1615723f10
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
276 lines
8.9 KiB
Markdown
276 lines
8.9 KiB
Markdown
---
|
|
title: Release 2022.12
|
|
slug: "2022.12"
|
|
---
|
|
|
|
## Breaking changes
|
|
|
|
- Blueprints fetched via OCI require oci:// schema
|
|
|
|
To better detect if a blueprint should be fetched locally or via OCI, all OCI sourced blueprints require an `oci://` protocol.
|
|
|
|
## New features
|
|
|
|
- Bundled GeoIP City database
|
|
|
|
authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more [here](../core/geoip)
|
|
|
|
- Customisable Captcha stage
|
|
|
|
The captcha stage now supports alternate compatible providers, like [hCaptcha](https://docs.hcaptcha.com/switch/) and [Turnstile](https://developers.cloudflare.com/turnstile/get-started/migrating-from-recaptcha/).
|
|
|
|
- Preview for OAuth2 and SAML providers
|
|
|
|
OAuth2 and SAML providers can now preview what the currently selected property/scope mappings's outcome will look like. This helps with seeing what data is sent to the client and implementing and testing custom mappings.
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2022.12 from [here](https://goauthentik.io/version/2022.12/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2022.12.0
|
|
```
|
|
|
|
## Minor changes/fixes
|
|
|
|
- blueprints: add `!If` tag (#4264)
|
|
- blueprints: add conditions to blueprint schema
|
|
- blueprints: add !Env tag
|
|
- blueprints: Added conditional entry application (#4167)
|
|
- blueprints: better OCI support in UI (#4263)
|
|
- blueprints: fixed bug causing filtering with an empty query (#4106)
|
|
- blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127)
|
|
- core: bundle geoip (#4250)
|
|
- events: fix incorrect EventAction being used
|
|
- events: improve handling creation of events with non-pickleable objects
|
|
- events: remove legacy logger declaration
|
|
- events: save login event in session after login
|
|
- flows: fix redirect from plan context "redirect" not being wrapped in flow response
|
|
- flows: set stage name and verbose_name for in_memory stages
|
|
- internal: dont error if environment config isn't found
|
|
- internal: remove sentry proxy
|
|
- internal: reuse http transport to prevent leaking connections (#3996)
|
|
- lib: enable sentry profiles_sample_rate
|
|
- lib: fix uploaded files not being saved correctly, add tests
|
|
- lifecycle: don't set user/group in gunicorn
|
|
- lifecycle: improve explanation for user: root and docket socket mount
|
|
- policies: don't log context when policy returns None
|
|
- policies: log correct cache state
|
|
- policies: make name required
|
|
- policies/password: Always add generic message to failing zxcvbn check (#4100)
|
|
- providers: add preview for mappings (#4254)
|
|
- providers/ldap: improve mapping of LDAP filters to authentik queries
|
|
- providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
|
|
- providers/oauth2: set amr values based on login event
|
|
- providers/proxy: correctly set id_token_hint if possible
|
|
- providers/saml: set AuthnContextClassRef based on login event
|
|
- root: allow custom settings via python module
|
|
- root: migrate to hosted sentry with rate-limited DSN
|
|
- security: fix CVE 2022 23555 (#4274)
|
|
- security: fix CVE 2022 46145 (#4140)
|
|
- security: fix CVE 2022 46172 (#4275)
|
|
- stages/authenticator_duo: fix imported duo devices not being confirmed
|
|
- stages/authenticator_validate: fix validation to ensure configuration stage is set
|
|
- stages/authenticator_validate: improve validation for not_configured_action
|
|
- stages/authenticator_validate: log duo error
|
|
- stages/authenticator_validate: save used mfa devices in login event
|
|
- stages/captcha: customisable URLs (#3832)
|
|
- stages/invitation: fix incorrect pk check for invitation's flow
|
|
- stages/user_login: prevent double success message when logging in via source
|
|
- stages/user_write: always ignore `component` field and prevent warning
|
|
- web: fix authentification with Plex on iOS (#4095)
|
|
- web: ignore d3 circular deps warning, treat unresolved import as error
|
|
- web: use version family subdomain for in-app doc links
|
|
- web/admin: better show metadata download for saml provider
|
|
- web/admin: break all in code blocks in event info
|
|
- web/admin: clarify phrasing that user ID is required
|
|
- web/admin: fix action button order for blueprints
|
|
- web/admin: fix alignment in tables with multiple elements in cell
|
|
- web/admin: fix empty request being sent due to multiple forms in duo import modal
|
|
- web/admin: improve i18n for documentation link in outpost form
|
|
- web/admin: improve UI for removing users from groups and groups from users
|
|
- web/admin: more consistent label usage, use compact labels
|
|
- web/admin: rework markdown, correctly render Admonitions, fix links
|
|
- web/admin: show bound policies order first to match stages
|
|
- web/admin: show policy binding form when creating policy in bound list
|
|
- web/admin: show stage binding form when creating stage in bound list
|
|
- web/elements: fix alignment for checkboxes in table
|
|
- web/elements: fix alignment with checkbox in table
|
|
- web/elements: fix log level for diagram
|
|
- web/elements: fix table select-all checkbox being checked with no elements
|
|
- web/elements: unselect top checkbox in table when not all elements are selected
|
|
- web/flows: fix display for long redirect URLs
|
|
- web/flows: improve error messages for failed duo push
|
|
- web/flows: update flow background
|
|
- web/user: fix styling for clear all button in notification drawer
|
|
|
|
## API Changes
|
|
|
|
#### What's Changed
|
|
|
|
---
|
|
|
|
##### `GET` /stages/captcha/{stage_uuid}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
##### `PUT` /stages/captcha/{stage_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
- Changed property `private_key` (string)
|
|
> Private key, acquired your captcha Provider.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
##### `PATCH` /stages/captcha/{stage_uuid}/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
- Changed property `private_key` (string)
|
|
> Private key, acquired your captcha Provider.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
##### `GET` /flows/executor/{flow_slug}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
Updated `ak-stage-captcha` component:
|
|
New required properties:
|
|
|
|
- `js_url`
|
|
|
|
* Added property `js_url` (string)
|
|
|
|
##### `POST` /flows/executor/{flow_slug}/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
Updated `ak-stage-captcha` component:
|
|
New required properties:
|
|
|
|
- `js_url`
|
|
|
|
* Added property `js_url` (string)
|
|
|
|
##### `POST` /stages/captcha/
|
|
|
|
###### Request:
|
|
|
|
Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
- Changed property `private_key` (string)
|
|
> Private key, acquired your captcha Provider.
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **201 Created**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
> Public key, acquired your captcha Provider.
|
|
|
|
##### `GET` /stages/captcha/
|
|
|
|
###### Return Type:
|
|
|
|
Changed response : **200 OK**
|
|
|
|
- Changed content type : `application/json`
|
|
|
|
- Changed property `results` (array)
|
|
|
|
Changed items (object): > CaptchaStage Serializer
|
|
|
|
- Added property `js_url` (string)
|
|
|
|
- Added property `api_url` (string)
|
|
|
|
- Changed property `public_key` (string)
|
|
> Public key, acquired your captcha Provider.
|