--- title: Release 2022.9 slug: "/releases/2022.9" --- ## Breaking changes - `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers) ## New features - UI for Duo device Import Instead of manually having to call an API endpoint, there's now a UI for importing Duo devices. - Duo Admin API integration When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../flow/stages/authenticator_duo/). ## API Changes #### What's New --- ##### `POST` /stages/authenticator/duo/{stage_uuid}/import_device_manual/ ##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices_automatic/ #### What's Deleted --- ##### `POST` /stages/authenticator/duo/{stage_uuid}/import_devices/ #### What's Changed --- ##### `GET` /stages/authenticator/duo/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `admin_integration_key` (string) ##### `PUT` /stages/authenticator/duo/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Added property `admin_integration_key` (string) - Added property `admin_secret_key` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `admin_integration_key` (string) ##### `PATCH` /stages/authenticator/duo/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Added property `admin_integration_key` (string) - Added property `admin_secret_key` (string) ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `admin_integration_key` (string) ##### `GET` /flows/executor/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Added 'xak-flow-error' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `pending_user` (string) - Property `pending_user_avatar` (string) - Property `request_id` (string) - Property `error` (string) - Property `traceback` (string) ##### `POST` /flows/executor/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Added 'xak-flow-error' component: - Property `type` (string) Enum values: - `native` - `shell` - `redirect` - Property `flow_info` (object) > Contextual flow information for a challenge - Property `title` (string) - Property `background` (string) - Property `cancel_url` (string) - Property `layout` (string) Enum values: - `stacked` - `content_left` - `content_right` - `sidebar_left` - `sidebar_right` - Property `component` (string) - Property `response_errors` (object) - Property `pending_user` (string) - Property `pending_user_avatar` (string) - Property `request_id` (string) - Property `error` (string) - Property `traceback` (string) ##### `POST` /stages/authenticator/duo/ ###### Request: Changed content type : `application/json` - Added property `admin_integration_key` (string) - Added property `admin_secret_key` (string) ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `admin_integration_key` (string) ##### `GET` /stages/authenticator/duo/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorDuoStage Serializer - Added property `admin_integration_key` (string) ## Minor changes/fixes - \*: cleanup stray print calls - \*: remove remaining default creation code in squashed migrations - blueprint: fix EntryInvalidError not being handled in tasks - blueprints: add meta model to apply blueprint within blueprint for dependencies (#3486) - blueprints: don't export events by default and exclude anonymous user - blueprints: OCI registry support (#3500) - blueprints: use correct log level when re-logging import validation logs - core: fix custom favicon not being set correctly on load - core: improve error template (#3521) - crypto: add command to import certificates - events: fix MonitoredTasks' save_on_success not behaving as expected - events: reset task info when not saving on success - events: save event to test notification transport - flows: fix incorrect diagram for policies bound to flows - flows: migrate FlowExecutor error handler to native challenge instead of shell - internal: fix outposts not logging flow execution errors correctly - internal: optimise outpost's flow executor to use less requests - internal: use config system for workers/threads, document the settings (#3626) - outposts: fix oauth state when using signature routing (#3616) - outposts/proxy: fix redirect path when external host is a subdirectory (#3628) - providers/oauth2: add x5c (#3556) - providers/proxy: fix routing based on signature in traefik and caddy - root: make redis persistent in docker-compose - root: re-use custom log helper from config and cleanup duplicate functions - root: shorten outpost docker healthcheck intervals - sources/ldap: start_tls before binding but without reading server info - sources/oauth: use GitHub's dedicated email API when no public email address is configured - sources/oauth: use UPN for username with azure AD source - stages/authenticator_duo: fix 404 when current user does not have permissions to view stage - stages/authenticator_duo: improved import (#3601) - stages/consent: default to expiring consent instead of always_require - tenants: handle all errors in default_locale - web: fix checkbox styling on applications form - web: fix scrolling in modals in low-height views (#3596) - web: use mermaidjs (#3623) - web/admin: enable blueprint instances by default - web/flows: fix ak-locale prompt being rendered without name attribute - web/flows: update flow background - web/user: justify content on user settings page on desktop ## Upgrading This release does not introduce any new requirements. ### docker-compose Download the docker-compose file for 2022.9 from [here](https://goauthentik.io/version/2022.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`. ### Kubernetes Update your values to use the new images: ```yaml image: repository: ghcr.io/goauthentik/server tag: 2022.9.1 ```