diff --git a/website/docs/releases/2023/v2023.1.md b/website/docs/releases/2023/v2023.1.md index a53c11ead..268c2ceed 100644 --- a/website/docs/releases/2023/v2023.1.md +++ b/website/docs/releases/2023/v2023.1.md @@ -46,27 +46,45 @@ image: - \*: strip leading and trailing whitespace when reading config values from files - admin: include task duration in API (#4428) - blueprints: Add `!Enumerate`, `!Value` and `!Index` tags (#4338) +- blueprints: don't set session_duration in default and example flows (#4448) - blueprints: Fix resolve model_name in `!Find` tag (#4371) - blueprints: internal storage (#4397) - crypto: prevent creation of duplicate self-signed default certs +- events: exclude base models from model audit log - events: rework metrics (#4407) - internal: check certificate value and not IsSet - internal: fix race condition with config loading on startup, add index on debug server +- internal: improve error handling - outposts: use common config loader for outposts to support loading values from file +- outposts/ldap: decrease verbosity +- outposts/proxy: add header to prevent redirects +- outposts/proxy: allow setting no-redirect via header or query param +- outposts/proxy: cache basic and bearer credentials for one minute +- outposts/proxy: fix error handling, remove requirement for profile/etc scopes +- outposts/proxy: make logged user more consistent, set FlushInterval +- outposts/proxy: set http code when no redirect header is set - polices/hibp: remove deprecated (#4363) - providers/ldap: add code-MFA support for ldap provider (#4354) - providers/oauth2: correctly fill claims_supported based on selected scopes (#4429) - providers/oauth2: don't allow spaces in scope_name +- providers/oauth2: fallback to anonymous user for policy engine +- providers/oauth2: use guardian anonymous user to get claims for provider info - providers/proxy: add initial header token auth (#4421) +- providers/proxy: add setting to intercept authorization header (#4457) - providers/proxy: add tests for proxy basic auth (#4357) - providers/saml: initial SLO implementation (#2346) - root: show error when geoIP download fails - sources/ldap: don't run membership sync if group sync is disabled - sources/ldap: make task timeout adjustable +- sources/ldap: manual import (#4456) - sources/ldap: only warn about missing groups when source is configured to sync groups - stages/user_write: add more user creation options (#4367) - web: add core-js polyfill for safari +- web: ensure img tags have alt attributes +- web: fix radio label code in dark mode +- web: fix scrollbar corner color in dark mode - web: migrate checkbox to switch (#4409) +- web/admin: better show dev build - web/admin: fix certificate filtering for LDAP verification certificate - web/admin: fix overflow in aggregate cards - web/admin: link impersonation user for events @@ -241,6 +259,17 @@ Changed response : **200 OK** * Added property `content` (string) +##### `GET` /outposts/proxy/{id}/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Added property `intercept_header_auth` (boolean) + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + ##### `GET` /policies/event_matcher/{policy_uuid}/ ###### Return Type: @@ -374,6 +403,10 @@ Changed response : **200 OK** * Added property `client_id` (string) + * Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + * Added property `jwks_sources` (array) Items (string): @@ -384,6 +417,10 @@ Changed response : **200 OK** Changed content type : `application/json` +- Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + - Added property `jwks_sources` (array) ###### Return Type: @@ -398,6 +435,10 @@ Changed response : **200 OK** * Added property `client_id` (string) + * Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + * Added property `jwks_sources` (array) ##### `PATCH` /providers/proxy/{id}/ @@ -406,6 +447,10 @@ Changed response : **200 OK** Changed content type : `application/json` +- Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + - Added property `jwks_sources` (array) ###### Return Type: @@ -420,6 +465,10 @@ Changed response : **200 OK** * Added property `client_id` (string) + * Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + * Added property `jwks_sources` (array) ##### `GET` /admin/system_tasks/ @@ -494,6 +543,21 @@ Changed response : **200 OK** * Added property `content` (string) +##### `GET` /outposts/proxy/ + +###### Return Type: + +Changed response : **200 OK** + +- Changed content type : `application/json` + + - Changed property `results` (array) + + Changed items (object): > Proxy provider serializer for outposts + + - Added property `intercept_header_auth` (boolean) + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + ##### `POST` /policies/event_matcher/ ###### Request: @@ -585,6 +649,10 @@ Changed response : **200 OK** Changed content type : `application/json` +- Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + - Added property `jwks_sources` (array) ###### Return Type: @@ -599,6 +667,10 @@ Changed response : **201 Created** * Added property `client_id` (string) + * Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + * Added property `jwks_sources` (array) ##### `GET` /providers/proxy/ @@ -619,6 +691,10 @@ Changed response : **200 OK** * Added property `client_id` (string) + * Added property `intercept_header_auth` (boolean) + + > When enabled, this provider will intercept the authorization header and authenticate requests based on its value. + * Added property `jwks_sources` (array) ##### `GET` /providers/saml/{id}/