2021-08-07 20:32:53 +00:00
---
title: Release 2021.8
slug: "2021.8"
---
## Headline Changes
- Embedded Outpost
To simplify the setup, an embedded outpost has been added. This outpost runs as part of the main authentik server, and requires no additional setup.
You can simply assign providers to the embedded outpost, and either use the integrations to configure reverse proxies, or point your traffic to the main authentik server.
Traffic is routed based on host-header, meaning every host that has been configured as a provider and is assigned to the embedded proxy will be sent to the outpost, and every sub-path under `/akprox` is sent to the outpost too. The rest is sent to authentik itself.
2021-08-23 19:24:50 +00:00
- App passwords
You can now create Tokens with the intent `app_password` , and use them when authenticating with a flow. This requires the `User database + app passwords` backend in your password stage (this is done automatically on upgrade).
You will also see in the logs which backend was used as the `auth_method` and `auth_method_args` arguments on the Event.
2021-08-07 20:32:53 +00:00
## Minor changes
2021-08-11 17:54:03 +00:00
- admin: add API to show embedded outpost status, add notice when its not configured properly
- api: ensure all resources can be filtered
- api: make all PropertyMappings filterable by multiple managed attributes
- core: add API to directly send recovery link to user
- core: add UserSelfSerializer and separate method for users to update themselves with limited fields
- core: allow changing of groups a user is in from user api
- flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
- lifecycle: decrease default worker count on compose
2021-08-22 18:19:23 +00:00
- outpost/ldap: Performance improvements, support for (member=) lookup
2021-08-11 17:54:03 +00:00
- providers/proxy: don't create ingress when no hosts are defined
2021-08-22 18:19:23 +00:00
- sources/plex: add API to get user connections
2021-08-11 17:54:03 +00:00
- web: add API Drawer
- web/admin: add UI to copy invitation link
- web/admin: allow modification of users groups from user view
- web/admin: re-name service connection to integration
2021-08-07 20:32:53 +00:00
2021-08-23 13:40:15 +00:00
## Fixed in 2021.8.1-rc2
2021-08-23 19:24:50 +00:00
- ci: add pipeline to build and push js api package
- ci: upgrade web api client when schema changes
- core: add new token intent and auth backend (#1284)
- core: add token tests for invalid intent and token auth
- core: fix token intent not defaulting correctly
- core: handle error when ?for_user is not numberical
- lib: move id and key generators to lib (#1286)
- lifecycle: rename to ak
2021-08-23 13:40:15 +00:00
- outpost: handle non-existant permission
2021-08-27 21:12:53 +00:00
- outpost: add recursion limit for docker controller
- outpost: add repair_permissions command
2021-08-23 19:24:50 +00:00
- root: add alias for akflow files
2021-08-23 13:40:15 +00:00
- root: add ASGI Error handler
2021-08-23 19:24:50 +00:00
- root: add License to NPM package
- root: fix error_handler for websocket
- root: fix mis-matched postgres version for CI
- root: remove remainders from gen
- root: remove usage of make-gen
- root: test schema auto-update
- root: update schema
- stages/password: auto-enable app password backend
- stages/user_write: fix wrong fallback authentication backend
- web: add custom readme to api client
- web: add ESM to generated Client
- web: build. api in different folder
- web: improve api client versioning
2021-08-23 13:40:15 +00:00
- web: Merge pull request #1258 from goauthentik/publish-api-to-npm
2021-08-23 19:24:50 +00:00
- web: migrate to @goauthentik/api
- web: Update Web API Client version (#1283)
- web/admin: allow users to create app password tokens
- web/admin: display token's intents
- web/admin: fix missing app passwords backend
- web/admin: improve delete modal for stage bindings and policy bindings
- web/admin: select all password stage backends by default
2021-08-23 13:40:15 +00:00
- website: add docs for making schema changes
2021-08-23 19:24:50 +00:00
- website: make default login-2fa flow ignore 2fa with app passwords
- website/docs: add docs for `auth_method` and `auth_method_args` fields
2021-08-23 13:40:15 +00:00
2021-08-26 14:06:27 +00:00
## Fixed in 2021.8.1
- *: cleanup api schema warnings
- core: fix error for asgi error handler with websockets
- core: fix error when user updates themselves
- core: fix user object for token not be set-able
- root: Fix table of contents for CONTRIBUTING.md (#1302)
- root: Require PG_PASS to be set (#1303)
- web/admin: allow admins to create tokens
2021-08-26 16:56:42 +00:00
## Fixed in 2021.8.2
- root: fix login loop created by old settings stored in cache
2021-08-27 21:12:53 +00:00
## Fixed in 2021.8.3
- outpost: fix FlowExecutor not sending password for identification stage
- outpost: fix generated traefik labels containing invalid hosts
- outpost: make docker network configurable when using docker integration
- web/flow: fix redirects to application being sent multiple times, causing issues with OAuth providers
- web/flow: fix rendering of checkboxes in prompt stages
2021-08-29 20:12:49 +00:00
## Fixed in 2021.8.4
2021-09-02 15:40:02 +00:00
- api: add /api/v3 path
2021-08-29 20:12:49 +00:00
- api: add basic rate limiting for sentry proxy endpoint
2021-08-30 10:51:14 +00:00
- core: fix user_obj being empty on token API
2021-09-01 17:37:00 +00:00
- events: improve logging for task exceptions
2021-08-29 20:12:49 +00:00
- outpost/embedded: only send requests for non-akprox paths when we're doing proxy mode
- outpost/ldap: delay user information removal upon closing of connection
- policies/password: fix PasswordStage not being usable with prompt stages
- providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts
2021-09-01 17:37:00 +00:00
- providers/proxy: improve error handling for non-tls ingresses
- stages/authenticator_validate: show single button for multiple webauthn authenticators
- stages/invitation: fix invitation not inheriting ExpiringModel
- web/admin: fallback for invitation list on first load
- web/admin: fix flow executor not opening in new tab
- web/admin: fix list of webauthn devices not updating after rename
2021-08-29 20:12:49 +00:00
- web/flows: fix FlowExecutor not updating when challenge changes from outside
2021-09-04 12:09:11 +00:00
## Fixed in 2021.8.5
- api: add additional filters for ldap and proxy providers
- api: cache schema, fix server urls
- core: minor query optimization
- internal: disable directory listing on static files
- internal: fix font loading errors on safari
- internal: fix web requests not having a logger set
- outpost: fix spans being sent without parent context
- root: fix is_secure with safari on debug environments
- stages/identification: fix empty user_fields query returning first user
- web/admin: show applications instead of providers in outpost form
- web/flows: fix display error when using IdentificationStage without input fields
2021-08-07 20:32:53 +00:00
## Upgrading
This release does not introduce any new requirements.
### docker-compose
2021-08-27 21:12:53 +00:00
Download the docker-compose file for 2021.8 from [here ](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.8/docker-compose.yml ). Afterwards, simply run `docker-compose up -d` .
2021-08-07 20:32:53 +00:00
### Kubernetes
Upgrade to the latest chart version to get the new images.