This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/2023/v2023.7.md
Jens L 8bba3c0a9b
core: rework recursive group membership (#6017)
* rework checking group membership and add `user.all_groups` to get full list of groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor some more for better performance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate things to use all_groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix for django 4.2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-18 17:31:39 +02:00

2.1 KiB

title slug
Release 2023.7 /releases/2023.7

Breaking changes

  • Removal of PostgreSQL 11 support

    As announced in the 2023.5 release notes (and postponed by a release), this release requires PostgreSQL 12 or newer. This is due to a changed requirement in a framework we use, Django.

    This does not affect docker-compose installations (as these already ship with PostgreSQL 12), however it is still recommended to upgrade to a newer version when convenient.

    For Kubernetes install, a manual one-time migration has to be done: Upgrading PostgreSQL on Kubernetes

  • Changed nested Group membership behaviour

    In previous versions, nested groups were handled very inconsistently. Binding a group to an application/etc would check the membership recursively, however when using user.ak_groups.all() would only return direct memberships. Additionally, using user.group_attributes() would do the same and only merge all group attributes for direct memberships.

    This has been changed to always use the same logic as when checking for access, which means dealing with complex group structures is a lot more consistent.

    Policies that do use user.ak_groups.all() will retain the current behaviour, to use the new behaviour replace the call with user.all_groups().

New features

Upgrading

This release does not introduce any new requirements.

docker-compose

To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:

wget -O docker-compose.yml https://goauthentik.io/version/2023.7/docker-compose.yml
docker-compose up -d

The -O flag retains the downloaded file's name, overwriting any existing local file with the same name.

Kubernetes

Update your values to use the new images:

image:
    repository: ghcr.io/goauthentik/server
    tag: 2023.7.0

Minor changes/fixes

API Changes