a6d3fd92df
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
81 lines
3.6 KiB
Markdown
81 lines
3.6 KiB
Markdown
---
|
|
title: Release 2022.7
|
|
slug: "2022.7"
|
|
---
|
|
|
|
## Breaking changes
|
|
|
|
- Removal of verification certificates for Machine-to-Machine authentication in OAuth 2 Provider
|
|
|
|
Instead, create an OAuth Source with the certificate configured as JWKS Data, and enable the source in the provider.
|
|
|
|
- Maximum Limit of group recursion
|
|
|
|
In earlier versions, cyclic group relations can lead to a deadlock when one of groups in the relationship are bound to an application/flow/etc.
|
|
This is now limited to 20 levels of recursion.
|
|
|
|
## New features
|
|
|
|
- User paths
|
|
|
|
To better organize users, they can now be assigned a path. This allows for organization of users based on sources they enrolled with/got imported from, organizational structure or any other structure.
|
|
|
|
Sources now have a path template to specify which path users created by it should be assigned. Additionally, you can set the path in the user_write stage in any flow, and it can be dynamically overwritten within a flow's context.
|
|
|
|
- API Authentication using JWT
|
|
|
|
OAuth Refresh tokens that have been issued with the scope `goauthentik.io/api` can now be used to authenticate to the API on behalf of the user the token belongs to.
|
|
|
|
- Version-family tagged Container images
|
|
|
|
Instead of having to choose between using the `:latest` tag and explicit versions like `:2022.7.1`, there are now also version-family tags (:2022.7). This allows for sticking with a single version but still getting bugfix updates.
|
|
|
|
## Minor changes/fixes
|
|
|
|
- api: add basic jwt support with required scope (#2624)
|
|
- ci: add version family (#3059)
|
|
- core: add limit of 20 to group recursion
|
|
- core: fix migrations when creating bootstrap token
|
|
- core: trigger bootstrap tasks in server if we're debugging
|
|
- core: user paths (#3085)
|
|
- internal: dont sample gunicorn proxied requests
|
|
- internal: failback with self-signed cert if cert for tenant fails to load
|
|
- internal: fix routing to embedded outpost
|
|
- internal: skip tracing for go healthcheck and metrics endpoints
|
|
- lifecycle: fix confusing success messages in startup healthiness check
|
|
- lifecycle: run bootstrap tasks inline when using automated install
|
|
- lifecycle: Update postgres healthcheck for compose with user information (#3143)
|
|
- policies: consolidate log user and application
|
|
- providers/oauth2: dont lowercase URL for token requests (#3114)
|
|
- providers/oauth2: fix OAuth form_post response mode for code response_type
|
|
- providers/oauth2: if a redirect_uri cannot be parsed as regex, compare strict (#3070)
|
|
- providers/oauth2: remove deprecated verification_keys (#3071)
|
|
- providers/oauth2: token revoke (#3077)
|
|
- providers/proxy: only send misconfiguration event once
|
|
- web/admin: link bound group under policies
|
|
- web/admin: only pre-select oauth2 provider key if creating a new instance
|
|
- web/admin: remove invalid requirement for usernames
|
|
- web/elements: add spinner when loading dynamic routes
|
|
- web/flows: add divider to identification stage for security key
|
|
- web/flows: fix error when webauthn operations failed and user retries
|
|
- web/flows: remove autofocus from password field of identifications stage
|
|
- web/flows: statically import webauthn-related stages for safari issues
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2022.7 from [here](https://goauthentik.io/version/2022.7/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2022.7.1
|
|
```
|