website: latest migration to new structure (#11522)
* first pass
* dependency shenanigans
* move blueprints
* few broken links
* change config the throw errors
* internal file edits
* fighting links
* remove sidebarDev
* fix subdomain
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix relative URL
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix mismatched package versions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api reference build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test tweak
* links hell
* more links hell
* links hell2
* yep last of the links
* last broken link fixed
* re-add cves
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add devdocs redirects
* add dir
* tweak netlify.toml
* move latest 2 CVES into dir
* fix links to moved cves
* typoed title fix
* fix link
* remove banner
* remove committed api docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* integrations: remove version dropdown
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Update Makefile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* change doc links in web as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix some more docs paths
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix more docs paths
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* ci: require ci-web.build for merging
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "ci: require ci-web.build for merging"
This reverts commit b99a4842a9.
* remove sluf for Application
* put slug back in
* minor fix to trigger deploy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Tana M Berry
@ -25,7 +25,7 @@ slug: /releases/2024.2
|
||||
|
||||
Blueprints using `authentik_tenants.tenant` will need to be changed to use `authentik_brands.brand`.
|
||||
|
||||
For more information, refer to the [documentation for _brands_](../../core/brands.md).
|
||||
For more information, refer to the [documentation for _brands_](../../customize/brands.md).
|
||||
|
||||
Also, **the event retention settings configured in brands (previously tenants, see above) has been removed and is now a system setting**, managed in the Admin interface or via the API (see below).
|
||||
|
||||
@ -55,7 +55,7 @@ slug: /releases/2024.2
|
||||
|
||||
Cache settings have been moved from the `redis` top-level config key to their own `cache` top-level config key.
|
||||
|
||||
Settings have also been added to configure the Redis instance/database used for tasks and websockets separately from cache. See [here](../../installation/configuration.mdx#redis-settings).
|
||||
Settings have also been added to configure the Redis instance/database used for tasks and websockets separately from cache. See [here](../../install-config/configuration/configuration.mdx#redis-settings).
|
||||
|
||||
Typically, _no changes to the configuration are required_.
|
||||
|
||||
@ -114,11 +114,11 @@ slug: /releases/2024.2
|
||||
|
||||
Sessions for any users can now be bound to a specific geolocation (Continent, Country, City) or network (Autonomous System, subnet, IP address). If the session is accessed from a location/network that is different than that from which it was initially created, the session will be terminated.
|
||||
|
||||
Configuration steps are available [here](../../flow/stages/user_login/index.md#user-login-stage-configuration-options).
|
||||
Configuration steps are available [here](../../add-secure-apps/flows-stages/stages/user_login/index.md#user-login-stage-configuration-options).
|
||||
|
||||
- **S3 file storage**
|
||||
|
||||
Media files can now be stored on S3. Follow the [setup guide](../../installation/storage-s3.md) to get started.
|
||||
Media files can now be stored on S3. Follow the [setup guide](../../install-config/storage-s3.md) to get started.
|
||||
|
||||
- **_Pretend user exists_ option for Identification stage**
|
||||
|
||||
@ -166,7 +166,7 @@ slug: /releases/2024.2
|
||||
|
||||
- **LDAP source: new command to check connectivity**
|
||||
|
||||
Examples on how to use are available [here](../..//troubleshooting/ldap_source.md).
|
||||
Examples on how to use are available [here](../../troubleshooting/ldap_source.md).
|
||||
|
||||
---
|
||||
|
||||
@ -349,8 +349,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.2
|
||||
|
||||
## Fixed in 2024.2.4
|
||||
|
||||
- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10238)
|
||||
- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10235)
|
||||
- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10238)
|
||||
- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10235)
|
||||
|
||||
## API Changes
|
||||
|
||||
|
||||
@ -31,19 +31,19 @@ slug: /releases/2024.4
|
||||
|
||||
The source stage allows for an inclusion of a source as part of a flow. This can be used to link a user to a source as part of their authentication/enrollment, or it can be used as an external multi-factor to provide device health attestation for example.
|
||||
|
||||
For details refer to [Source stage](../../flow/stages/source/index.md)
|
||||
For details refer to [Source stage](../../add-secure-apps/flows-stages/stages/source/index.md)
|
||||
|
||||
- **SCIM Source** <span class="badge badge--info">Preview</span>
|
||||
|
||||
Provision users and groups in authentik using an SCIM API.
|
||||
|
||||
For details refer to [SCIM Source](../../../docs/sources/scim/)
|
||||
For details refer to [SCIM Source](../../users-sources/sources/protocols/scim/index.md)
|
||||
|
||||
- **Configurable WebAuthn device restrictions**
|
||||
|
||||
Configure which types of WebAuthn devices can be used to enroll and validate for different authorization levels.
|
||||
|
||||
For details refer to [WebAuthn authenticator setup stage](../../flow/stages/authenticator_webauthn/index.md)
|
||||
For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md)
|
||||
|
||||
- **Revamped UI for log messages**
|
||||
|
||||
@ -57,7 +57,7 @@ slug: /releases/2024.4
|
||||
|
||||
When authentik is configured to federate with an LDAP source, upon authentication, authentik hashed the password and stored it in its own database. This allows authentication to function when LDAP is unreachable. Admins can now configure this behavior for when this is not desirable.
|
||||
|
||||
For details refer to [LDAP Source](../../../docs/sources/ldap/)
|
||||
For details refer to [LDAP Source](../../users-sources/sources/protocols/ldap/index.md)
|
||||
|
||||
- **Configurable app password token expiring**
|
||||
|
||||
@ -238,14 +238,14 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.4
|
||||
## Fixed in 2024.4.3
|
||||
|
||||
- core: fix source flow_manager not always appending save stage (cherry-pick #9659) (#9662)
|
||||
- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10236)
|
||||
- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10233)
|
||||
- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10236)
|
||||
- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10233)
|
||||
- sources/saml: fix FlowPlanner error due to pickle (cherry-pick #9708) (#9709)
|
||||
- web: fix value handling inside controlled components (cherry-pick #9648) (#9685)
|
||||
|
||||
## Fixed in 2024.4.4
|
||||
|
||||
- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11024
|
||||
- security: fix [CVE-2024-42490](../../security/cves/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11024
|
||||
|
||||
## API Changes
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ With this release, authentik now enforces unique group names. Existing groups wi
|
||||
|
||||
### GeoIP and ASN context object
|
||||
|
||||
The `context["geoip"]` and `context["asn"]` objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See [our policy examples](../../policies/expression.mdx) for the updated syntax.
|
||||
The `context["geoip"]` and `context["asn"]` objects available in expression policies are now dictionaries. Attributes must now be accessed via dictionary accessors. See [our policy examples](../../customize/policies/expression.mdx) for the updated syntax.
|
||||
|
||||
## New features
|
||||
|
||||
@ -33,25 +33,25 @@ The `context["geoip"]` and `context["asn"]` objects available in expression poli
|
||||
|
||||
With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail.
|
||||
|
||||
For details refer to the [Google Workspace Provider documentation](../../providers/gws/index.md)
|
||||
For details refer to the [Google Workspace Provider documentation](../../add-secure-apps/providers/gws/index.md)
|
||||
|
||||
- **Microsoft Entra ID Provider** <span class="badge badge--primary">Enterprise</span> <span class="badge badge--info">Preview</span>
|
||||
|
||||
With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values.
|
||||
|
||||
For details refer to the [Microsoft Entra ID documentation](../../providers/entra/index.md)
|
||||
For details refer to the [Microsoft Entra ID documentation](../../add-secure-apps/providers/entra/index.md)
|
||||
|
||||
- **Read-replica DB support**
|
||||
|
||||
Multiple read-only databases can be configured to route read-only requests to the non-primary database instance so that the main database can be reserved to write requests.
|
||||
|
||||
For details refer to the [PostgreSQL configuration](../../installation/configuration.mdx#postgresql-settings)
|
||||
For details refer to the [PostgreSQL configuration](../../install-config/configuration/configuration.mdx#postgresql-settings)
|
||||
|
||||
- **Improved CAPTCHA stage**
|
||||
|
||||
Thresholds can now be configured on the CAPTCHA stage to customize its result. Additionally, the stage can be configured to continue the flow if the CAPTCHA score is outside of those thresholds for further decision making via expression policies.
|
||||
|
||||
For details refer to the [CAPTCHA stage](../../flow/stages/captcha/index.md)
|
||||
For details refer to the [CAPTCHA stage](../../add-secure-apps/flows-stages/stages/captcha/index.md)
|
||||
|
||||
- **Optimize sync and property mapping execution**
|
||||
|
||||
@ -65,7 +65,7 @@ The `context["geoip"]` and `context["asn"]` objects available in expression poli
|
||||
|
||||
- **Reworked proxy provider redirect**
|
||||
|
||||
Following-up on a [highly requested issue](https://github.com/goauthentik/authentik/issues/6886), we've reworked our [Proxy provider](../../providers/proxy/index.md) to avoid invalid user-facing redirects.
|
||||
Following-up on a [highly requested issue](https://github.com/goauthentik/authentik/issues/6886), we've reworked our [Proxy provider](../../add-secure-apps/providers/proxy/index.md) to avoid invalid user-facing redirects.
|
||||
|
||||
## Upgrading
|
||||
|
||||
@ -151,8 +151,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6
|
||||
- root: handle asgi exception (#10085)
|
||||
- root: include task_id in events and logs (#9749)
|
||||
- root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151)
|
||||
- security: fix [CVE-2024-37905](../../security/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10237)
|
||||
- security: fix [CVE-2024-38371](../../security/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10234)
|
||||
- security: fix [CVE-2024-37905](../../security/cves/CVE-2024-37905.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #10230) (#10237)
|
||||
- security: fix [CVE-2024-38371](../../security/cves/CVE-2024-38371.md), reported by Stefan Zwanenburg (cherry-pick #10229) (#10234)
|
||||
- sources/oauth: ensure all UI sources return a valid source (#9401)
|
||||
- sources/oauth: fix OAuth Client sending token request incorrectly (#9474)
|
||||
- sources/oauth: modernizes discord icon (#9817)
|
||||
@ -233,12 +233,12 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6
|
||||
|
||||
## Fixed in 2024.6.4
|
||||
|
||||
- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025
|
||||
- security: fix [CVE-2024-42490](../../security/cves/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025
|
||||
|
||||
## Fixed in 2024.6.5
|
||||
|
||||
- security: fix [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540)
|
||||
- security: fix [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538)
|
||||
- security: fix [CVE-2024-47070](../../security/cves/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540)
|
||||
- security: fix [CVE-2024-47077](../../security/cves/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538)
|
||||
|
||||
## API Changes
|
||||
|
||||
|
||||
@ -81,19 +81,19 @@ slug: "/releases/2024.8"
|
||||
|
||||
- **Source property mappings for SCIM, OAuth, SAML and Plex sources**
|
||||
|
||||
All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../sources/property-mappings/index.md).
|
||||
All source types now support property mappings to customize how authentik should interpret the data the source provides. In addition to that, it is also now possible to sync groups and group membership from sources that provide group information. See [Property Mappings](../../users-sources/sources/property-mappings/index.md).
|
||||
|
||||
- **RADIUS provider custom attribute support**
|
||||
|
||||
With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../providers/radius/index.mdx#radius-attributes)
|
||||
With 2024.8 it is possible to define custom attributes for the RADIUS provider, for example vendor-specific attributes like Cisco's `AV-Pair` attribute. These attributes are defined in property mappings which means they can be dynamically defined based on the user authenticating. See [RADIUS Provider](../../add-secure-apps/providers/radius/index.mdx#radius-attributes)
|
||||
|
||||
- **SAML encryption support**
|
||||
|
||||
It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../core/certificates.md) and selecting it in the SAML source or provider.
|
||||
It is now possible to configure SAML sources and providers to decrypt and validate encrypted assertions. This can be configured by creating a [Certificate-keypair](../../sys-mgmt/certificates.md) and selecting it in the SAML source or provider.
|
||||
|
||||
- **GeoIP Policy**
|
||||
|
||||
With the new [GeoIP Policy](../../policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy.
|
||||
With the new [GeoIP Policy](../../customize/policies/index.md#geoip-policy) it is possible to grant/deny access based on Country and ASN, without having to write an expression policy.
|
||||
|
||||
- **Simplification of LDAP Provider permissions**
|
||||
|
||||
@ -109,11 +109,11 @@ slug: "/releases/2024.8"
|
||||
|
||||
- **WebFinger support**
|
||||
|
||||
With the addition of the [default application](../../core/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now.
|
||||
With the addition of the [default application](../../customize/brands.md#external-user-settings) setting, when the default application uses an OIDC provider, a WebFinger endpoint is available now.
|
||||
|
||||
## Upgrading
|
||||
|
||||
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../installation/upgrade.mdx).
|
||||
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx).
|
||||
|
||||
:::warning
|
||||
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
|
||||
@ -279,8 +279,8 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
|
||||
|
||||
- events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416)
|
||||
- providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480)
|
||||
- security: [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539)
|
||||
- security: [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537)
|
||||
- security: [CVE-2024-47070](../../security/cves/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539)
|
||||
- security: [CVE-2024-47077](../../security/cves/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537)
|
||||
- sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498)
|
||||
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534)
|
||||
- web: Fix missing integrity fields in package-lock.json (#11509)
|
||||
|
||||
Reference in New Issue
Block a user