2021-03-12 17:04:42 +00:00
---
2021-04-10 18:58:55 +00:00
title: Release 2021.4
2021-04-19 19:05:19 +00:00
slug: "2021.4"
2021-03-12 17:04:42 +00:00
---
2021-03-31 12:14:56 +00:00
## Headline Changes
- Configurable Policy engine mode
In the past, all objects, which could have policies attached to them, required *all* policies to pass to consider an action successful.
You can now configure if *all* policies need to pass, or if *any* policy needs to pass.
This can now be configured for the following objects:
2021-04-10 19:12:25 +00:00
- Applications (access restrictions)
- Sources
- Flows
- Flow-stage bindings
2021-03-31 12:14:56 +00:00
For backwards compatibility, this is set to *all* , but new objects will default to *any* .
2021-03-12 17:04:42 +00:00
2021-04-10 18:58:55 +00:00
- Expiring Events
Previously, events would stay in the database forever, and had to eventually be cleaned up manually. This version add expiry to events with a default
timeout of 1 Year. This also applies to existing events, and their expiry will be set during the migration.
- New UI
While the UI mostly looks the same, under the hood a lot has changed. The Web UI is now a Single-page application based on rollup and lit-html. This has several consequences and new features, for example:
2021-04-10 19:12:25 +00:00
- You can now see a user's OAuth Access/Refresh tokens and the consents they've given
- You can now see a per-object changelog based on the model_create/update/delete events being created.
- A new API Browser is available under `https://authentink.company/api/v2beta/`
- Several new charts, new pages and quality-of-life improvements
2021-04-11 18:40:53 +00:00
- Credentials of objects are no longer shown while editing them
2021-04-10 18:58:55 +00:00
- Deprecated Group membership has been removed.
2021-04-11 11:20:27 +00:00
## Minor changes
- You can now specify the amount of processes started in docker-compose using the `WORKERS` environment variable.
2021-04-17 13:29:55 +00:00
## Fixed in 2021.4.2
2021-04-21 20:46:48 +00:00
- core: fix propertymapping API returning invalid value for components (https://github.com/goauthentik/authentik/issues/746)
2021-04-17 13:29:55 +00:00
- core: improve messaging when creating a recovery link for a user when no recovery flow exists
- flows: annotate flows executor 404 error
- flows: include configure_flow in stages API
- helm: make storage class, size and mode configurable
2021-04-21 20:46:48 +00:00
- helm: turn off monitoring by default (https://github.com/goauthentik/authentik/issues/741)
2021-04-17 13:29:55 +00:00
- outposts: fix errors when creating multiple outposts
- root: add restart: unless-stopped to compose
- root: base Websocket message storage on Base not fallback
- root: fix healthcheck part in docker-compose
- root: fix setting of EMAIL_USE_TLS and EMAIL_USE_SSL
- sources/ldap: improve error handling during sync
- sources/oauth: fix error when creating an oauth source which has fixed URLs
- sources/oauth: fix resolution of sources' provider type
- web: fix background-color on router outlet on light mode
- web/admin: fix error when user doesn't have permissions to read source
- web/admin: fix errors in user profile when non-superuser
2021-04-19 19:08:10 +00:00
## Fixed in 2021.4.3
- *: add model_name to TypeCreate API to distinguish between models sharing a component
- api: fix CSRF error when using POST/PATCH/PUT in API Browser
- api: make 401 messages clearer
- api: mount outposts under outposts/instances to match flows
- core: add parameter to output property mapping test result formatted
- core: add superuser_full_list to applications list, shows all applications when superuser
- core: fix Tokens being created with incorrect intent by default
- outposts: don't run outpost_controller when no service connection is set
- providers/oauth2: Set CORS Headers for token endpoint, check Origin header against redirect URLs
- root: auto-migrate on startup, lock database using pg_advisory_lock
- sources/oauth: add login with plex support
- sources/oauth: fix redirect loop for source with non-configurable URLs
- sources/oauth: save null instead of empty string for sources without configurable URLs
- web/admin: add ability to add users to a group whilst creating a group
- web/admin: fix default for codemirror
- web/admin: fix group member table order
- web/admin: fix non-matching provider type being selected when creating an OAuth Source
- web/admin: fix provider type resetting when changing provider type
- web/admin: fix undefined being shown when viewing application
- web/admin: improve default selection for property-mappings
2021-03-12 17:04:42 +00:00
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the latest docker-compose file from [here ](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.4/docker-compose.yml ). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate` .
### Kubernetes
Run `helm repo update` and then upgrade your release with `helm upgrade passbook authentik/authentik --devel -f values.yaml` .