b7bfb93928
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
112 lines
5.1 KiB
Markdown
112 lines
5.1 KiB
Markdown
---
|
|
title: Release 2021.7
|
|
slug: "2021.7"
|
|
---
|
|
|
|
## Headline Changes
|
|
|
|
- SSL Support for LDAP Providers
|
|
|
|
You can now configure certificates for your LDAP Providers, meaning that all communication will be done encrypted.
|
|
|
|
Currently, only SSL on port 636 is supported, not StartTLS.
|
|
|
|
- Add bundeled docs
|
|
|
|
You can now browse the authentik docs for your version by browsing to `/help`. This means you don't have to rely on an
|
|
internet connection to check the docs, and you also have the correct docs for your currently running version.
|
|
|
|
## Minor changes
|
|
|
|
- api: Tunnel Sentry requests through authentik to prevent them being blocked by ad-blockers
|
|
- core: fix error when setting icon/background to url longer than 100 chars
|
|
- events: fix error when slack notification request failed without a response
|
|
- flows: allow variable substitution in flow titles
|
|
- outposts/ldap: Fix LDAP outpost missing a `member` field on groups with all member DNs
|
|
- outposts/ldap: Fix LDAP outpost not parsing arrays from user and group attributes correctly
|
|
- providers/oauth2: allow blank redirect_uris to allow any redirect_uri
|
|
- providers/saml: fix parsing of POST bindings
|
|
- root: add PROXY protocol support for http, https, ldap and ldaps servers
|
|
- root: Allow configuration of Redis port
|
|
- root: set samesite to None for SAML POST flows
|
|
- root: subclass SessionMiddleware to set Secure and SameSite flag depending on context
|
|
- web: fix error when showing error message of request
|
|
|
|
## Fixed in 2021.7.1-rc2
|
|
|
|
- core: add email filter for user
|
|
- core: add group filter by member username and pk
|
|
- core: broaden error catching for propertymappings
|
|
- lib: fix outpost fake-ip not working, add tests
|
|
- outpost: fix 100% CPU Usage when not connected to websocket
|
|
- outposts: ensure outpost SAs always have permissions to fake IP
|
|
- outposts: fix git hash not being set in outposts
|
|
- outposts: save certificate fingerprint and check before re-fetching to cleanup logs
|
|
- outposts/ldap: add tracing for LDAP bind and search
|
|
- outposts/ldap: improve parsing of LDAP filters
|
|
- outposts/ldap: optimise backend Search API requests
|
|
- outposts/proxy: add X-Auth-Groups header to pass groups
|
|
- providers/oauth2: handler PropertyMapping exceptions and create event
|
|
- providers/saml: improve error handling for property mappings
|
|
- sources/ldap: improve error handling for property mappings
|
|
- web: fix icon flashing in header, fix notification header icon in dark mode
|
|
- web: separate websocket connection from messages
|
|
- web/admin: fix missing dark theme for notifications
|
|
- web/admin: fix negative count for policies when more cached than total policies
|
|
- web/admin: improve UI for notification toggle
|
|
- website/docs: clear up outpost uuids
|
|
- website/docs: remove duplicate proxy docs
|
|
|
|
## Fixed in 2021.7.1
|
|
|
|
- core: add tests for flow_manager
|
|
- core: fix CheckApplication's for_user flag not being checked correctly
|
|
- core: fix pagination not working correctly with applications API
|
|
- providers/oauth2: fix blank redirect_uri not working with TokenView
|
|
- root: add code of conduct and PR template
|
|
- root: add contributing file
|
|
- tenants: make event retention configurable on tenant level
|
|
- tenants: set tenant uuid in sentry
|
|
- web/admin: add notice for event_retention
|
|
- web/admin: add status card for https and timedrift
|
|
- web/admin: default to authentication flow for LDAP provider
|
|
- web/admin: fix ApplicationView's CheckAccess not sending UserID correctly
|
|
- website/docs: add go requirement
|
|
- website/docs: update terminology for dark mode
|
|
|
|
## Fixed in 2021.7.2
|
|
|
|
- ci: fix sentry sourcemap path
|
|
- e2e: fix broken selenium by locking images
|
|
- events: ensure fallback result is set for on_failure
|
|
- events: remove default result for MonitoredTasks, only save when result was set
|
|
- flows: don't check redirect URL when set from flow plan (set from authentik or policy)
|
|
- flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
|
|
- outpost: bump timer for periodic config reloads
|
|
- outposts: catch invalid ServiceConnection error in outpost controller
|
|
- providers/oauth2: fix error when requesting jwks keys with no rs256 aet
|
|
- providers/proxy: fix hosts for ingress not being compared correctly
|
|
- providers/saml: fix Error when getting metadata for invalid ID
|
|
- providers/saml: fix metadata being inaccessible without authentication
|
|
- sources/ldap: improve ms-ad password complexity checking
|
|
- sources/plex: add background task to monitor validity of plex token
|
|
- stages/email: fix error when re-requesting email after token has expired
|
|
- stages/invitation: delete invite only after full enrollment flow is completed
|
|
- web/admin: add re-authenticate button for plex
|
|
- web/admin: add UI to copy invitation link
|
|
- web/admin: fix empty column when no invitation expiry was set
|
|
- web/admin: fix LDAP Provider bind flow list being empty
|
|
- web/admin: fully remove response cloning due to errors
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2021.7 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.7/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Upgrade to the latest chart version to get the new images.
|