This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.12.md
Jens Langhammer b16d1134ea
core: add endpoints to add/remove users from group atomically
closes #4252

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 10:50:30 +01:00

8.9 KiB

title slug
Release 2022.12 2022.12

Breaking changes

  • Blueprints fetched via OCI require oci:// schema

    To better detect if a blueprint should be fetched locally or via OCI, all OCI sourced blueprints require an oci:// protocol.

New features

  • Bundled GeoIP City database

    authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more here

  • Customisable Captcha stage

    The captcha stage now supports alternate compatible providers, like hCaptcha and Turnstile.

  • Preview for OAuth2 and SAML providers

    OAuth2 and SAML providers can now preview what the currently selected property/scope mappings's outcome will look like. This helps with seeing what data is sent to the client and implementing and testing custom mappings.

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.12 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2022.12.0

Minor changes/fixes

  • blueprints: add !If tag (#4264)
  • blueprints: add conditions to blueprint schema
  • blueprints: add !Env tag
  • blueprints: Added conditional entry application (#4167)
  • blueprints: better OCI support in UI (#4263)
  • blueprints: fixed bug causing filtering with an empty query (#4106)
  • blueprints: Support nested custom tags in !Find and !Format tags (#4127)
  • core: bundle geoip (#4250)
  • events: fix incorrect EventAction being used
  • events: improve handling creation of events with non-pickleable objects
  • events: remove legacy logger declaration
  • events: save login event in session after login
  • flows: fix redirect from plan context "redirect" not being wrapped in flow response
  • flows: set stage name and verbose_name for in_memory stages
  • internal: dont error if environment config isn't found
  • internal: remove sentry proxy
  • internal: reuse http transport to prevent leaking connections (#3996)
  • lib: enable sentry profiles_sample_rate
  • lib: fix uploaded files not being saved correctly, add tests
  • lifecycle: don't set user/group in gunicorn
  • lifecycle: improve explanation for user: root and docket socket mount
  • policies: don't log context when policy returns None
  • policies: log correct cache state
  • policies: make name required
  • policies/password: Always add generic message to failing zxcvbn check (#4100)
  • providers: add preview for mappings (#4254)
  • providers/ldap: improve mapping of LDAP filters to authentik queries
  • providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
  • providers/oauth2: set amr values based on login event
  • providers/proxy: correctly set id_token_hint if possible
  • providers/saml: set AuthnContextClassRef based on login event
  • root: allow custom settings via python module
  • root: migrate to hosted sentry with rate-limited DSN
  • security: fix CVE 2022 23555 (#4274)
  • security: fix CVE 2022 46145 (#4140)
  • security: fix CVE 2022 46172 (#4275)
  • stages/authenticator_duo: fix imported duo devices not being confirmed
  • stages/authenticator_validate: fix validation to ensure configuration stage is set
  • stages/authenticator_validate: improve validation for not_configured_action
  • stages/authenticator_validate: log duo error
  • stages/authenticator_validate: save used mfa devices in login event
  • stages/captcha: customisable URLs (#3832)
  • stages/invitation: fix incorrect pk check for invitation's flow
  • stages/user_login: prevent double success message when logging in via source
  • stages/user_write: always ignore component field and prevent warning
  • web: fix authentication with Plex on iOS (#4095)
  • web: ignore d3 circular deps warning, treat unresolved import as error
  • web: use version family subdomain for in-app doc links
  • web/admin: better show metadata download for saml provider
  • web/admin: break all in code blocks in event info
  • web/admin: clarify phrasing that user ID is required
  • web/admin: fix action button order for blueprints
  • web/admin: fix alignment in tables with multiple elements in cell
  • web/admin: fix empty request being sent due to multiple forms in duo import modal
  • web/admin: improve i18n for documentation link in outpost form
  • web/admin: improve UI for removing users from groups and groups from users
  • web/admin: more consistent label usage, use compact labels
  • web/admin: rework markdown, correctly render Admonitions, fix links
  • web/admin: show bound policies order first to match stages
  • web/admin: show policy binding form when creating policy in bound list
  • web/admin: show stage binding form when creating stage in bound list
  • web/elements: fix alignment for checkboxes in table
  • web/elements: fix alignment with checkbox in table
  • web/elements: fix log level for diagram
  • web/elements: fix table select-all checkbox being checked with no elements
  • web/elements: unselect top checkbox in table when not all elements are selected
  • web/flows: fix display for long redirect URLs
  • web/flows: improve error messages for failed duo push
  • web/flows: update flow background
  • web/user: fix styling for clear all button in notification drawer

API Changes

What's Changed


GET /stages/captcha/{stage_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

PUT /stages/captcha/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property js_url (string)

  • Added property api_url (string)

  • Changed property public_key (string)

    Public key, acquired your captcha Provider.

  • Changed property private_key (string)

    Private key, acquired your captcha Provider.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

PATCH /stages/captcha/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property js_url (string)

  • Added property api_url (string)

  • Changed property public_key (string)

    Public key, acquired your captcha Provider.

  • Changed property private_key (string)

    Private key, acquired your captcha Provider.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

GET /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Updated ak-stage-captcha component: New required properties:

    • js_url
    • Added property js_url (string)
POST /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Updated ak-stage-captcha component: New required properties:

    • js_url
    • Added property js_url (string)
POST /stages/captcha/
Request:

Changed content type : application/json

  • Added property js_url (string)

  • Added property api_url (string)

  • Changed property public_key (string)

    Public key, acquired your captcha Provider.

  • Changed property private_key (string)

    Private key, acquired your captcha Provider.

Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

GET /stages/captcha/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > CaptchaStage Serializer

      • Added property js_url (string)

      • Added property api_url (string)

      • Changed property public_key (string)

        Public key, acquired your captcha Provider.