99a7fca08e
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
133 lines
5.9 KiB
Markdown
133 lines
5.9 KiB
Markdown
---
|
|
title: Release 2021.9
|
|
slug: "2021.9"
|
|
---
|
|
|
|
## Headline Changes
|
|
|
|
- Split user interface
|
|
|
|
This release splits the administration interface from the end-user interface. This makes things clearer for end-users, as all their options are layed out more clearly.
|
|
|
|
Additionally, the new end-user interface will be more customisable than the admin interface, allowing Administrators to configure what their users can see.
|
|
|
|
The admin interface remains the same, and familiar buttons will redirect you between interfaces.
|
|
|
|
- New proxy
|
|
|
|
The proxy outpost has been rewritten from scratch. This replaces the old proxy, which was based on oauth2_proxy. The new proxy allows us a much greater degree of flexibility, is much lighter and reports errors better.
|
|
|
|
When using a managed outpost, authentik will automatically upgrade to the new proxy outpost. The embedded outpost also uses the new proxy.
|
|
|
|
authentik also now deploys ServiceMonitor CRDs in your Kubernetes cluster (when possibly), to record the metrics of the outposts.
|
|
|
|
If you're using a manually deployed outpost, keep in mind that the ports change to 9000 and 9443 instead of 4180 and 4443
|
|
|
|
- New metrics
|
|
|
|
This version introduces new and simplified Prometheus metrics. There is a new common monitoring port across the server and all outposts, 9300. This port requires no authentication, making it easier to configure.
|
|
|
|
For the core application, this endpoint contains metrics for both authentik and the inbuilt outpost.
|
|
|
|
## Minor changes
|
|
|
|
- *: use common user agent for all outgoing requests
|
|
- admin: migrate to new update check, add option to disable update check
|
|
- api: add additional filters for ldap and proxy providers
|
|
- core: optimise groups api by removing member superuser status
|
|
- core: remove ?v from static files
|
|
- events: add mark_all_seen
|
|
- events: allow setting a mapping for webhook transport to customise request payloads
|
|
- internal: fix font loading errors on safari
|
|
- lifecycle: fix worker startup error when docker socket's group is not called docker
|
|
- outpost: fix spans being sent without parent context
|
|
- outpost: update global outpost config on refresh
|
|
- outposts: add expected outpost replica count to metrics
|
|
- outposts/controllers: re-create service when mismatched ports to prevent errors
|
|
- outposts/controllers/kubernetes: don't create service monitor for embedded outpost
|
|
- outposts/ldap: improve logging of client IPs
|
|
- policies/password: fix symbols not being checked correctly
|
|
- root: include authentik version in backup naming
|
|
- root: show location header in logs when redirecting
|
|
- sources/oauth: prevent potentially confidential data from being logged
|
|
- stages/authenticator_duo: add API to "import" devices from duo
|
|
- stages/identification: fix empty user_fields query returning first user
|
|
- tenants: optimise db queries in middleware
|
|
- web: allow duplicate messages
|
|
- web: ignore network error
|
|
- web/admin: fix notification clear all not triggering render
|
|
- web/admin: fix user selection in token form
|
|
- web/admin: increase default expiry for refresh tokens
|
|
- web/admin: show applications instead of providers in outpost form
|
|
- web/flows: fix display error when using IdentificationStage without input fields
|
|
|
|
## Fixed in 2021.9.1-rc2
|
|
|
|
- core: fix token expiry for service accounts being only 30 minutes
|
|
- outposts: add consistent name and type to metrics
|
|
- outposts/proxy: remove deprecated rs256
|
|
- policies: improve error handling when using bindings without policy
|
|
- providers/saml: improved error handling
|
|
- stages/email: don't crash when testing stage does not exist
|
|
- web: update background image
|
|
|
|
## Fixed in 2021.9.1-rc3
|
|
|
|
- core: allow admins to create tokens with all parameters, re-add user to token form
|
|
- core: fix tokens not being viewable but superusers
|
|
- root: log failed celery tasks to event log
|
|
- sources/ldap: bump timeout, run each sync component in its own task
|
|
- sources/ldap: improve messages of sync tasks in UI
|
|
- sources/ldap: prevent error when retrying old system task with no arguments
|
|
- web: fix datetime-local fields throwing errors on firefox
|
|
- web: fix text colour in delete form in dark mode
|
|
- web: improve display of action buttons with non-primary classes
|
|
- web/admin: fix error in firefox when creating token
|
|
- web/admin: fix ldap sync status for new API
|
|
- web/admin: fix settings link on user avatar
|
|
- web/admin: trigger refresh after syncing ldap
|
|
- web/user: add auto-focus search for applications
|
|
- web/user: add missing stop impersonation button
|
|
- web/user: fix edit button for applications
|
|
- web/user: fix final redirect after stage setup
|
|
- web/user: optimise load, fix unread status for notifications
|
|
|
|
## Fixed in 2021.9.1
|
|
|
|
- api: disable include_format_suffixes
|
|
- core: fix token identifier not being slugified when created with user-controller input
|
|
- outposts: don't map port 9300 on docker, only expose port
|
|
- outposts: don't restart container when health checks are starting
|
|
- outposts/ldap: allow custom attributes to shadow built-in attributes
|
|
- policies/expression: add ak_user_has_authenticator
|
|
- root: use tagged go client version
|
|
- stages/email: don't throw 404 when token can't be found
|
|
- stages/email: slugify token identifier
|
|
- stages/email: use different query arguments for email and invitation tokens
|
|
- web: fix notification badge not refreshing after clearing notifications
|
|
|
|
## Fixed in 2021.9.2
|
|
|
|
- api: add logging to sentry proxy
|
|
- internal: add asset paths for user interface
|
|
- web: fix import order of polyfills causing shadydom to not work on firefox and safari
|
|
- web/user: enable sentry
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2021.9 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2021.9.1
|
|
```
|