dc1359a763
* providers/saml: initial SLO implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add logout request tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/saml: add tests for POST SLO Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * matrix e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix import Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * set e2e matrix name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * separate oidc and oauth tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add basic saml slo e2e tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add better metadata download url Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * kinda prepare release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sort releases into folders Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add slo urls to website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix linking Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add api tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
87 lines
3.9 KiB
Markdown
87 lines
3.9 KiB
Markdown
---
|
|
title: Release 2022.2
|
|
slug: "/releases/2022.2"
|
|
---
|
|
|
|
## Breaking changes
|
|
|
|
### Removal of integrated backup
|
|
|
|
The integrated backup functionality has been removed due to the following reasons:
|
|
|
|
- It caused a lot of issues during restore, with things breaking and difficult to restore backups
|
|
- Limited compatibility (only supported local and S3 backups)
|
|
- Most environments already have a solution for backups, so we feel that investing more time into making this feature better should be spent on more important things.
|
|
|
|
If you don't already have a standard backup solution for other applications, you can consider these replacements:
|
|
|
|
- https://github.com/kartoza/docker-pg-backup for docker-compose and
|
|
- https://devtron.ai/blog/creating-a-kubernetes-cron-job-to-backup-postgres-db/ or https://cwienczek.com/2020/06/simple-backup-of-postgres-database-in-kubernetes/ for Kubernetes
|
|
|
|
### Changed URLs for forward auth
|
|
|
|
`akprox` in URLs has been changed to `outpost.goauthentik.io`. All the documentation now reflects this, and outpost integrations will migrate this automatically for you.
|
|
|
|
## New features
|
|
|
|
### Authenticator enrollment picker
|
|
|
|
In an authenticator validation stage you can now configure multiple configuration stages, which will be present to the user to choose which device they want to enroll.
|
|
|
|
## Minor changes/fixes
|
|
|
|
- \*: add placeholder custom.css to easily allow user customisation
|
|
- \*: rename akprox to outpost.goauthentik.io (#2266)
|
|
- internal: don't attempt to lookup SNI Certificate if no SNI is sent
|
|
- internal: improve error handling for internal reverse proxy
|
|
- internal: increase logging for no hostname found
|
|
- internal: remove uvicorn server header
|
|
- outposts: ensure keypair is set for SSH connections
|
|
- outposts: fix channel not always having a logger attribute
|
|
- outposts: fix compare_ports to support both service and container ports
|
|
- outposts: fix service reconciler re-creating services
|
|
- outposts: make local discovery configurable
|
|
- outposts: remove node_port on V1ServicePort checks to prevent service creation loops
|
|
- outposts/proxy: correctly check host in forward domain redirect
|
|
- outposts/proxy: correctly handle ?rd= param
|
|
- providers/oauth2: add support for explicit response_mode
|
|
- providers/oauth2: fix redirect_uri being lowercased on successful validation
|
|
- providers/proxy: enable TLS in ingress via traefik annotation
|
|
- providers/proxy: improve error handling for invalid backend_override
|
|
- providers/proxy: remove leading slash to allow subdirectories in proxy
|
|
- sources/ldap: log entire exception
|
|
- sources/ldap: use merger that only appends unique items to list
|
|
- sources/saml: fix incorrect ProtocolBinding being sent
|
|
- stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose
|
|
- stages/authenticator_validate: fix handling when single configuration stage is selected
|
|
- stages/authenticator_validate: handle non-existent device_challenges
|
|
- Translate /web/src/locales/en.po in de (#2291)
|
|
- Translate /web/src/locales/en.po in pl (#2274)
|
|
- Translate /web/src/locales/en.po in zh_TW (#2263)
|
|
- Translate /web/src/locales/en.po in zh-Hans (#2262)
|
|
- Translate /web/src/locales/en.po in zh-Hant (#2261)
|
|
- web/admin: fix invalid URLs in example proxy config
|
|
- web/admin: fix mismatched icons in overview and lists
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2022.2 from [here](https://goauthentik.io/version/2022.2/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
The previous backup directory will persist, and can still be used with other tools.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2022.2.1
|
|
```
|
|
|
|
Backup-related settings can be removed but will not cause any errors either.
|