157 lines
7.0 KiB
Markdown
157 lines
7.0 KiB
Markdown
|
---
|
||
|
title: Release 2021.8
|
||
|
slug: "/releases/2021.8"
|
||
|
---
|
||
|
|
||
|
## Headline Changes
|
||
|
|
||
|
- Embedded Outpost
|
||
|
|
||
|
To simplify the setup, an embedded outpost has been added. This outpost runs as part of the main authentik server, and requires no additional setup.
|
||
|
|
||
|
You can simply assign providers to the embedded outpost, and either use the integrations to configure reverse proxies, or point your traffic to the main authentik server.
|
||
|
Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/outpost.goauthentik.io` is sent to the outpost too. The rest is sent to authentik itself.
|
||
|
|
||
|
- App passwords
|
||
|
|
||
|
You can now create Tokens with the intent `app_password`, and use them when authenticating with a flow. This requires the `User database + app passwords` backend in your password stage (this is done automatically on upgrade).
|
||
|
|
||
|
You will also see in the logs which backend was used as the `auth_method` and `auth_method_args` arguments on the Event.
|
||
|
|
||
|
## Minor changes
|
||
|
|
||
|
- admin: add API to show embedded outpost status, add notice when its not configured properly
|
||
|
- api: ensure all resources can be filtered
|
||
|
- api: make all PropertyMappings filterable by multiple managed attributes
|
||
|
- core: add API to directly send recovery link to user
|
||
|
- core: add UserSelfSerializer and separate method for users to update themselves with limited fields
|
||
|
- core: allow changing of groups a user is in from user api
|
||
|
- flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
|
||
|
- lifecycle: decrease default worker count on compose
|
||
|
- outpost/ldap: Performance improvements, support for (member=) lookup
|
||
|
- providers/proxy: don't create ingress when no hosts are defined
|
||
|
- sources/plex: add API to get user connections
|
||
|
- web: add API Drawer
|
||
|
- web/admin: add UI to copy invitation link
|
||
|
- web/admin: allow modification of users groups from user view
|
||
|
- web/admin: re-name service connection to integration
|
||
|
|
||
|
## Fixed in 2021.8.1-rc2
|
||
|
|
||
|
- ci: add pipeline to build and push js api package
|
||
|
- ci: upgrade web api client when schema changes
|
||
|
- core: add new token intent and auth backend (#1284)
|
||
|
- core: add token tests for invalid intent and token auth
|
||
|
- core: fix token intent not defaulting correctly
|
||
|
- core: handle error when ?for_user is not numberical
|
||
|
- lib: move id and key generators to lib (#1286)
|
||
|
- lifecycle: rename to ak
|
||
|
- outpost: handle non-existent permission
|
||
|
- outpost: add recursion limit for docker controller
|
||
|
- outpost: add repair_permissions command
|
||
|
- root: add alias for akflow files
|
||
|
- root: add ASGI Error handler
|
||
|
- root: add License to NPM package
|
||
|
- root: fix error_handler for websocket
|
||
|
- root: fix mis-matched postgres version for CI
|
||
|
- root: remove remainders from gen
|
||
|
- root: remove usage of make-gen
|
||
|
- root: test schema auto-update
|
||
|
- root: update schema
|
||
|
- stages/password: auto-enable app password backend
|
||
|
- stages/user_write: fix wrong fallback authentication backend
|
||
|
- web: add custom readme to api client
|
||
|
- web: add ESM to generated Client
|
||
|
- web: build. api in different folder
|
||
|
- web: improve api client versioning
|
||
|
- web: Merge pull request #1258 from goauthentik/publish-api-to-npm
|
||
|
- web: migrate to @goauthentik/api
|
||
|
- web: Update Web API Client version (#1283)
|
||
|
- web/admin: allow users to create app password tokens
|
||
|
- web/admin: display token's intents
|
||
|
- web/admin: fix missing app passwords backend
|
||
|
- web/admin: improve delete modal for stage bindings and policy bindings
|
||
|
- web/admin: select all password stage backends by default
|
||
|
- website: add docs for making schema changes
|
||
|
- website: make default login-2fa flow ignore 2fa with app passwords
|
||
|
- website/docs: add docs for `auth_method` and `auth_method_args` fields
|
||
|
|
||
|
## Fixed in 2021.8.1
|
||
|
|
||
|
- \*: cleanup api schema warnings
|
||
|
- core: fix error for asgi error handler with websockets
|
||
|
- core: fix error when user updates themselves
|
||
|
- core: fix user object for token not be set-able
|
||
|
- root: Fix table of contents for CONTRIBUTING.md (#1302)
|
||
|
- root: Require PG_PASS to be set (#1303)
|
||
|
- web/admin: allow admins to create tokens
|
||
|
|
||
|
## Fixed in 2021.8.2
|
||
|
|
||
|
- root: fix login loop created by old settings stored in cache
|
||
|
|
||
|
## Fixed in 2021.8.3
|
||
|
|
||
|
- outpost: fix FlowExecutor not sending password for identification stage
|
||
|
- outpost: fix generated traefik labels containing invalid hosts
|
||
|
- outpost: make docker network configurable when using docker integration
|
||
|
- web/flow: fix redirects to application being sent multiple times, causing issues with OAuth providers
|
||
|
- web/flow: fix rendering of checkboxes in prompt stages
|
||
|
|
||
|
## Fixed in 2021.8.4
|
||
|
|
||
|
- api: add /api/v3 path
|
||
|
- api: add basic rate limiting for sentry proxy endpoint
|
||
|
- core: fix user_obj being empty on token API
|
||
|
- events: improve logging for task exceptions
|
||
|
- outpost/embedded: only send requests for non-akprox paths when we're doing proxy mode
|
||
|
- outpost/ldap: delay user information removal upon closing of connection
|
||
|
- policies/password: fix PasswordStage not being usable with prompt stages
|
||
|
- providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts
|
||
|
- providers/proxy: improve error handling for non-tls ingresses
|
||
|
- stages/authenticator_validate: show single button for multiple webauthn authenticators
|
||
|
- stages/invitation: fix invitation not inheriting ExpiringModel
|
||
|
- web/admin: fallback for invitation list on first load
|
||
|
- web/admin: fix flow executor not opening in new tab
|
||
|
- web/admin: fix list of webauthn devices not updating after rename
|
||
|
- web/flows: fix FlowExecutor not updating when challenge changes from outside
|
||
|
|
||
|
## Fixed in 2021.8.5
|
||
|
|
||
|
- api: add additional filters for ldap and proxy providers
|
||
|
- api: cache schema, fix server urls
|
||
|
- core: minor query optimization
|
||
|
- events: add mark_all_seen
|
||
|
- events: remove authentik_events gauge
|
||
|
- internal: disable directory listing on static files
|
||
|
- internal: fix font loading errors on safari
|
||
|
- internal: fix web requests not having a logger set
|
||
|
- outpost: fix spans being sent without parent context
|
||
|
- outposts: add expected outpost replica count to metrics
|
||
|
- outposts/ldap: improve logging of client IPs
|
||
|
- policies/password: fix symbols not being checked correctly
|
||
|
- root: fix is_secure with safari on debug environments
|
||
|
- root: include authentik version in backup naming
|
||
|
- stages/identification: fix empty user_fields query returning first user
|
||
|
- web/admin: fix user selection in token form
|
||
|
- web/admin: show applications instead of providers in outpost form
|
||
|
- web/flows: fix display error when using IdentificationStage without input fields
|
||
|
|
||
|
## Upgrading
|
||
|
|
||
|
This release does not introduce any new requirements.
|
||
|
|
||
|
### docker-compose
|
||
|
|
||
|
Download the docker-compose file for 2021.8 from [here](https://goauthentik.io/version/2021.8/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
||
|
|
||
|
### Kubernetes
|
||
|
|
||
|
Update your values to use the new images:
|
||
|
|
||
|
```yaml
|
||
|
image:
|
||
|
repository: ghcr.io/goauthentik/server
|
||
|
tag: 2021.8.5
|
||
|
```
|