8.9 KiB
title | slug |
---|---|
Release 2022.12 | 2022.12 |
Breaking changes
-
Blueprints fetched via OCI require oci:// schema
To better detect if a blueprint should be fetched locally or via OCI, all OCI sourced blueprints require an
oci://
protocol.
New features
-
Bundled GeoIP City database
authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more here
-
Customisable Captcha stage
The captcha stage now supports alternate compatible providers, like hCaptcha and Turnstile.
-
Preview for OAuth2 and SAML providers
OAuth2 and SAML providers can now preview what the currently selected property/scope mappings's outcome will look like. This helps with seeing what data is sent to the client and implementing and testing custom mappings.
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.12 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.12.0
Minor changes/fixes
- blueprints: add
!If
tag (#4264) - blueprints: add conditions to blueprint schema
- blueprints: add !Env tag
- blueprints: Added conditional entry application (#4167)
- blueprints: better OCI support in UI (#4263)
- blueprints: fixed bug causing filtering with an empty query (#4106)
- blueprints: Support nested custom tags in
!Find
and!Format
tags (#4127) - core: bundle geoip (#4250)
- events: fix incorrect EventAction being used
- events: improve handling creation of events with non-pickleable objects
- events: remove legacy logger declaration
- events: save login event in session after login
- flows: fix redirect from plan context "redirect" not being wrapped in flow response
- flows: set stage name and verbose_name for in_memory stages
- internal: dont error if environment config isn't found
- internal: remove sentry proxy
- internal: reuse http transport to prevent leaking connections (#3996)
- lib: enable sentry profiles_sample_rate
- lib: fix uploaded files not being saved correctly, add tests
- lifecycle: don't set user/group in gunicorn
- lifecycle: improve explanation for user: root and docket socket mount
- policies: don't log context when policy returns None
- policies: log correct cache state
- policies: make name required
- policies/password: Always add generic message to failing zxcvbn check (#4100)
- providers: add preview for mappings (#4254)
- providers/ldap: improve mapping of LDAP filters to authentik queries
- providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
- providers/oauth2: set amr values based on login event
- providers/proxy: correctly set id_token_hint if possible
- providers/saml: set AuthnContextClassRef based on login event
- root: allow custom settings via python module
- root: migrate to hosted sentry with rate-limited DSN
- security: fix CVE 2022 23555 (#4274)
- security: fix CVE 2022 46145 (#4140)
- security: fix CVE 2022 46172 (#4275)
- stages/authenticator_duo: fix imported duo devices not being confirmed
- stages/authenticator_validate: fix validation to ensure configuration stage is set
- stages/authenticator_validate: improve validation for not_configured_action
- stages/authenticator_validate: log duo error
- stages/authenticator_validate: save used mfa devices in login event
- stages/captcha: customisable URLs (#3832)
- stages/invitation: fix incorrect pk check for invitation's flow
- stages/user_login: prevent double success message when logging in via source
- stages/user_write: always ignore
component
field and prevent warning - web: fix authentication with Plex on iOS (#4095)
- web: ignore d3 circular deps warning, treat unresolved import as error
- web: use version family subdomain for in-app doc links
- web/admin: better show metadata download for saml provider
- web/admin: break all in code blocks in event info
- web/admin: clarify phrasing that user ID is required
- web/admin: fix action button order for blueprints
- web/admin: fix alignment in tables with multiple elements in cell
- web/admin: fix empty request being sent due to multiple forms in duo import modal
- web/admin: improve i18n for documentation link in outpost form
- web/admin: improve UI for removing users from groups and groups from users
- web/admin: more consistent label usage, use compact labels
- web/admin: rework markdown, correctly render Admonitions, fix links
- web/admin: show bound policies order first to match stages
- web/admin: show policy binding form when creating policy in bound list
- web/admin: show stage binding form when creating stage in bound list
- web/elements: fix alignment for checkboxes in table
- web/elements: fix alignment with checkbox in table
- web/elements: fix log level for diagram
- web/elements: fix table select-all checkbox being checked with no elements
- web/elements: unselect top checkbox in table when not all elements are selected
- web/flows: fix display for long redirect URLs
- web/flows: improve error messages for failed duo push
- web/flows: update flow background
- web/user: fix styling for clear all button in notification drawer
API Changes
What's Changed
GET
/stages/captcha/{stage_uuid}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
PUT
/stages/captcha/{stage_uuid}/
Request:
Changed content type : application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
Changed property
private_key
(string)Private key, acquired your captcha Provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
PATCH
/stages/captcha/{stage_uuid}/
Request:
Changed content type : application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
Changed property
private_key
(string)Private key, acquired your captcha Provider.
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
GET
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-captcha
component: New required properties:js_url
- Added property
js_url
(string)
POST
/flows/executor/{flow_slug}/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
Updated
ak-stage-captcha
component: New required properties:js_url
- Added property
js_url
(string)
POST
/stages/captcha/
Request:
Changed content type : application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
Changed property
private_key
(string)Private key, acquired your captcha Provider.
Return Type:
Changed response : 201 Created
-
Changed content type :
application/json
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
GET
/stages/captcha/
Return Type:
Changed response : 200 OK
-
Changed content type :
application/json
-
Changed property
results
(array)Changed items (object): > CaptchaStage Serializer
-
Added property
js_url
(string) -
Added property
api_url
(string) -
Changed property
public_key
(string)Public key, acquired your captcha Provider.
-
-