This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.5.md
Jens Langhammer 11f7935155 providers/oauth2: use regex to check redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2799
2022-05-18 21:22:27 +02:00

74 lines
3.5 KiB
Markdown

---
title: Release 2022.5
slug: "2022.5"
---
## Breaking changes
- Twitter Source has been migrated to OAuth2
This requires some reconfiguration on both Twitter's and authentik's side. Check out the new Twitter integration docs [here](../../integrations/sources/twitter/)
- OAuth Provider: Redirect URIs are now checked using regular expressions
Allowed Redirect URIs now accepts regular expressions to check redirect URIs to support wildcards. In most cases this will not change anything, however casing is also important now. Meaning if your redirect URI is "https://Foo.bar" and allowed is "https://foo.bar", authorization will not be allowed. Additionally, the special handling when _Redirect URIs/Origins_ is set to `*` has been removed. To get the same behaviour, set _Redirect URIs/Origins_ to `.+`.
## New features
- LDAP Outpost cached binding
Instead of always executing the configured flow when a new Bind request is received, the provider can now be configured to cache the session from the initial flow execution, and directly validate credentials in the outpost. This drastically improves the bind performance.
See [LDAP provider](../providers/ldap.md#cached-bind)
- OAuth2: Add support for `form_post` response mode
- Optimise bundling of web asses
Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times.
Additionally, only the locales configured will be loaded on start, instead of all locales.
Certain parts of the application are purposefully still contained in the initial bundle, especially for commonly used pages and default routes.
## Minor changes/fixes
- \*: decrease frequency of background tasks, smear tasks based on name and fqdn
- api: fix OwnerFilter filtering out objects for superusers
- core: add custom shell command which imports all models and creates events for model events
- core: add flag to globally disable impersonation
- events: fix created events only being logged as debug level
- flows: handle flow title formatting error better, add user to flow title context
- internal: add signal handler for SIGTERM
- outposts/ldap: cached bind (#2824)
- policies: fix current user not being set in server-side policy deny
- providers/oauth2: add support for form_post response mode (#2818)
- providers/oauth2: don't create events before client_id can be verified to prevent spam
- providers/saml: make SAML metadata generation consistent
- root: export poetry deps to requirements.txt so we don't need poetry … (#2823)
- root: handle JSON error in metrics
- root: set SESSION_SAVE_EVERY_REQUEST to enable sliding sessions
- sources/oauth: Fix wording for OAuth source names (#2732)
- stages/authenticator_validate: remember (#2828)
- stages/user_delete: fix delete stage failing when pending user is not explicitly set
- web: fix dateTimeLocal() dropping local timezone
- web: lazy load parts of interfaces (#2864)
- web/user: add missing checkbox element in user settings (#2762)
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.5 from [here](https://goauthentik.io/version/2022.5/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.5.1
```