to make it clearer that additional user action isn required to complete the configuration.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/998[GitHub Issue #998]
+  * Resolves [GitHub Issue #998](https://github.com/FusionAuth/fusionauth-issues/issues/998)
 * Increase the read timeout to third party identity providers. It has been reported that the Apple identity provider in particular may experience a read timeout for particular accounts.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/1010[GitHub Issue #1010], thanks to https://github.com/thekoding[@thekoding] for the suggestion.
+  * Resolves [GitHub Issue #1010](https://github.com/FusionAuth/fusionauth-issues/issues/1010), thanks to [@thekoding](https://github.com/thekoding) for the suggestion.
 
 
 <ReleaseNoteHeading version="1.21.0" releaseDate="November 10th, 2020" />
@@ -88,48 +89,48 @@ Looking for release notes newer than 1.22.2? Look at the latest [release notes](
 
 ## Known Issues
 * If you are using PostgreSQL and you are using FusionAuth as a SAML v2 IdP, upgrading to this version will break your SAML v2 IdP configuration. Resolved in 1.23.2.
-** If you are running FusionAuth prior to this version, skip to 1.23.2 to avoid the issue. If you need to update to this version or any version after this version but prior to 1.23.2, you will want to record your existing SAML v2 IdP configuration for each application with SAML v2 IdP enabled so that you can re-configure after the upgrade has completed.
+  * If you are running FusionAuth prior to this version, skip to 1.23.2 to avoid the issue. If you need to update to this version or any version after this version but prior to 1.23.2, you will want to record your existing SAML v2 IdP configuration for each application with SAML v2 IdP enabled so that you can re-configure after the upgrade has completed.
 
 ### Fixed
 * Beginning in version 1.9.0, if you are using the SAML IdP configuration to connect to a third party SAML v2 IdP and you are not using the FusionAuth login pages, you must initiate this request with FusionAuth by using the [Start Login Request](/docs/apis/identity-providers/overview-samlv2#start-a-saml-v2-login-request) API. When making this start request w/out any additional custom data on the API request, an exception may occur. Review the linked issue for a workaround if you are unable to update to this patch release.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/963[GitHub Issue #963]
+  * Resolves [GitHub Issue #963](https://github.com/FusionAuth/fusionauth-issues/issues/963)
 * Using Bcrypt as the default hashing scheme may cause an exception to occur in some circumstances.
-** https://github.com/FusionAuth/fusionauth-issues/issues/966[GitHub Issue #966], thanks to https://github.com/wasdennnoch[@wasdennnoch] for reporting the issue and providing great debug info.
+  * [GitHub Issue #966](https://github.com/FusionAuth/fusionauth-issues/issues/966), thanks to [@wasdennnoch](https://github.com/wasdennnoch) for reporting the issue and providing great debug info.
 * Add custom data on the Consent object to the view dialog in the UI, and fix some possible issues with editing Consent and other similar objects with custom data in the UI. In some cases, editing an object such as a Consent in the UI will cause you to lose any custom data you had previously stored.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/970[GitHub Issue #970], thanks to https://github.com/mgetka[@mgetka] for opening this issue.
+  * Resolves [GitHub Issue #970](https://github.com/FusionAuth/fusionauth-issues/issues/970), thanks to [@mgetka](https://github.com/mgetka) for opening this issue.
 
 ### Enhancements
 * The location of the XML signature in the SAML response may be configured to be a child of the `Assertion` element, or the `Response`. The default location is `Assertion` which is the same as the previous behavior to ensure backwards compatibility. In most cases the default configuration is adequate, if you have a SAML v2 Service Provider that requires the signature as a child element of the Response use this configuration to satisify this requirement.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/365[GitHub Issue #365], thanks to https://github.com/mikerees[@mikerees] for requesting this feature.
+  * Resolves [GitHub Issue #365](https://github.com/FusionAuth/fusionauth-issues/issues/365), thanks to [@mikerees](https://github.com/mikerees) for requesting this feature.
 * The PKCE extension will now be used by the the OpenID Connect IdP configuration that allows you to connect to third party OpenID Connect identity providers. This allows FusionAuth to be compatible with identity providers that may require PKCE. This change is compatible even if your identity provider does not require or does not support PKCE.
-** https://github.com/FusionAuth/fusionauth-issues/issues/968[GitHub Issue #968], thanks to https://github.com/jandillmann[@jandillmann] for the request!
+  * [GitHub Issue #968](https://github.com/FusionAuth/fusionauth-issues/issues/968), thanks to [@jandillmann](https://github.com/jandillmann) for the request!
 * Add the `application` domain object to email templates when available. This will allow you to use the Application name using `${application.name}` in your template.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/976[GitHub Issue #976]
+  * Resolves [GitHub Issue #976](https://github.com/FusionAuth/fusionauth-issues/issues/976)
 
 
 <ReleaseNoteHeading version="1.20.1" releaseDate="October 30th, 2020" />
 
 ### Fixed
 * UI sorting preferences were not preserved after a page refresh
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/461[GitHub Issue #461], thanks to https://github.com/mreschke[@mreschke] (a fellow Coloradan) for letting us know!
+  * Resolves [GitHub Issue #461](https://github.com/FusionAuth/fusionauth-issues/issues/461), thanks to [@mreschke](https://github.com/mreschke) (a fellow Coloradan) for letting us know!
 * Update a tooltip to better describe the use of <InlineField>Require authentication</InlineField> in the OAuth settings
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/654[GitHub Issue #654], thanks to https://github.com/JuliusPC[@JuliusPC] for the suggestion.
+  * Resolves [GitHub Issue #654](https://github.com/FusionAuth/fusionauth-issues/issues/654), thanks to [@JuliusPC](https://github.com/JuliusPC) for the suggestion.
 * A exception may occur if you attempt to change your password immediately after installation before modifying the Tenant configuration to configure email, JWT settings etc.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/758[GitHub Issue #758], thanks to https://github.com/srothery[@srothery] for the report and debug assistance!
+  * Resolves [GitHub Issue #758](https://github.com/FusionAuth/fusionauth-issues/issues/758), thanks to [@srothery](https://github.com/srothery) for the report and debug assistance!
 * Providing duplicate connector policies on the Tenant API may cause an exception
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/917[GitHub Issue #917]
+  * Resolves [GitHub Issue #917](https://github.com/FusionAuth/fusionauth-issues/issues/917)
 * Set the Twitter tokens in the User Registration after logging in with Twitter
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/937[GitHub Issue #937], thanks to https://github.com/LohithBlaze[@LohithBlaze] for reporting the bug.
+  * Resolves [GitHub Issue #937](https://github.com/FusionAuth/fusionauth-issues/issues/937), thanks to [@LohithBlaze](https://github.com/LohithBlaze) for reporting the bug.
 * Allow the Refresh Token meta data fields to be set during the Password Grant
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/947[GitHub Issue #947], thanks to https://github.com/ShayMoshe[@ShayMoshe] for letting us know about this limitation.
+  * Resolves [GitHub Issue #947](https://github.com/FusionAuth/fusionauth-issues/issues/947), thanks to [@ShayMoshe](https://github.com/ShayMoshe) for letting us know about this limitation.
 
 ### Enhancements
 * Add additional Kickstart settings to modify the default timeouts used to make API calls to FusionAuth.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/803[GitHub Issue #803], thanks to https://github.com/seanadkinson[@seanadkinson] for the suggestion!
+  * Resolves [GitHub Issue #803](https://github.com/FusionAuth/fusionauth-issues/issues/803), thanks to [@seanadkinson](https://github.com/seanadkinson) for the suggestion!
 * Expose default Lambda and Form Ids to Kickstart so you can assign one of the default Lambdas to an identity provider configuration.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/836[GitHub Issue #836], thanks to https://github.com/LohithBlaze[@LohithBlaze] for letting us know about this limitation.
+  * Resolves [GitHub Issue #836](https://github.com/FusionAuth/fusionauth-issues/issues/836), thanks to [@LohithBlaze](https://github.com/LohithBlaze) for letting us know about this limitation.
 * Return the `encryptionScheme` on the User API response when authenticated using an API key.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/955[GitHub Issue #955]
+  * Resolves [GitHub Issue #955](https://github.com/FusionAuth/fusionauth-issues/issues/955)
 
 
 <ReleaseNoteHeading version="1.20.0" releaseDate="October 23rd, 2020" />
@@ -141,53 +142,53 @@ Looking for release notes newer than 1.22.2? Look at the latest [release notes](
 +
 In order to run on `alpine` without including the GNU C Library (`glibc`) we had to use a custom build of OpenJDK compiled using the `musl` C library. Due to some possible performance concerns, we have moved to an official build of JDK provide by AdoptOpenJDK compiled using `glibc`. The `ubuntu:focal` base image added ~ 30 MB in size compared to our previous (compressed) image size, but until we can obtain builds from AdoptOpenJDK based upon the `musl` C library, we will not likely ship an official image on `alpine`.
 +
-** https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/fusionauth-app/Dockerfile[fusionauth-containers / docker / fusionauth / fusionauth-app / Dockerfile]
-** https://hub.docker.com/r/fusionauth/fusionauth-app/tags[hub.docker.com / fusionauth / fusionauth-app]
+  * [fusionauth-containers / docker / fusionauth / fusionauth-app / Dockerfile](https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/fusionauth-app/Dockerfile)
+  * [hub.docker.com / fusionauth / fusionauth-app](https://hub.docker.com/r/fusionauth/fusionauth-app/tags)
 
 ### Fixed
 * Resolve a warning message about an upcoming deprecated use of reflection in a FusionAuth dependency. This warning message was not causing any failures, it was just noisy.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/721[GitHub Issue #721]
+  * Resolves [GitHub Issue #721](https://github.com/FusionAuth/fusionauth-issues/issues/721)
 * A negative count may be displayed in the FusionAuth dashboard and other reports. This was primarily due to how the delete tenant was handled as it related to keeping track of total user counts. The delete tenant code path no longer utilizes the Elasticsearch index and takes a safer approach to deleting users and keeping track of total counts.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/799[GitHub Issue #799], thanks to https://github.com/gurupras[@gurupras] for helping us out with this one!
+  * Resolves [GitHub Issue #799](https://github.com/FusionAuth/fusionauth-issues/issues/799), thanks to [@gurupras](https://github.com/gurupras) for helping us out with this one!
 * Better user experience for advanced self service forms once a license has been de-activated.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/861[GitHub Issue #861]
+  * Resolves [GitHub Issue #861](https://github.com/FusionAuth/fusionauth-issues/issues/861)
 * Fix self service registration form validation when using custom options with a `select`, `radio` or `checkbox.`
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/863[GitHub Issue #863]
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/865[GitHub Issue #865]
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/867[GitHub Issue #867]
+  * Resolves [GitHub Issue #863](https://github.com/FusionAuth/fusionauth-issues/issues/863)
+  * Resolves [GitHub Issue #865](https://github.com/FusionAuth/fusionauth-issues/issues/865)
+  * Resolves [GitHub Issue #867](https://github.com/FusionAuth/fusionauth-issues/issues/867)
 * Fix UI form validation when adding and removing fields from an existing self service registration from.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/866[GitHub Issue #866]
+  * Resolves [GitHub Issue #866](https://github.com/FusionAuth/fusionauth-issues/issues/866)
 * The `applicationId` was not validated on the Import User API, the import would still correctly fail, just not in a developer friendly way.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/915[GitHub Issue #915]
+  * Resolves [GitHub Issue #915](https://github.com/FusionAuth/fusionauth-issues/issues/915)
 * Fix a typo the Activate Reactor page in the UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/945[GitHub Issue #945]
+  * Resolves [GitHub Issue #945](https://github.com/FusionAuth/fusionauth-issues/issues/945)
 * When using self service registration, the `authenticationType` claim found in the resulting JWT was always `PASSWORD` even if the authentication was performed using Facebook, Google or other identity provider.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/948[GitHub Issue #948]
+  * Resolves [GitHub Issue #948](https://github.com/FusionAuth/fusionauth-issues/issues/948)
 
 ### New
 - Support for SAML v2 POST bindings to a third party SAML v2 Identity Provider (IdP) when FusionAuth is acting as the SAML v2 Service Provider (SP).
-* Resolves https://github.com/FusionAuth/fusionauth-issues/issues/845[GitHub Issue #845]
+* Resolves [GitHub Issue #845](https://github.com/FusionAuth/fusionauth-issues/issues/845)
 - Add the SAML v2 `SessionIndex` in the SAML v2 AuthN request.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/896[GitHub Issue #896]
+  * Resolves [GitHub Issue #896](https://github.com/FusionAuth/fusionauth-issues/issues/896)
 - You may now customize the Add and Edit form used to manage users in the FusionAuth admin UI. You may add or remove existing fields found on the User form, or add new fields to allow n admin to manage custom user data.  This can be used with advanced self service registration, or as a standalone feature.
 * This feature requires a paid edition of FusionAuth.
-* Resolves https://github.com/FusionAuth/fusionauth-issues/issues/753[GitHub Issue #753]
+* Resolves [GitHub Issue #753](https://github.com/FusionAuth/fusionauth-issues/issues/753)
 - You may now customize the Add and Edit User Registration form used to manage user registration in the FusionAuth admin UI. You may add or remove existing fields found on the User Registration form, or add new fields to allow an admin to manage custom registration data.  This can be used with advanced self service registration, or as a standalone feature.
 * This feature requires a paid edition of FusionAuth.
-* Resolves https://github.com/FusionAuth/fusionauth-issues/issues/753[GitHub Issue #753]
+* Resolves [GitHub Issue #753](https://github.com/FusionAuth/fusionauth-issues/issues/753)
 
 ### Enhancements
 * When configuring FusionAuth as the SAML v2 IdP, you may not configure one to many redirect URLs, also referred to as Assertion Consumer Service (ACS) URLs. This will allow you to support more than one redirect configuration per FusionAuth application.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/502[GitHub Issue #502]
+  * Resolves [GitHub Issue #502](https://github.com/FusionAuth/fusionauth-issues/issues/502)
 * When using more then one tenant the `tenantId` is documented to be required when using the OAuth2 endpoints. However, in some cases it may not be provided, this enhancement allows the correct tenant to be identified during logout when only the `id_token_hint` is provided on the request to `/oauth2/logout` endpoint. This issue only affects FusionAuth versions `1.19.0` and greater due to the addition to multi-tenant SSO. Prior to version `1.19.0`, it was not possible to be logged into more than one tenant at once using FusionAuth SSO.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/925[GitHub Issue #925]
+  * Resolves [GitHub Issue #925](https://github.com/FusionAuth/fusionauth-issues/issues/925)
 * Initial build support for multi-arch Docker images. FusionAuth is not yet publishing images for these additional arch types, but we are trying to better support these builds in our base image definition. This should help those running FusionAuth on IBM z(s390x), IBM Power(64 bit PowerPC) and various ARM platforms including AWS Graviton, Apple Bionic and embedded platforms such as Raspberry Pi.
 +
-Thanks to a bunch of our FusionAuth MVPs including, but not limited to https://github.com/jerryhopper[@jerryhopper], https://github.com/arslanakhtar61[@arslanakhtar61], and https://github.com/ceefour[@ceefour], for helping with this work through code, advice and domain knowledge that we don't have!
+Thanks to a bunch of our FusionAuth MVPs including, but not limited to [@jerryhopper](https://github.com/jerryhopper), [@arslanakhtar61](https://github.com/arslanakhtar61), and [@ceefour](https://github.com/ceefour), for helping with this work through code, advice and domain knowledge that we don't have!
 +
-** https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/fusionauth-app/Dockerfile[fusionauth-containers / docker / fusionauth / fusionauth-app / Dockerfile]
-** [Multi-Architecture Builds](https://github.com/FusionAuth/fusionauth-containers#multi-architecture-builds)
-** https://github.com/FusionAuth/fusionauth-containers/issues/49[GitHub [fusionauth-containers\] Issue #49]
+  * [fusionauth-containers / docker / fusionauth / fusionauth-app / Dockerfile](https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/fusionauth-app/Dockerfile)
+  * [Multi-Architecture Builds](https://github.com/FusionAuth/fusionauth-containers#multi-architecture-builds)
+  * [GitHub [fusionauth-containers\](https://github.com/FusionAuth/fusionauth-containers/issues/49) Issue #49]
 
 
 
@@ -196,15 +197,15 @@ Thanks to a bunch of our FusionAuth MVPs including, but not limited to https://g
 ### Fixed
 
 * The documented configuration parameter `fusionauth-app.http.port` is not picked up by FusionAuth. If you were to override the default value of `9011`, the server will properly bind to the correct port, but FusionAuth will not use this local port to connect to itself.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/891[GitHub Issue #891]
+  * Resolves [GitHub Issue #891](https://github.com/FusionAuth/fusionauth-issues/issues/891)
 * When importing users using the Import API on PostgreSQL, if you have a wide distribution of values for the `insertInstant` on the User object, you may encounter a PostgreSQL exception.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/892[GitHub Issue #892]
+  * Resolves [GitHub Issue #892](https://github.com/FusionAuth/fusionauth-issues/issues/892)
 * Disable Elasticsearch Sniffer by default. The Elasticsearch Sniffer was enabled in version 1.19.0 to allow a single connection to Elasticsearch discover the other nodes in the cluster by the Elasticsearch REST client. This causes problems for cloud managed services or Elasticsearch running within a container service such as k8s. Turn this off by default, and allow it to be enabled if desired. See new configuration property `search.sniffer`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/893[GitHub Issue #893]
+  * Resolves [GitHub Issue #893](https://github.com/FusionAuth/fusionauth-issues/issues/893)
 
 ### Enhancements
 * Add a `referrer` meta tag to provide a default policy for the browser. Most browsers are now providing a decent default value, but this will ensure a secure default value is utilized. New Themes will default to `strict-origin` but this can be modified in the Helper template, and can also be added to existing themes.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/894[GitHub Issue #894]
+  * Resolves [GitHub Issue #894](https://github.com/FusionAuth/fusionauth-issues/issues/894)
 
 
 <ReleaseNoteHeading version="1.19.7" releaseDate="September 23rd, 2020" />
@@ -212,61 +213,61 @@ Thanks to a bunch of our FusionAuth MVPs including, but not limited to https://g
 ### Fixed
 
 * The default exception handling in the Elasticsearch REST client allows for some expected exceptions to go un-handled which may fail the search request. Add an exception handler to keep these underlying HTTP exceptions from causing failures.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/868[GitHub Issue #868], thanks to https://github.com/zbruhnke[@zbruhnke] for reporting and helping us track this one down.
+  * Resolves [GitHub Issue #868](https://github.com/FusionAuth/fusionauth-issues/issues/868), thanks to [@zbruhnke](https://github.com/zbruhnke) for reporting and helping us track this one down.
 * Some LDAP exception messages will include an embedded `null` in the message body. PostgreSQL does not allow for embedded `null` characters in a text field, so this may cause FusionAuth to exception when using PostgreSQL.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/879[GitHub Issue #879]
+  * Resolves [GitHub Issue #879](https://github.com/FusionAuth/fusionauth-issues/issues/879)
 * When selecting Re-validate password on login when also restricting usage of previous passwords, the user may end up in a loop of being required to change their during login.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/880[GitHub Issue #880]
+  * Resolves [GitHub Issue #880](https://github.com/FusionAuth/fusionauth-issues/issues/880)
 * In the 1.19.0 MySQL migration script, if you have many refresh tokens, it is possible that a duplicate key will be generated due to a poor random Id generator.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/890[GitHub Issue #890]
+  * Resolves [GitHub Issue #890](https://github.com/FusionAuth/fusionauth-issues/issues/890)
 
 ### Enhancements
 
 * Add a helper for Active Directory LDAP to handle conversion of a base64-encoded Microsoft `objectGuid` to a Java UUID. See the [LDAP Connector Reconcile Lambda](/docs/extend/code/lambdas/ldap-connector-reconcile) for more information.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/822[GitHub Issue #822], thanks to https://github.com/bradleykite[@bradleykite] for the assistance on this one!
+  * Resolves [GitHub Issue #822](https://github.com/FusionAuth/fusionauth-issues/issues/822), thanks to [@bradleykite](https://github.com/bradleykite) for the assistance on this one!
 
 
 <ReleaseNoteHeading version="1.19.6" releaseDate="September 16th, 2020" />
 
 ### Fixed
 * Startup may fail on version 1.19.5 of the FusionAuth docker image with the following error on the console `setenv.sh: line 91: : invalid variable name`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/870[GitHub Issue #870], thanks to https://github.com/virginijus-servicebridge[@virginijus-servicebridge], https://github.com/arunmg007[@arunmg007] and https://github.com/mao75[@mao75] for reporting!
+  * Resolves [GitHub Issue #870](https://github.com/FusionAuth/fusionauth-issues/issues/870), thanks to [@virginijus-servicebridge](https://github.com/virginijus-servicebridge), [@arunmg007](https://github.com/arunmg007) and [@mao75](https://github.com/mao75) for reporting!
 
 
 <ReleaseNoteHeading version="1.19.5" releaseDate="September 15th, 2020" />
 
 ### Fixed
 * When deleting an application role that is in use by a Group, an exception occurs.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/831
+  * Resolves https://github.com/FusionAuth/fusionauth-issues/issues/831
 * Fix possible errors when upgrading to version 1.19.0 on managed MySQL services such as Google Cloud SQL.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/859
+  * Resolves https://github.com/FusionAuth/fusionauth-issues/issues/859
 
 ### Enhancements
 * Be more forgiving and allow for un-escaped URL path and query characters.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/635
+  * Resolves https://github.com/FusionAuth/fusionauth-issues/issues/635
 
 
 <ReleaseNoteHeading version="1.19.4" releaseDate="September 12th, 2020" />
 
 ### Fixed
 * When using a JWT populate, the JWT returned during a combination User + Registration API request may not have the `registration` or `roles` arguments available in the lambda. This issue was introduced in version `1.16.0`.
-** https://github.com/FusionAuth/fusionauth-issues/issues/856[GitHub Issue #856], thanks to https://github.com/calebfreeman[@calebfreeman] for reporting.
+  * [GitHub Issue #856](https://github.com/FusionAuth/fusionauth-issues/issues/856), thanks to [@calebfreeman](https://github.com/calebfreeman) for reporting.
 * When using MySQL and Silent Mode database configuration, you may encounter an error indicating `java.lang.IllegalStateException: Unable to capture database lock.` or `Caused by: java.sql.SQLException: No suitable driver found for jdbc:mysql://...`.  This issue was introduced in version `1.19.0`, if you encounter this error, please upgrade. If you are unable to upgrade, attempt to startup w/out silent mode and go through maintenance mode interactively.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/857[GitHub Issue #857], thanks to https://github.com/ceefour[@ceefour] for letting us know.
+  * Resolves [GitHub Issue #857](https://github.com/FusionAuth/fusionauth-issues/issues/857), thanks to [@ceefour](https://github.com/ceefour) for letting us know.
 
 
 <ReleaseNoteHeading version="1.19.3" releaseDate="September 10th, 2020" />
 
 ### Security
 * Proactively upgrade third party dependency due to published CVEs.
-** Upgrade Apache Commons File Upload to `1.4.0`
-*** https://www.cvedetails.com/cve/CVE-2016-1000031/
+  * Upgrade Apache Commons File Upload to `1.4.0`
+  * https://www.cvedetails.com/cve/CVE-2016-1000031/
 
 ### Changes
 * Upgraded Kafka client to `2.6.0`
 * Upgrade MySQL connector to `8.0.21`
-** If you are using MySQL, and are currently re-packaging the  MySQL connector in a Docker image or similar strategy to keep this jar from being downloaded at runtime, you will need to update your version to match FusionAuth.
-** Upgrade your MySQL connector to 8.0.21, the `mysql-connector-java-8.0.21.jar` will be expected to be found here ` /usr/local/fusionauth/fusionauth-app/apache-tomcat/lib`.
+  * If you are using MySQL, and are currently re-packaging the  MySQL connector in a Docker image or similar strategy to keep this jar from being downloaded at runtime, you will need to update your version to match FusionAuth.
+  * Upgrade your MySQL connector to 8.0.21, the `mysql-connector-java-8.0.21.jar` will be expected to be found here ` /usr/local/fusionauth/fusionauth-app/apache-tomcat/lib`.
 * Upgrade PostgreSQL connector to `42.2.14`
 
 ### Fixed
@@ -280,16 +281,16 @@ Thanks to a bunch of our FusionAuth MVPs including, but not limited to https://g
 
 ### Fixed
 * Using the External JWT Identity Provider with the Lookup API may fail to validate a JWT
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/850[GitHub Issue #850]
+  * Resolves [GitHub Issue #850](https://github.com/FusionAuth/fusionauth-issues/issues/850)
 
 
 <ReleaseNoteHeading version="1.19.1" releaseDate="September 4th, 2020" />
 
 ### Fixed
 * If you are using the database search engine, FusionAuth may fail to start up correctly.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/846[GitHub Issue #846], thanks to https://github.com/motzel[@motzel] for reporting so quickly!
+  * Resolves [GitHub Issue #846](https://github.com/FusionAuth/fusionauth-issues/issues/846), thanks to [@motzel](https://github.com/motzel) for reporting so quickly!
 * The legacy environment variable named `FUSIONAUTH_SEARCH_SERVERS` is not honored ahead of the named configuration file property.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/847[GitHub Issue #847], thanks to https://github.com/soullivaneuh[@soullivaneuh] for letting us know!
+  * Resolves [GitHub Issue #847](https://github.com/FusionAuth/fusionauth-issues/issues/847), thanks to [@soullivaneuh](https://github.com/soullivaneuh) for letting us know!
 
 
 <ReleaseNoteHeading version="1.19.0" releaseDate="September 3rd, 2020" />
@@ -304,18 +305,18 @@ Thank you to each of you that has taken the time to open a GitHub issue, or rais
 
 ### Known Issues
 * When running MySQL and it is possible you may encounter an issue logging into the FusionAuth admin console after updating to version 1.19.0. The symptom is that upon login you are redirected to an empty page that asks you to return to login.
-** See https://github.com/FusionAuth/fusionauth-issues/issues/934[GitHub Issue #934] for additional details and a work around.
+  * See [GitHub Issue #934](https://github.com/FusionAuth/fusionauth-issues/issues/934) for additional details and a work around.
 
 ### Changed
 
 There a few changes in this release that you will need to be aware of, please read these carefully. If you have a support contract, please reach out if you have questions or concerns.
 
 * If you using the [SAML v2 Identity Provider Login](/docs/apis/identity-providers/overview-samlv2#complete-a-saml-v2-login) API directly you will need to update your integration. If you are using the SAML v2 Identity Provider configuration with the FusionAuth themed pages, there is no change required.
-** The [Start Identity Provider](/docs/apis/identity-providers/overview-samlv2#start-a-saml-v2-login-request) API must now be used prior to sending the SAML v2 AuthN request to the SAML IdP. You may optionally build your own Request Id, or use one generated by FusionAuth. See the Start API for additional details.
+  * The [Start Identity Provider](/docs/apis/identity-providers/overview-samlv2#start-a-saml-v2-login-request) API must now be used prior to sending the SAML v2 AuthN request to the SAML IdP. You may optionally build your own Request Id, or use one generated by FusionAuth. See the Start API for additional details.
 * The FusionAuth SSO and Admin UI are now stateless and no longer require session pinning to maintain an HTTP session. Leaving existing session pinning in place should not cause any harm, but you may remove it at your earliest convenience.
 * Silent Mode may be used while in `production` runtime mode. This allows you to leverage the FusionAuth maintenance mode to upgrade the database schema for `production` and `development` runtime modes.
 * The Status API no longer returns a full JSON response unless the request is authenticated by an API key or a FusionAUth admin user.
-** The API also now returns several status codes to provide additional insight into possible issues. See [Status](/docs/apis/system#retrieve-system-status) API documentation for additional information.
+  * The API also now returns several status codes to provide additional insight into possible issues. See [Status](/docs/apis/system#retrieve-system-status) API documentation for additional information.
 * When building customized field error messages for custom Registration forms, a field error such as `[missing]user.data.foo` may now be `[blank].user.data.foo`. Note the prefix may have changed from `[missing]` to `[blank]`.  If you have created customized values for Registration Forms, please review your error messages and test your existing validation to ensure the correct text is displayed.
 * The Linux Debian and RPM packages now ship with a `systemd` service definition instead of the legacy Sys V init scripts. If the distribution of Linux you are using does not support `systemd` you will need to plan to upgrade. In most cases this should not affect anyone running FusionAuth on Linux using the provided RPM or Debian packages as bridge scripts generally allow you to start and stop the commands using a Sys V wrapper. See the Starting and Stopping documentation for additional information.
 * When using the python client library, the signature for the `exchange_o_auth_code_for_access_token` method which takes an authorization code has changed. The `client_id` and `redirect_uri` parameters flipped positions. This was done to make the signature consistent with the other client libraries. Instead of `exchange_o_auth_code_for_access_token(self, code, redirect_uri, client_id=None, client_secret=None)`, the method signature is now `exchange_o_auth_code_for_access_token(self, code, client_id, redirect_uri, client_secret=None)`. If you don't flip around the arguments, you'll receive a 401 error, similar to [this issue](https://github.com/FusionAuth/fusionauth-python-client/issues/7).
@@ -326,49 +327,49 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### New
 * FusionAuth Admin UI and FusionAuth pages are now stateless. As of this version you will no longer need to provide session pinning in a multi-node configuration. If you currently have session pinning configured, it should be ok to leave it, but you should plan to remove it at your earliest convenience.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/358[#GitHub #358]
+  * Resolves [#GitHub #358](https://github.com/FusionAuth/fusionauth-issues/issues/358)
 * Multi-tenant SSO. This was a limitation prior to this released due to the way we managed the HTTP session. This limitation has been removed... and there was much rejoicing. With multi-tenant SSO you may now optionally use the same browser and utilize SSO for users within different tenants, this is often only a dev time issue, but there are some production use cases for this behavior.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/355[GitHub Issue #355], thanks to https://github.com/unkis[@unkis] for opening the issue to help us track this limitation.
+  * Resolves [GitHub Issue #355](https://github.com/FusionAuth/fusionauth-issues/issues/355), thanks to [@unkis](https://github.com/unkis) for opening the issue to help us track this limitation.
 * Expanded and improved configuration options. All config options are not consistent and can be set using `fusionauth.properties`, environment variables or Java `-D` system properties. This will make life much easier for those running in Docker or Kubernetes. All previously named configuration options will be backwards compatible and you will receive warnings on how you can correct your naming of configuration values or environment variables, because that's how we roll.
 * IdP and Email hinting for the FusionAuth login pages. This feature will allow you to optionally bypass the login page and go directly to the third party IdP based upon the user's email address or a suggested Identity Provider Id. An Identity Provider Id may be provided on the URL using the `idp_hint` request parameter, and an email address or domain may be provided in the `login_hint` request parameter.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/178[GitHub Issue #178], thanks to one of our FusionAuth All-Stars https://github.com/davidmw[@davidmw] for suggesting this feature.
+  * Resolves [GitHub Issue #178](https://github.com/FusionAuth/fusionauth-issues/issues/178), thanks to one of our FusionAuth All-Stars [@davidmw](https://github.com/davidmw) for suggesting this feature.
 * A new API to import Refresh Tokens. See [Import Refresh Tokens](/docs/apis/users#import-refresh-tokens) API for additional details.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/835[GitHub Issue #835]
+  * Resolves [GitHub Issue #835](https://github.com/FusionAuth/fusionauth-issues/issues/835)
 * Application specific email templates for Passwordless, Email Verification, Setup Password, and Change Password. See updates to the [Application](/docs/apis/applications) API and the Application configuration in the FusionAuth admin.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/834[GitHub Issue #834]
+  * Resolves [GitHub Issue #834](https://github.com/FusionAuth/fusionauth-issues/issues/834)
 * A new icon in cornflower blue.
-** I am Jack's complete lack of surprise.
+  * I am Jack's complete lack of surprise.
 
 ### Enhancements
 * Enhanced Maintenance Mode support for initial DB schema setup on 3rd Party cloud managed database services such as Digital Ocean, Azure, etc.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/95[GitHub Issue #95]
+  * Resolves [GitHub Issue #95](https://github.com/FusionAuth/fusionauth-issues/issues/95)
 * The FusionAuth log `fusionauth-app.log` now ships with a log rotation strategy. This will not affect those running FusionAuth in Docker.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/575[GitHub Issue #575], thanks to https://github.com/oottinger[@oottinger] and others for reporting and voting on this issue.
+  * Resolves [GitHub Issue #575](https://github.com/FusionAuth/fusionauth-issues/issues/575), thanks to [@oottinger](https://github.com/oottinger) and others for reporting and voting on this issue.
 * All configuration is not available in the `fusionauth.properties` file, environment variable or Java System Property to allow for additional flexibility in configuration regardless of your deployment model. See the Configuration reference for additional information.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/752[GitHub Issue #752]
+  * Resolves [GitHub Issue #752](https://github.com/FusionAuth/fusionauth-issues/issues/752)
 * Restrict the response body on the Status API unless authenticated. Provide more granular HTTP response codes to provide insight into the issue.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/473[GitHub Issue #473]
+  * Resolves [GitHub Issue #473](https://github.com/FusionAuth/fusionauth-issues/issues/473)
 
 ### Fixed
 * When using the View dialog for a custom form field in the FusionAuth admin UI, form `Control` type was not displayed.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/828[GitHub Issue #828]
+  * Resolves [GitHub Issue #828](https://github.com/FusionAuth/fusionauth-issues/issues/828)
 * When submitting a custom Registration Form with non-required fields of type `number`, `date` or `bool`, you may receive a validation error indicating the value is invalid.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/827[GitHub Issue #827]
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/829[GitHub Issue #829]
+  * Resolves [GitHub Issue #827](https://github.com/FusionAuth/fusionauth-issues/issues/827)
+  * Resolves [GitHub Issue #829](https://github.com/FusionAuth/fusionauth-issues/issues/829)
 * Unable to configure `database.mysql.enforce-utf8mb4` through an environment variable for use in Docker.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/798[GitHub Issue #798]
+  * Resolves [GitHub Issue #798](https://github.com/FusionAuth/fusionauth-issues/issues/798)
 * A `404` status code is returned from the Start Passwordless API when more than one tenant exists in FusionAuth.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/833[GitHub Issue #833], thanks to https://github.com/atrauzzi[@atrauzzi] for reporting and helping us track this one down!
+  * Resolves [GitHub Issue #833](https://github.com/FusionAuth/fusionauth-issues/issues/833), thanks to [@atrauzzi](https://github.com/atrauzzi) for reporting and helping us track this one down!
 * Normalize the use of the `aud` claim between the OAuth2 grants, Login API and other APIs that may return a JWT. The `aud` claim should always be even when the User is not registered for the application.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/832[GitHub Issue #832], thanks to https://github.com/motzel[@motzel] for the help!
-** Also resolves related issue https://github.com/FusionAuth/fusionauth-issues/issues/713[GitHub Issue #713]
+  * Resolves [GitHub Issue #832](https://github.com/FusionAuth/fusionauth-issues/issues/832), thanks to [@motzel](https://github.com/motzel) for the help!
+  * Also resolves related issue [GitHub Issue #713](https://github.com/FusionAuth/fusionauth-issues/issues/713)
 * Custom Form validation errors and related fixes.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/827[GitHub Issue #827]
-** https://github.com/FusionAuth/fusionauth-issues/issues/810[GitHub Issue #810]
-** https://github.com/FusionAuth/fusionauth-issues/issues/828[GitHub Issue #828]
-** https://github.com/FusionAuth/fusionauth-issues/issues/829[GitHub Issue #829]
+  * Resolves [GitHub Issue #827](https://github.com/FusionAuth/fusionauth-issues/issues/827)
+  * [GitHub Issue #810](https://github.com/FusionAuth/fusionauth-issues/issues/810)
+  * [GitHub Issue #828](https://github.com/FusionAuth/fusionauth-issues/issues/828)
+  * [GitHub Issue #829](https://github.com/FusionAuth/fusionauth-issues/issues/829)
 * Both the Login Success and Login Failed events are triggered during a failed login attempt. This bug was likely introduced in version version 1.18.0.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/838[GitHub Issue #838]
+  * Resolves [GitHub Issue #838](https://github.com/FusionAuth/fusionauth-issues/issues/838)
 
 
 <ReleaseNoteHeading version="1.18.8" releaseDate="August 25th, 2020" />
@@ -381,17 +382,17 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * HYPR IdP related fixes.
-** When the HYPR authentication workflow begins the provided `loginId` was not properly validated to exist in FusionAuth. All other IdP configurations allow this scenario, but because HYPR provides MFA and is not itself considered by FusionAuth to be a SoR (source or record) the user must first exist in FusionAuth.
-** Because HYPR is not a traditional SoR and does not provide user claims to FusionAuth, a `username` or `email` address should behave exactly the same when used to initiate the HYPR MFA workflow.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/808[GitHub Issue #808]
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/809[GitHub Issue #809]
+  * When the HYPR authentication workflow begins the provided `loginId` was not properly validated to exist in FusionAuth. All other IdP configurations allow this scenario, but because HYPR provides MFA and is not itself considered by FusionAuth to be a SoR (source or record) the user must first exist in FusionAuth.
+  * Because HYPR is not a traditional SoR and does not provide user claims to FusionAuth, a `username` or `email` address should behave exactly the same when used to initiate the HYPR MFA workflow.
+  * Resolves [GitHub Issue #808](https://github.com/FusionAuth/fusionauth-issues/issues/808)
+  * Resolves [GitHub Issue #809](https://github.com/FusionAuth/fusionauth-issues/issues/809)
 
 
 <ReleaseNoteHeading version="1.18.6" releaseDate="August 10th, 2020" />
 
 ### Fixed
 * When using self service registration, a JWT populate lambda and the Implicit Grant, the `registration` parameter to the JWT Populate lambda will be `null`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/802[GitHub Issue #802]
+  * Resolves [GitHub Issue #802](https://github.com/FusionAuth/fusionauth-issues/issues/802)
 
 
 
@@ -399,13 +400,13 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * A JavaScript bug may cause some of the reports not to render correctly in the admin UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/783[GitHub Issue #783]
+  * Resolves [GitHub Issue #783](https://github.com/FusionAuth/fusionauth-issues/issues/783)
 * A poor performing SQL query was found when using MySQL. The query performance will largely be dependant upon your server configuration, but once you exceed 2M+ login records you may realize some performance issues when logging into the FusionAuth admin UI due to the charts displayed on the main dashboard.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/786[GitHub Issue #786]
+  * Resolves [GitHub Issue #786](https://github.com/FusionAuth/fusionauth-issues/issues/786)
 
 ### Enhancements
 * Add localized number formatting on the y-axis of charts in the FusionAuth admin UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/788[GitHub Issue #788]
+  * Resolves [GitHub Issue #788](https://github.com/FusionAuth/fusionauth-issues/issues/788)
 
 
 
@@ -413,13 +414,13 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * An exception occurs when you attempt to use a refresh token from tenant A with tenant B.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/716[GitHub Issue #716], thanks to https://github.com/ulybu[@ulybu] for reporting!
+  * Resolves [GitHub Issue #716](https://github.com/FusionAuth/fusionauth-issues/issues/716), thanks to [@ulybu](https://github.com/ulybu) for reporting!
 * An exception may occur when using self service registration that will disrupt the user registration workflow.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/776[GitHub Issue #776]
+  * Resolves [GitHub Issue #776](https://github.com/FusionAuth/fusionauth-issues/issues/776)
 * The registration object is `null` in the JWT Populate function when used with self service registration.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/780[GitHub Issue #780]
+  * Resolves [GitHub Issue #780](https://github.com/FusionAuth/fusionauth-issues/issues/780)
 * A SAML response that includes an attribute element with the attribute of `xsi:nil="true"` will cause an exception when we try to parse the XML document.
-** Resolves https://github.com/FusionAuth/fusionauth-samlv2/issues/1[GitHub Issue SAML v2 #1]
+  * Resolves [GitHub Issue SAML v2 #1](https://github.com/FusionAuth/fusionauth-samlv2/issues/1)
 
 
 
@@ -427,18 +428,18 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * When attempting to add a registration for an user in the admin UI, if there are no available registrations to assign after the form has been rendered an exception may occur when you submit the form.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/630[GitHub Issue #630]
+  * Resolves [GitHub Issue #630](https://github.com/FusionAuth/fusionauth-issues/issues/630)
 * When you have enabled verify email on change and you update a user's email address that was previously undefined, a verification email is not sent.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/749[GitHub Issue #749], thanks to https://github.com/EddieWhi[@EddieWhi] for letting us know!
+  * Resolves [GitHub Issue #749](https://github.com/FusionAuth/fusionauth-issues/issues/749), thanks to [@EddieWhi](https://github.com/EddieWhi) for letting us know!
 * When removing a user's registration, the search index is not updated correctly until the next user index event.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/750[GitHub Issue #750], thanks to https://github.com/brennan-karrer[@brennan-karrer] for reporting the issue!
+  * Resolves [GitHub Issue #750](https://github.com/FusionAuth/fusionauth-issues/issues/750), thanks to [@brennan-karrer](https://github.com/brennan-karrer) for reporting the issue!
 * Fixes form field name validation to limit spaces and other special characters.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/761[GitHub Issue #761]
+  * Resolves [GitHub Issue #761](https://github.com/FusionAuth/fusionauth-issues/issues/761)
 * Form and field fixes including some JavaScript errors and the complete registration workflow when a custom form is used.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/762[GitHub Issue #762]
+  * Resolves [GitHub Issue #762](https://github.com/FusionAuth/fusionauth-issues/issues/762)
 * The use of `${tenant.issuer}` is failing validation when used in an email template.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/770[GitHub Issue #770], this to https://github.com/seanadkinson[@seanadkinson] for reporting the bug.
-** Email template validation has been relaxed to allow the Preview API and UI action to report errors and warnings but still allow the changes to be saved. Due to the complexity of validating the email template without the exact data to be used at runtime, validation has been relaxed to ensure we do not prohibit a valid template from being saved. When using the UI to manage your templates, you will now find a test button which will allow you to send a template to an end user to test the rendering and delivery with a real user.
+  * Resolves [GitHub Issue #770](https://github.com/FusionAuth/fusionauth-issues/issues/770), this to [@seanadkinson](https://github.com/seanadkinson) for reporting the bug.
+  * Email template validation has been relaxed to allow the Preview API and UI action to report errors and warnings but still allow the changes to be saved. Due to the complexity of validating the email template without the exact data to be used at runtime, validation has been relaxed to ensure we do not prohibit a valid template from being saved. When using the UI to manage your templates, you will now find a test button which will allow you to send a template to an end user to test the rendering and delivery with a real user.
 
 
 <ReleaseNoteHeading version="1.18.2" releaseDate="July 20th, 2020" />
@@ -447,7 +448,7 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * When running with PostgreSQL database and migrating from pre 1.18.0 with existing users, the table sequence may not be set correctly causing new users to fail to be created.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/759[GitHub Issue #759], see issue for details and workaround.
+  * Resolves [GitHub Issue #759](https://github.com/FusionAuth/fusionauth-issues/issues/759), see issue for details and workaround.
 
 
 
@@ -455,7 +456,7 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * An issue introduced in version 1.18.0 may cause the edit Application action in the admin UI to fail with a `500` message. Review the known issues of 1.18.0 for a workaround if you are unable to upgrade to version 1.18.1.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/760[GitHub Issue #760], see issue for details and workaround.
+  * Resolves [GitHub Issue #760](https://github.com/FusionAuth/fusionauth-issues/issues/760), see issue for details and workaround.
 
 
 <ReleaseNoteHeading version="1.18.0" releaseDate="July 19th, 2020" />
@@ -467,13 +468,13 @@ There a few changes in this release that you will need to be aware of, please re
 ### Known Issues
 
 * When editing an application in the admin UI you may encounter a `500 Internal Server Error` error message when attempting to save your changes. As a work around, you may use the API to modify the application. To resolve the issue, please upgrade to version 1.18.1.
-** See https://github.com/FusionAuth/fusionauth-issues/issues/760[GitHub Issue #760] for additional details and workaround.
+  * See [GitHub Issue #760](https://github.com/FusionAuth/fusionauth-issues/issues/760) for additional details and workaround.
 * If running PostgreSQL database a database sequence may not be set correctly causing a `500` status code when creating new users.
-** See https://github.com/FusionAuth/fusionauth-issues/issues/759[GitHub Issue #759] for additional details and workaround.
+  * See [GitHub Issue #759](https://github.com/FusionAuth/fusionauth-issues/issues/759) for additional details and workaround.
 * An exception may occur when using self service registration that will disrupt the user registration workflow.
-** See https://github.com/FusionAuth/fusionauth-issues/issues/776[GitHub Issue #776] for additional details.
+  * See [GitHub Issue #776](https://github.com/FusionAuth/fusionauth-issues/issues/776) for additional details.
 * A JWT populate lambda that uses the `registration` parameter may fail when using self service registration.
-** See https://github.com/FusionAuth/fusionauth-issues/issues/780[GitHub Issue #780] for additional details.
+  * See [GitHub Issue #780](https://github.com/FusionAuth/fusionauth-issues/issues/780) for additional details.
 
 ### Changed
 
@@ -481,60 +482,60 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### New
 * Advanced Forms. Self service registration just got a huge upgrade! Now custom forms may be configured with one to many steps, each step consisting of one to many fields. A registration form may then be assigned to an application in the Self service registration configuration found in the `Registration` tab. Assigning a custom form to an application will require a licensed edition of FusionAuth. More details and documentation coming soon.
-** See [Form](/docs/apis/custom-forms/forms) API and [Form Field](/docs/apis/custom-forms/form-fields) API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/680[GitHub Issue #680].
+  * See [Form](/docs/apis/custom-forms/forms) API and [Form Field](/docs/apis/custom-forms/form-fields) API.
+  * Resolves [GitHub Issue #680](https://github.com/FusionAuth/fusionauth-issues/issues/680).
 * Initial Tech Preview of Connectors. Connectors allow you to authenticate against external systems such as LDAP. A generic connector can also be configured to authenticate against any third party system. More details and documentation coming soon. When using a connector, you will utilize the Login API or OAuth frontend of FusionAuth as you normally would and the tenant may configure policies that would cause users to be authenticated against these external databases.
-** See [Connector](/docs/apis/connectors/) API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/219[GitHub Issue #219].
+  * See [Connector](/docs/apis/connectors/) API.
+  * Resolves [GitHub Issue #219](https://github.com/FusionAuth/fusionauth-issues/issues/219).
 
 ### Enhancement
 * When viewing the Application view dialog, an additional property named `Registration URL` will be provided in the OAuth2 & OpenID Connect Integration details section. You may use this value to copy/paste a URL for testing a direct link to the registration page.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/686[GitHub Issue #686], thanks to https://github.com/ashokgelal[@ashokgelal] for the suggestion!
+  * Resolves [GitHub Issue #686](https://github.com/FusionAuth/fusionauth-issues/issues/686), thanks to [@ashokgelal](https://github.com/ashokgelal) for the suggestion!
 * When viewing the About panel found in the administrative UI, the node IP address will be reported.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/754[GitHub Issue #754]
+  * Resolves [GitHub Issue #754](https://github.com/FusionAuth/fusionauth-issues/issues/754)
 * The JSON Web Tokens issued by FusionAuth will now include the `jti` claim.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/409[GitHub Issue #409]
+  * Resolves [GitHub Issue #409](https://github.com/FusionAuth/fusionauth-issues/issues/409)
 * All objects now have an `insertInstant` and a `lastUpdateInstant` property in the JSON API response.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/755[GitHub Issue #755]
+  * Resolves [GitHub Issue #755](https://github.com/FusionAuth/fusionauth-issues/issues/755)
 * Public keys stored with a certificate will have the `x5t` property provided in the JSON Web Key Set response.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/715[GitHub Issue #715]
+  * Resolves [GitHub Issue #715](https://github.com/FusionAuth/fusionauth-issues/issues/715)
 
 ### Fixed
 * The user registration event may be missing the `registration` property.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/714[GitHub Issue #714], thanks to https://github.com/joydeb28[@joydeb28] for reporting the issue!
+  * Resolves [GitHub Issue #714](https://github.com/FusionAuth/fusionauth-issues/issues/714), thanks to [@joydeb28](https://github.com/joydeb28) for reporting the issue!
 * A user with one or more consents granted fails to be deleted.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/719[GitHub Issue #719], thanks to one of our MVPs https://github.com/mgetka[@mgetka] for reporting the issue!
+  * Resolves [GitHub Issue #719](https://github.com/FusionAuth/fusionauth-issues/issues/719), thanks to one of our MVPs [@mgetka](https://github.com/mgetka) for reporting the issue!
 * When using COPPA consent with Email+, the second email is not sent to the parent.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/724[GitHub Issue #723].
+  * Resolves [GitHub Issue #723](https://github.com/FusionAuth/fusionauth-issues/issues/724).
 * The Refresh Token cookie is written without a `Max-Age` attribute on the JWT Refresh API response. This causes the cookie to be treated as a session cookie.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/726[GitHub Issue #726], thanks to https://github.com/satazor[@satazor] for letting us know.
+  * Resolves [GitHub Issue #726](https://github.com/FusionAuth/fusionauth-issues/issues/726), thanks to [@satazor](https://github.com/satazor) for letting us know.
 
 
 <ReleaseNoteHeading version="1.17.5" releaseDate="July 3rd, 2020" />
 
 ### Fixed
 * API validation fails on the Audit Log API when a JSON body is omitted from the HTTP request.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/605[GitHub Issue #605]
+  * Resolves [GitHub Issue #605](https://github.com/FusionAuth/fusionauth-issues/issues/605)
 * Fixing a bug that prevents the Kafka integration from working correctly.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/649[GitHub Issue #649], thanks to https://github.com/joydeb28[@joydeb28] for reporting and for the persistence!
+  * Resolves [GitHub Issue #649](https://github.com/FusionAuth/fusionauth-issues/issues/649), thanks to [@joydeb28](https://github.com/joydeb28) for reporting and for the persistence!
 * When selecting an Application in the user search controls in the UI an invalid Elasticsearch query causes an error on Elasticsearch version 7.7.0. The query seems to be working on versions 6.3.1, 6.8.1, and 7.6.1, as far as we can tell it only fails on the most recent versions of Elasticsearch.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/710[GitHub Issue #710]
+  * Resolves [GitHub Issue #710](https://github.com/FusionAuth/fusionauth-issues/issues/710)
 
 ### Enhancement
 
 * Add a return to login link to the default templates for Passwordless, Register, Forgot, and Password Sent.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/666[GitHub Issue #666], thanks to https://github.com/soullivaneuh[@soullivaneuh] for the request!
+  * Resolves [GitHub Issue #666](https://github.com/FusionAuth/fusionauth-issues/issues/666), thanks to [@soullivaneuh](https://github.com/soullivaneuh) for the request!
 
 
 <ReleaseNoteHeading version="1.17.4" releaseDate="June 25rd, 2020" />
 
 ### Fixed
 * A JavaScript bug caused the device verification URL field to toggle to hidden when any grant was enabled or disabled in the UI. This is primarily a cosmetic issue, if you encounter it you may simply refresh the page.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/692[GitHub Issue #692]
+  * Resolves [GitHub Issue #692](https://github.com/FusionAuth/fusionauth-issues/issues/692)
 * The Search API performs a validation step when using Elasticsearch, and if Elasticsearch returns `valid: false` we fail the request. We are now always including the explanation from the Elasticsearch response in our error message on the API to assist the developer to understand why the requested query is considered invalid.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/697[GitHub Issue #697]
+  * Resolves [GitHub Issue #697](https://github.com/FusionAuth/fusionauth-issues/issues/697)
 * The Apple Service Id override that can be provided per application was not being used, instead the global value was utilized.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/703[GitHub Issue #703], thanks to https://github.com/ulybu[@ulybu] for letting us know!
+  * Resolves [GitHub Issue #703](https://github.com/FusionAuth/fusionauth-issues/issues/703), thanks to [@ulybu](https://github.com/ulybu) for letting us know!
 
 
 
@@ -552,16 +553,16 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * When using `parent`, `child` and few other references in an email template, the validation step may fail unless you provide a null safe usage.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/685[GitHub Issue #685]
+  * Resolves [GitHub Issue #685](https://github.com/FusionAuth/fusionauth-issues/issues/685)
 
 
 <ReleaseNoteHeading version="1.17.1" releaseDate="June 15nd, 2020" />
 
 ### Fixed
 * In version 1.17.0 Key Master supports importing a standalone private key. If you attempt this request in the UI with an RSA private key an error will occur.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/665[GitHub Issue #665], thanks to https://github.com/mgetka[@mgetka] who is quickly becoming one of our FusionAuth MVPs!
+  * Resolves [GitHub Issue #665](https://github.com/FusionAuth/fusionauth-issues/issues/665), thanks to [@mgetka](https://github.com/mgetka) who is quickly becoming one of our FusionAuth MVPs!
 * When using an expired Forgot Password link if you have not added the `client_id` to the URL in the email template you will see an unexpected error when you attempt to begin the process again by entering your email address. You may also experience this error if you are sending users directly to `/oauth2/forgot` instead of the user clicking the link during an OAuth2 workflow.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/671[GitHub Issue #671], thanks to https://github.com/maurobennici[@maurobennici] for reporting!
+  * Resolves [GitHub Issue #671](https://github.com/FusionAuth/fusionauth-issues/issues/671), thanks to [@maurobennici](https://github.com/maurobennici) for reporting!
 
 
 
@@ -573,50 +574,50 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Changed
 * All Identity Provider configurations that did not have a lambda configured for User reconcile have been migrated to utilize a lambda to extract all optional user details from the IdP response. This allows you to have complete control over how these configurations work and what information is set or written to the user object during login. The business logic has not changed, but it has been moved from an internal FusionAuth service to a Lambda that can be modified. The following Identity Providers are affected:
-** All Facebook, Google and Twitter Identity Provider configurations
-** OpenID Connect and SAML v2 Identity Provider configurations without a configured lambda.
+  * All Facebook, Google and Twitter Identity Provider configurations
+  * OpenID Connect and SAML v2 Identity Provider configurations without a configured lambda.
 * OpenID Connect and SAML v2 Identity Providers that were already configured with a lambda may require some manual migration. The claims that were mapped into the User by FusionAuth prior to this version have been moved into a lambda so they may be modified. For each of your OpenID Connect or SAML v2 Identity Provider configurations that already had a Lambda configured for User reconcile, please review to ensure all of the claims you desire are handled by your lambda.
 * For OpenID Connect Identity Provider configurations, review the new Lambda named `Default OpenID Connect Reconcile provided by FusionAuth`. Optionally copy any of the code you'd like to have executed into your configured Lambda and then test your integration. Specifically, the registered claims `given_name`, `middle_name`, `family_name`, `name`, `picture`, `phone_number`, `birthdate`, `locale` and `preferred_username` are now managed by the Lambda. If you would like these claims reconciled to the FusionAuth user, review the referenced Lambda function.
 * For SAML v2 Identity Provider configurations, review the new Lambda named `Default SAML v2 Reconcile provided by FusionAuth`. Optionally copy any of the code you'd like to have executed into your configured Lambda and then test your integration. Specifically, the SAML claims for `dateofbirth`, `givenname`, `surname`, `name`, and `mobilephone` are now managed by the Lambda. If you would like these SAML claims reconciled to the FusionAuth user, review the referenced Lambda function.
 
 ### New
 * Sign in with Apple. A new Identity Provider of type `Apple` is now available to enable Sign in with Apple support.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/336[GitHub Issue #336]
-** See the [Apple Identity Provider](/docs/lifecycle/authenticate-users/identity-providers/social/apple) for additional details
+  * Resolves [GitHub Issue #336](https://github.com/FusionAuth/fusionauth-issues/issues/336)
+  * See the [Apple Identity Provider](/docs/lifecycle/authenticate-users/identity-providers/social/apple) for additional details
 * One time Use Refresh Tokens. A one time use refresh token means that each the time the refresh token is used to get a new access token (JWT) a new refresh token is returned. This feature must be enabled at the tenant level, and can optionally be overridden by the Application JWT configuration.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/394[GitHub Issue #394]
+  * Resolves [GitHub Issue #394](https://github.com/FusionAuth/fusionauth-issues/issues/394)
 * Sliding Window Refresh Token Expiration. By default the expiration of a refresh token is calculated from the time it was originally issued. Beginning in this release you may optionally configure the refresh token expiration to be based upon a sliding window. A sliding window expiration means that the expiration is calculated from the last time the refresh token was used. This expiration policy means that if you are using refresh tokens to maintain a user session, the session can be maintained as long as the user remains active. This expiration policy must be enabled at the tenant level, and may optionally be overridden by the Application JWT configuration.
 * Facebook, Google, HYPR and Twitter Identity Providers may be assigned a User Reconcile Lambda.
-** Previously the user reconcile logic was built into FusionAuth. Now the User reconcile logic has been moved to a lambda to provide additional control over attributes are extracted from the Identity Provider response and set into the FusionAuth user.
+  * Previously the user reconcile logic was built into FusionAuth. Now the User reconcile logic has been moved to a lambda to provide additional control over attributes are extracted from the Identity Provider response and set into the FusionAuth user.
 
 ### Enhancements
 * Some development and possibly runtime errors that are used during external logins such as Facebook were not localized. These values may not be localized in your theme configuration.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/535[GitHub Issue #535], thanks to https://github.com/mgetka[@mgetka] for raising the issue.
+  * Resolves [GitHub Issue #535](https://github.com/FusionAuth/fusionauth-issues/issues/535), thanks to [@mgetka](https://github.com/mgetka) for raising the issue.
 * Large cookies may cause the default maximum header size of 8k to be exceeded. When this occurs the request will fail and you may see an exception with a `400` status code indicating `java.lang.IllegalArgumentException: Request header is too large`.
-** This value may now be modified via configuration. See the [Configuration](/docs/reference/configuration) reference or additional information.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/608[GitHub Issue #608], thanks to https://github.com/shortstack[@shortstack] for letting us know, providing great debug and confirming the fix.
+  * This value may now be modified via configuration. See the [Configuration](/docs/reference/configuration) reference or additional information.
+  * Resolves [GitHub Issue #608](https://github.com/FusionAuth/fusionauth-issues/issues/608), thanks to [@shortstack](https://github.com/shortstack) for letting us know, providing great debug and confirming the fix.
 * When a user is registered, a refresh token will not be returned. This makes this API response consistent with the User Create API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/626[GitHub Issue #626], thanks to https://github.com/LohithBlaze[@LohithBlaze] for reporting and suggesting the change.
+  * Resolves [GitHub Issue #626](https://github.com/FusionAuth/fusionauth-issues/issues/626), thanks to [@LohithBlaze](https://github.com/LohithBlaze) for reporting and suggesting the change.
 * When configuring a SAML v2 Identity Provider, a warning will be added to the Identity Provider index page if the CORS configuration is not adequate to allow the login request to complete. The configuration will generally require a `POST` request from a particular origin be allowed through the CORS filter.
-** This should help reduce CORS configuration issues causing a `403` during integration testing.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/641[GitHub Issue #641]
+  * This should help reduce CORS configuration issues causing a `403` during integration testing.
+  * Resolves [GitHub Issue #641](https://github.com/FusionAuth/fusionauth-issues/issues/641)
 
 ### Fixed
 * When importing a key using Key Master in the admin UI, when a key with an invalid length is imported the error was not being displayed.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/578[GitHub Issue #587]
+  * Resolves [GitHub Issue #587](https://github.com/FusionAuth/fusionauth-issues/issues/578)
 * The hosted FusionAuth log page may fail to function properly after the user changes the locale using the locale selector on the themed page. Specifically, once you add more than one language to your theme, and the user continues past the first login panel to a subsequent themed page, if the user switches the locale the context will be lost and the user will see an OAuth error.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/623[GitHub Issue #623], thanks to https://github.com/flangfeldt[@flangfeldt] and https://github.com/yrammos[@yrammos] for reporting.
+  * Resolves [GitHub Issue #623](https://github.com/FusionAuth/fusionauth-issues/issues/623), thanks to [@flangfeldt](https://github.com/flangfeldt) and [@yrammos](https://github.com/yrammos) for reporting.
 * A non POSIX compliant function definition in `setenv.sh` caused FusionAuth to fail to start on Ubuntu 18.04.4 and 20.04 (possibly others). This could be on any Linux distribution that sym-links `/bin/sh` to `dash` which is a POSIX compliant shell. This was introduced in version 1.16.0.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/645[GitHub Issue #645], thanks to https://github.com/s-vlade[@s-vlade] and https://github.com/yrammos[@yrammos] for letting us know.
+  * Resolves [GitHub Issue #645](https://github.com/FusionAuth/fusionauth-issues/issues/645), thanks to [@s-vlade](https://github.com/s-vlade) and [@yrammos](https://github.com/yrammos) for letting us know.
 * When using the Facebook IdP and specifying `picture` as one of the requested `fields` an error occurs during the User reconcile process which causes the login to fail. If you encounter this issue, the work around is to remove `picture` from the field configuration, even with this change you will still get the picture back from Facebook as FusionAuth makes a second call to the Me Picture API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/648[GitHub Issue #648], thanks to https://github.com/thekoding[@thekoding] for reporting and helping us track down the issue.
+  * Resolves [GitHub Issue #648](https://github.com/FusionAuth/fusionauth-issues/issues/648), thanks to [@thekoding](https://github.com/thekoding) for reporting and helping us track down the issue.
 
 
 <ReleaseNoteHeading version="1.16.1" releaseDate="May 18th, 2020" />
 
 ### Fixed
 * When attempting to utilize a silent configuration to configure the database schema without using Elasticsearch, FusionAuth would enter maintenance mode.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/618[GitHub Issue #618], thanks to https://github.com/mgetka[@mgetka] for reporting the issue!
+  * Resolves [GitHub Issue #618](https://github.com/FusionAuth/fusionauth-issues/issues/618), thanks to [@mgetka](https://github.com/mgetka) for reporting the issue!
 
 
 <ReleaseNoteHeading version="1.16.0" releaseDate="May 8th, 2020" />
@@ -625,8 +626,8 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Security
 * A vulnerability in an underlying SAML v2 library was resolved. If you are using SAML please upgrade FusionAuth to 1.16.0 or later as soon as possible.
-** [CVE-2020-12676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12676)
-** [CSNC-2020-002](https://compass-security.com/fileadmin/Research/Advisories/2020-06_CSNC-2020-002_FusionAuth_Signature_Exclusion_Attack.txt)
+  * [CVE-2020-12676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12676)
+  * [CSNC-2020-002](https://compass-security.com/fileadmin/Research/Advisories/2020-06_CSNC-2020-002_FusionAuth_Signature_Exclusion_Attack.txt)
 
 ### Changed
 * The favicon configuration in the default theme has been updated. If you have created your own theme and kept the default favicons using the FusionAuth logo you will want to either remove them or update them with the correct `href` paths. See the default theme for reference if you would like to use the FusionAuth favicons.
@@ -637,28 +638,28 @@ There a few changes in this release that you will need to be aware of, please re
 
 ### Fixed
 * Specifying an Elasticsearch URL containing basic auth credentials works properly. For example the URL `https://user:password@myelasticsearchservice.com` now functions as expected.
-** Tested against https://bonsai.io and https://aiven.io.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/531[GitHub Issue #531], thanks to https://github.com/joshuaavalon[@joshuaavalon] for reporting and https://github.com/nscarlson[@nscarlson] for the additional details and assistance.
+  * Tested against https://bonsai.io and https://aiven.io.
+  * Resolves [GitHub Issue #531](https://github.com/FusionAuth/fusionauth-issues/issues/531), thanks to [@joshuaavalon](https://github.com/joshuaavalon) for reporting and [@nscarlson](https://github.com/nscarlson) for the additional details and assistance.
 * Fixed a validation error when using the Import User API w/ an empty list of users. A `400` status code with a JSON response should have been returned.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/520[GitHub Issue #520], thanks to https://github.com/smcoll[@smcoll] for reporting.
+  * Resolves [GitHub Issue #520](https://github.com/FusionAuth/fusionauth-issues/issues/520), thanks to [@smcoll](https://github.com/smcoll) for reporting.
 * Some JavaScript may fail on Internet Explorer version 11. Specifically the `Helper.js` which is used to handle the external login providers on the login page.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/423[GitHub Issue #423], thanks to https://github.com/downagain[@downagain] for reporting this issue and for the excellent debug.
+  * Resolves [GitHub Issue #423](https://github.com/FusionAuth/fusionauth-issues/issues/423), thanks to [@downagain](https://github.com/downagain) for reporting this issue and for the excellent debug.
 * A validation error in the OAuth2 Token endpoint returns a general error instead of the appropriate validation error.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/546[GitHub Issue #546], thanks to https://github.com/mgetka[@mgetka] for reporting the issue.
+  * Resolves [GitHub Issue #546](https://github.com/FusionAuth/fusionauth-issues/issues/546), thanks to [@mgetka](https://github.com/mgetka) for reporting the issue.
 * When using the Facebook login, it is possible that Facebook will send back an Image URL from the `/me/picture` API that will exceed `255` characters. If this occurs the login failed and an an exception was logged.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/583[GitHub Issue #583], thanks to our friends at https://famous.co/[famous.co] and https://www.frontdoorhome.com/[frontdoorhome.com] for letting us know.
+  * Resolves [GitHub Issue #583](https://github.com/FusionAuth/fusionauth-issues/issues/583), thanks to our friends at [famous.co](https://famous.co/) and [frontdoorhome.com](https://www.frontdoorhome.com/) for letting us know.
 * Attempting to validate or save an Email template that contains a reference to a value stored in user data may cause an exception. For example `${user.data.company_name}` is a valid usage, but this would fail validation or cause an exception during validation.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/598[GitHub Issue #598]
+  * Resolves [GitHub Issue #598](https://github.com/FusionAuth/fusionauth-issues/issues/598)
 * In some cases, when a webhook fails to respond and subsequently fails the request do to the configured transaction setting the Elasticsearch index will be out of sync.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/600[GitHub Issue #600], thanks to our Icelandic friend https://github.com/arni-inaba[@arni-inaba] for letting us know and providing excellent recreate steps.
+  * Resolves [GitHub Issue #600](https://github.com/FusionAuth/fusionauth-issues/issues/600), thanks to our Icelandic friend [@arni-inaba](https://github.com/arni-inaba) for letting us know and providing excellent recreate steps.
 * An extra curly bracket caused the SQL migration to fail if you are running PostgreSQL and performed an upgrade without modifying the default tenant.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/606[GitHub Issue #606], thanks to https://github.com/nscarlson[@nscarlson] for reporting the issue.
+  * Resolves [GitHub Issue #606](https://github.com/FusionAuth/fusionauth-issues/issues/606), thanks to [@nscarlson](https://github.com/nscarlson) for reporting the issue.
 
 ### Fixed from RC.1
 The following issues were fixed that only affect those running version 1.16.0-RC.1.
 
 * An unexpected request parameter may cause an exception due to the incorrect runtime mode.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/595[GitHub Issue #595], thanks to https://github.com/ceefour[@ceefour]
+  * Resolves [GitHub Issue #595](https://github.com/FusionAuth/fusionauth-issues/issues/595), thanks to [@ceefour](https://github.com/ceefour)
 
 
 <ReleaseNoteHeading version="1.16.0-RC.1" releaseDate="April 21st, 2020" />
@@ -674,66 +675,66 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 ### Security
 * Updated default CORS configuration for clean installs, see the [CORS Reference](/docs/operate/secure-and-monitor/cors#default-configuration) for details. It is highly recommended you modify your CORS configuration to match our new default values unless you have a technical requirement for your existing CORS configuration.
 * Upgrade Handlebars to version `4.7.6` due to a known vulnerability. There is no known exploit of this vulnerability in FusionAuth, this is a pro-active upgrade. FusionAuth uses this JavaScript library in the administrative UI to build dynamic table roles.
-** https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/564[GitHub Issue #564], thanks to https://github.com/michael-burt[@michael-burt] for alerting us to this vulnerability.
+  * https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
+  * Resolves [GitHub Issue #564](https://github.com/FusionAuth/fusionauth-issues/issues/564), thanks to [@michael-burt](https://github.com/michael-burt) for alerting us to this vulnerability.
 
 ### Enhancement
 * The OpenID Connect and SAML v2 Reconcile Lambda may now modify the assigned user roles. Prior to this version any changes to the roles were intentionally not preserved. This restriction has been lifted.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/536[GitHub Issue #536], thanks to https://github.com/sedough[@sedough] for opening the request.
+  * Resolves [GitHub Issue #536](https://github.com/FusionAuth/fusionauth-issues/issues/536), thanks to [@sedough](https://github.com/sedough) for opening the request.
 * In some cases the `state` parameter returning from external SAML v2 & OpenID Connect identity providers is decoded incorrectly.  We are now Base64 encoding this value to preserve it's integrity.
 
 ### New
 * Support for Elasticsearch version 7
-** FusionAuth maintains backward-compatibility with Elasticsearch 6.3.x clusters and indexes.
-** `fusionauth-app.search-engine-type` configuration property and `FUSIONAUTH_SEARCH_ENGINE_TYPE` environment variable exposed for configuring the search engine, see the [Configuration](/docs/reference/configuration) documentation for reference.
-** A reindex may be necessary depending on how you have upgraded your Elasticsearch cluster.  You may issue a reindex in the FusionAuth Admin UI under <strong>System -> Reindex</strong>.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/199[GitHub Issue #199]
+  * FusionAuth maintains backward-compatibility with Elasticsearch 6.3.x clusters and indexes.
+  * `fusionauth-app.search-engine-type` configuration property and `FUSIONAUTH_SEARCH_ENGINE_TYPE` environment variable exposed for configuring the search engine, see the [Configuration](/docs/reference/configuration) documentation for reference.
+  * A reindex may be necessary depending on how you have upgraded your Elasticsearch cluster.  You may issue a reindex in the FusionAuth Admin UI under <strong>System -> Reindex</strong>.
+  * Resolves [GitHub Issue #199](https://github.com/FusionAuth/fusionauth-issues/issues/199)
 * Support for using the database as the user search engine.  This is now the default configuration.  See the [Core Concepts - Users](/docs/get-started/core-concepts/users#user-search) documentation for details.
-** Use of the database search engine provides limited search capabilities, and has limitations for the Users API, see the [Bulk Delete Users API](/docs/apis/users#bulk-delete-users) and [Search for Users API](/docs/apis/users#search-for-users) documentation for details.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/427[GitHub Issue #427]
+  * Use of the database search engine provides limited search capabilities, and has limitations for the Users API, see the [Bulk Delete Users API](/docs/apis/users#bulk-delete-users) and [Search for Users API](/docs/apis/users#search-for-users) documentation for details.
+  * Resolves [GitHub Issue #427](https://github.com/FusionAuth/fusionauth-issues/issues/427)
 * The Registration API returns an access token within the `token` field of responses to `POST` requests.  See the [Registrations API](/docs/apis/registrations) documentation for reference.
-** Application registration records a login and will be reflected in the Login, Daily Active User, and Monthly Active User reports within the FusionAuth admin UI.
+  * Application registration records a login and will be reflected in the Login, Daily Active User, and Monthly Active User reports within the FusionAuth admin UI.
 * The `applicationId` is now optional for `PUT` requests (update login instants) to the Login API.  See the [Login API](/docs/apis/login#update-login-instant) documentation for reference.
-** `PUT` requests to the Login API records a login and will be reflected in the Login, Daily Active User, and Monthly Active User reports within the FusionAuth admin UI.
+  * `PUT` requests to the Login API records a login and will be reflected in the Login, Daily Active User, and Monthly Active User reports within the FusionAuth admin UI.
 * The User API returns an access token within the `token` field of responses to `POST` requests creating a user.  See the [User API](/docs/apis/users#create-a-user) documentation for reference.
-** User creation records a login and will be reflected in the Login, Daily Active User, and Monthly Active User reports within the FusionAuth admin UI.
+  * User creation records a login and will be reflected in the Login, Daily Active User, and Monthly Active User reports within the FusionAuth admin UI.
 * System logs can be viewed from the Admin interface. Navigate to <strong>System -> Log</strong> to view and download the system logs.
-** This feature is available in the UI and via a new API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/540[GitHub Issue #540]
+  * This feature is available in the UI and via a new API.
+  * Resolves [GitHub Issue #540](https://github.com/FusionAuth/fusionauth-issues/issues/540)
 * System log export API has been added for retrieving a node's system logs as a compressed zip file.  See the [System Logs API](/docs/apis/system) documentation for reference.
 * There is a Test SMTP button that you can utilize during an Edit or Add Tenant operation to ensure the correct SMTP configuration.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/539[GitHub Issue #539]
+  * Resolves [GitHub Issue #539](https://github.com/FusionAuth/fusionauth-issues/issues/539)
 * Production runtime mode disables maintenance mode, database migrations must be applied manually in this runtime mode.  See the [FusionAuth App Installation Guide](/docs/get-started/download-and-install/fusionauth-app#runtime-modes) documentation for reference.
 * Advanced configuration exposed for search engine type, runtime mode, and Same-Site cookie policy.  See the [Configuration](/docs/reference/configuration) documentation for reference.
 * JWT Refresh webhook event, issued when an access token is refreshed by refresh token, see the [Events](/docs/extend/events-and-webhooks/events/jwt-refresh) documentation for reference.
 * Tenant email configuration provides a default from email and a default from name. See the [Tenants API](/docs/apis/tenants#create-a-tenant) documentation for reference.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/262[GitHub Issue #262], thanks to https://github.com/engineertdog[@engineertdog] for the request!
+  * Resolves [GitHub Issue #262](https://github.com/FusionAuth/fusionauth-issues/issues/262), thanks to [@engineertdog](https://github.com/engineertdog) for the request!
 
 ### Docker
 * Next time a release candidate is built, the `latest` tag will be preserved to always be the latest stable release. This way if you are always using the `latest` tag you will not automatically upgrade to a release candidate.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/596[GitHub Issue #596], thanks to https://github.com/ceefour[@ceefour] for the request.
-* The reference `docker-compose.yml` provided by the [fusionauth-containers project](https://github.com/FusionAuth/fusionauth-containers) has been modified to install leveraging database as the User search engine. You will need to include the reference `docker-compose.override.yml` in order to install and configure Elasticsearch as the User search engine.  See the [Docker installation guide](/docs/get-started/download-and-install/docker) for reference.
+  * Resolves [GitHub Issue #596](https://github.com/FusionAuth/fusionauth-issues/issues/596), thanks to [@ceefour](https://github.com/ceefour) for the request.
+* The reference `docker-compose.yml` provided by the [fusionauth-containers project]([Docker installation guide](https://github.com/FusionAuth/fusionauth-containers) has been modified to install leveraging database as the User search engine. You will need to include the reference `docker-compose.override.yml` in order to install and configure Elasticsearch as the User search engine.  See the )(/docs/get-started/download-and-install/docker) for reference.
 
 ### Internal
 * The FusionAuth Java runtime has been upgraded to version 14. All external Java packages such as the Java REST client and the Plugin interface are all still compiled against Java 8 so this upgrade should not impact any users.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/481[GitHub Issue #481]
+  * Resolves [GitHub Issue #481](https://github.com/FusionAuth/fusionauth-issues/issues/481)
 * Upgrade Apache Tomcat to the latest patch version `8.5.53`.
 * Much smaller Docker images based upon Alpine Linux! Compressed size changed from ~ 150 MB to 76 MB. More features, less size? Yeah, that's right.
-** Check it out for yourself. See the https://hub.docker.com/repository/docker/fusionauth/fusionauth-app/tags?page=1[fusionauth/fusionauth-app] repo.
+  * Check it out for yourself. See the [fusionauth/fusionauth-app](https://hub.docker.com/repository/docker/fusionauth/fusionauth-app/tags?page=1) repo.
 
 
 <ReleaseNoteHeading version="1.15.8" releaseDate="April 10th, 2020" />
 
 ### Fixed
 * When more than one tenant is defined, the redirect to `/oauth2/callback` which is used for 3rd Party SAML v2 or OpenId Connect identity providers will fail unless the corresponding application is in the default tenant. This issue was introduced in `1.15.6` which means it only affects version `1.15.6`. If you encounter this issue you may be shown an error on the login page indicating `A validation error occurred during the login attempt. An event log was created for the administrator to review.`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/548[GitHub Issue #548], thanks so much to https://github.com/lamuertepeluda[@lamuertepeluda] for reporting and providing excellent technical details to assist in tracking down the bug.
+  * Resolves [GitHub Issue #548](https://github.com/FusionAuth/fusionauth-issues/issues/548), thanks so much to [@lamuertepeluda](https://github.com/lamuertepeluda) for reporting and providing excellent technical details to assist in tracking down the bug.
 * A callback from a Social IdP configuration may fail to complete the login workflow. This issue was introduced in `1.15.6` which means it only affects version `1.15.6` and `1.15.7`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/553[GitHub Issue #553], thanks to https://github.com/ulybu[@ulybu] for reporting the issue!
+  * Resolves [GitHub Issue #553](https://github.com/FusionAuth/fusionauth-issues/issues/553), thanks to [@ulybu](https://github.com/ulybu) for reporting the issue!
 
 ### Enhancements
 * When a user attempts to utilize an expired Passwordless or Forgot Password link, FusionAuth will now still be able to allow the user to restart the login workflow.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/468[GitHub Issue #468], thanks to https://github.com/davidmw[@davidmw] for suggesting this enhancement.
-** In order to take advantage of this enhancement, you will need to upgrade your email template for one or both of these workflows. See the [Email Templates](/docs/customize/email-and-messages/email-templates) documentation for a reference usage.
+  * Resolves [GitHub Issue #468](https://github.com/FusionAuth/fusionauth-issues/issues/468), thanks to [@davidmw](https://github.com/davidmw) for suggesting this enhancement.
+  * In order to take advantage of this enhancement, you will need to upgrade your email template for one or both of these workflows. See the [Email Templates](/docs/customize/email-and-messages/email-templates) documentation for a reference usage.
 
 
 <ReleaseNoteHeading version="1.15.7" releaseDate="March 30th, 2020" />
@@ -746,16 +747,16 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 
 ### Fixed
 * Handle tabs and other control characters in an included text file when parsing the Kickstart configuration files.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/524[GitHub Issue #524], thanks to https://github.com/mgetka[@mgetka] for reporting.
+  * Resolves [GitHub Issue #524](https://github.com/FusionAuth/fusionauth-issues/issues/524), thanks to [@mgetka](https://github.com/mgetka) for reporting.
 * When the FusionAuth Reactor is enabled, a breach detection is incorrectly requested during a user update when the password is not being modified. You may see errors in the Event Log indicating Reactor returned a status code of `400`, this error is just noise and it did not affect the requested action.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/533[GitHub Issue #533].
+  * Resolves [GitHub Issue #533](https://github.com/FusionAuth/fusionauth-issues/issues/533).
 * When running FusionAuth on an un-secured connection during development, newer versions of the Chrome browser will reject the `Set-Cookie` request in the HTTP response because the `SameSite` attribute is not set.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/537[GitHub Issue #537].
+  * Resolves [GitHub Issue #537](https://github.com/FusionAuth/fusionauth-issues/issues/537).
 
 
 ### Enhancement
 * When integrating with 3rd Party Identity Providers FusionAuth will build a `state` parameter in order to complete the FusionAuth OAuth2 or SAML v2 request on the callback from the 3rd Party IdP. There are times when a 3rd Party IdP may un-intentionally modify the `state` parameter by decoding the value. When the `state` parameter is not returned to FusionAuth the way it was sent the integration breaks. FusionAuth will now Bas64 encode the `state` value to better defend against 3rd Party IdP integrations.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/538[GitHub Issue #538].
+  * Resolves [GitHub Issue #538](https://github.com/FusionAuth/fusionauth-issues/issues/538).
 
 
 
@@ -763,13 +764,13 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 
 ### Fixed
 * Adding a Consent to a User that does not have a First or Last Name. This was causing an error in the UI where the Add Consent dialog was not rendering and instead displaying a stack trace.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/512[GitHub Issue #512], thanks to https://github.com/mgetka[@mgetka] for reporting.
+  * Resolves [GitHub Issue #512](https://github.com/FusionAuth/fusionauth-issues/issues/512), thanks to [@mgetka](https://github.com/mgetka) for reporting.
 * When Reactor is enabled and more than one user requires action due to a breached password the Reactor index page will fail to render.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/514[GitHub Issue #514], thanks to our friends at Frontdoor for reporting the issue.
+  * Resolves [GitHub Issue #514](https://github.com/FusionAuth/fusionauth-issues/issues/514), thanks to our friends at Frontdoor for reporting the issue.
 * When adding a new Tenant in the UI you may encounter a `500` status code with a `FusionAuth encountered an unexpected error.` message. If you encounter this error, edit the default tenant, click save and then retry the add operation.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/517[GitHub Issue #517], thanks to https://github.com/vburghelea[@vburghelea] for reporting.
+  * Resolves [GitHub Issue #517](https://github.com/FusionAuth/fusionauth-issues/issues/517), thanks to [@vburghelea](https://github.com/vburghelea) for reporting.
 * A JavaScript exception was causing the ExternalJWT identity mapping dialog to fail. A work around is to use the API to add these claim mappings. This bug was introduced in version 1.15.3.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/518[GitHub Issue #518], thanks to https://github.com/irzhywau[@irzhywau] for reporting.
+  * Resolves [GitHub Issue #518](https://github.com/FusionAuth/fusionauth-issues/issues/518), thanks to [@irzhywau](https://github.com/irzhywau) for reporting.
 
 
 
@@ -777,13 +778,13 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 
 ### Fixed
 * When using PostgreSQL and using the Import User API with a large amount of roles assigned to user FusionAuth may exceed the maximum allowed parameterized values in a prepared statement causing a SQL exception. If you encounter this issue you may work around the issue by reducing the size of your import request to 200-500 users per request.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/505[GitHub Issue #505], thanks to https://github.com/leafknode[@leafknode] for reporting and helping debug!
+  * Resolves [GitHub Issue #505](https://github.com/FusionAuth/fusionauth-issues/issues/505), thanks to [@leafknode](https://github.com/leafknode) for reporting and helping debug!
 * When creating a user through Kickstart with `passwordChangeRequired` set to `true` and exception will occur during the next login request. This issue was introduced in version 1.15.0.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/509[GitHub Issue #509], thanks to https://github.com/mgetka[@mgetka] for reporting!
+  * Resolves [GitHub Issue #509](https://github.com/FusionAuth/fusionauth-issues/issues/509), thanks to [@mgetka](https://github.com/mgetka) for reporting!
 * When a Kickstart file contains multi-byte characters the string value may not be encoded properly if the default file encoding is not UTF-8. This has now been resolved by explicitly requesting UTF-8 encoding during file I/O.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/510[GitHub Issue #510], thanks to https://github.com/mgetka[@mgetka] for reporting!
+  * Resolves [GitHub Issue #510](https://github.com/FusionAuth/fusionauth-issues/issues/510), thanks to [@mgetka](https://github.com/mgetka) for reporting!
 * When using the SAML IdP configuration where FusionAuth is the SAML service provider if the base64 encoded SAML response from the IdP contains line returns FusionAuth will fail to parse the request and the login request will fail.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/511[GitHub Issue #511]
+  * Resolves [GitHub Issue #511](https://github.com/FusionAuth/fusionauth-issues/issues/511)
 
 
 
@@ -797,31 +798,31 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 
 ### Fixed
 * Using the JWT Refresh API with a JWT issued from one tenant for a user in another tenant. This error was causing an exception instead of the proper validation error being returned to the caller. A `404` will now properly be returned when this scenario occurs.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/399[GitHub Issue #399], thanks to https://github.com/johnmaia[@johnmaia] for helping us track it down.
+  * Resolves [GitHub Issue #399](https://github.com/FusionAuth/fusionauth-issues/issues/399), thanks to [@johnmaia](https://github.com/johnmaia) for helping us track it down.
 * Missing API validation on the `/oauth2/passwordless` endpoint. A `500` was returned instead of the correct validation errors.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/450[GitHub Issue #450], thanks to https://github.com/GraafG[@GraafG] for reporting.
+  * Resolves [GitHub Issue #450](https://github.com/FusionAuth/fusionauth-issues/issues/450), thanks to [@GraafG](https://github.com/GraafG) for reporting.
 * On systems running MySQL, the SQL migration for `1.15.0` on the `DELIMITER` command and causes the instance table to have a null `license_id`.  If you have previously connected your support contract Id with your instance and upgraded to a previous `1.15.x` version, you will need to reconnect your license Id in the Reactor tab. This issue was introduced in version 1.15.0.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/482[GitHub Issue #482], thanks to https://github.com/nulian[@nulian] for reporting!
+  * Resolves [GitHub Issue #482](https://github.com/FusionAuth/fusionauth-issues/issues/482), thanks to [@nulian](https://github.com/nulian) for reporting!
 * The `CancelAction` method in the .NETCore client returning field error due to incorrect method definition.
-** Resolves https://github.com/FusionAuth/fusionauth-netcore-client/issues/11[GitHub Issue #11], thanks to https://github.com/minjup[@minjup] for reporting.
+  * Resolves [GitHub Issue #11](https://github.com/FusionAuth/fusionauth-netcore-client/issues/11), thanks to [@minjup](https://github.com/minjup) for reporting.
 * The OpenID Connect IdP client authentication method is now configurable as `client_secret_basic`, `client_secret_post`, or `none` and will authenticate solely with the configured method. See the [OIDC spec concerning Client Authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) for more information.
-** The `1.15.3` database migration configures the client authentication method to `client_secret_basic` for identity provider configurations with a client secret defined, and `none` for those without a client secret defined. If your OpenID Connect provider requires `client_secret_post` you will need to update your configuration to ensure the integration continues to function properly.  Discord is one of the known IdPs that requires the `client_secret_post` client authentication method.
-** See the [OpenID Connect Identity Providers](/docs/apis/identity-providers/openid-connect) APIs, the [OpenID Connect Identity Provider Overview](/docs/lifecycle/authenticate-users/identity-providers/) and the [Discord OIDC integration tutorial](/docs/lifecycle/authenticate-users/identity-providers/gaming/discord) for more detail.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/445[GitHub Issue #445], thanks to https://github.com/ovrdoz[@ovrdoz] for reporting.
+  * The `1.15.3` database migration configures the client authentication method to `client_secret_basic` for identity provider configurations with a client secret defined, and `none` for those without a client secret defined. If your OpenID Connect provider requires `client_secret_post` you will need to update your configuration to ensure the integration continues to function properly.  Discord is one of the known IdPs that requires the `client_secret_post` client authentication method.
+  * See the [OpenID Connect Identity Providers](/docs/apis/identity-providers/openid-connect) APIs, the [OpenID Connect Identity Provider Overview](/docs/lifecycle/authenticate-users/identity-providers/) and the [Discord OIDC integration tutorial](/docs/lifecycle/authenticate-users/identity-providers/gaming/discord) for more detail.
+  * Resolves [GitHub Issue #445](https://github.com/FusionAuth/fusionauth-issues/issues/445), thanks to [@ovrdoz](https://github.com/ovrdoz) for reporting.
 * When you have enabled Self Service Registration and Registration Verification FusionAuth will fail to send the email to the end user during this workflow.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/496[GitHub Issue #496], thanks to our great Slack community for letting us know and assisting with debug.
+  * Resolves [GitHub Issue #496](https://github.com/FusionAuth/fusionauth-issues/issues/496), thanks to our great Slack community for letting us know and assisting with debug.
 * If a Two Factor Trust has been established with a particular browser through the user of a cookie, it was not being honored during the Passwordless Email workflow and the user would be prompted for the Two Factor challenge during each login attempt.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/495[GitHub Issue #495], thanks to our great Slack community for reporting!
+  * Resolves [GitHub Issue #495](https://github.com/FusionAuth/fusionauth-issues/issues/495), thanks to our great Slack community for reporting!
 * When using managed domains with the OpenID Connect or SAML v2 Identity Provider configurations the callback to FusionAuth may fail with an error.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/488[GitHub Issue #488], thanks to https://github.com/sedough[@sedough] for reporting.
+  * Resolves [GitHub Issue #488](https://github.com/FusionAuth/fusionauth-issues/issues/488), thanks to [@sedough](https://github.com/sedough) for reporting.
 * When a stylesheet in your theme contains `>` the new HTML escaping strategy introduced in version X causes this value in the CSS to be incorrectly escaped. If you encounter this problem in your current them, update the usage of the stylesheet to `${theme.stylesheet()?no_esc}` instead of the previous usage of `${theme.stylesheet()}`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/489[GitHub Issue #489], thanks to https://github.com/snmed[@snmed] for reporting.
+  * Resolves [GitHub Issue #489](https://github.com/FusionAuth/fusionauth-issues/issues/489), thanks to [@snmed](https://github.com/snmed) for reporting.
 * Fix a Kickstart bug, when a variable is used in the very first API key the replacement was not honored.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/493[GitHub Issue #493], thanks to https://github.com/tst-dhudlow[@tst-dhudlow] for reporting!
+  * Resolves [GitHub Issue #493](https://github.com/FusionAuth/fusionauth-issues/issues/493), thanks to [@tst-dhudlow](https://github.com/tst-dhudlow) for reporting!
 
 ### Enhancements
 * When the External JWT Identity Provider does not have any managed domains defined, allow a JWT from any domain to be reconciled. This change makes this IdP configuration more consistent with our IdP configurations that allow for managed domains.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/491[GitHub Issue #491]
+  * Resolves [GitHub Issue #491](https://github.com/FusionAuth/fusionauth-issues/issues/491)
 
 
 <ReleaseNoteHeading version="1.15.2" releaseDate="February 19th, 2020" />
@@ -829,7 +830,7 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 ### Known Issues
 
 * Fixed in 1.15.3, on systems running MySQL, the `1.15.0` migration fails on a `DELIMITER` command and causes the instance table to have a null `license_id`.  If you upgraded to `1.15.2`, have connected our instance to a support contract, and ran the `1.15.0` migration using maintenance mode, you will need to reconnect your license Id in the Reactor tab.
-** A workaround for this issue is to download the `fusionauth-database-schema-1.15.0.zip` from [our direct dowload page](https://fusionauth.io/direct-download), unzip and manually apply the `migrations/mysql/1.15.0.sql` migration.  You may also wait to upgrade until `1.15.3` is available and allow maintenance mode to run the fixed migration.
+  * A workaround for this issue is to download the `fusionauth-database-schema-1.15.0.zip` from [our direct dowload page](https://fusionauth.io/direct-download), unzip and manually apply the `migrations/mysql/1.15.0.sql` migration.  You may also wait to upgrade until `1.15.3` is available and allow maintenance mode to run the fixed migration.
 
 ### Fixed
 * Password breached fixes. On some systems running PostgreSQL a portion of the breach detections features may not function properly. If you are running MySQL this will not affect you, and only certain PostgreSQL versions are affected. If you are not using FusionAuth Reactor this issue will not affect you.
@@ -840,7 +841,7 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 ### Known Issues
 
 * Fixed in 1.15.3, on systems running MySQL, the `1.15.0` migration fails on a `DELIMITER` command and causes the instance table to have a null `license_id`.  If you upgraded to `1.15.1`, have connected our instance to a support contract, and ran the `1.15.0` migration using maintenance mode, you will need to reconnect your license Id in the Reactor tab.
-** A workaround for this issue is to download the `fusionauth-database-schema-1.15.0.zip` from [our direct dowload page](https://fusionauth.io/direct-download), unzip and manually apply the `migrations/mysql/1.15.0.sql` migration.  You may also wait to upgrade until `1.15.3` is available and allow maintenance mode to run the fixed migration.
+  * A workaround for this issue is to download the `fusionauth-database-schema-1.15.0.zip` from [our direct dowload page](https://fusionauth.io/direct-download), unzip and manually apply the `migrations/mysql/1.15.0.sql` migration.  You may also wait to upgrade until `1.15.3` is available and allow maintenance mode to run the fixed migration.
 
 ### Fixed
 * A SQL statement in PostgreSQL may cause some 9.x versions to fail to store breach metrics once FusionAuth Reactor has been enabled. If you are running MySQL this will not affect you, and only certain PostgreSQL versions are affected. If you are not using FusionAuth Reactor this issue will not affect you.
@@ -854,7 +855,7 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 
 * Fixed in 1.15.1, some versions of PostgreSQL may cause an exception when storing breach metrics after enabling FusionAuth Reactor. If you are not using FusionAuth Reactor or you are using MySQL instead of PostgreSQL this issue will not affect you.
 * Fixed in 1.15.3, on systems running MySQL, the `1.15.0` migration fails on a `DELIMITER` command and causes the instance table to have a null `license_id`.  If you upgraded to `1.15.0`, have connected our instance to a support contract, and ran the `1.15.0` migration using maintenance mode, you will need to reconnect your license Id in the Reactor tab.
-** A workaround for this issue is to download the `fusionauth-database-schema-1.15.0.zip` from [our direct dowload page](https://fusionauth.io/direct-download), unzip and manually apply the `migrations/mysql/1.15.0.sql` migration.  You may also wait to upgrade until `1.15.3` is available and allow maintenance mode to run the fixed migration.
+  * A workaround for this issue is to download the `fusionauth-database-schema-1.15.0.zip` from [our direct dowload page](https://fusionauth.io/direct-download), unzip and manually apply the `migrations/mysql/1.15.0.sql` migration.  You may also wait to upgrade until `1.15.3` is available and allow maintenance mode to run the fixed migration.
 
 ### Changed
 * In the FusionAuth admin UI you will notice that User, Groups, Applications and Tenants are all now at the top level of the left navigation sidebar. This change has been done to provide quicker access to these frequently accessed menus.
@@ -862,28 +863,28 @@ The following issues were fixed that only affect those running version 1.16.0-RC
 ### New
 * FusionAuth Reactor &#8482;. FusionAuth Reactor is available with all paid editions of FusionAuth. The first feature in the Reactor suite will be breached password detection. All passwords will be checked against a breached list during all password change events, and optionally during login based upon your configuration.
 * New webhook event for use with FusionAuth Reactor breached password detection. This event when enabled will be fired during login if the user is using a vulnerable password.
-** User Password Breach (`user.password.breach`), see [Webhook Events](/docs/v1/tech/events-webhooks/events/) for additional information.
+  * User Password Breach (`user.password.breach`), see [Webhook Events](/docs/v1/tech/events-webhooks/events/) for additional information.
 * New Tenant configuration in support of FusionAuth Reactor and additional password validation rules. This configuration can be found in the Password tab of the Tenant configuration on on the [Tenant](/docs/apis/tenants) API.
-** `tenant.passwordValidationRules.validateOnLogin` - When enabled the user's password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password. Prior to this release password validation was only ever performed during a change event, you may now optionally enforce your password policy during login.
-** `tenant.passwordValidationRules.breachDetection` - A new object to provide configuration per tenant for password breach detection.
+  * `tenant.passwordValidationRules.validateOnLogin` - When enabled the user's password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password. Prior to this release password validation was only ever performed during a change event, you may now optionally enforce your password policy during login.
+  * `tenant.passwordValidationRules.breachDetection` - A new object to provide configuration per tenant for password breach detection.
 * During login, if the user is required to change their password, the Login API, Authorization Code Grant, Implicit Grant and Password Grant will now also return a change reason. This additional value in the response will indicate why the user is being required to change their password.
-** See the [Login](/docs/apis/login) API, and corresponding [OAuth endpoints](/docs/lifecycle/authenticate-users/oauth/endpoints) for more detail.
+  * See the [Login](/docs/apis/login) API, and corresponding [OAuth endpoints](/docs/lifecycle/authenticate-users/oauth/endpoints) for more detail.
 
 ### Security
 * A small window exists after a Refresh Token has expired when this token can still be used under specific circumstances. This symptom only occurs when using the `/api/jwt/refresh` API, and not when using the Refresh Grant using the `/oauth/token` endpoint. In a worst case scenario the Refresh Token may be honored up to 5 hours after the expiration date, in most circumstances it will be much less. This only applies to expired Refresh Tokens, revoking a Refresh Token is not affected.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/454[GitHub Issue #454], thanks to https://github.com/johnmaia[@johnmaia] one of our FusionAuth MVPs!
+  * Resolves [GitHub Issue #454](https://github.com/FusionAuth/fusionauth-issues/issues/454), thanks to [@johnmaia](https://github.com/johnmaia) one of our FusionAuth MVPs!
 
 ### Fixed
 * Editing a Group in a Tenant that does not yet have any Applications created causes and exception when you attempt to save the edit form in the FusionAuth admin UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/471[GitHub Issue #471], thanks to https://github.com/dhait[@dhait] for letting us know, we appreciate you!
+  * Resolves [GitHub Issue #471](https://github.com/FusionAuth/fusionauth-issues/issues/471), thanks to [@dhait](https://github.com/dhait) for letting us know, we appreciate you!
 * When Self Service Registration, if Registration Verification is enabled and Email Verification is disabled the user will not receive a Registration Verification email.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/472[GitHub Issue #472]
+  * Resolves [GitHub Issue #472](https://github.com/FusionAuth/fusionauth-issues/issues/472)
 * An exception may occur when using the Import User API if you are missing the `applicationId` property in a User Registration. This error should have been found as a validation error and instead an exception occurred.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/479[GitHub Issue #479], thanks to our friends at Integra Financial Services for reporting the error.
+  * Resolves [GitHub Issue #479](https://github.com/FusionAuth/fusionauth-issues/issues/479), thanks to our friends at Integra Financial Services for reporting the error.
 
 ### Enhancements
 * Allow Kickstart to better handle varying startup times and delays. A few users reported scenarios where Kickstart would begin before FusionAuth was ready causing Kickstart to fail.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/477[GitHub Issue #477]
+  * Resolves [GitHub Issue #477](https://github.com/FusionAuth/fusionauth-issues/issues/477)
 
 
 
@@ -898,32 +899,32 @@ It is recommended that you audit your theme for any usage of `?html` and  ensure
 
 ### Changed
 * A JWT Populate Lambda now has fewer reserved claims. All claims can now be removed or modified except for `exp`, `iat` and the `sub` claims by the JWT Populate Lambda. You remove or modify claims added by FusionAuth at your own peril.
-** See [JWT Populate](/docs/extend/code/lambdas/jwt-populate) for additional details.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/387[GitHub Issue #387]
+  * See [JWT Populate](/docs/extend/code/lambdas/jwt-populate) for additional details.
+  * Resolves [GitHub Issue #387](https://github.com/FusionAuth/fusionauth-issues/issues/387)
 * Add additional fields that can be merged by the `PATCH` HTTP method. The following fields were not being merge, but replaced. The limitation of this change is that it is difficult to remove fields from values from arrays. A future enhancement may be to support the [JSON Patch](https://github.com/FusionAuth/fusionauth-issues/issues/441) specification which provides semantics for add, replace and remove.
-** `User.preferredLanguages`
-** `User.memberships`
-** `User.registrations`
-** `User.data`
-** `UserRegistration.data`
-** `UserRegistration.preferredLanguages`
-** `UserRegistration.roles`
-** `Application.data`
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/424[Github Issue #424]
+  * `User.preferredLanguages`
+  * `User.memberships`
+  * `User.registrations`
+  * `User.data`
+  * `UserRegistration.data`
+  * `UserRegistration.preferredLanguages`
+  * `UserRegistration.roles`
+  * `Application.data`
+  * Resolves [Github Issue #424](https://github.com/FusionAuth/fusionauth-issues/issues/424)
 
 ### New
 * [Kickstart](/docs/get-started/download-and-install/development/kickstart)&#8482; allows you bypass the Setup Wizard in order to FusionAuth up and running quickly. Deploy development or production instances of FusionAuth using a pre-defined configuration of Users, Groups, Applications, Tenants, Templates, API keys, etc.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/170[GitHub Issue #170] 🤘
-** This feature is in **Tech Preview** which means if we find shortcomings with the design as we gather feedback from end users it is possible we will make breaking changes to the feature to correct or enhance the functionality. Any such changes will be documented in future release notes as appropriate.
+  * Resolves [GitHub Issue #170](https://github.com/FusionAuth/fusionauth-issues/issues/170) 🤘
+  * This feature is in   *Tech Preview  * which means if we find shortcomings with the design as we gather feedback from end users it is possible we will make breaking changes to the feature to correct or enhance the functionality. Any such changes will be documented in future release notes as appropriate.
 * The Tenant API can optionally take a new `sourceTenantId` parameter to allow you to create a new Tenant using the values from an existing Tenant. Using the `sourceTenantId` limits the required parameters to the Tenant name.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/311[GitHub Issue #311]
+  * Resolves [GitHub Issue #311](https://github.com/FusionAuth/fusionauth-issues/issues/311)
 * Add a View action to a Group Membership in the Membership tab of the Manage User panel in the UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/413[GitHub Issue #413]
+  * Resolves [GitHub Issue #413](https://github.com/FusionAuth/fusionauth-issues/issues/413)
 
 ### Fixed
 * A memory leak in the Nashorn JavaScript engine used to execute FusionAuth Lambdas has been resolved.
 * The OAuth2 Authorization Code grant was required to complete a SAMLv2 login, this grant is no longer required to be enabled.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/432[Github Issue #432]
+  * Resolves [Github Issue #432](https://github.com/FusionAuth/fusionauth-issues/issues/432)
 * Added missing `theme_manager` role to the FusionAuth application
 
 
@@ -932,13 +933,13 @@ It is recommended that you audit your theme for any usage of `?html` and  ensure
 ### Fixed
 * During a reindex operation the status will properly be displayed on every node when viewing the User Search or the Reindex pages in the UI.
 * Improve Kafka configuration validation when using the Test button in the UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/318[GitHub Issue #318], thanks to https://github.com/nikos[@nikos] for reporting the issue!
-* An exception may occur when using ReactNative with FusionAuth when an HTTP Origin header is sent to FusionAuth with a value of `file://`. The exception is caused because `file://` without a value after the double slash is not a valid URI and cannot be parsed by `java.net.URI`. However the HTTP specification indicates that an origin header with a scheme of `file://` is allowed and when used anything following the prefix is allowed. This fix follows a similar decision made by Apache Tomcat in their CORS filter, see https://bz.apache.org/bugzilla/show_bug.cgi?id=60008[Bugzilla #60008].
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/414[GitHub Issue #414], thanks to https://github.com/karice[@karice] for reporting the issue and helping us debug!
+  * Resolves [GitHub Issue #318](https://github.com/FusionAuth/fusionauth-issues/issues/318), thanks to [@nikos](https://github.com/nikos) for reporting the issue!
+* An exception may occur when using ReactNative with FusionAuth when an HTTP Origin header is sent to FusionAuth with a value of `file://`. The exception is caused because `file://` without a value after the double slash is not a valid URI and cannot be parsed by `java.net.URI`. However the HTTP specification indicates that an origin header with a scheme of `file://` is allowed and when used anything following the prefix is allowed. This fix follows a similar decision made by Apache Tomcat in their CORS filter, see [Bugzilla #60008](https://bz.apache.org/bugzilla/show_bug.cgi?id=60008).
+  * Resolves [GitHub Issue #414](https://github.com/FusionAuth/fusionauth-issues/issues/414), thanks to [@karice](https://github.com/karice) for reporting the issue and helping us debug!
 * When an invalid code or expired code is used on a Passwordless login request an exception may occur.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/416[GitHub Issue #416], thanks to https://github.com/downagain[@downagain] for reporting the issue!
+  * Resolves [GitHub Issue #416](https://github.com/FusionAuth/fusionauth-issues/issues/416), thanks to [@downagain](https://github.com/downagain) for reporting the issue!
 * When a user email is verified implicitly due to a change password action that originated via an email request the `user.verified` event is now sent.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/418[GitHub Issue #418], thanks to https://github.com/JonasDoe[@JonasDoe] for asking via [StackOverflow](https://stackoverflow.com/questions/59502335/fusionauth-webhook-user-email-verified-not-triggered-when-confirmation-happend) and then opening an issue to help us resolve the issue.
+  * Resolves [GitHub Issue #418](https://github.com/FusionAuth/fusionauth-issues/issues/418), thanks to [@JonasDoe](https://github.com/JonasDoe) for asking via [StackOverflow](https://stackoverflow.com/questions/59502335/fusionauth-webhook-user-email-verified-not-triggered-when-confirmation-happend) and then opening an issue to help us resolve the issue.
 
 
 <ReleaseNoteHeading version="1.13.1" releaseDate="December 19th, 2019" />
@@ -958,32 +959,32 @@ It is recommended that you audit your theme for any usage of `?html` and  ensure
 
 ### New
 * Delete users who have not verified their email address after a specified duration
-** See [Tenant](/docs/get-started/core-concepts/tenants) configuration or the [Tenant](/docs/apis/tenants) API for additional information.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/360[GitHub Issue #360]
+  * See [Tenant](/docs/get-started/core-concepts/tenants) configuration or the [Tenant](/docs/apis/tenants) API for additional information.
+  * Resolves [GitHub Issue #360](https://github.com/FusionAuth/fusionauth-issues/issues/360)
 * Delete application registrations of users who have not verified their registration after a specified duration
-** See [Application](/docs/get-started/core-concepts/applications) configuration or the [Application](/docs/apis/applications) API for additional information.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/360[GitHub Issue #360]
+  * See [Application](/docs/get-started/core-concepts/applications) configuration or the [Application](/docs/apis/applications) API for additional information.
+  * Resolves [GitHub Issue #360](https://github.com/FusionAuth/fusionauth-issues/issues/360)
 * Delete Users by Search Query
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/361[GitHub Issue #361]
-** See [Bulk Delete Users](/docs/apis/users#bulk-delete-users) API.
+  * Resolves [GitHub Issue #361](https://github.com/FusionAuth/fusionauth-issues/issues/361)
+  * See [Bulk Delete Users](/docs/apis/users#bulk-delete-users) API.
 
 ### Fixed
 * The newly supported `PATCH` HTTP method cannot be selected from the API key endpoint security settings. This means that you need to allow all methods in order to utilize the `PATCH` method. This has been resolved.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/402[GitHub Issue #402], thanks to https://github.com/radicaljohan[@radicaljohan] for reporting!
+  * Resolves [GitHub Issue #402](https://github.com/FusionAuth/fusionauth-issues/issues/402), thanks to [@radicaljohan](https://github.com/radicaljohan) for reporting!
 * The newly supported `PATCH` HTTP method is not configurable in the CORS filter.
 * An empty salt value is recommended in an error message but this was failing validation during Import using the User Import API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/410[GitHub Issue #410], thanks to https://github.com/TanguyGiton[@TanguyGiton] for reporting!
+  * Resolves [GitHub Issue #410](https://github.com/FusionAuth/fusionauth-issues/issues/410), thanks to [@TanguyGiton](https://github.com/TanguyGiton) for reporting!
 * An exception may occur when using the PATCH method on the User API when more than one tenant exists.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/400[GitHub Issue #400], thanks to https://github.com/JesperWe[@JesperWe] for reporting!
+  * Resolves [GitHub Issue #400](https://github.com/FusionAuth/fusionauth-issues/issues/400), thanks to [@JesperWe](https://github.com/JesperWe) for reporting!
 
 ### Enhancement
 * `DELETE /api/user/bulk` takes `queryString` and `query` parameters to search for users to delete by Elasticsearch query string and raw JSON query, and a `dryRun` parameter to preview the affected users.  See the [User Bulk Delete API documentation](/docs/apis/users#bulk-delete-users).
-** Addresses https://github.com/FusionAuth/fusionauth-issues/issues/361[GitHub Issue #361]
+  * Addresses [GitHub Issue #361](https://github.com/FusionAuth/fusionauth-issues/issues/361)
 * `POST /api/user/search` and `GET /api/user/search` take a `query` parameter to search for users by an Elasticsearch raw JSON query.  See the [User Search API documentation](/docs/apis/users#search-for-users).
-** Addresses https://github.com/FusionAuth/fusionauth-issues/issues/361[GitHub Issue #361]
+  * Addresses [GitHub Issue #361](https://github.com/FusionAuth/fusionauth-issues/issues/361)
 * `/api/user/search` takes new `sortFields` for sorting search results.  See the [User Search API documentation](/docs/apis/users#search-for-users).
 * The Webhook URL is no longer constrained to 191 characters. Prior to this version, this URL was considered unique and the length was constrained due to indexing limitations. The URL is no longer required to be unique and it is up to the user to limit duplicate webhooks.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/386[GitHub Issue #386], and thanks to https://github.com/davidmw[@davidmw] for bringing this issue to our attention. Long URLs for everyone!
+  * Resolves [GitHub Issue #386](https://github.com/FusionAuth/fusionauth-issues/issues/386), and thanks to [@davidmw](https://github.com/davidmw) for bringing this issue to our attention. Long URLs for everyone!
 
 
 <ReleaseNoteHeading version="1.12.0" releaseDate="December 8th, 2019" />
@@ -993,10 +994,10 @@ It is recommended that you audit your theme for any usage of `?html` and  ensure
 ### Changed
 
 * In support of the OAuth Device Grant feature released in 1.11.0, a second template was added to separate the completion state.
-** New themed template `OAuth device complete`. Starting with version 1.12.0, templates will no longer be automatically migrated into an existing theme. We believe this is a safer choice overall. Instead your theme will be marked as requiring upgrade when viewed in the UI. You will be prompted to complete the missing templates when you edit and you will be provided with the option to copy in the default template as a starting point.
-** If FusionAuth attempts to render the missing template you will be prompted with a message indicating your theme needs to be upgraded. In generally this should happen when you are using a new feature and thus should occur at development time. Whenever a new template is added, it is recommended to edit and verify your theme right away after upgrade to ensure a smooth migration.
+  * New themed template `OAuth device complete`. Starting with version 1.12.0, templates will no longer be automatically migrated into an existing theme. We believe this is a safer choice overall. Instead your theme will be marked as requiring upgrade when viewed in the UI. You will be prompted to complete the missing templates when you edit and you will be provided with the option to copy in the default template as a starting point.
+  * If FusionAuth attempts to render the missing template you will be prompted with a message indicating your theme needs to be upgraded. In generally this should happen when you are using a new feature and thus should occur at development time. Whenever a new template is added, it is recommended to edit and verify your theme right away after upgrade to ensure a smooth migration.
 * In support of the HYPR integration, a new template was added that will be used when waiting for the external HYPR authentication to complete.
-** New themed template `OAuth2 wait`. Starting with version 1.12.0, templates will no longer be automatically migrated into an existing theme. We believe this is a safer choice overall. Instead your theme will be marked as requiring upgrade when viewed in the UI. You will be prompted to complete the missing templates when you edit and you will be provided with the option to copy in the default template as a starting point.
+  * New themed template `OAuth2 wait`. Starting with version 1.12.0, templates will no longer be automatically migrated into an existing theme. We believe this is a safer choice overall. Instead your theme will be marked as requiring upgrade when viewed in the UI. You will be prompted to complete the missing templates when you edit and you will be provided with the option to copy in the default template as a starting point.
 * The following theme messages were added. Until these values have been translated they will be rendered in English. At your earliest convenience you will want to add these new keys to your existing themes. You may wish to review the community provided translations which may already contain these new messages. https://github.com/FusionAuth/fusionauth-localization
 
 ++++
@@ -1015,51 +1016,51 @@ waiting=Waiting
 
 ### New
 * Support HYPR IdP native integration. HYPR brings passwordless and biometric options to FusionAuth.
-** See the [HYPR Identity Provider](/docs/lifecycle/authenticate-users/identity-providers/enterprise/hypr) for additional details
+  * See the [HYPR Identity Provider](/docs/lifecycle/authenticate-users/identity-providers/enterprise/hypr) for additional details
 * Administrative actions added to <strong>Users -> Manage</strong> panel.
-** **Send password reset** always available from the drop down menu.
-*** Addresses https://github.com/FusionAuth/fusionauth-issues/issues/351[GitHub Issue #351], thanks to https://github.com/nicholasbutlin[@nicholasbutlin] for the suggestion!
-** **Resend email verification** available when the user's email is not yet verified from the drop down menu.
-** **Resend verification** available as a new row button in the **Registrations** tab when a registration is not verified.
+  *   *Send password reset  * always available from the drop down menu.
+  * Addresses [GitHub Issue #351](https://github.com/FusionAuth/fusionauth-issues/issues/351), thanks to [@nicholasbutlin](https://github.com/nicholasbutlin) for the suggestion!
+  *   *Resend email verification  * available when the user's email is not yet verified from the drop down menu.
+  *   *Resend verification  * available as a new row button in the   *Registrations  * tab when a registration is not verified.
 
 ### Fixed
 * Modifying user actions with multi tenants returns a missing tenant error.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/328[GitHub Issue #328], thanks to https://github.com/AlvMF1[@AlvMF1] for reporting the issue!
+  * Resolves [GitHub Issue #328](https://github.com/FusionAuth/fusionauth-issues/issues/328), thanks to [@AlvMF1](https://github.com/AlvMF1) for reporting the issue!
 * The [JWT Validate](/docs/apis/jwt#validate-a-jwt) endpoint returns the wrong precision for `iat` and `exp` claims.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/347[GitHub Issue #347], thanks to https://github.com/uncledent[@uncledent] for reporting and providing detailed information.
+  * Resolves [GitHub Issue #347](https://github.com/FusionAuth/fusionauth-issues/issues/347), thanks to [@uncledent](https://github.com/uncledent) for reporting and providing detailed information.
 * When using the one time password returned from the Change Password API when a Refresh Token was provided during the change request a Refresh Token is not returned from the Login API.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/382[GitHub Issue #382], thanks to to https://github.com/colingm[@colingm] for reporting the issue.
+  * Resolves [GitHub Issue #382](https://github.com/FusionAuth/fusionauth-issues/issues/382), thanks to to [@colingm](https://github.com/colingm) for reporting the issue.
 * A "null" Origin header is allowed in the w3 spec, and when this occurs it may cause an exception when validating authorized origins.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/379[GitHub Issue #379], thanks to https://github.com/karice[@karice] for reporting and excellent assist!
+  * Resolves [GitHub Issue #379](https://github.com/FusionAuth/fusionauth-issues/issues/379), thanks to [@karice](https://github.com/karice) for reporting and excellent assist!
 * Better handling on the Start Passwordless API when a user does not exist
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/377[GitHub Issue #377], thanks to https://github.com/smoorsausje[@smoorsausje] for reporting!
+  * Resolves [GitHub Issue #377](https://github.com/FusionAuth/fusionauth-issues/issues/377), thanks to [@smoorsausje](https://github.com/smoorsausje) for reporting!
 
 ### Enhancement
 * The User Delete API will no longer delete User Actions taken by the user. Instead the API will now disassociate any UserActions created by the deleted user by removing them from the Actioning User. In this scenario, a user will remain in an Action taken by a user that has now been deleted.
 * A User Action may be applied to a user in a different tenant than the User taking the action. Prior to this release, using the admin UI to take an actioon on a user in a different tenant may fail.
-* The following apis now support the `PATCH` HTTP method. This enhancement completes https://github.com/FusionAuth/fusionauth-issues/issues/121[GitHub Issue #121].
-** `/api/application`
-** `/api/application/role`
-** `/api/consents`
-** `/api/email/template`
-** `/api/group`
-** `/api/identity-provider`
-** `/api/integration`
-** `/api/lambda`
-** `/api/system-configuration`
-** `/api/tenant`
-** `/api/theme`
-** `/api/user`
-** `/api/user-action`
-** `/api/user-action-reason`
-** `/api/user/consent`
-** `/api/user/registration`
-** `/api/webhook`
+* The following apis now support the `PATCH` HTTP method. This enhancement completes [GitHub Issue #121](https://github.com/FusionAuth/fusionauth-issues/issues/121).
+  * `/api/application`
+  * `/api/application/role`
+  * `/api/consents`
+  * `/api/email/template`
+  * `/api/group`
+  * `/api/identity-provider`
+  * `/api/integration`
+  * `/api/lambda`
+  * `/api/system-configuration`
+  * `/api/tenant`
+  * `/api/theme`
+  * `/api/user`
+  * `/api/user-action`
+  * `/api/user-action-reason`
+  * `/api/user/consent`
+  * `/api/user/registration`
+  * `/api/webhook`
 * The FusionAuth client libraries now also support the PATCH method.
 * When an encoded JWT is accepted in the Authorization header, FusionAuth will now accept the token in the `Bearer` or the `JWT` schema.
 * When you begin an external login such as Facebook, Google or Twitter an in progress indicator will be added to the login panel to indicate to the user that a request is in progress.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/331[GitHub Issue #331], thanks to https://github.com/davidmw[@davidmw] for the suggestion!
-** If you are using a theme and want to take advantage of this indicator, you can compare the stock OAuth2 Authorize template, look for the note in the top JavaScript section.
+  * Resolves [GitHub Issue #331](https://github.com/FusionAuth/fusionauth-issues/issues/331), thanks to [@davidmw](https://github.com/davidmw) for the suggestion!
+  * If you are using a theme and want to take advantage of this indicator, you can compare the stock OAuth2 Authorize template, look for the note in the top JavaScript section.
 
 
 <ReleaseNoteHeading version="1.11.0" releaseDate="October 29th, 2019" />
@@ -1068,13 +1069,13 @@ waiting=Waiting
 
 ### Security
 * A change was made to the FreeMarker template engine to remove the possibility of malicious code execution through a FreeMarker template. To exploit this vulnerability, one of two scenarios must occur. The first scenario is a user with an API key capable of adding or editing Email or Theme templates, the second scenario is a user with access to the Fusionauth Admin UI that has the necessary authority to add or edit Email or Theme templates. In these two scenarios the user would need to add code to the template with the intention of executing a malicious system command. There is a low probably of this exploitation to occur if you have trusted applications and administrative users.
-** [CVE-2020-7799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7799)
+  * [CVE-2020-7799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7799)
 
 ### Changed
 * Remove the `sid` and the `iss` request parameters on the URL provided by `post_logout_redirect_uri`. This feature was added in version `1.10.0` and because the redirect URL may be a previously configured Logout URL or a URL provided by the `post_logout_redirect_uri` we were always adding these additional request parameters to the URL. This change will remove them from the redirect URL and they will only be added to the URLs used to build the iframes in the logout template.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/332[GitHub Issue #332], thanks to https://github.com/davidmw[@davidmw] for the feedback!
+  * Resolves [GitHub Issue #332](https://github.com/FusionAuth/fusionauth-issues/issues/332), thanks to [@davidmw](https://github.com/davidmw) for the feedback!
 * In support of the OAuth Device Grant feature, the following theme changes have been made.
-** New themed template `OAuth device`. This template has been added to each of your existing themes. As part of your migration please review this template to ensure it matches your intended style.
+  * New themed template `OAuth device`. This template has been added to each of your existing themes. As part of your migration please review this template to ensure it matches your intended style.
 * The following theme messages were added. Until these values have been translated they will be rendered in English. At your earliest convenience you will want to add these new keys to your existing themes. You may wish to review the community provided translations which may already contain these new messages. https://github.com/FusionAuth/fusionauth-localization
 
 ++++
@@ -1113,44 +1114,44 @@ userCode=Enter your user code
 
 ### New
 * [Device Authorization Grant](/docs/lifecycle/authenticate-users/oauth/endpoints#device)
-** This satisfies https://github.com/FusionAuth/fusionauth-issues/issues/320[GitHub Issue #320] - OAuth2 Device Authorization Grant
-** This grant type is commonly used to connect a set top box application to a user account. For example when you connect your HBO NOW Roku application to your account you are prompted with a 6 digit code on the TV screen and instructed to open a web browser to https://hbonow.com/tvcode[hbonow.com/tvcode] to complete the sign-in process. This process is using the OAuth Device Grant or a variation of this workflow.
+  * This satisfies [GitHub Issue #320](https://github.com/FusionAuth/fusionauth-issues/issues/320) - OAuth2 Device Authorization Grant
+  * This grant type is commonly used to connect a set top box application to a user account. For example when you connect your HBO NOW Roku application to your account you are prompted with a 6 digit code on the TV screen and instructed to open a web browser to [hbonow.com/tvcode](https://hbonow.com/tvcode) to complete the sign-in process. This process is using the OAuth Device Grant or a variation of this workflow.
 * Support for the `response_mode` request parameter during the Authorization Code grant and the Implicit grant workflows.
-** This will provide support for `response_mode=form_post`
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/159[GitHub Issue #159], thanks to https://github.com/bertiehub[@bertiehub] for requesting.
+  * This will provide support for `response_mode=form_post`
+  * Resolves [GitHub Issue #159](https://github.com/FusionAuth/fusionauth-issues/issues/159), thanks to [@bertiehub](https://github.com/bertiehub) for requesting.
 * An additional API is available in support of Passwordless Login to allow additional flexibility with third party integrations.
-** See https://github.com/FusionAuth/fusionauth-issues/issues/175[GitHub Issue #175]
-** This feature will be available in 3 steps, Start, Send and Complete. Currently the Send API generates a code and sends it to the user, and then a Login API completes the request. The change is backwards compatible, but a Start action will be provided so you may skip the Send and collect the code and send it to the user using a third party system.
-** See the [Passwordless API documentation](/docs/apis/passwordless) for additional information.
+  * See [GitHub Issue #175](https://github.com/FusionAuth/fusionauth-issues/issues/175)
+  * This feature will be available in 3 steps, Start, Send and Complete. Currently the Send API generates a code and sends it to the user, and then a Login API completes the request. The change is backwards compatible, but a Start action will be provided so you may skip the Send and collect the code and send it to the user using a third party system.
+  * See the [Passwordless API documentation](/docs/apis/passwordless) for additional information.
 
 ### Preview
 * The `PATCH` HTTP method is available on some APIs in a developer preview. This is not yet documented and should only be used in development. The following APIs support the `PATCH` method, more to come.
-** `/api/application`
-** `/api/user`
-** `/api/user/registration`
-** This is in support of https://github.com/FusionAuth/fusionauth-issues/issues/121[GitHub Issue #121 - Support HTTP method PATCH].
+  * `/api/application`
+  * `/api/user`
+  * `/api/user/registration`
+  * This is in support of [GitHub Issue #121 - Support HTTP method PATCH](https://github.com/FusionAuth/fusionauth-issues/issues/121).
 
 ### Fixed
 * Return a `400` status code with a JSON response body on the Import API when a foreign key constraint causes the import to fail
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/317[GitHub Issue #317], thanks to https://github.com/AlvMF1[@AlvMF1] for reporting the issue!
+  * Resolves [GitHub Issue #317](https://github.com/FusionAuth/fusionauth-issues/issues/317), thanks to [@AlvMF1](https://github.com/AlvMF1) for reporting the issue!
 * Return a `401` status code on the `Userinfo` endpoint for invalid tokens
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/321[GitHub Issue #321]
+  * Resolves [GitHub Issue #321](https://github.com/FusionAuth/fusionauth-issues/issues/321)
 * The Passwordless login external identifier complexity settings are not working
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/322[GitHub Issue #322], thanks to https://github.com/pawpro[@pawpro] for letting us know!
+  * Resolves [GitHub Issue #322](https://github.com/FusionAuth/fusionauth-issues/issues/322), thanks to [@pawpro](https://github.com/pawpro) for letting us know!
 * An error is incorrectly displayed on the Forgot Password form even when the code is valid
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/330[GitHub Issue #330], thanks to https://github.com/JesperWe[@JesperWe] for reporting the issue!
+  * Resolves [GitHub Issue #330](https://github.com/FusionAuth/fusionauth-issues/issues/330), thanks to [@JesperWe](https://github.com/JesperWe) for reporting the issue!
 * When a large number of tenants exist such as 3-5k, an exception may be thrown during a key cache reload request
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/326[GitHub Issue #326], thanks to https://github.com/johnmaia[@johnmaia] for reporting!
+  * Resolves [GitHub Issue #326](https://github.com/FusionAuth/fusionauth-issues/issues/326), thanks to [@johnmaia](https://github.com/johnmaia) for reporting!
 * When using the `id_token_hint` on the Logout endpoint, if the token was issued to a user that is not registered for the application it will not contain the `applicationId` claim. This claim was being used to resolve the `client_id` required to complete logout. An alternative strategy is now used so that an `id_token` issued to a user that is registered, or not registered will work as expected when provided on the Logout endpoint.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/350[GitHub Issue #350], thanks to https://github.com/paulspencerwilliams[@paulspencerwilliams] for taking the time to let us know!
+  * Resolves [GitHub Issue #350](https://github.com/FusionAuth/fusionauth-issues/issues/350), thanks to [@paulspencerwilliams](https://github.com/paulspencerwilliams) for taking the time to let us know!
 * Support a SAML SP that does not send the `<samlp:NameIDPolicy />` constraint in the AuthN request, in this case we will default to `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`.
 
 ### Enhancement
 * Front-channel logout was made more flexible
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/324[GitHub Issue #324]
-** A new attribute `Logout behavior` was added to the <strong>Application -> Oauth</strong> configuration
-*** `Redirect only` - legacy behavior of only logging out of SSO and redirecting to either the registered logout URL in the application or the `post_logout_redirect_uri`.
-*** `All applications` - performs a front channel logout of all registered applications in the tenant. Optionally, the themable `Oauth logout` page can be modified to only logout of those applications the user is registered for.
+  * Resolves [GitHub Issue #324](https://github.com/FusionAuth/fusionauth-issues/issues/324)
+  * A new attribute `Logout behavior` was added to the <strong>Application -> Oauth</strong> configuration
+    * `Redirect only` - legacy behavior of only logging out of SSO and redirecting to either the registered logout URL in the application or the `post_logout_redirect_uri`.
+    * `All applications` - performs a front channel logout of all registered applications in the tenant. Optionally, the themable `Oauth logout` page can be modified to only logout of those applications the user is registered for.
 * In some cases the Facebook IdP configuration requires a permission of `email` to be configured in order for the `email` claim to be returned from the Facebook Me API even when `email` is also specified in the `field` parameter. FusionAuth will default both the `fields` and the `permissions` parameters to `email` on create if not provided to make the Facebook IdP work out of the box for more users.  Defaults will not be applied if these fields are left blank or omitted on an update.
 * The [Passwordless Send API](/docs/apis/passwordless#send-passwordless-login) now takes an optional `code` parameter which will be used as the Passwordless code sent in the email.  This `code` can be generated by the new Passwordless Start API.
 
@@ -1160,7 +1161,7 @@ userCode=Enter your user code
 ### Fixed
 * When logging into Google or other external Identity Provider for an Application outside of the default tenant the login may not complete successfully. This issue was introduced in version 1.9.0. A work around is to use an application in the default tenant.
 * A status code of `500` may occur during the processing of the SAML v2 response from an SAML v2 IdP.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/314[GitHub Issue #314], thanks to https://github.com/Raghavsalotra[@Raghavsalotra] for all his help verifying a fix for this issue.
+  * Resolves [GitHub Issue #314](https://github.com/FusionAuth/fusionauth-issues/issues/314), thanks to [@Raghavsalotra](https://github.com/Raghavsalotra) for all his help verifying a fix for this issue.
 
 
 <ReleaseNoteHeading version="1.10.0" releaseDate="September 30th, 2019" />
@@ -1168,7 +1169,7 @@ userCode=Enter your user code
 
 ### Changed
 * In support of the OpenID Connect Front Channel logout feature, the following theme changes have been made.
-** New themed template `OAuth logout`. This template has been added to each of your existing themes. As part of your migration please review this template to ensure it matches your intended style.
+  * New themed template `OAuth logout`. This template has been added to each of your existing themes. As part of your migration please review this template to ensure it matches your intended style.
 * The following theme messages were added. Until these values have been translated they will be rendered in English. At your earliest convenience you will want to add these new keys to your existing themes. You may wish to review the community provided translations which may already contain these new messages. https://github.com/FusionAuth/fusionauth-localization
 
 ++++
@@ -1187,31 +1188,31 @@ or=Or
 
 ### New
 * Support for the OpenID Connect Front Channel logout
-** This updates the existing OAuth2 Logout endpoint to be compliant with the https://openid.net/specs/openid-connect-frontchannel-1_0.html[OpenID Connect Front-Channel Logout 1.0 - draft 02] specification
-** TL;DR The `/oauth2/logout` endpoint will call logout URLs of all tenant applications. A redirect URL can be requested on the URL via `post_logout_redirect_uri`.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/256[GitHub Issue #256], thanks to all who up voted and provided valuable feedback.
-** The [OpenId Connect discovery endpoint](/docs/lifecycle/authenticate-users/oauth/endpoints#openid-configuration) now returns the following attributes:
-*** `end_session_endpoint`
-*** `frontchannel_logout_supported`
-*** `backchannel_logout_supported`
+  * This updates the existing OAuth2 Logout endpoint to be compliant with the [OpenID Connect Front-Channel Logout 1.0 - draft 02](https://openid.net/specs/openid-connect-frontchannel-1_0.html) specification
+  * TL;DR The `/oauth2/logout` endpoint will call logout URLs of all tenant applications. A redirect URL can be requested on the URL via `post_logout_redirect_uri`.
+  * Resolves [GitHub Issue #256](https://github.com/FusionAuth/fusionauth-issues/issues/256), thanks to all who up voted and provided valuable feedback.
+  * The [OpenId Connect discovery endpoint](/docs/lifecycle/authenticate-users/oauth/endpoints#openid-configuration) now returns the following attributes:
+    * `end_session_endpoint`
+    * `frontchannel_logout_supported`
+    * `backchannel_logout_supported`
 
 ### Fixed
 * Send email API may fail with a `500`. This issue was introduced in version `1.9.0`.
-* SAML v2 Invalid Redirect. This resolves https://github.com/FusionAuth/fusionauth-issues/issues/287[GitHub Issue #287], thanks to https://github.com/prasanna10021991[@prasanna10021991] for reporting and helping!
+* SAML v2 Invalid Redirect. This resolves [GitHub Issue #287](https://github.com/FusionAuth/fusionauth-issues/issues/287), thanks to [@prasanna10021991](https://github.com/prasanna10021991) for reporting and helping!
 
 ### Enhancement
 * Allow request parameters to be provided on the Authorization endpoint in the OpenID Connect relaying party configuration. This allows FusionAuth to integrate with the [Twitch OpenID Authorization Grant implementation](https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#oidc-authorization-code-flow).
-** This resolves https://github.com/FusionAuth/fusionauth-issues/issues/309[GitHub Issue #309], thanks to https://github.com/tauinger-de[@tauinger-de] for reporting and helping out!
-** This is a partial fix to work around not supporting the `claims` parameter on the Authorize request. See https://github.com/FusionAuth/fusionauth-issues/issues/308[GitHub Issue #308] for additional information.
+  * This resolves [GitHub Issue #309](https://github.com/FusionAuth/fusionauth-issues/issues/309), thanks to [@tauinger-de](https://github.com/tauinger-de) for reporting and helping out!
+  * This is a partial fix to work around not supporting the `claims` parameter on the Authorize request. See [GitHub Issue #308](https://github.com/FusionAuth/fusionauth-issues/issues/308) for additional information.
 
 
 <ReleaseNoteHeading version="1.9.2" releaseDate="September 24rd, 2019" />
 
 ### Fixed
 * If you have one or more themes defined prior to upgrade you may be unable to login.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/306[GitHub Issue #306], thanks to https://github.com/flangfeldt[@flangfeldt] and https://github.com/jerryhopper[@jerryhopper] for the assist!
-** See workaround in the linked GitHub issue.
-** Resolves https://stackoverflow.com/questions/58083668/internal-server-error-after-fusion-auth-upgrade-to-v-1-9-1[Internal Server Error after Fusion Auth Upgrade to v 1.9.1], thanks to [Tom Bean](https://stackoverflow.com/users/7205239/tom-bean) for reporting!
+  * Resolves [GitHub Issue #306](https://github.com/FusionAuth/fusionauth-issues/issues/306), thanks to [@flangfeldt](https://github.com/flangfeldt) and [@jerryhopper](https://github.com/jerryhopper) for the assist!
+  * See workaround in the linked GitHub issue.
+  * Resolves [Internal Server Error after Fusion Auth Upgrade to v 1.9.1](https://stackoverflow.com/questions/58083668/internal-server-error-after-fusion-auth-upgrade-to-v-1-9-1), thanks to [Tom Bean](https://stackoverflow.com/users/7205239/tom-bean) for reporting!
 
 
 
@@ -1225,15 +1226,15 @@ or=Or
 
 ### New
 * Full theme localization support for errors and all other text
-** If you're interested in helping us crowd source additional languages check out this Git repo and open an issue or submit a PR.
-** https://github.com/FusionAuth/fusionauth-localization
+  * If you're interested in helping us crowd source additional languages check out this Git repo and open an issue or submit a PR.
+  * https://github.com/FusionAuth/fusionauth-localization
 
 ### Fixed
 * When editing a new email template that contained `${user.tenantId}` the template validation may fail.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/294[GitHub Issue #294], thanks to https://github.com/tauinger-de[@tauinger-de] for reporting the issue.
+  * Resolves [GitHub Issue #294](https://github.com/FusionAuth/fusionauth-issues/issues/294), thanks to [@tauinger-de](https://github.com/tauinger-de) for reporting the issue.
 * A locked account may still be able to login via Google or other external identity provider.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/301[GitHub Issue #301], thanks to https://github.com/jerryhopper[@jerryhopper] (a FusionAuth MVP) for the bug report!
-** Previous to this change when using the OAuth2 login or the Login API, a locked account was treated as a "soft" lock and a `404` would be returned from the Login API which in turn displayed an Invalid credentials error. The account locked (soft delete) state will not return a `423` status code instead of a `404` which will result in a different message to the OAuth2 login.
+  * Resolves [GitHub Issue #301](https://github.com/FusionAuth/fusionauth-issues/issues/301), thanks to [@jerryhopper](https://github.com/jerryhopper) (a FusionAuth MVP) for the bug report!
+  * Previous to this change when using the OAuth2 login or the Login API, a locked account was treated as a "soft" lock and a `404` would be returned from the Login API which in turn displayed an Invalid credentials error. The account locked (soft delete) state will not return a `423` status code instead of a `404` which will result in a different message to the OAuth2 login.
 
 
 <ReleaseNoteHeading version="1.8.1 RC1" releaseDate="September 10th, 2019" />
@@ -1260,69 +1261,69 @@ Any rows in the `user_external_ids` table with a `null` value in the `applicatio
 
 Thanks to all of our community members who take the time to open features, report bugs, assist others and help us improve FusionAuth! For this release we would like to thank the following GitHub users who helped us out!
 
-* https://github.com/AlvMF1[@AlvMF1]
-* https://github.com/colundrum[@colundrum]
-* https://github.com/damienherve[@damienherve]
-* https://github.com/davidmw[@davidmw]
-* https://github.com/fabiojvalente[@fabiojvalente]
-* https://github.com/flangfeldt[@flangfeldt]
-* https://github.com/johnmaia[@johnmaia]
-* https://github.com/petechungtuyco[@petechungtuyco]
-* https://github.com/prabhakarreddy1234[@prabhakarreddy1234]
-* https://github.com/snmed[@snmed]
-* https://github.com/tombeany[@tombeany]
-* https://github.com/unkis[@unkis]
-* https://github.com/whiskerch[@whiskerch]
-* https://github.com/zbruhnke[@zbruhnke]
+* [@AlvMF1](https://github.com/AlvMF1)
+* [@colundrum](https://github.com/colundrum)
+* [@damienherve](https://github.com/damienherve)
+* [@davidmw](https://github.com/davidmw)
+* [@fabiojvalente](https://github.com/fabiojvalente)
+* [@flangfeldt](https://github.com/flangfeldt)
+* [@johnmaia](https://github.com/johnmaia)
+* [@petechungtuyco](https://github.com/petechungtuyco)
+* [@prabhakarreddy1234](https://github.com/prabhakarreddy1234)
+* [@snmed](https://github.com/snmed)
+* [@tombeany](https://github.com/tombeany)
+* [@unkis](https://github.com/unkis)
+* [@whiskerch](https://github.com/whiskerch)
+* [@zbruhnke](https://github.com/zbruhnke)
 
 
 ### Changed
 * Most of the configuration previously available in the System Settings has been moved to the Tenant configuration to allow for additional flexibility. This is important if you will be utilizing more than one tenant, you may now configure password policies, email configuration, etc per tenant. If you are using the System Configuration or Tenant APIs, please be aware of this change and plan accordingly. If you were manually synchronizing these configurations between systems, you will need to update these processes.
-** SMTP configuration
-** Event configuration
-** Password configuration
-** Failed Authentication configuration
-** Password configuration
-** JWT configuration
-** Theme
+  * SMTP configuration
+  * Event configuration
+  * Password configuration
+  * Failed Authentication configuration
+  * Password configuration
+  * JWT configuration
+  * Theme
 * When using a theme, whenever possible provide the `tenantId` on the request using an HTTP request parameter. This will help ensure FusionAuth will render the page using your chosen theme. In most cases FusionAuth can identify the correct tenant and theme based upon other parameters in the request, but in some circumstances there is not enough information and FusionAuth will default to the stock theme if the `tenantId` is not explicitly provided.
-** For example in each of the shipped email templates the following has been added to the generated URL `?tenantId=${tenantId}`. You may wish to add this to your email templates if you're using themes.
+  * For example in each of the shipped email templates the following has been added to the generated URL `?tenantId=${tenantId}`. You may wish to add this to your email templates if you're using themes.
 * If you were previously accessing a themed stylesheet in your template as `${loginTheme.stylesheet}` it is now accessed like this `${theme.stylesheet()}`.
 
 ### New
 * Top level theme menu in FusionAuth UI. <strong>Settings -> Themes</strong>.
-** Create, delete, edit and update themes
-** Assign a named theme to a tenant
-** Theme preview
+  * Create, delete, edit and update themes
+  * Assign a named theme to a tenant
+  * Theme preview
 * User modifiable [CORS configuration](/docs/operate/secure-and-monitor/cors)
-** https://github.com/FusionAuth/fusionauth-issues/issues/180[GitHub Feature #180 : Expose a CORS configuration to the end user]
-* A public key may also be retrieved by `kid` in addition to the `applicationId` when using the [Public Key API](/docs/apis/jwt#retrieve-public-keys). This resolves https://github.com/FusionAuth/fusionauth-issues/issues/227[GitHub Issue #227].
+  * [GitHub Feature #180 : Expose a CORS configuration to the end user](https://github.com/FusionAuth/fusionauth-issues/issues/180)
+* A public key may also be retrieved by `kid` in addition to the `applicationId` when using the [Public Key API](/docs/apis/jwt#retrieve-public-keys). This resolves [GitHub Issue #227](https://github.com/FusionAuth/fusionauth-issues/issues/227).
 * PKCE support for use during the Implicit Grant
-* New [User Email Verified](/docs/extend/events-and-webhooks/events/user-email-verified) and [User Registration Verified](/docs/extend/events-and-webhooks/events/user-registration-verified) events. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/163[GitHub Issue #163], thanks to https://github.com/unkis[@unkis], https://github.com/prabhakarreddy1234[@prabhakarreddy1234] and https://github.com/davidmw[@davidmw] for the great feedback!
+* New [User Email Verified](/docs/extend/events-and-webhooks/events/user-email-verified) and [User Registration Verified](/docs/extend/events-and-webhooks/events/user-registration-verified) events. Resolves [GitHub Issue #163](https://github.com/FusionAuth/fusionauth-issues/issues/163), thanks to [@unkis](https://github.com/unkis), [@prabhakarreddy1234](https://github.com/prabhakarreddy1234) and [@davidmw](https://github.com/davidmw) for the great feedback!
 * Email Verification, Registration Verification, Change Password, Setup Password and Passwordless Login can be be optionally configured to use codes made up of digits instead of long strings. This may be helpful if you wish the user to type in a code during an interactive workflow.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/269[GitHub Issue #269], thanks to https://github.com/zbruhnke[@zbruhnke] for helping us get this one delivered.
+  * Resolves [GitHub Issue #269](https://github.com/FusionAuth/fusionauth-issues/issues/269), thanks to [@zbruhnke](https://github.com/zbruhnke) for helping us get this one delivered.
 
 ### Fixed
 * Tenant scoped SMTP configuration, password rules, event transactions, JWT signing configuration, etc.
 * When viewing Refresh token expiration in the Manage User panel under the Sessions tab, the expiration may be displayed incorrectly if the Refresh Token Time to Live has been set at the Application level. The actual time to live was still correctly enforced, but this display may have been incorrect.
 * In some cases an Id Token signed by FusionAuth may not be able to be verified if it is sent back to FusionAuth. This issue was introduced in version `1.6.0`.
 * If the host operating system is not configured for `UTF-8` and you specify multi-byte characters in an email template subject, the subject text may not be rendered correctly when viewed by the recipient.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/231[GitHub Issue #231], thanks to https://stackoverflow.com/users/8266623/lechu67[@Lechu67] for reporting via [Stack Overflow](https://stackoverflow.com/questions/57146832/) and helping to diagnose the issue.
-* Toggle rendering issue in Firefox. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/260[GitHub issue #260], thanks to https://github.com/snmed[@snmed] for the assist!
-* When creating users and applications programatically, due to a timing issue, you may receive an unexpected error indicating the Application does not exist. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/252[GitHub Issue $252], thanks to https://github.com/johnmaia[@johnmaia] for reporting the issue.
-* An exception may occur when using the Login with Google feature if the `picture` claim returned is not a valid URI. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/249[GitHub Issue #249], thanks to https://github.com/damienherve[@damienherve] for reporting the issue.
-* A tenant may fail to be deleted. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/221[GitHub Issue #221], thanks to https://github.com/johnmaia[@johnmaia] for the assist! If you encounter this issue, ensure the search index is updated, generally this will only happen if you programatically create users and then immediately attempt to delete a tenant.
-* The relative link on the Change Password themed template to restart the Forgot Password workflow when the code has expired is broken. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/280[GitHub Issue #280], thanks to https://github.com/flangfeldt[@flangfeldt] for letting us know!
-* The Import API may fail due to a false positive during password salt validation. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/272[GitHub Issue #272], thanks to https://github.com/tombeany[@tombeany] for reporting the issue.
-* Modifying an Identity Provider configuration when an Application has been disabled may cause an error in the UI. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/245[GitHub Issue #245], thanks to https://github.com/fabiojvalente[@fabiojvalente] for reporting the issue.
-* When the FusionAuth schema exists in the database and you reconnect FusionAuth using the database maintenance mode, depending upon the version of PostgreSQL we may not properly detect that the schema exists and return an error instead of continuing. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/237[GitHub Issue #237], thanks to https://github.com/whiskerch[@whiskerch] for reporting the issue.
-* A typo in the Java FusionAuth client causes the to fail the `generateEmailVerificationId` request. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/282[GitHub Issue #282], thanks to https://github.com/petechungtuyco[@petechungtuyco] for reporting the issue and pointing out the solution!
+  * Resolves [GitHub Issue #231](https://github.com/FusionAuth/fusionauth-issues/issues/231), thanks to [@Lechu67](https://stackoverflow.com/users/8266623/lechu67) for reporting via [Stack Overflow](https://stackoverflow.com/questions/57146832/) and helping to diagnose the issue.
+* Toggle rendering issue in Firefox. Resolves [GitHub issue #260](https://github.com/FusionAuth/fusionauth-issues/issues/260), thanks to [@snmed](https://github.com/snmed) for the assist!
+* When creating users and applications programatically, due to a timing issue, you may receive an unexpected error indicating the Application does not exist. Resolves [GitHub Issue $252](https://github.com/FusionAuth/fusionauth-issues/issues/252), thanks to [@johnmaia](https://github.com/johnmaia) for reporting the issue.
+* An exception may occur when using the Login with Google feature if the `picture` claim returned is not a valid URI. Resolves [GitHub Issue #249](https://github.com/FusionAuth/fusionauth-issues/issues/249), thanks to [@damienherve](https://github.com/damienherve) for reporting the issue.
+* A tenant may fail to be deleted. Resolves [GitHub Issue #221](https://github.com/FusionAuth/fusionauth-issues/issues/221), thanks to [@johnmaia](https://github.com/johnmaia) for the assist! If you encounter this issue, ensure the search index is updated, generally this will only happen if you programatically create users and then immediately attempt to delete a tenant.
+* The relative link on the Change Password themed template to restart the Forgot Password workflow when the code has expired is broken. Resolves [GitHub Issue #280](https://github.com/FusionAuth/fusionauth-issues/issues/280), thanks to [@flangfeldt](https://github.com/flangfeldt) for letting us know!
+* The Import API may fail due to a false positive during password salt validation. Resolves [GitHub Issue #272](https://github.com/FusionAuth/fusionauth-issues/issues/272), thanks to [@tombeany](https://github.com/tombeany) for reporting the issue.
+* Modifying an Identity Provider configuration when an Application has been disabled may cause an error in the UI. Resolves [GitHub Issue #245](https://github.com/FusionAuth/fusionauth-issues/issues/245), thanks to [@fabiojvalente](https://github.com/fabiojvalente) for reporting the issue.
+* When the FusionAuth schema exists in the database and you reconnect FusionAuth using the database maintenance mode, depending upon the version of PostgreSQL we may not properly detect that the schema exists and return an error instead of continuing. Resolves [GitHub Issue #237](https://github.com/FusionAuth/fusionauth-issues/issues/237), thanks to [@whiskerch](https://github.com/whiskerch) for reporting the issue.
+* A typo in the Java FusionAuth client causes the to fail the `generateEmailVerificationId` request. Resolves [GitHub Issue #282](https://github.com/FusionAuth/fusionauth-issues/issues/282), thanks to [@petechungtuyco](https://github.com/petechungtuyco) for reporting the issue and pointing out the solution!
 
 ### Enhancement
 * [JWT Refresh Token Revoke](/docs/extend/events-and-webhooks/events/jwt-refresh-token-revoke) event will contain a User object when available
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/255[GitHub Issue #255], thanks to https://github.com/AlvMF1[@AlvMF1] for the great suggestion!
-* In a themed template that may have the `passwordValidationRules` available after a password validation field error will now always have the `passwordValidationRules` available if you choose to display them. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/263[GitHub Issue #263], thanks to https://github.com/AlvMF1[@AlvMF1] for the suggestion!
-* Updated PostgresSQL connector to support `SCRAM-SHA-256`. Thanks to https://github.com/colundrum[@colundrum] for letting us know and assisting in testing. Resolves https://github.com/FusionAuth/fusionauth-issues/issues/209[GitHub Issue #209]
+  * Resolves [GitHub Issue #255](https://github.com/FusionAuth/fusionauth-issues/issues/255), thanks to [@AlvMF1](https://github.com/AlvMF1) for the great suggestion!
+* In a themed template that may have the `passwordValidationRules` available after a password validation field error will now always have the `passwordValidationRules` available if you choose to display them. Resolves [GitHub Issue #263](https://github.com/FusionAuth/fusionauth-issues/issues/263), thanks to [@AlvMF1](https://github.com/AlvMF1) for the suggestion!
+* Updated PostgresSQL connector to support `SCRAM-SHA-256`. Thanks to [@colundrum](https://github.com/colundrum) for letting us know and assisting in testing. Resolves [GitHub Issue #209](https://github.com/FusionAuth/fusionauth-issues/issues/209)
 * The [OpenId Connect discovery endpoint](/docs/lifecycle/authenticate-users/oauth/endpoints#openid-configuration) now accepts optional `tenantId` request parameter.
 * A [User](/docs/apis/users) object is returned in the `jwt.refresh-token.revoke` event JSON.
 * The field `tenantId` is returned in event JSON.
@@ -1332,7 +1333,7 @@ Thanks to all of our community members who take the time to open features, repor
 
 ### Fixed
 * When configuring a SAML v2 IdP relying party using the FusionAuth SP metadata, the configured ACS may not work properly. If you encounter this issue you may manually modify the relying party configuration to change the ACS endpoint to `/oauth2/callback`.
-** Resolves https://stackoverflow.com/questions/57607810/fusionauth-adfs-integration-issue[Stack Overflow : Fusionauth ADFS integration issue], thanks to https://stackoverflow.com/users/3702939/johan[@johan] for reporting the issue.
+  * Resolves [Stack Overflow : Fusionauth ADFS integration issue](https://stackoverflow.com/questions/57607810/fusionauth-adfs-integration-issue), thanks to [@johan](https://stackoverflow.com/users/3702939/johan) for reporting the issue.
 
 
 <ReleaseNoteHeading version="1.7.3" releaseDate="August 15th, 2019" />
@@ -1344,17 +1345,17 @@ Thanks to all of our community members who take the time to open features, repor
 ### Fixed
 * In some cases when running FusionAuth behind a proxy without setting the `X-Forwarded-Port` header the URLs returned in the OpenID Configuration discovery document may contain an `https` URL that is suffixed with port `80`. If this is encountered prior to this version you may simply add the `X-Forwarded-Port` header in your proxy configuration.
 * SAML v2 fix when using `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` or `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` Name Id formats.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/205[GitHub Issue #205], thanks to https://github.com/mikerees[@mikerees] for reporting the issue and helping us test a fix.
+  * Resolves [GitHub Issue #205](https://github.com/FusionAuth/fusionauth-issues/issues/205), thanks to [@mikerees](https://github.com/mikerees) for reporting the issue and helping us test a fix.
 * SAML v2 fix in the IdP Metadata. The `IDPSSODescriptor` was missing the `protocolSupportEnumeration` which may cause some SAML metadata parsers to fail processing.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/235[GitHub Issue #235], thanks to https://github.com/user1970869 [@user1970869 ] for reporting the issue and helping us test a fix.
+  * Resolves [GitHub Issue #235](https://github.com/FusionAuth/fusionauth-issues/issues/235), thanks to [@user1970869 ](https://github.com/user1970869 ) for reporting the issue and helping us test a fix.
 * SAML v2 fix in the IdP Metadata. The value returned in the `issuer` attribute was not the same as the `entityId` provided in the metadata which may cause some SAML metadata parsers to fail processing.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/240[GitHub Issue #240], thanks to https://github.com/user1970869 [@user1970869 ] for reporting the issue and helping us test a fix.
+  * Resolves [GitHub Issue #240](https://github.com/FusionAuth/fusionauth-issues/issues/240), thanks to [@user1970869 ](https://github.com/user1970869 ) for reporting the issue and helping us test a fix.
 * And audit log entry may not be created for a FusionAuth admin that does not have an email address when modifying configuration with the FusionAuth UI.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/268[GitHub Issue #268]
+  * Resolves [GitHub Issue #268](https://github.com/FusionAuth/fusionauth-issues/issues/268)
 
 ### Enhancement
 * Integration details have been moved to a view dialog for each Identity Provider configuration. Previously these values were provided as read only fields on the edit panel in the UI.
-** See the View action for your Identity Provider configurations by navigating to <strong>Settings -> Identity Providers</strong>.
+  * See the View action for your Identity Provider configurations by navigating to <strong>Settings -> Identity Providers</strong>.
 
 
 
@@ -1362,9 +1363,9 @@ Thanks to all of our community members who take the time to open features, repor
 
 ### Fixed
 * Deleting a user that has recently had a failed login may fail when FusionAuth is tracking failed login attempts to lock user accounts.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/184[GitHub Issue #184 : Cannot delete user with too many login attempts], thanks to https://github.com/gmpreussner[@gmpreussner] for reporting the issue.
+  * Resolves [GitHub Issue #184 : Cannot delete user with too many login attempts](https://github.com/FusionAuth/fusionauth-issues/issues/184), thanks to [@gmpreussner](https://github.com/gmpreussner) for reporting the issue.
 * Login to a 3rd party SAML IdP may fail
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/181[GitHub Issue #181 : Trouble with SAML and OpenID logins], thanks to https://github.com/davidmw[@davidmw] for reporting the issue.
+  * Resolves [GitHub Issue #181 : Trouble with SAML and OpenID logins](https://github.com/FusionAuth/fusionauth-issues/issues/181), thanks to [@davidmw](https://github.com/davidmw) for reporting the issue.
 * Fix the uptime calculation for nodes when viewed in the About panel. <strong>System -> About</strong>
 
 
@@ -1386,12 +1387,12 @@ Thanks to all of our community members who take the time to open features, repor
 
 ### New
 * Family and relationship modeling. Yeah, everyone has users, but does your IdP manage family relationships?
-** Family concepts
-** [Family APIs](/docs/apis/families)
+  * Family concepts
+  * [Family APIs](/docs/apis/families)
 * Consent management. Need to record parental consent, or track opt-in for your users? Look no further.
-** Consent concepts
-** [Consent APIs](/docs/apis/consents)
-** We will ship FusionAuth with COPPA VPC, and COPPA Email+ consents, additional consents may be added through the Consent management interface and through the Consent APIs.
+  * Consent concepts
+  * [Consent APIs](/docs/apis/consents)
+  * We will ship FusionAuth with COPPA VPC, and COPPA Email+ consents, additional consents may be added through the Consent management interface and through the Consent APIs.
 * Export of Audit Logs to a zipped CSV in the UI and via the [Export API](/docs/apis/audit-logs#export-audit-logs)
 * Export of Login Records to a zipped CSV in the UI and via the [Export API](/docs/apis/login#export-login-records)
 * Login Record view that contains limited search and pagination capability. In the UI see <strong>System -> Login Records</strong>
@@ -1407,17 +1408,17 @@ Thanks to all of our community members who take the time to open features, repor
 ### Enhancement
 * The User Registration object is now available as a top level object in the Verify Registration email template. The registration was previously available in the `user` object, but it will now also be a top level object `registration`.
 * Support arbitrary URIs for OAuth redirects.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/58[Github Issue #58 : Support OAuth2 redirect to an arbitrary scheme in support of native applications]
+  * Resolves [Github Issue #58 : Support OAuth2 redirect to an arbitrary scheme in support of native applications](https://github.com/FusionAuth/fusionauth-issues/issues/58)
 * Add `user.mobilePhone` to the search index. For an existing installation, to take advantage of this field for existing users, you may need to rebuild the search index. See <strong>System -> Reindex</strong>
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/165[GitHub Issue #165 : Add mobilePhone in User Search]
-** Thanks to https://github.com/petechungtuyco[@petechungtuyco] for letting us know and suggesting the addition.
+  * Resolves [GitHub Issue #165 : Add mobilePhone in User Search](https://github.com/FusionAuth/fusionauth-issues/issues/165)
+  * Thanks to [@petechungtuyco](https://github.com/petechungtuyco) for letting us know and suggesting the addition.
 
 
 <ReleaseNoteHeading version="1.6.1" releaseDate="May 2nd, 2019" />
 
 ### Fixed
 * Using OpenID Connect with Microsoft Azure AD may fail
-** Thanks to https://github.com/FusionAuth/fusionauth-issues/issues/153[@stevenrombauts] and https://github.com/plunkettscott[@plunkettscott] for reporting the issue. https://github.com/FusionAuth/fusionauth-issues/issues/153[OpenID connect fails with Azure AD #153].
+  * Thanks to [@stevenrombauts](https://github.com/FusionAuth/fusionauth-issues/issues/153) and [@plunkettscott](https://github.com/plunkettscott) for reporting the issue. [OpenID connect fails with Azure AD #153](https://github.com/FusionAuth/fusionauth-issues/issues/153).
 
 
 <ReleaseNoteHeading version="1.6.0" releaseDate="April 28th, 2019" />
@@ -1428,11 +1429,11 @@ Thanks to all of our community members who take the time to open features, repor
 
 ### Changed
 * Deprecated the following properties `SystemConfiguration` and `Application` domain. This is all now managed through Key Master, and existing keys have been migrated into Key Master.
-** `jwtConfiguration.issuer`
-** `jwtConfiguration.algorithm`
-** `jwtConfiguration.secret`
-** `jwtConfiguration.publicKey`
-** `jwtConfiguration.privateKey`
+  * `jwtConfiguration.issuer`
+  * `jwtConfiguration.algorithm`
+  * `jwtConfiguration.secret`
+  * `jwtConfiguration.publicKey`
+  * `jwtConfiguration.privateKey`
 * Deprecated the following property `SystemConfiguration.jwtConfiguration.issuer`, it has moved to `SystemConfiguration.issuer`.
 * A new macro was added to the `_helpers.ftl` that may be managed by your theme. If you have modified the `_helpers.ftl` template as part of your theme, you will either need to reset that template and merge your changes back in, or add the following code to your `_helpers.ftl` managed by your theme. If you encounter an issue with this, you will still likely be able to login to correct the issue, if you do get stuck you may disable your theme to login. See [Troubleshooting themes](/docs/customize/look-and-feel/#troubleshooting).
 
@@ -1448,40 +1449,40 @@ ${text?html}
 ____
 
 ### New
-* Support for SAMLv2 IdP. This satisfies https://github.com/FusionAuth/fusionauth-issues/issues/3[GitHub Issue #3]
-* Support for SAMLv2 Service Provider to support federated authentication to a SAMLv2 Identity Provider. This satisfies https://github.com/FusionAuth/fusionauth-issues/issues/104[GitHub Issue #104]
+* Support for SAMLv2 IdP. This satisfies [GitHub Issue #3](https://github.com/FusionAuth/fusionauth-issues/issues/3)
+* Support for SAMLv2 Service Provider to support federated authentication to a SAMLv2 Identity Provider. This satisfies [GitHub Issue #104](https://github.com/FusionAuth/fusionauth-issues/issues/104)
 * Lambda support. Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. In the initial release of Lambda support they can be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these Identity Providers.
-** See the Lambda API and the new Lambda settings in the UI <strong>Settings -> Lambdas</strong>.
+  * See the Lambda API and the new Lambda settings in the UI <strong>Settings -> Lambdas</strong>.
 * Event Log. The event log will assist developers during integration to debug integrations. The event log will be found in the UI under <strong>System -> Event Log</strong>.
-** SMTP Transport errors
-** Lambda execution exceptions
-** Lambda debug output
-** SAML IdP integration errors and debug
-** Runtime exceptions due to email template rendering issues
-** And more!
+  * SMTP Transport errors
+  * Lambda execution exceptions
+  * Lambda debug output
+  * SAML IdP integration errors and debug
+  * Runtime exceptions due to email template rendering issues
+  * And more!
 * Key Master, manage HMAC, Elliptic and RSA keys, import, download, generate, we do it all here at Key Master.
-** [Key APIs](/docs/apis/keys)
+  * [Key APIs](/docs/apis/keys)
 * New events
- ** `user.login.failed`
- ** `user.login.success`
- ** `user.registration.create`
- ** `user.registration.update`
- ** `user.registration.delete`
+   * `user.login.failed`
+   * `user.login.success`
+   * `user.registration.create`
+   * `user.registration.update`
+   * `user.registration.delete`
 * Easily duplicate email templates using the Duplicate action.
-** https://github.com/FusionAuth/fusionauth-issues/issues/142
+  * https://github.com/FusionAuth/fusionauth-issues/issues/142
 * Manage Access Token and Id Token signing separately
 
 
 ### Enhancement
 * Insert instant provided on the Import API for Users and Registrations will be reflected in the historical registration reports
-** https://github.com/FusionAuth/fusionauth-issues/issues/144
+  * https://github.com/FusionAuth/fusionauth-issues/issues/144
 * Additional node information will be available on the About panel when running multiple FusionAuth nodes in a cluster. See <strong>System -> About</strong>.
 
 ### Fixed
 * If Passwordless login is disabled because no email template has been configured the button will not be displayed on the login panel. If a user attempts to use the passwordless login and the feature has been disabled or the user does not have an email address a error will be displayed to alert the user.
-* If you are using the Implicit Grant and you have Self Service Registration enabled for the same application, the redirect after the registration check will assume you are using the Authorization Code grant. To work around this issue prior to this release, disable Self Service Registration. Thanks to https://github.com/whiskerch[@whiskerch] for reporting this issue in https://github.com/FusionAuth/fusionauth-issues/issues/102[GitHub Issue #102].
+* If you are using the Implicit Grant and you have Self Service Registration enabled for the same application, the redirect after the registration check will assume you are using the Authorization Code grant. To work around this issue prior to this release, disable Self Service Registration. Thanks to [@whiskerch](https://github.com/whiskerch) for reporting this issue in [GitHub Issue #102](https://github.com/FusionAuth/fusionauth-issues/issues/102).
 * Fixed OpenID Connect federated login. Our JavaScript code was throwing an exception due to the removal of the `device` field from OAuth. This code wasn't updated and therefore would not perform the redirect to the third-party Open ID Connect IdP. To fix this issue in 1.5.0 or below, you can remove this line from OpenIDConnect.js on or near line 48: `+ '&device=' + Prime.Document.queryFirst('input[name=device]').getValue()`.
-* When you use the Refresh Grant with a Refresh Token that was obtained using the Authorization Code grant using the `openid` scope, the response will not contain an `id_token` as you would expect. This fixes https://github.com/FusionAuth/fusionauth-issues/issues/110[GitHub Issue #110 - OIDC and Refresh Tokens]. Thanks to https://github.com/fabiosimeoni[@fabiosimeoni] for reporting this issue
+* When you use the Refresh Grant with a Refresh Token that was obtained using the Authorization Code grant using the `openid` scope, the response will not contain an `id_token` as you would expect. This fixes [GitHub Issue #110 - OIDC and Refresh Tokens](https://github.com/FusionAuth/fusionauth-issues/issues/110). Thanks to [@fabiosimeoni](https://github.com/fabiosimeoni) for reporting this issue
 * When using the OpenID Connect Identity Provider that requires client authentication may fail even when you provide a client secret in your OpenID Connect configuration.
 * https://github.com/FusionAuth/fusionauth-issues/issues/118
 * https://github.com/FusionAuth/fusionauth-issues/issues/119
@@ -1523,7 +1524,7 @@ ____
 * When a user has 2FA enabled and a password change is required during login, the 2FA will now occur before the change password workflow
 * When more than one tenant exists, the Forgot Password link on the FusionAuth login page will not function properly.
 * The Logout API may not always delete the `access_token` and `refresh_token` cookies if they exist on the browser.
-* The `id_token` will be signed with the `client_secret` when `HS256`, `HS384` or `HS512` is selected as the signing algorithm. This is necessary for compliance with https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation[OpenID Connect Core 3.1.3.7 ID Token Validation]. This fixes GitHub issue https://github.com/FusionAuth/fusionauth-issues/issues/57[GitHub Issue #57], thanks to https://github.com/anbraten[@anbraten] for reporting this issue. If you encounter this issue prior to this version, copy the Client Secret found in the UI on the `OAuth` tab of your Application configuration into the HMAC secret on the `JWT` configuration tab.
+* The `id_token` will be signed with the `client_secret` when `HS256`, `HS384` or `HS512` is selected as the signing algorithm. This is necessary for compliance with [OpenID Connect Core 3.1.3.7 ID Token Validation](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation). This fixes GitHub issue [GitHub Issue #57](https://github.com/FusionAuth/fusionauth-issues/issues/57), thanks to [@anbraten](https://github.com/anbraten) for reporting this issue. If you encounter this issue prior to this version, copy the Client Secret found in the UI on the `OAuth` tab of your Application configuration into the HMAC secret on the `JWT` configuration tab.
 * The [Login API](/docs/apis/login) will now return a `400` with an error JSON response body if the `applicationId` parameter does not belong to any configured applications. Previous to this release, this was treated the same as if the User was not registered to the requested application.
 * A change to the Docker build for permissions reduced the overall `fusionauth-app` image by ~ 200 MB.
 
@@ -1539,20 +1540,20 @@ ____
 ### New
 * Self service registration. You may optionally enable this feature per application and allow users to create a new account or register for new applications without building your own registration forms.
 * JSON Web Key set support. This endpoint will be exposed at `/.well-known/jwks.json` and will be published in the [OpenID Configuration](/docs/lifecycle/authenticate-users/oauth/endpoints#openid-configuration) metadata endpoint as well. Prior to this release the public keys used to sign JSON Web Tokens were only available in PEM format using the [Public Key API](/docs/apis/jwt#retrieve-public-keys), this endpoint will still be available and supported.
-** See [JSON Web Key Set (JWKS)](/docs/lifecycle/authenticate-users/oauth/endpoints#json-web-key-set-jwks) for more information.
+  * See [JSON Web Key Set (JWKS)](/docs/lifecycle/authenticate-users/oauth/endpoints#json-web-key-set-jwks) for more information.
 * Added Elliptic Curve signature support for JSON Web Tokens, ES256, ES384 and ES512.
 * Added Typescript client library https://github.com/FusionAuth/fusionauth-typescript-client
 * The Login Report may now be optionally filtered to a particular User in the UI, and the [Login Report](/docs/apis/reports#generate-login-report) API will now take `loginId` or `userId`.
 
 ### Fixed
 * When using Docker compose, if you start up with `--pull` to update to the latest version of FusionAuth and there happens to be a database schema update, the silent configuration mode may fail. This occurs because the silent configuration was not performing the database schema update automatically. If you encounter this issue, you will need to manually update the schema.
-** This will only occur if you are running a version of FusionAuth prior to `1.1.0` and upgrade using `--pull` during `docker compose up`.
+  * This will only occur if you are running a version of FusionAuth prior to `1.1.0` and upgrade using `--pull` during `docker compose up`.
 * When you have multiple tenants created, a tenant may be deleted with an API key that is not assigned to the tenant. This has been corrected and a tenant may only be deleted using an API key that is not assigned to any tenant. This issue will only affect you if you have more than one tenant.
 * Updated Maintenance Mode (setup wizard) to work with MySQL version 8.0.13 and above. MySQL has changed their SSL/TLS handling and our connections were not correctly handling public keys. This has been fixed by allowing FusionAuth to perform a secondary request to MySQL to fetch the public key.
 * Logging in with a Social Login provider such as Google for an existing FusionAuth user may cause them to be unable to login to FusionAuth directly using their original credentials.
 * When using the OpenID Connect Identity Provider, the incoming claim `given_name` was being saved in the `fullName` field instead of the `firstName`.
 * When a user is soft deleted, actioned to prevent login, expired, or they have changed their password since their last login, their SSO session will be invalidated instead of waiting for the session to expire.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/59[Github Issue #59 :Using a access token for a lock account]
+  * Resolves [Github Issue #59 :Using a access token for a lock account](https://github.com/FusionAuth/fusionauth-issues/issues/59)
 
 ### Internal
 * Upgrade to fusionauth-jwt 3.0.1 in support of Elliptic Curve crypto support.
@@ -1564,19 +1565,19 @@ ____
 
 ### Changed
 * API key will take precedence for API authentication if both a JWT and an API key are provided on the request. For example, when making a GET request to the User API, if a JWT is provided in a cookie, and a valid API key is also provided in the `Authorization` HTTP header, the previous design was to prefer the JWT. This design point meant that even when an API key was provided, even when providing a valid API key, you would be unable to retrieve any user but the one represented by the JWT.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/43[GitHub Issue #43 : Id is ignored on Retrieve User when JWT is present]
+  * Resolves [GitHub Issue #43 : Id is ignored on Retrieve User when JWT is present](https://github.com/FusionAuth/fusionauth-issues/issues/43)
 * The `client_id` is no longer required on the OAuth Token endpoint when client authentication is configured as required, in this scenario the client Id is provided in the HTTP Basic Authorization header.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/54[Github Issue #54 :Token request returning 500 when client_id is omitted]
+  * Resolves [Github Issue #54 :Token request returning 500 when client_id is omitted](https://github.com/FusionAuth/fusionauth-issues/issues/54)
 
 ### Fixed
 * When editing the JWT settings in the FusionAuth application the UI a JavaScript error may cause some of the settings to not render properly. This error was introduced in version `1.3.0`.
 * Added missing properties to the Application view dialog in the FusionAuth UI.
 * The `openid` scope may not be honored during login when a user has Two Factor authentication enabled. The symptom of this issue is that the response from the Token endpoint will not contain an `id_token` even when the `openid` scope was requested.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/53[Github Issue #53 : Authorization with scope openid fails when 2FA is enabled]
+  * Resolves [Github Issue #53 : Authorization with scope openid fails when 2FA is enabled](https://github.com/FusionAuth/fusionauth-issues/issues/53)
 * Validation for the OAuth2 Token endpoint may fail when the `client_id` request body parameter is omitted and return a `500` instead of a `400` status code.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/54[Github Issue #54 : Token request returning 500 when client_id is omitted]
+  * Resolves [Github Issue #54 : Token request returning 500 when client_id is omitted](https://github.com/FusionAuth/fusionauth-issues/issues/54)
 * When a OAuth2 redirect URI is registered with a query parameter, the resulting redirect URI will not be built correctly.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/55[Github Issue #55 : Adding a query parameter to the redirect_uri causes an invalid URI to be returned]
+  * Resolves [Github Issue #55 : Adding a query parameter to the redirect_uri causes an invalid URI to be returned](https://github.com/FusionAuth/fusionauth-issues/issues/55)
 * When trying to configure Elasticsearch engine during maintenance mode the index may get created but fail to leave maintenance mode. FusionAuth makes a `HEAD` request to Elasticsearch to check if the required indexes exist during startup and prior to leaving maintenance mode. When connected to an AWS Elasticsearch cluster this request does not behave as expected which causes FusionAuth to stay in maintenance mode. This issue has been resolved and should allow FusionAuth to properly connect to and utilize Elasticsearch running in an AWS cluster.
 
 
@@ -1593,16 +1594,16 @@ ____
 ### Fixed
 * Calling the [Introspect](/docs/lifecycle/authenticate-users/oauth/endpoints#introspect) endpoint with a JWT returned from the Issue API may fail due to the missing `aud` claim.
 * The MySQL schema previously was using `random_bytes` which is not available in MariaDB. These usages have been replaced with an equivalent that will function the same in MySQL and MariaDB.
-** Thanks to https://github.com/anbraten[@anbraten] for bringing this to our attention and suggesting and verifying a solution via https://github.com/FusionAuth/fusionauth-issues/issues/48[GitHub Issue #48 : Support for MariaDB]
+  * Thanks to [@anbraten](https://github.com/anbraten) for bringing this to our attention and suggesting and verifying a solution via [GitHub Issue #48 : Support for MariaDB](https://github.com/FusionAuth/fusionauth-issues/issues/48)
 * When editing or adding a new user in the FusionAuth UI, the `Birthdate` field may get set automatically before the date selector is utilized. A JavaScript error was causing this condition and it has been fixed.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/41[GitHub Issue #41 : Birthday is autofilled when adding or editing a user]
+  * Resolves [GitHub Issue #41 : Birthday is autofilled when adding or editing a user](https://github.com/FusionAuth/fusionauth-issues/issues/41)
 
 
 <ReleaseNoteHeading version="1.2.2" releaseDate="November 27th, 2018" />
 
 ### Fixed
 * Add `X-FusionAuth-TenantId` to allowed CORS headers.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/44[GitHub Issue #44 : CORS blocks API request containing X-FusionAuth-TenantId]
+  * Resolves [GitHub Issue #44 : CORS blocks API request containing X-FusionAuth-TenantId](https://github.com/FusionAuth/fusionauth-issues/issues/44)
 * When FusionAuth is running behind a proxy such as an AWS ALB / ELB the redirect URI required to complete login may not be resolved correctly. This may cause the redirect back to the FusionAuth UI login to fail with a CSRF exception. If you encounter this issue you may see an error message that says `Something doesn't seem right. You have been logged out of FusionAuth`. The work-around for this issue if you encounter it will be to perform the redirect from HTTP to HTTPS in your load balancer.
 * Some minor usability issues in the Identity Provider configuration UI.
 
@@ -1611,7 +1612,7 @@ ____
 
 ### Enhancement
 * Better error handling when an API caller sends invalid JSON messages. Prior to this enhancement if FusionAuth did not provide a specific error message for a particular field a `500` HTTP status code was returned if the JSON could not be parsed properly. This enhancement will ensure that sending a FusionAuth API invalid JSON will consistently result in a `400` status code with a JSON body describing the error.
-** Resolves https://github.com/FusionAuth/fusionauth-issues/issues/17[GitHub Issue #17 : Malformed or invalid JSON causes 500 error]
+  * Resolves [GitHub Issue #17 : Malformed or invalid JSON causes 500 error](https://github.com/FusionAuth/fusionauth-issues/issues/17)
 * Allow an Identity Provider to be enabled and disabled from the UI. You may still choose to enable or disable a specific Application for use with an Identity Provider, but with this enhancement you may not turn off an Identity Provider for all Applications with one switch.
 
 ### Fixed
@@ -1640,10 +1641,10 @@ ____
 
 ### New
 * Social login support
-** [Facebook](/docs/apis/identity-providers/facebook) Identity Provider
-** [Google](/docs/apis/identity-providers/google) Identity Provider
-** [Twitter](/docs/apis/identity-providers/twitter) Identity Provider
-** [OpenID Connect](/docs/apis/identity-providers/openid-connect) Identity Provider
+  * [Facebook](/docs/apis/identity-providers/facebook) Identity Provider
+  * [Google](/docs/apis/identity-providers/google) Identity Provider
+  * [Twitter](/docs/apis/identity-providers/twitter) Identity Provider
+  * [OpenID Connect](/docs/apis/identity-providers/openid-connect) Identity Provider
 * Full theme support for login. See the [Login Theme](/docs/customize/look-and-feel/) tutorial for additional information and examples.
 * Better localization support in the FusionAuth UI. You now have the option to set or modify your preferred language for use in the FusionAuth UI.
 Providing a preferred language will cause dates to be formatted based upon your preference. For example, the default data format is `M/D/YYYY`, but
@@ -1664,7 +1665,7 @@ see a more appropriate format of `D/M/YYYY`. This value is stored on the User Re
 
 ### Fixed
 * When running in Docker Compose, FusionAuth cannot connect to the search service when trying to exit the setup wizard.
-** https://github.com/FusionAuth/fusionauth-containers/issues/2
+  * https://github.com/FusionAuth/fusionauth-containers/issues/2
 
 
 <ReleaseNoteHeading version="1.0.16" releaseDate="October 5th, 2018" />
diff --git a/astro/src/content/docs/release-notes/index.mdx b/astro/src/content/docs/release-notes/index.mdx
index 020249ee5b..132eb5ccc7 100644
--- a/astro/src/content/docs/release-notes/index.mdx
+++ b/astro/src/content/docs/release-notes/index.mdx
@@ -3,6 +3,7 @@ title: Release Notes
 description: Release notes for each version of FusionAuth
 section: release notes
 disableTOC: true
+topOfNav: true
 ---
 import Aside from 'src/components/Aside.astro';
 import DatabaseMigrationWarning from 'src/content/docs/release-notes/__database-migration-warning.mdx';
diff --git a/astro/src/layouts/Default.astro b/astro/src/layouts/Default.astro
index 4c525ebf3a..dbf90bf017 100644
--- a/astro/src/layouts/Default.astro
+++ b/astro/src/layouts/Default.astro
@@ -11,6 +11,7 @@ import TOC from '../components/TOC.astro';
 import Article from './Article.astro';
 import ArticleNav from '../components/nav/ArticleNav.astro';
 import Icon from '../components/icon/Icon.astro';
+import { specialCaps } from '../tools/string';
 
 let {
   author,
@@ -99,7 +100,7 @@ cta = frontmatter.cta ? frontmatter.cta : cta;
         <div class="flex-grow">
           {breadcrumbs.length > 0 && <div class="flex flex-row not-prose hidden lg:block">
             { breadcrumbs.map((crumb, i) => <>
-            <a href={crumb.href} class="font-semibold mb-4 mt-0 text-lg hover:text-indigo-700 dark:text-slate-400 dark:hover:text-indigo-400 hover:underline capitalize">{crumb.title}</a>
+            <a href={crumb.href} class="font-semibold mb-4 mt-0 text-lg hover:text-indigo-700 dark:text-slate-400 dark:hover:text-indigo-400 hover:underline capitalize">{ specialCaps(crumb.title) }</a>
             { i !== breadcrumbs.length - 1 && <span class="mx-2">/</span> }
           </>) }
           </div> }

From 56ed338fe6a9fb2e50f368252c7cc74ebe64054d Mon Sep 17 00:00:00 2001
From: Lyle Schemmerling <lyle.schemmerling@fusionauth.io>
Date: Fri, 27 Oct 2023 12:09:47 -0600
Subject: [PATCH 4/5] dedupe the docsnav list

---
 astro/src/components/nav/DocsNav.astro | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/astro/src/components/nav/DocsNav.astro b/astro/src/components/nav/DocsNav.astro
index 968dc81ae8..9d22ec31b4 100644
--- a/astro/src/components/nav/DocsNav.astro
+++ b/astro/src/components/nav/DocsNav.astro
@@ -15,11 +15,8 @@ const categoryItems = [
 
 const moreItems = [
   {name: 'Quickstarts', href: '/docs/quickstarts'},
-  {name: 'SDKs', href: '/docs/sdks'},
   {name: 'Downloads', href: '/download'},
   {name: 'Blog', href: '/blog/'},
-  {name: 'API Docs', href: '/docs/apis'},
-  {name: 'Release Notes', href: '/docs/release-notes'},
   {name: 'Articles', href: '/articles/'},
   {name: 'Developer Tools', href: '/dev-tools/'},
 ];

From ae332e63701951dde21cf53f24c5fb43d5782eff Mon Sep 17 00:00:00 2001
From: Lyle Schemmerling <lyle.schemmerling@fusionauth.io>
Date: Fri, 27 Oct 2023 12:16:28 -0600
Subject: [PATCH 5/5] darkmode aside white icons

---
 astro/src/components/Aside.astro | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/astro/src/components/Aside.astro b/astro/src/components/Aside.astro
index 66a0e079ed..5e4e60f9b7 100644
--- a/astro/src/components/Aside.astro
+++ b/astro/src/components/Aside.astro
@@ -55,7 +55,7 @@ const bgColor = bgColors[type];
 	<div class="title not-prose flex align-text-bottom font-bold uppercase" aria-hidden="true">
 		<span class="icon mb-2 pr-2">
 			<svg xmlns="http://www.w3.org/2000/svg" class="inline" viewBox={viewBox} width={16} height={16}>
-				<path class="fill-slate-800 {nodark ? '' : 'fill-slate-200'}" fill-rule="evenodd" d={d}></path>
+				<path class:list={["fill-slate-800", nodark ? '' : 'dark:fill-slate-200']} fill-rule="evenodd" d={d}></path>
 			</svg>
 		</span>
 		<span class="mb-2">{title}</span>