--- title: Release 2022.2 slug: "/releases/2022.2" --- ## Breaking changes ### Removal of integrated backup The integrated backup functionality has been removed due to the following reasons: - It caused a lot of issues during restore, with things breaking and difficult to restore backups - Limited compatibility (only supported local and S3 backups) - Most environments already have a solution for backups, so we feel that investing more time into making this feature better should be spent on more important things. If you don't already have a standard backup solution for other applications, you can consider these replacements: - https://github.com/kartoza/docker-pg-backup for docker-compose and - https://devtron.ai/blog/creating-a-kubernetes-cron-job-to-backup-postgres-db/ or https://cwienczek.com/2020/06/simple-backup-of-postgres-database-in-kubernetes/ for Kubernetes ### Changed URLs for forward auth `akprox` in URLs has been changed to `outpost.goauthentik.io`. All the documentation now reflects this, and outpost integrations will migrate this automatically for you. ## New features ### Authenticator enrollment picker In an authenticator validation stage you can now configure multiple configuration stages, which will be present to the user to choose which device they want to enroll. ## Minor changes/fixes - \*: add placeholder custom.css to easily allow user customisation - \*: rename akprox to outpost.goauthentik.io (#2266) - internal: don't attempt to lookup SNI Certificate if no SNI is sent - internal: improve error handling for internal reverse proxy - internal: increase logging for no hostname found - internal: remove uvicorn server header - outposts: ensure keypair is set for SSH connections - outposts: fix channel not always having a logger attribute - outposts: fix compare_ports to support both service and container ports - outposts: fix service reconciler re-creating services - outposts: make local discovery configurable - outposts: remove node_port on V1ServicePort checks to prevent service creation loops - outposts/proxy: correctly check host in forward domain redirect - outposts/proxy: correctly handle ?rd= param - providers/oauth2: add support for explicit response_mode - providers/oauth2: fix redirect_uri being lowercased on successful validation - providers/proxy: enable TLS in ingress via traefik annotation - providers/proxy: improve error handling for invalid backend_override - providers/proxy: remove leading slash to allow subdirectories in proxy - sources/ldap: log entire exception - sources/ldap: use merger that only appends unique items to list - sources/saml: fix incorrect ProtocolBinding being sent - stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose - stages/authenticator_validate: fix handling when single configuration stage is selected - stages/authenticator_validate: handle non-existent device_challenges - Translate /web/src/locales/en.po in de (#2291) - Translate /web/src/locales/en.po in pl (#2274) - Translate /web/src/locales/en.po in zh_TW (#2263) - Translate /web/src/locales/en.po in zh-Hans (#2262) - Translate /web/src/locales/en.po in zh-Hant (#2261) - web/admin: fix invalid URLs in example proxy config - web/admin: fix mismatched icons in overview and lists ## Upgrading This release does not introduce any new requirements. ### docker-compose Download the docker-compose file for 2022.2 from [here](https://goauthentik.io/version/2022.2/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. The previous backup directory will persist, and can still be used with other tools. ### Kubernetes Update your values to use the new images: ```yaml image: repository: ghcr.io/goauthentik/server tag: 2022.2.1 ``` Backup-related settings can be removed but will not cause any errors either.