diff --git a/website/docs/releases/v2022.12.md b/website/docs/releases/v2022.12.md index 46b8a5056..ee0988652 100644 --- a/website/docs/releases/v2022.12.md +++ b/website/docs/releases/v2022.12.md @@ -43,8 +43,11 @@ image: ## Minor changes/fixes +- blueprints: add `!If` tag (#4264) +- blueprints: add conditions to blueprint schema +- blueprints: add !Env tag - blueprints: Added conditional entry application (#4167) -- blueprints: don't require auth on invalidation flow +- blueprints: better OCI support in UI (#4263) - blueprints: fixed bug causing filtering with an empty query (#4106) - blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127) - core: bundle geoip (#4250) @@ -52,6 +55,7 @@ image: - events: improve handling creation of events with non-pickleable objects - events: remove legacy logger declaration - events: save login event in session after login +- flows: fix redirect from plan context "redirect" not being wrapped in flow response - flows: set stage name and verbose_name for in_memory stages - internal: dont error if environment config isn't found - internal: remove sentry proxy @@ -62,29 +66,53 @@ image: - lifecycle: improve explanation for user: root and docket socket mount - policies: don't log context when policy returns None - policies: log correct cache state +- policies: make name required - policies/password: Always add generic message to failing zxcvbn check (#4100) - providers: add preview for mappings (#4254) - providers/ldap: improve mapping of LDAP filters to authentik queries +- providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times - providers/oauth2: set amr values based on login event - providers/proxy: correctly set id_token_hint if possible - providers/saml: set AuthnContextClassRef based on login event - root: allow custom settings via python module +- root: migrate to hosted sentry with rate-limited DSN +- security: fix CVE 2022 23555 (#4274) +- security: fix CVE 2022 46145 (#4140) +- security: fix CVE 2022 46172 (#4275) - stages/authenticator_duo: fix imported duo devices not being confirmed - stages/authenticator_validate: fix validation to ensure configuration stage is set - stages/authenticator_validate: improve validation for not_configured_action +- stages/authenticator_validate: log duo error - stages/authenticator_validate: save used mfa devices in login event - stages/captcha: customisable URLs (#3832) +- stages/invitation: fix incorrect pk check for invitation's flow - stages/user_login: prevent double success message when logging in via source - stages/user_write: always ignore `component` field and prevent warning -- web: fix authentication with Plex on iOS (#4095) +- web: fix authentification with Plex on iOS (#4095) +- web: ignore d3 circular deps warning, treat unresolved import as error +- web: use version family subdomain for in-app doc links - web/admin: better show metadata download for saml provider +- web/admin: break all in code blocks in event info +- web/admin: clarify phrasing that user ID is required - web/admin: fix action button order for blueprints - web/admin: fix alignment in tables with multiple elements in cell - web/admin: fix empty request being sent due to multiple forms in duo import modal +- web/admin: improve i18n for documentation link in outpost form - web/admin: improve UI for removing users from groups and groups from users +- web/admin: more consistent label usage, use compact labels - web/admin: rework markdown, correctly render Admonitions, fix links - web/admin: show bound policies order first to match stages +- web/admin: show policy binding form when creating policy in bound list +- web/admin: show stage binding form when creating stage in bound list +- web/elements: fix alignment for checkboxes in table +- web/elements: fix alignment with checkbox in table +- web/elements: fix log level for diagram +- web/elements: fix table select-all checkbox being checked with no elements +- web/elements: unselect top checkbox in table when not all elements are selected +- web/flows: fix display for long redirect URLs - web/flows: improve error messages for failed duo push +- web/flows: update flow background +- web/user: fix styling for clear all button in notification drawer ## API Changes diff --git a/website/static/schema.yaml b/website/static/schema.yaml index 392fd4808..b95548960 100644 --- a/website/static/schema.yaml +++ b/website/static/schema.yaml @@ -10249,6 +10249,7 @@ paths: application/json: schema: $ref: '#/components/schemas/DummyPolicyRequest' + required: true security: - authentik: [] responses: @@ -10323,6 +10324,7 @@ paths: application/json: schema: $ref: '#/components/schemas/DummyPolicyRequest' + required: true security: - authentik: [] responses: @@ -10626,6 +10628,7 @@ paths: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicyRequest' + required: true security: - authentik: [] responses: @@ -10700,6 +10703,7 @@ paths: application/json: schema: $ref: '#/components/schemas/EventMatcherPolicyRequest' + required: true security: - authentik: [] responses: @@ -11212,6 +11216,7 @@ paths: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest' + required: true security: - authentik: [] responses: @@ -11286,6 +11291,7 @@ paths: application/json: schema: $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest' + required: true security: - authentik: [] responses: @@ -11550,6 +11556,7 @@ paths: application/json: schema: $ref: '#/components/schemas/PasswordPolicyRequest' + required: true security: - authentik: [] responses: @@ -11624,6 +11631,7 @@ paths: application/json: schema: $ref: '#/components/schemas/PasswordPolicyRequest' + required: true security: - authentik: [] responses: @@ -12144,6 +12152,7 @@ paths: application/json: schema: $ref: '#/components/schemas/ReputationPolicyRequest' + required: true security: - authentik: [] responses: @@ -12218,6 +12227,7 @@ paths: application/json: schema: $ref: '#/components/schemas/ReputationPolicyRequest' + required: true security: - authentik: [] responses: @@ -26978,7 +26988,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -27012,6 +27021,7 @@ components: - bound_to - component - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -27021,7 +27031,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -27036,6 +27046,8 @@ components: type: integer maximum: 2147483647 minimum: -2147483648 + required: + - name DummyStage: type: object description: DummyStage Serializer @@ -27392,7 +27404,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -27430,6 +27441,7 @@ components: - bound_to - component - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -27439,7 +27451,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -27458,6 +27470,8 @@ components: - $ref: '#/components/schemas/AppEnum' description: Match events created by selected application. When left empty, all applications are matched. + required: + - name EventRequest: type: object description: Event Serializer @@ -27540,7 +27554,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -27567,6 +27580,7 @@ components: - component - expression - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -27576,7 +27590,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -27586,6 +27600,7 @@ components: minLength: 1 required: - expression + - name FilePathRequest: type: object description: Serializer to upload file @@ -28240,7 +28255,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -28272,6 +28286,7 @@ components: - bound_to - component - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -28281,7 +28296,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -28295,6 +28310,8 @@ components: type: integer maximum: 2147483647 minimum: -2147483648 + required: + - name IdentificationChallenge: type: object description: Identification challenges with all UI elements @@ -32967,7 +32984,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -32998,6 +33014,7 @@ components: - component - days - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -33007,7 +33024,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -33020,6 +33037,7 @@ components: type: boolean required: - days + - name PasswordPolicy: type: object description: Password Policy Serializer @@ -33031,7 +33049,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -33100,6 +33117,7 @@ components: - bound_to - component - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -33109,7 +33127,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -33161,6 +33179,8 @@ components: minimum: 0 description: If the zxcvbn score is equal or less than this value, the policy will fail. + required: + - name PasswordStage: type: object description: PasswordStage Serializer @@ -33583,7 +33603,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -33678,7 +33698,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -33728,7 +33748,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -33834,7 +33854,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -34388,7 +34408,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -34405,7 +34425,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -34698,7 +34718,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -35413,7 +35433,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -35437,6 +35456,7 @@ components: - bound_to - component - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -35542,11 +35562,13 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + required: + - name PolicyTestRequest: type: object description: Test policy execution for a user with context @@ -36280,7 +36302,6 @@ components: title: Policy uuid name: type: string - nullable: true execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -36312,6 +36333,7 @@ components: - bound_to - component - meta_model_name + - name - pk - verbose_name - verbose_name_plural @@ -36321,7 +36343,7 @@ components: properties: name: type: string - nullable: true + minLength: 1 execution_logging: type: boolean description: When this option is enabled, all executions of this policy @@ -36334,6 +36356,8 @@ components: type: integer maximum: 2147483647 minimum: -2147483648 + required: + - name ResidentKeyRequirementEnum: enum: - discouraged