This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2022/v2022.11.md
dependabot[bot] 823e7dbe1a
website: bump the docusaurus group in /website with 3 updates (#7400)
* website: bump the docusaurus group in /website with 3 updates

Bumps the docusaurus group in /website with 3 updates: [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects), [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) and [@docusaurus/theme-mermaid](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-mermaid).


Updates `@docusaurus/plugin-client-redirects` from 2.4.3 to 3.0.0
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.0.0/packages/docusaurus-plugin-client-redirects)

Updates `@docusaurus/preset-classic` from 2.4.3 to 3.0.0
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.0.0/packages/docusaurus-preset-classic)

Updates `@docusaurus/theme-mermaid` from 2.4.3 to 3.0.0
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.0.0/packages/docusaurus-theme-mermaid)

---
updated-dependencies:
- dependency-name: "@docusaurus/plugin-client-redirects"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docusaurus
- dependency-name: "@docusaurus/preset-classic"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-mermaid"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: docusaurus
...

Signed-off-by: dependabot[bot] <support@github.com>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate docusaurus config to ts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix docs-only build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-11-06 15:12:23 +01:00

772 lines
19 KiB
Markdown

---
title: Release 2022.11
slug: "/releases/2022.11"
---
## Breaking changes
- Have I Been Pwned policy is deprecated
The policy has been merged with the password policy which provides the same functionality. Existing Have I Been Pwned policies will automatically be migrated.
- Instead of using multiple redis databases, authentik now uses a single redis database
This will temporarily loose some cached information after the upgrade, like cached system tasks and policy results. This data will be re-cached in the background.
## New features
- authentik now runs on Python 3.11
- Expanded password policy
The "Have I been Pwned" policy has been merged into the password policy, and additionally passwords can be checked using [zxcvbn](https://github.com/dropbox/zxcvbn) to provider concise feedback.
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.11 from [here](https://goauthentik.io/version/2022.11/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.11.1
```
## Minor changes/fixes
- api: fix missing scheme in securitySchemes
- blueprints: Fixed bug causing blueprint instance context be discarded (#3990)
- core: fix error when propertymappings return complex value
- core: simplify group serializer for user API endpoint (#3899)
- events: deepcopy event kwargs to prevent objects being removed, remove workaround
- events: sanitize generator for json safety
- lib: fix complex objects being included in event context for ak_create_event
- lifecycle: fix incorrect messages looped
- outposts/kubernetes: ingress class (#4002)
- policies: only cache policies for authenticated users
- policies/password: merge hibp add zxcvbn (#4001)
- providers/oauth2: fix inconsistent expiry encoded in JWT
- root: make sentry DSN configurable (#4016)
- root: relicense and launch blog post
- root: use single redis db (#4009)
- sources: add custom icon support (#4022)
- stages/authenticator\_\*: cleanup
- stages/authenticator_validate: add flag to configure user_verification for webauthn devices
- stages/invitation: directly delete invitation now that flow plan is saved in email token
- web: fix twitter icon
- web/flows: always hide static user info when its not set in the flow
## Fixed in 2022.11.1
- blueprints: add desired state attribute to objects (#4061)
- core: fix tab-complete in shell
- root: fix build on arm64
- stages/email: add test for email translation
- web/admin: fix error when importing duo devices
- web/admin: reset cookie_domain when setting non-domain forward auth
## Fixed in 2022.11.2
- \*: fix [CVE-2022-46145](../security/CVE-2022-46145), Reported by [@sdimovv](https://github.com/sdimovv)
## Fixed in 2022.11.3
- web: fix Flow Form failing to load due to outdated API client
## Fixed in 2022.11.4
- \*: fix [CVE-2022-46172](../security/CVE-2022-46172), Reported by [@DreamingRaven](https://github.com/DreamingRaven)
- \*: fix [CVE-2022-23555](../security/CVE-2022-23555), Reported by [@fuomag9](https://github.com/fuomag9)
## API Changes
#### What's Changed
---
##### `GET` /policies/password/&#123;policy_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `PUT` /policies/password/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `PATCH` /policies/password/&#123;policy_uuid&#125;/
###### Request:
Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `GET` /core/tokens/&#123;identifier&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PUT` /core/tokens/&#123;identifier&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PATCH` /core/tokens/&#123;identifier&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/users/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PUT` /core/users/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PATCH` /core/users/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /policies/bindings/&#123;policy_binding_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PUT` /policies/bindings/&#123;policy_binding_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `PATCH` /policies/bindings/&#123;policy_binding_uuid&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `POST` /policies/password/
###### Request:
Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `GET` /policies/password/
###### Parameters:
Added: `check_have_i_been_pwned` in `query`
Added: `check_static_rules` in `query`
Added: `check_zxcvbn` in `query`
Added: `hibp_allowed_count` in `query`
Added: `zxcvbn_score_threshold` in `query`
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Password Policy Serializer
- Added property `check_static_rules` (boolean)
- Added property `check_have_i_been_pwned` (boolean)
- Added property `check_zxcvbn` (boolean)
- Added property `hibp_allowed_count` (integer)
> How many times the password hash is allowed to be on haveibeenpwned
- Added property `zxcvbn_score_threshold` (integer)
> If the zxcvbn score is equal or less than this value, the policy will fail.
##### `POST` /core/tokens/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Token Serializer
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/user_consent/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `POST` /core/users/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/users/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/authorization_codes/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/refresh_tokens/&#123;id&#125;/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `POST` /policies/bindings/
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /policies/bindings/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > PolicyBinding Serializer
- Changed property `user_obj` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /core/user_consent/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > UserConsent Serializer
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/authorization_codes/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)
##### `GET` /oauth2/refresh_tokens/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > Serializer for BaseGrantModel and RefreshToken
- Changed property `user` (object)
> User Serializer
- Changed property `groups_obj` (array)
Changed items (object): > Simplified Group Serializer for user's groups
New optional properties:
- `users_obj`
* Deleted property `users` (array)
* Deleted property `users_obj` (array)