This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2022.12.md
Jens Langhammer 0e6400bfea
web/admin: improve user/group UX for adding/removing users to and from groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-28 12:55:38 +01:00

9.4 KiB

title slug
Release 2022.12 2022.12

Breaking changes

  • Blueprints fetched via OCI require oci:// schema

    To better detect if a blueprint should be fetched locally or via OCI, all OCI sourced blueprints require an oci:// protocol.

New features

  • Bundled GeoIP City database

    authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more here

  • Improved UX for user & group management and stage/policy binding

    Users can now more easily be added to and removed from groups, both when viewing a single user and viewing a group.

    When creating new stages or policies, authentik will now automatically offer an option to bind them to the object in whose context they were created in.

  • Preview for OAuth2 and SAML providers

    OAuth2 and SAML providers can now preview what the currently selected property/scope mappings's outcome will look like. This helps with seeing what data is sent to the client and implementing and testing custom mappings.

  • Customisable Captcha stage

    The captcha stage now supports alternate compatible providers, like hCaptcha and Turnstile.

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.12 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2022.12.0

Minor changes/fixes

  • blueprints: add !Env tag
  • blueprints: add !If tag (#4264)
  • blueprints: add conditions to blueprint schema
  • blueprints: Added conditional entry application (#4167)
  • blueprints: better OCI support in UI (#4263)
  • blueprints: fixed bug causing filtering with an empty query (#4106)
  • blueprints: Support nested custom tags in !Find and !Format tags (#4127)
  • core: add endpoints to add/remove users from group atomically
  • core: bundle geoip (#4250)
  • events: fix incorrect EventAction being used
  • events: improve handling creation of events with non-pickleable objects
  • events: remove legacy logger declaration
  • events: save login event in session after login
  • flows: fix redirect from plan context "redirect" not being wrapped in flow response
  • flows: set stage name and verbose_name for in_memory stages
  • internal: dont error if environment config isn't found
  • internal: remove sentry proxy
  • internal: reuse http transport to prevent leaking connections (#3996)
  • lib: enable sentry profiles_sample_rate
  • lib: fix uploaded files not being saved correctly, add tests
  • lifecycle: don't set user/group in gunicorn
  • lifecycle: improve explanation for user: root and docket socket mount
  • policies: don't log context when policy returns None
  • policies: log correct cache state
  • policies: make name required
  • policies/password: Always add generic message to failing zxcvbn check (#4100)
  • providers: add preview for mappings (#4254)
  • providers/ldap: improve mapping of LDAP filters to authentik queries
  • providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
  • providers/oauth2: set amr values based on login event
  • providers/proxy: correctly set id_token_hint if possible
  • providers/saml: set AuthnContextClassRef based on login event
  • root: allow custom settings via python module
  • root: migrate to hosted sentry with rate-limited DSN
  • security: fix CVE 2022 23555 (#4274)
  • security: fix CVE 2022 46145 (#4140)
  • security: fix CVE 2022 46172 (#4275)
  • stages/authenticator_duo: fix imported duo devices not being confirmed
  • stages/authenticator_validate: fix validation to ensure configuration stage is set
  • stages/authenticator_validate: improve validation for not_configured_action
  • stages/authenticator_validate: log duo error
  • stages/authenticator_validate: save used mfa devices in login event
  • stages/captcha: customisable URLs (#3832)
  • stages/invitation: fix incorrect pk check for invitation's flow
  • stages/user_login: prevent double success message when logging in via source
  • stages/user_write: always ignore component field and prevent warning
  • web: fix authentication with Plex on iOS (#4095)
  • web: ignore d3 circular deps warning, treat unresolved import as error
  • web: use version family subdomain for in-app doc links
  • web/admin: better show metadata download for saml provider
  • web/admin: break all in code blocks in event info
  • web/admin: clarify phrasing that user ID is required
  • web/admin: fix action button order for blueprints
  • web/admin: fix alignment in tables with multiple elements in cell
  • web/admin: fix empty request being sent due to multiple forms in duo import modal
  • web/admin: improve i18n for documentation link in outpost form
  • web/admin: improve UI for removing users from groups and groups from users
  • web/admin: improve user/group UX for adding/removing users to and from groups
  • web/admin: more consistent label usage, use compact labels
  • web/admin: rework markdown, correctly render Admonitions, fix links
  • web/admin: show bound policies order first to match stages
  • web/admin: show policy binding form when creating policy in bound list
  • web/admin: show stage binding form when creating stage in bound list
  • web/elements: fix alignment for checkboxes in table
  • web/elements: fix alignment with checkbox in table
  • web/elements: fix log level for diagram
  • web/elements: fix table select-all checkbox being checked with no elements
  • web/elements: fix wizard form page changing state before being active
  • web/elements: unselect top checkbox in table when not all elements are selected
  • web/flows: fix display for long redirect URLs
  • web/flows: improve error messages for failed duo push
  • web/flows: update flow background
  • web/user: fix styling for clear all button in notification drawer

API Changes

What's Changed


GET /stages/captcha/{stage_uuid}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

PUT /stages/captcha/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property js_url (string)

  • Added property api_url (string)

  • Changed property public_key (string)

    Public key, acquired your captcha Provider.

  • Changed property private_key (string)

    Private key, acquired your captcha Provider.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

PATCH /stages/captcha/{stage_uuid}/
Request:

Changed content type : application/json

  • Added property js_url (string)

  • Added property api_url (string)

  • Changed property public_key (string)

    Public key, acquired your captcha Provider.

  • Changed property private_key (string)

    Private key, acquired your captcha Provider.

Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

GET /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Updated ak-stage-captcha component: New required properties:

    • js_url
    • Added property js_url (string)
POST /flows/executor/{flow_slug}/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    Updated ak-stage-captcha component: New required properties:

    • js_url
    • Added property js_url (string)
POST /stages/captcha/
Request:

Changed content type : application/json

  • Added property js_url (string)

  • Added property api_url (string)

  • Changed property public_key (string)

    Public key, acquired your captcha Provider.

  • Changed property private_key (string)

    Private key, acquired your captcha Provider.

Return Type:

Changed response : 201 Created

  • Changed content type : application/json

    • Added property js_url (string)

    • Added property api_url (string)

    • Changed property public_key (string)

      Public key, acquired your captcha Provider.

GET /stages/captcha/
Return Type:

Changed response : 200 OK

  • Changed content type : application/json

    • Changed property results (array)

      Changed items (object): > CaptchaStage Serializer

      • Added property js_url (string)

      • Added property api_url (string)

      • Changed property public_key (string)

        Public key, acquired your captcha Provider.