--- title: Release 2021.8 slug: "2021.8" --- ## Headline Changes - Embedded Outpost To simplify the setup, an embedded outpost has been added. This outpost runs as part of the main authentik server, and requires no additional setup. You can simply assign providers to the embedded outpost, and either use the integrations to configure reverse proxies, or point your traffic to the main authentik server. Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/akprox` is sent to the outpost too. The rest is sent to authentik itself. - App passwords You can now create Tokens with the intent `app_password`, and use them when authenticating with a flow. This requires the `User database + app passwords` backend in your password stage (this is done automatically on upgrade). You will also see in the logs which backend was used as the `auth_method` and `auth_method_args` arguments on the Event. ## Minor changes - admin: add API to show embedded outpost status, add notice when its not configured properly - api: ensure all resources can be filtered - api: make all PropertyMappings filterable by multiple managed attributes - core: add API to directly send recovery link to user - core: add UserSelfSerializer and separate method for users to update themselves with limited fields - core: allow changing of groups a user is in from user api - flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event - lifecycle: decrease default worker count on compose - outpost/ldap: Performance improvements, support for (member=) lookup - providers/proxy: don't create ingress when no hosts are defined - sources/plex: add API to get user connections - web: add API Drawer - web/admin: add UI to copy invitation link - web/admin: allow modification of users groups from user view - web/admin: re-name service connection to integration ## Fixed in 2021.8.1-rc2 - ci: add pipeline to build and push js api package - ci: upgrade web api client when schema changes - core: add new token intent and auth backend (#1284) - core: add token tests for invalid intent and token auth - core: fix token intent not defaulting correctly - core: handle error when ?for_user is not numberical - lib: move id and key generators to lib (#1286) - lifecycle: rename to ak - outpost: handle non-existant permission - outposts: add recursion limit for docker controller - outposts: add repair_permissions command - root: add alias for akflow files - root: add ASGI Error handler - root: add License to NPM package - root: fix error_handler for websocket - root: fix mis-matched postgres version for CI - root: remove remainders from gen - root: remove usage of make-gen - root: test schema auto-update - root: update schema - stages/password: auto-enable app password backend - stages/user_write: fix wrong fallback authentication backend - web: add custom readme to api client - web: add ESM to generated Client - web: build. api in different folder - web: improve api client versioning - web: Merge pull request #1258 from goauthentik/publish-api-to-npm - web: migrate to @goauthentik/api - web: Update Web API Client version (#1283) - web/admin: allow users to create app password tokens - web/admin: display token's intents - web/admin: fix missing app passwords backend - web/admin: improve delete modal for stage bindings and policy bindings - web/admin: select all password stage backends by default - website: add docs for making schema changes - website: make default login-2fa flow ignore 2fa with app passwords - website/docs: add docs for `auth_method` and `auth_method_args` fields ## Fixed in 2021.8.1 - *: cleanup api schema warnings - core: fix error for asgi error handler with websockets - core: fix error when user updates themselves - core: fix user object for token not be set-able - root: Fix table of contents for CONTRIBUTING.md (#1302) - root: Require PG_PASS to be set (#1303) - web/admin: allow admins to create tokens ## Fixed in 2021.8.2 - root: fix login loop created by old settings stored in cache ## Upgrading This release does not introduce any new requirements. ### docker-compose Download the docker-compose file for 2021.7 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.7/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. ### Kubernetes Upgrade to the latest chart version to get the new images.