3.2 KiB
title | slug |
---|---|
Release 2021.4 | 2021.4 |
Headline Changes
-
Configurable Policy engine mode
In the past, all objects, which could have policies attached to them, required all policies to pass to consider an action successful. You can now configure if all policies need to pass, or if any policy needs to pass.
This can now be configured for the following objects:
- Applications (access restrictions)
- Sources
- Flows
- Flow-stage bindings
For backwards compatibility, this is set to all, but new objects will default to any.
-
Expiring Events
Previously, events would stay in the database forever, and had to eventually be cleaned up manually. This version add expiry to events with a default timeout of 1 Year. This also applies to existing events, and their expiry will be set during the migration.
-
New UI
While the UI mostly looks the same, under the hood a lot has changed. The Web UI is now a Single-page application based on rollup and lit-html. This has several consequences and new features, for example:
- You can now see a user's OAuth Access/Refresh tokens and the consents they've given
- You can now see a per-object changelog based on the model_create/update/delete events being created.
- A new API Browser is available under
https://authentink.company/api/v2beta/
- Several new charts, new pages and quality-of-life improvements
- Credentials of objects are no longer shown while editing them
-
Deprecated Group membership has been removed.
Minor changes
- You can now specify the amount of processes started in docker-compose using the
WORKERS
environment variable.
Fixed in 2021.4.2
- core: fix propertymapping API returning invalid value for components (https://github.com/BeryJu/authentik/issues/746)
- core: improve messaging when creating a recovery link for a user when no recovery flow exists
- flows: annotate flows executor 404 error
- flows: include configure_flow in stages API
- helm: make storage class, size and mode configurable
- helm: turn off monitoring by default (https://github.com/BeryJu/authentik/issues/741)
- outposts: fix errors when creating multiple outposts
- root: add restart: unless-stopped to compose
- root: base Websocket message storage on Base not fallback
- root: fix healthcheck part in docker-compose
- root: fix setting of EMAIL_USE_TLS and EMAIL_USE_SSL
- sources/ldap: improve error handling during sync
- sources/oauth: fix error when creating an oauth source which has fixed URLs
- sources/oauth: fix resolution of sources' provider type
- web: fix background-color on router outlet on light mode
- web/admin: fix error when user doesn't have permissions to read source
- web/admin: fix errors in user profile when non-superuser
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the latest docker-compose file from here. Afterwards, simply run docker-compose up -d
and then the standard upgrade command of docker-compose run --rm server migrate
.
Kubernetes
Run helm repo update
and then upgrade your release with helm upgrade passbook authentik/authentik --devel -f values.yaml
.