website: update changelog for 2023.10.6 and 2023.8.6

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-09 19:02:19 +01:00 · 2024-01-09 19:02:19 +01:00 · c78bb979ec
parent 6649f7ab72
commit c78bb979ec
2 changed files with 16 additions and 0 deletions
--- a/website/docs/releases/2023/v2023.10.md
+++ b/website/docs/releases/2023/v2023.10.md
@ -181,6 +181,18 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10
 -   web/admin: always show oidc well-known URL fields when they're set (#7560)
 -   web/user: fix search not updating app (cherry-pick #7825) (#7933)

+## Fixed in 2023.10.6
+
+-   core: fix PropertyMapping context not being available in request context
+-   outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) (#8024)
+-   outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014) (#8020)
+-   providers/oauth2: fix [CVE-2024-21637](../../security/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104)
+-   providers/oauth2: remember session_id from initial token (cherry-pick #7976) (#7977)
+-   providers/proxy: use access token (cherry-pick #8022) (#8023)
+-   rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068) (#8070)
+-   sources/oauth: fix missing get_user_id for OIDC-like sources (Azure AD) (#7970)
+-   web/flows: fix device picker incorrect foreground color (cherry-pick #8067) (#8069)
+
 ## API Changes

 #### What's New
--- a/website/docs/releases/2023/v2023.8.md
+++ b/website/docs/releases/2023/v2023.8.md
@ -163,6 +163,10 @@ image:

 -   security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666)

+## Fixed in 2023.8.6
+
+-   providers/oauth2: fix [CVE-2024-21637](../../security/CVE-2024-21637.md), Reported by [@lauritzh](https://github.com/lauritzh) (#8104)
+
 ## API Changes

 #### What's New