Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
3.5 KiB
title | slug |
---|---|
Release 2022.8 | 2022.8 |
Breaking changes
-
Prompt fields with file type are now a full Base64 Data-URI
Previously the data was parsed into a string when possible, and when decoding failed, the raw base64 would be saved. Now, the entire URI is parsed, validated and kept in one piece, to make it possible to validate/save the MIME type.
New features
-
Blueprints
Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more here
For installations upgrading to 2022.8, if a single flow exists, then the default blueprints will not be activated, to not overwrite user modifications.
-
Simplified forward auth
In previous releases, to use forward auth, the reverse proxy would have to be configured to both send auth requests to the outpost, but also allow access to URLs starting with
/outpost.goauthentik.io
. The second part is now no longer required, with the exception of nginx. Existing setups should continue to function as previously. -
Support for Caddy forward auth
Based on the traefik support, there is now dedicated support for Caddy with configuration examples, see here
Minor changes/fixes
- *: improve error handling for startup tasks
- core: add API Endpoint to get all MFA devices, add web ui to delete MFA devices of any user
- core: add attributes. avatar method to allow custom uploaded avatars
- core: pre-hydrate config into templates to directly load correct assets
- flows: migrate flows to be yaml (#3335)
- internal: centralise config for listeners to use same config system everywhere (#3367)
- internal: fix outposts not reacting to signals while starting
- internal: fix race conditions when accessing settings before bootstrap
- internal: walk config in go, check, parse and load from scheme like in python
- lifecycle: optimise container lifecycle and process signals (#3332)
- providers/oauth2: don't separate scopes by comma-space
- providers/oauth2: fix scopes without descriptions not being saved in consent
- providers/proxy: add caddy endpoint (#3330)
- providers/proxy: add is_superuser to ak_proxy object, only show full error when superuser
- providers/proxy: no exposed urls (#3151)
- root: fix dockerfile for blueprints
- sources/oauth: only send header authentication for OIDC source
- sources/oauth: use mailcow full_name as username for mailcow source (#3299)
- stages/*: use stage-bound logger when possible
- stages/authentiactor_validate: improve error handling for duo
- stages/authenticator_duo: fix imported Duo Device not having a name
- stages/authenticator_sms: use twilio SDK, improve docs
- stages/authenticator_totp: remove single device per user limit
- stages/consent: fix error when requests with identical empty permissions
- stages/consent: fix for post requests (#3339)
- stages/prompt: fix tests for file field
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.8 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.8.1