habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/docs: 2024.12 release notes (#12300)

Browse Source 
Co-authored-by: Tana M Berry <tana@goauthentik.com>
This commit is contained in:
Marc 'risson' Schmitt
2024-12-18 14:39:17 +01:00
committed by GitHub
parent 40a7135c0c
commit c8711d9f8f
3 changed files with 137 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/docs/add-secure-apps/providers/oauth2/client_credentials.md
View File

@ -63,7 +63,7 @@ return request.context["oauth_jwt"]["iss"] == "https://my.issuer"
To allow federation between providers, modify the provider settings of the application (whose token will be used for authentication) to select the provider of the application to which you want to federate.
With this configure, any JWT issued by the configured providers can be used to authenticate:
With this configuration, any JWT issued by the configured providers can be used to authenticate:
```
POST /application/o/token/ HTTP/1.1

134
website/docs/releases/2024/v2024.12.md Normal file
View File

@ -0,0 +1,134 @@
---
title: Release 2024.12
slug: "/releases/2024.12"
---
:::::note
2024.12 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.12.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
:::::
## Highlights
- **Redirect stage** Conditionally redirect users to other flows and URLs.
- **Application entitlements** <span class="badge badge--info">Preview</span> Additional granular permission configuration on an application-level basis.
- **CloudFormation** <span class="badge badge--info">Preview</span> One-click deploy on AWS.
- **Policies in the application wizard** Configure access restriction while creating an application.
<!-- ## Breaking changes -->
## Breaking changes
- **Impersonation now requires providing a reason**
You can disable this behavior in the **Admin interface** under **System** > **Settings**.
## New features
- **Redirect stage**
This new stage allows redirecting a user to another flow or external URL. This allows for dynamically choosing which flow runs depending on user attributes or other factors, or redirection to another URL.
- **Application entitlements** <span class="badge badge--info">Preview</span>
Centrally configure permissions by granting entitlements to groups and users on an application-level basis.
- **Policies in the application wizard**
In the application creation wizard, administrators can now configure policies bindings along with the other application settings.
- **CloudFormation** <span class="badge badge--info">Preview</span>
Deploy authentik in your own AWS environment with one click using our new [AWS CloudFormation template](../../install-config/install/aws/index.md).
- **OAuth2 provider federation**
Configure [OAuth2 provider federation](../../add-secure-apps/providers/oauth2/client_credentials.md#authentik-issued-jwts-authentik-202412) to allow exchanging authentication tokens between multiple providers.
- **Silent authorization flow**
When authorization flows don't require user interaction, authentik redirects the user directly back to the application, improving user experience.
## Upgrading
This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../../install-config/upgrade.mdx).
:::warning
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
:::
### Docker Compose
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
```shell
wget -O docker-compose.yml https://goauthentik.io/version/2024.12/docker-compose.yml
docker compose up -d
```
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
### Kubernetes
Upgrade the Helm Chart to the new version, using the following commands:
```shell
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.12
```
## Minor changes/fixes
- blueprints: add default Password policy (#11793)
- core: add `None` check to a device's `extra_description` (#11904)
- core: add ability to provide reason for impersonation (#11951)
- core: add support to set policy bindings in transactional endpoint (#10399)
- core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (#12080)
- core: use versioned_script for path only (#12003)
- crypto: validate that generated certificate's name is unique (#12015)
- enterprise/rac: fix API Schema for invalidation_flow (#11907)
- internal: add CSP header to files in `/media` (#12092)
- providers/ldap: fix global search_full_directory permission not being sufficient (#12028)
- providers/oauth2: Add provider federation between OAuth2 Providers (#12083)
- providers/oauth2: allow m2m for JWKS without alg in keys (#12196)
- providers/oauth2: fix manual device code entry (#12017)
- providers/oauth2: fix migration (#12138)
- providers/oauth2: fix migration dependencies (#12123)
- providers/oauth2: fix redirect uri input (#12122)
- providers/oauth2: fix size limited index for tokens (#11879)
- providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968)
- providers/proxy: fix redirect_uri (#12121)
- providers/scim: accept string and int for SCIM IDs (#12093)
- rbac: fix incorrect object_description for object-level permissions (#12029)
- root: check remote IP for proxy protocol same as HTTP/etc (#12094)
- root: fix activation of locale not being scoped (#12091)
- root: fix database ssl options not set correctly (#12180)
- root: fix health status code (#12255)
- root: fix override locale only if it is not empty (#12283)
- root: support running authentik in subpath (#8675)
- scripts: remove read_replicas from generated dev config (#12078)
- security: fix CVE 2024 52287 (#12114)
- security: fix CVE 2024 52289 (#12113)
- security: fix CVE 2024 52307 (#12115)
- sources/kerberos: add kiprop to ignored system principals (#11852)
- sources/kerberos: use new python-kadmin implementation (#11932)
- stages/captcha: Run interactive captcha in Frame (#11857)
- stages/password: use recovery flow from brand (#11953)
- web/admin: auto-prefill user path for new users based on selected path (#12070)
- web/admin: better footer links (#12004)
- web/admin: bugfix: dual select initialization revision (#12051)
- web/admin: fix brand title not respected in application list (#12068)
- web/admin: fix code-based MFA toggle not working in wizard (#11854)
- web/admin: provide default invalidation flows for LDAP and Radius (#11861)
- web/flows: fix invisible captcha call (#12048)
- web: add italian locale (#11958)
- web: bump cookie, swagger-client and express in /web (#11966)
- web: fix bug that prevented error reporting in current wizard. (#12033)
- web: fix missing status code on failed build (#11903)
- web: simplify `?inline` handler for Storybook (#12246)
- web: update tests for Chromedriver 131 (#12199)
## API Changes
<!-- _Insert output of `make gen-diff` here_ -->