3338f7a401
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
73 lines
3.1 KiB
Markdown
73 lines
3.1 KiB
Markdown
---
|
|
title: Release 2021.9
|
|
slug: "2021.9"
|
|
---
|
|
|
|
## Headline Changes
|
|
|
|
- New proxy
|
|
|
|
The proxy outpost has been rewritten from scratch. This replaces the old proxy, which was based on oauth2_proxy. The new proxy allows us a much greater degree of flexibility, is much lighter and reports errors better.
|
|
|
|
When using a managed outpost, authentik will automatically upgrade to the new proxy outpost. The embedded outpost also uses the new proxy.
|
|
|
|
authentik also now deploys ServiceMonitor CRDs in your Kubernetes cluster (when possibly), to record the metrics of the outposts.
|
|
|
|
If you're using a manually deployed outpost, keep in mind that the ports change to 9000 and 9443 instead of 4180 and 4443
|
|
|
|
- New metrics
|
|
|
|
This version introduces new and simplified Prometheus metrics. There is a new common monitoring port across the server and all outposts, 9300. This port requires no authentication, making it easier to configure.
|
|
|
|
For the core application, this endpoint contains metrics for both authentik and the inbuilt outpost.
|
|
|
|
## Minor changes
|
|
|
|
- *: use common user agent for all outgoing requests
|
|
- admin: migrate to new update check, add option to disable update check
|
|
- api: add additional filters for ldap and proxy providers
|
|
- core: optimise groups api by removing member superuser status
|
|
- core: remove ?v from static files
|
|
- events: add mark_all_seen
|
|
- events: allow setting a mapping for webhook transport to customise request payloads
|
|
- internal: fix font loading errors on safari
|
|
- lifecycle: fix worker startup error when docker socket's group is not called docker
|
|
- outpost: fix spans being sent without parent context
|
|
- outpost: update global outpost config on refresh
|
|
- outposts: add expected outpost replica count to metrics
|
|
- outposts/controllers: re-create service when mismatched ports to prevent errors
|
|
- outposts/controllers/kubernetes: don't create service monitor for embedded outpost
|
|
- outposts/ldap: improve logging of client IPs
|
|
- policies/password: fix symbols not being checked correctly
|
|
- root: include authentik version in backup naming
|
|
- root: show location header in logs when redirecting
|
|
- sources/oauth: prevent potentially confidential data from being logged
|
|
- stages/authenticator_duo: add API to "import" devices from duo
|
|
- stages/identification: fix empty user_fields query returning first user
|
|
- tenants: optimise db queries in middleware
|
|
- web: allow duplicate messages
|
|
- web: ignore network error
|
|
- web/admin: fix notification clear all not triggering render
|
|
- web/admin: fix user selection in token form
|
|
- web/admin: increase default expiry for refresh tokens
|
|
- web/admin: show applications instead of providers in outpost form
|
|
- web/flows: fix display error when using IdentificationStage without input fields
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2021.9 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2021.9.1
|
|
```
|