2022-05-08 15:32:21 +00:00
---
title: Release 2022.5
2023-01-04 18:45:31 +00:00
slug: "/releases/2022.5"
2022-05-08 15:32:21 +00:00
---
## Breaking changes
2022-05-17 22:03:02 +00:00
- Twitter Source has been migrated to OAuth2
This requires some reconfiguration on both Twitter's and authentik's side. Check out the new Twitter integration docs [here ](../../integrations/sources/twitter/ )
2022-05-18 18:45:58 +00:00
- OAuth Provider: Redirect URIs are now checked using regular expressions
Allowed Redirect URIs now accepts regular expressions to check redirect URIs to support wildcards. In most cases this will not change anything, however casing is also important now. Meaning if your redirect URI is "https://Foo.bar" and allowed is "https://foo.bar", authorization will not be allowed. Additionally, the special handling when _Redirect URIs/Origins_ is set to `*` has been removed. To get the same behaviour, set _Redirect URIs/Origins_ to `.+` .
2022-05-08 15:32:21 +00:00
## New features
2022-05-09 19:22:41 +00:00
- LDAP Outpost cached binding
2022-05-08 15:32:21 +00:00
2022-05-09 19:22:41 +00:00
Instead of always executing the configured flow when a new Bind request is received, the provider can now be configured to cache the session from the initial flow execution, and directly validate credentials in the outpost. This drastically improves the bind performance.
2022-05-08 15:32:21 +00:00
2023-01-04 18:45:31 +00:00
See [LDAP provider ](../../providers/ldap/index.md#cached-bind )
2022-05-08 15:32:21 +00:00
2022-05-14 19:48:25 +00:00
- OAuth2: Add support for `form_post` response mode
2022-05-23 18:38:16 +00:00
- Don't prompt users for MFA when they've authenticated themselves within a time period
2023-01-04 18:45:31 +00:00
You can now configure any [Authenticator Validation Stage ](../../flow/stages/authenticator_validate/index.md ) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold` .
2022-05-23 18:38:16 +00:00
2022-05-20 22:15:40 +00:00
- Optimise bundling of web assets
2022-05-14 19:48:25 +00:00
Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times.
Additionally, only the locales configured will be loaded on start, instead of all locales.
Certain parts of the application are purposefully still contained in the initial bundle, especially for commonly used pages and default routes.
2022-05-08 15:32:21 +00:00
## Minor changes/fixes
2022-05-09 19:22:41 +00:00
- \*: decrease frequency of background tasks, smear tasks based on name and fqdn
2022-05-14 19:48:25 +00:00
- api: fix OwnerFilter filtering out objects for superusers
2022-05-09 19:22:41 +00:00
- core: add custom shell command which imports all models and creates events for model events
- core: add flag to globally disable impersonation
- events: fix created events only being logged as debug level
- flows: handle flow title formatting error better, add user to flow title context
2022-05-14 19:48:25 +00:00
- internal: add signal handler for SIGTERM
2022-05-09 19:22:41 +00:00
- outposts/ldap: cached bind (#2824)
- policies: fix current user not being set in server-side policy deny
2022-05-14 19:48:25 +00:00
- providers/oauth2: add support for form_post response mode (#2818)
2022-05-20 17:34:43 +00:00
- providers/oauth2: allow regex matches for allowed redirect_uri
2022-05-14 19:48:25 +00:00
- providers/oauth2: don't create events before client_id can be verified to prevent spam
- providers/saml: make SAML metadata generation consistent
2022-05-09 19:22:41 +00:00
- root: export poetry deps to requirements.txt so we don't need poetry … (#2823)
2022-05-14 19:48:25 +00:00
- root: handle JSON error in metrics
2022-05-09 19:22:41 +00:00
- root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
- sources/oauth: Fix wording for OAuth source names (#2732)
2022-05-14 19:48:25 +00:00
- stages/authenticator_validate: remember (#2828)
2022-05-20 17:34:43 +00:00
- stages/identification: redirect with QS to keep next parameters (#2909)
2022-05-09 19:22:41 +00:00
- stages/user_delete: fix delete stage failing when pending user is not explicitly set
2022-05-14 19:48:25 +00:00
- web: fix dateTimeLocal() dropping local timezone
- web: lazy load parts of interfaces (#2864)
2022-05-09 19:22:41 +00:00
- web/user: add missing checkbox element in user settings (#2762)
2022-05-08 15:32:21 +00:00
2022-05-21 17:10:14 +00:00
## Fixed in 2022.5.2
2022-05-21 15:16:43 +00:00
- internal: fix nil pointer dereference in ldap outpost
- internal: revert cookie path on proxy causing redirect loops
- outposts: allow externally managed SSH Config for outposts (#2917)
- outposts: ensure the user and token are created on initial outpost save
- root: fix missing curl in dockerfile
- web/admin: improve error handling in TokenCopyButton
- web/admin: make external host clickable
- web/user: fix use sub-pages not redirecting back to the subpage
2022-05-24 21:34:51 +00:00
## Fixed in 2022.5.3
2022-05-26 20:16:07 +00:00
- api: migrate to openapi generator v6 (#2968)
- api: update API browser to match admin UI and auto-switch theme
2022-05-24 21:38:02 +00:00
- core: fix username validator not allowing changes that can be done via flows
- crypto: set SAN in default generated Certificate to semi-random domain
- ensure all viewsets have filter and search and add tests (#2946)
- events: fix transport not allowing blank values
- flows: fix re-imports of entries with identical PK re-creating objects (#2941)
2022-05-26 20:16:07 +00:00
- providers/oauth2: handle attribute errors when validation JWK contains private key
2022-05-24 21:38:02 +00:00
- providers/oauth2: improve error handling for invalid regular expressions
2022-05-26 20:16:07 +00:00
- providers/oauth2: only set expiry on user when it was freshly created
- providers/oauth2: regex-escape URLs when set to blank
2022-05-24 21:38:02 +00:00
- providers/oauth2: set related_name for many-to-many connections so used by detects the connection
- providers/saml: handle parse error
2022-05-26 20:16:07 +00:00
- root: Add docker-compose postgresql and redis healthchecks (#2958)
2022-05-24 21:38:02 +00:00
- stages/user_write: fix typo in request context variable
- web: decrease elements that refresh on global refresh signal
2022-05-26 20:16:07 +00:00
- web/admin: add note that regex is used for redirect URIs
2022-05-24 21:38:02 +00:00
- web/admin: add set password button to user view page
- web/admin: fix broken flow execute link (#2940)
- web/admin: fix display of LDAP bind mode
- web/admin: fix flow diagram not updating on flow changes
- web/admin: fix phrasing on LDAP provider form for bind mode
- web/admin: refactor table refresh to preserve selected/expanded elements correctly
- web/elements: fix missing click handler on wizard close button
- web/elements: fix used_by refreshing for all elements when using DeleteBulkForm
2022-05-26 20:16:07 +00:00
- website/docs: Fix misconfiguration causing POST requests behind Nginx to timeout (#2967)
2022-05-24 21:34:51 +00:00
2022-05-08 15:32:21 +00:00
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.5 from [here ](https://goauthentik.io/version/2022.5/docker-compose.yml ). Afterwards, simply run `docker-compose up -d` .
### Kubernetes
Update your values to use the new images:
```yaml
image:
2022-05-09 19:22:41 +00:00
repository: ghcr.io/goauthentik/server
tag: 2022.5.1
2022-05-08 15:32:21 +00:00
```