authentik/website/docs/releases/v2021.10.md

---
title: Release 2021.10
slug: "2021.10"
---

## Headline Changes

- Flow Inspector

  To better understand how a flow works, and why things might not be working as intended, you can now launch Flows with an inspector enabled. This is simply triggered by adding a `?inspector` to the URL. Currently, only superuser have the permission to access the Inspector.

  The inspector shows the current stage, previous stages, next planned stages, and the current flow context.

- SMS Authenticator

  You can now use SMS-based TOTP authenticators. This new Stage supports both Twilio, and a generic API endpoint, if using another provider. This stage does not have to be used for authentication, it can simply be used during enrollment to verify your users phone numbers.

- Sign in with Apple

  It is now possible to add an Apple OAuth Source, to allow your users to authenticate with their Apple ID.

A huge shoutout to all the people that contributed, helped test and also translated authentik. This is the first release that has as full French translation!

## Minor changes

- *: Squash Migrations (#1593)
- admin: clear update notification when notification's version matches current version
- cmd: prevent outposts from panicking when failing to get their config
- core: add default for user's settings attribute
- core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes
- core: improve detection for s3 settings to trigger backup
- core: include group uuids in self serializer
- core: make user's name field fully optional
- flows: inspector (#1469)
- internal: add internal healthchecking to prevent websocket errors
- internal/proxyv2: improve error handling when configuring app
- lifecycle: bump celery healthcheck to 5s timeout
- lifecycle: only lock database when system migrations need to be applied, and during django migrations, and don't double unlock
- lifecycle: only set prometheus_multiproc_dir in ak wrapper to prevent full disk on worker
- managed: don't run managed reconciler in foreground on startup
- outpost/proxy: fix missing negation for internal host ssl verification
- outposts: add additional error checking for docker controller
- outposts: Adding more flexibility to outposts in Kubernetes. (#1617)
- outposts: allow disabling of docker controller port mapping
- outposts: check ports of deployment in kubernetes outpost controller
- outposts: don't always build permissions on outpost.user access, only in signals and tasks
- outposts: fallback to known-good outpost image if configured image cannot be pulled
- outposts: fix error when comparing ports in docker controller when port mapping is disabled
- outposts: handle k8s 422 response code by recreating objects
- outposts: rename docker_image_base to container_image_base, since its not docker specific
- outposts/ldap: Support hard coded `uidNumber` and `gidNumber`. (#1582)
- outposts/proxy: add new headers with unified naming
- outposts/proxy: fix duplicate protocol in domain auth mode
- outposts/proxy: show full error message when user is authenticated
- policies: add additional filters to create flow charts on frontend
- policies/password: add extra sub_text field in tests
- providers/ldap: use RDN when using posixGroup's memberUid attribute (#1514)
- providers/proxy: always check ingress secret in kubernetes controller
- providers/proxy: update ingress controller to work with k8s 1.22
- recovery: handle error when user doesn't exist
- root: add docker-native healthcheck for web and celery
- root: add translation for backend strings
- root: coverage with toml support
- root: fix error with sentry proxy
- root: migrate docker images to netlify proxy (#1603)
- root: remove redundant internal network from compose
- root: remove structlog.processors.format_exc_info for new structlog version
- root: Use fully qualified names for docker bases base images. (#1490)
- sources/ldap: add support for Active Directory `userAccountControl` attribute
- sources/ldap: don't sync ldap source when no property mappings are set
- sources/ldap: fix logic error in Active Directory account disabled status
- sources/oauth: add Sign in with Apple (#1635)
- stages/authenticator_sms: add generic provider (#1595)
- stages/authenticator_sms: Add SMS Authenticator Stage (#1577)
- stages/authenticator_validate: create a default authenticator validate stage with sensible defaults
- stages/email: add activate_user_on_success flag, add for all example flows
- stages/prompt: add sub_text field to add HTML below prompt fields
- stages/prompt: fix sub_text not allowing blank
- stages/prompt: fix wrong field type of field_key
- stages/user_login: add check for user.is_active and tests
- stages/user_write: allow recursive writing to user.attributes
- web: add locale detection
- web: ensure fallback locale is loaded
- web: fix rendering of token copy button in dark mode
- web: fix strings not being translated at all when matching browser locale not found
- web: make table pagination size user-configurable
- web: new default flow background
- web: Translate /web/src/locales/en.po in fr_FR (#1506)
- web/admin: add fallback font for doughnut charts
- web/admin: default to warning state for backup task
- web/admin: don't require username nor name for activate/deactivate toggles
- web/admin: fix description for flow import
- web/admin: fix LDAP Source form not exposing syncParentGroup
- web/admin: fix search group label
- web/admin: fix SMS Authenticator stage not loading state correctly
- web/admin: improve visibility of oauth rsa key
- web/admin: only show outpost deployment info when not embedded
- web/admin: truncate prompt label when too long
- web/elements: fix initialLoad not being done when viewportCheck was disabled
- web/elements: fix model form always loading when viewport check is disabled
- web/elements: use dedicated button for search clear instead of webkit exclusive one
- web/flows: adjust message for email stage
- web/user: don't show managed tokens in user interface
- web/user: initial optimisation for smaller screens
- web/user: load interface settings from user settings

## Upgrading

This release does not introduce any new requirements.

### docker-compose

Download the docker-compose file for 2021.10 from [here](https://goauthentik.io/version/2021.10/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.

### Kubernetes

Update your values to use the new images:

```yaml
image:
  repository: goauthentik.io/server
  tag: 2021.10.1
```
website/docs: prepare 2021.10 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-18 15:06:18 +00:00			`---`
			`title: Release 2021.10`
			`slug: "2021.10"`
			`---`

			`## Headline Changes`

			`- Flow Inspector`

			To better understand how a flow works, and why things might not be working as intended, you can now launch Flows with an inspector enabled. This is simply triggered by adding a `?inspector` to the URL. Currently, only superuser have the permission to access the Inspector.

			`The inspector shows the current stage, previous stages, next planned stages, and the current flow context.`

			`- SMS Authenticator`

			`You can now use SMS-based TOTP authenticators. This new Stage supports both Twilio, and a generic API endpoint, if using another provider. This stage does not have to be used for authentication, it can simply be used during enrollment to verify your users phone numbers.`

			`- Sign in with Apple`

			`It is now possible to add an Apple OAuth Source, to allow your users to authenticate with their Apple ID.`

			`A huge shoutout to all the people that contributed, helped test and also translated authentik. This is the first release that has as full French translation!`

			`## Minor changes`

			`- *: Squash Migrations (#1593)`
			`- admin: clear update notification when notification's version matches current version`
			`- cmd: prevent outposts from panicking when failing to get their config`
			`- core: add default for user's settings attribute`
			`- core: add settings serializer to user/me and update_self endpoints, saved in a key in attributes`
			`- core: improve detection for s3 settings to trigger backup`
			`- core: include group uuids in self serializer`
			`- core: make user's name field fully optional`
			`- flows: inspector (#1469)`
			`- internal: add internal healthchecking to prevent websocket errors`
			`- internal/proxyv2: improve error handling when configuring app`
			`- lifecycle: bump celery healthcheck to 5s timeout`
			`- lifecycle: only lock database when system migrations need to be applied, and during django migrations, and don't double unlock`
			`- lifecycle: only set prometheus_multiproc_dir in ak wrapper to prevent full disk on worker`
			`- managed: don't run managed reconciler in foreground on startup`
			`- outpost/proxy: fix missing negation for internal host ssl verification`
			`- outposts: add additional error checking for docker controller`
			`- outposts: Adding more flexibility to outposts in Kubernetes. (#1617)`
			`- outposts: allow disabling of docker controller port mapping`
			`- outposts: check ports of deployment in kubernetes outpost controller`
			`- outposts: don't always build permissions on outpost.user access, only in signals and tasks`
			`- outposts: fallback to known-good outpost image if configured image cannot be pulled`
			`- outposts: fix error when comparing ports in docker controller when port mapping is disabled`
			`- outposts: handle k8s 422 response code by recreating objects`
			`- outposts: rename docker_image_base to container_image_base, since its not docker specific`
			- outposts/ldap: Support hard coded `uidNumber` and `gidNumber`. (#1582)
			`- outposts/proxy: add new headers with unified naming`
			`- outposts/proxy: fix duplicate protocol in domain auth mode`
			`- outposts/proxy: show full error message when user is authenticated`
			`- policies: add additional filters to create flow charts on frontend`
			`- policies/password: add extra sub_text field in tests`
			`- providers/ldap: use RDN when using posixGroup's memberUid attribute (#1514)`
			`- providers/proxy: always check ingress secret in kubernetes controller`
			`- providers/proxy: update ingress controller to work with k8s 1.22`
			`- recovery: handle error when user doesn't exist`
			`- root: add docker-native healthcheck for web and celery`
			`- root: add translation for backend strings`
			`- root: coverage with toml support`
			`- root: fix error with sentry proxy`
			`- root: migrate docker images to netlify proxy (#1603)`
			`- root: remove redundant internal network from compose`
			`- root: remove structlog.processors.format_exc_info for new structlog version`
			`- root: Use fully qualified names for docker bases base images. (#1490)`
			- sources/ldap: add support for Active Directory `userAccountControl` attribute
			`- sources/ldap: don't sync ldap source when no property mappings are set`
			`- sources/ldap: fix logic error in Active Directory account disabled status`
			`- sources/oauth: add Sign in with Apple (#1635)`
			`- stages/authenticator_sms: add generic provider (#1595)`
			`- stages/authenticator_sms: Add SMS Authenticator Stage (#1577)`
			`- stages/authenticator_validate: create a default authenticator validate stage with sensible defaults`
			`- stages/email: add activate_user_on_success flag, add for all example flows`
			`- stages/prompt: add sub_text field to add HTML below prompt fields`
			`- stages/prompt: fix sub_text not allowing blank`
			`- stages/prompt: fix wrong field type of field_key`
			`- stages/user_login: add check for user.is_active and tests`
			`- stages/user_write: allow recursive writing to user.attributes`
			`- web: add locale detection`
			`- web: ensure fallback locale is loaded`
			`- web: fix rendering of token copy button in dark mode`
			`- web: fix strings not being translated at all when matching browser locale not found`
			`- web: make table pagination size user-configurable`
			`- web: new default flow background`
			`- web: Translate /web/src/locales/en.po in fr_FR (#1506)`
			`- web/admin: add fallback font for doughnut charts`
			`- web/admin: default to warning state for backup task`
			`- web/admin: don't require username nor name for activate/deactivate toggles`
			`- web/admin: fix description for flow import`
			`- web/admin: fix LDAP Source form not exposing syncParentGroup`
			`- web/admin: fix search group label`
			`- web/admin: fix SMS Authenticator stage not loading state correctly`
			`- web/admin: improve visibility of oauth rsa key`
			`- web/admin: only show outpost deployment info when not embedded`
			`- web/admin: truncate prompt label when too long`
			`- web/elements: fix initialLoad not being done when viewportCheck was disabled`
			`- web/elements: fix model form always loading when viewport check is disabled`
			`- web/elements: use dedicated button for search clear instead of webkit exclusive one`
			`- web/flows: adjust message for email stage`
			`- web/user: don't show managed tokens in user interface`
			`- web/user: initial optimisation for smaller screens`
			`- web/user: load interface settings from user settings`

			`## Upgrading`

			`This release does not introduce any new requirements.`

			`### docker-compose`

			Download the docker-compose file for 2021.10 from [here](https://goauthentik.io/version/2021.10/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.

			`### Kubernetes`

			`Update your values to use the new images:`

			```yaml
			`image:`
			`repository: goauthentik.io/server`
			`tag: 2021.10.1`
			```