website: format docs with prettier (#2833)
* run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
@ -7,126 +7,126 @@ slug: "2022.1"
|
||||
|
||||
This release mostly removes legacy fields and features that have been deprecated for several releases.
|
||||
|
||||
- LDAP Outposts:
|
||||
- LDAP Outposts:
|
||||
|
||||
This release removes the `accountStatus` and `superuser` fields. Use the direct replacements `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser`.
|
||||
This release removes the `accountStatus` and `superuser` fields. Use the direct replacements `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser`.
|
||||
|
||||
- Proxy Outposts:
|
||||
- Proxy Outposts:
|
||||
|
||||
This release consolidates headers sent by authentik to have a common prefix.
|
||||
This release consolidates headers sent by authentik to have a common prefix.
|
||||
|
||||
The following headers have been removed:
|
||||
The following headers have been removed:
|
||||
|
||||
- X-Auth-Username, use `X-authentik-username`
|
||||
- X-Auth-Groups, use `X-authentik-groups`
|
||||
- X-Forwarded-Email, use `X-authentik-email`
|
||||
- X-Forwarded-Preferred-Username, use `X-authentik-username`
|
||||
- X-Forwarded-User, use `X-authentik-uid`
|
||||
- X-Auth-Username, use `X-authentik-username`
|
||||
- X-Auth-Groups, use `X-authentik-groups`
|
||||
- X-Forwarded-Email, use `X-authentik-email`
|
||||
- X-Forwarded-Preferred-Username, use `X-authentik-username`
|
||||
- X-Forwarded-User, use `X-authentik-uid`
|
||||
|
||||
The proxy now also sets the host header based on what is configured as upstream in the proxy provider. The original Host is forwarded as `X-Forwarded-Host`.
|
||||
The proxy now also sets the host header based on what is configured as upstream in the proxy provider. The original Host is forwarded as `X-Forwarded-Host`.
|
||||
|
||||
Additionally, the header requirements for nginx have changed. Either a `X-Original-URL` or `X-Original-URI` header are now required. See the [*Proxy provider*](../providers/proxy/forward_auth) documentation for updated snippets.
|
||||
Additionally, the header requirements for nginx have changed. Either a `X-Original-URL` or `X-Original-URI` header are now required. See the [_Proxy provider_](../providers/proxy/forward_auth) documentation for updated snippets.
|
||||
|
||||
- API:
|
||||
- API:
|
||||
|
||||
The deprecated /api/v2beta/ Endpoint is removed. Use `/api/v3/`.
|
||||
The deprecated /api/v2beta/ Endpoint is removed. Use `/api/v3/`.
|
||||
|
||||
- Backup:
|
||||
- Backup:
|
||||
|
||||
The integrated backup has been deprecated for the following reasons:
|
||||
The integrated backup has been deprecated for the following reasons:
|
||||
|
||||
- Difficulty with restores not working properly
|
||||
- Inflexible configuration (fixed retention, limited to once a day, only S3 supported)
|
||||
- Most users will already have an existing backup infrastructure
|
||||
- Difficulty with restores not working properly
|
||||
- Inflexible configuration (fixed retention, limited to once a day, only S3 supported)
|
||||
- Most users will already have an existing backup infrastructure
|
||||
|
||||
## Minor changes/fixes
|
||||
|
||||
- core: dont return 404 when trying to view key of expired token
|
||||
- crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
|
||||
- flows: handle error if flow title contains invalid format string
|
||||
- internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
|
||||
- internal: use math.MaxInt for compatibility
|
||||
- lifecycle: add early check for missing/invalid secret key
|
||||
- outposts/proxyv2: allow access to /outpost.goauthentik.io urls in forward auth mode to make routing in nginx/traefik easier
|
||||
- outposts/proxyv2: fix before-redirect url not being saved in proxy mode
|
||||
- outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
|
||||
- providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
|
||||
- root: allow customisation of ports in compose without override
|
||||
- root: decrease to 10 backup history
|
||||
- root: fix backups running every minute instead of once
|
||||
- stages/authenticator_webauthn: make more WebAuthn options configurable
|
||||
- web: add polyfill for Intl.ListFormat
|
||||
- web: directly read csrf token before injecting into request
|
||||
- web: fix double plural in label
|
||||
- web/admin: also set embedded outpost host when it doesn't include scheme
|
||||
- web/admin: fix missing configure flow setting on webuahtn setup stage form
|
||||
- web/flows: remove node directly instead of using removeChild()
|
||||
- core: dont return 404 when trying to view key of expired token
|
||||
- crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
|
||||
- flows: handle error if flow title contains invalid format string
|
||||
- internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
|
||||
- internal: use math.MaxInt for compatibility
|
||||
- lifecycle: add early check for missing/invalid secret key
|
||||
- outposts/proxyv2: allow access to /outpost.goauthentik.io urls in forward auth mode to make routing in nginx/traefik easier
|
||||
- outposts/proxyv2: fix before-redirect url not being saved in proxy mode
|
||||
- outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
|
||||
- providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
|
||||
- root: allow customisation of ports in compose without override
|
||||
- root: decrease to 10 backup history
|
||||
- root: fix backups running every minute instead of once
|
||||
- stages/authenticator_webauthn: make more WebAuthn options configurable
|
||||
- web: add polyfill for Intl.ListFormat
|
||||
- web: directly read csrf token before injecting into request
|
||||
- web: fix double plural in label
|
||||
- web/admin: also set embedded outpost host when it doesn't include scheme
|
||||
- web/admin: fix missing configure flow setting on webuahtn setup stage form
|
||||
- web/flows: remove node directly instead of using removeChild()
|
||||
|
||||
## Fixed in 2022.1.2
|
||||
|
||||
- internal/proxyv2: only allow access to /outpost.goauthentik.io in nginx mode when forward url could be extracted
|
||||
- lib: disable backup by default, add note to configuration
|
||||
- lifecycle: replace lowercase, deprecated prometheus_multiproc_dir
|
||||
- outposts: allow custom label for docker containers
|
||||
- policies/hibp: ensure password is encodable
|
||||
- providers/proxy: add PathPrefix to auto-traefik labels
|
||||
- root: upgrade python dependencies
|
||||
- internal/proxyv2: only allow access to /outpost.goauthentik.io in nginx mode when forward url could be extracted
|
||||
- lib: disable backup by default, add note to configuration
|
||||
- lifecycle: replace lowercase, deprecated prometheus_multiproc_dir
|
||||
- outposts: allow custom label for docker containers
|
||||
- policies/hibp: ensure password is encodable
|
||||
- providers/proxy: add PathPrefix to auto-traefik labels
|
||||
- root: upgrade python dependencies
|
||||
|
||||
## Fixed in 2022.1.3
|
||||
|
||||
- internal: add support for X-Original-URL
|
||||
- internal: add optional debug server listening on 9900
|
||||
- internal: don't override server header
|
||||
- internal: start adding tests to outpost
|
||||
- lifecycle: make secret_key warning more prominent
|
||||
- lifecycle: wait for db in worker
|
||||
- outposts/ldap: Fix more case sensitivity issues. (#2144)
|
||||
- outposts/proxy: add more test cases for domain-level auth
|
||||
- outposts/proxy: fix potential empty redirect, add tests
|
||||
- outposts/proxy: trace full headers to debug
|
||||
- providers/proxy: fix traefik label
|
||||
- root: add max-requests for gunicorn and max tasks for celery
|
||||
- root: fix redis passwords not being encoded correctly
|
||||
- web/admin: fix links which look like labels
|
||||
- web/admin: fix SMS Stage form not working
|
||||
- internal: add support for X-Original-URL
|
||||
- internal: add optional debug server listening on 9900
|
||||
- internal: don't override server header
|
||||
- internal: start adding tests to outpost
|
||||
- lifecycle: make secret_key warning more prominent
|
||||
- lifecycle: wait for db in worker
|
||||
- outposts/ldap: Fix more case sensitivity issues. (#2144)
|
||||
- outposts/proxy: add more test cases for domain-level auth
|
||||
- outposts/proxy: fix potential empty redirect, add tests
|
||||
- outposts/proxy: trace full headers to debug
|
||||
- providers/proxy: fix traefik label
|
||||
- root: add max-requests for gunicorn and max tasks for celery
|
||||
- root: fix redis passwords not being encoded correctly
|
||||
- web/admin: fix links which look like labels
|
||||
- web/admin: fix SMS Stage form not working
|
||||
|
||||
## Fixed in 2022.1.4
|
||||
|
||||
- core: fix view_token permission not being assigned on token creation for non-admin user
|
||||
- lifecycle: remove gunicorn reload option
|
||||
- lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted
|
||||
- providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
|
||||
- providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
|
||||
- providers/proxy: fix routing for external_host when using forward_auth_domain
|
||||
- providers/proxy: set traefik labels using object_naming_template instead of UUID
|
||||
- sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings
|
||||
- web: add es locale
|
||||
- web: add pl locale
|
||||
- web/admin: only check first half of locale when detecting
|
||||
- web/flows: fix width on flow container
|
||||
- web/user: include locale code in locale selection
|
||||
- core: fix view_token permission not being assigned on token creation for non-admin user
|
||||
- lifecycle: remove gunicorn reload option
|
||||
- lifecycle: send analytics in gunicorn config to decrease outgoing requests when workers get restarted
|
||||
- providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
|
||||
- providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
|
||||
- providers/proxy: fix routing for external_host when using forward_auth_domain
|
||||
- providers/proxy: set traefik labels using object_naming_template instead of UUID
|
||||
- sources/ldap: add list_flatten function to property mappings, enable on managed LDAP mappings
|
||||
- web: add es locale
|
||||
- web: add pl locale
|
||||
- web/admin: only check first half of locale when detecting
|
||||
- web/flows: fix width on flow container
|
||||
- web/user: include locale code in locale selection
|
||||
|
||||
## Fixed in 2022.1.5
|
||||
|
||||
- build(deps): bump uvicorn from 0.17.1 to 0.17.3 (#2229)
|
||||
- core: allow formatting strings to be used for applications' launch URLs
|
||||
- internal: don't attempt to lookup SNI Certificate if no SNI is sent
|
||||
- internal: fix CSRF error caused by Host header
|
||||
- internal: improve error handling for internal reverse proxy
|
||||
- internal: remove uvicorn server header
|
||||
- internal: trace headers and url for backend requests
|
||||
- outposts: fix channel not always having a logger attribute
|
||||
- outposts: fix compare_ports to support both service and container ports
|
||||
- outposts: fix service reconciler re-creating services
|
||||
- outposts: remove node_port on V1ServicePort checks to prevent service creation loops
|
||||
- providers/proxy: fix Host/:Authority not being modified
|
||||
- providers/proxy: fix nil error in claims
|
||||
- providers/proxy: improve error handling for invalid backend_override
|
||||
- sources/ldap: log entire exception
|
||||
- sources/saml: fix incorrect ProtocolBinding being sent
|
||||
- sources/saml: fix server error
|
||||
- stages/authenticator_validate: handle non-existent device_challenges
|
||||
- web/admin: fix mismatched icons in overview and lists
|
||||
- build(deps): bump uvicorn from 0.17.1 to 0.17.3 (#2229)
|
||||
- core: allow formatting strings to be used for applications' launch URLs
|
||||
- internal: don't attempt to lookup SNI Certificate if no SNI is sent
|
||||
- internal: fix CSRF error caused by Host header
|
||||
- internal: improve error handling for internal reverse proxy
|
||||
- internal: remove uvicorn server header
|
||||
- internal: trace headers and url for backend requests
|
||||
- outposts: fix channel not always having a logger attribute
|
||||
- outposts: fix compare_ports to support both service and container ports
|
||||
- outposts: fix service reconciler re-creating services
|
||||
- outposts: remove node_port on V1ServicePort checks to prevent service creation loops
|
||||
- providers/proxy: fix Host/:Authority not being modified
|
||||
- providers/proxy: fix nil error in claims
|
||||
- providers/proxy: improve error handling for invalid backend_override
|
||||
- sources/ldap: log entire exception
|
||||
- sources/saml: fix incorrect ProtocolBinding being sent
|
||||
- sources/saml: fix server error
|
||||
- stages/authenticator_validate: handle non-existent device_challenges
|
||||
- web/admin: fix mismatched icons in overview and lists
|
||||
|
||||
## Upgrading
|
||||
|
||||
@ -142,6 +142,6 @@ Update your values to use the new images:
|
||||
|
||||
```yaml
|
||||
image:
|
||||
repository: ghcr.io/goauthentik/server
|
||||
tag: 2022.1.1
|
||||
repository: ghcr.io/goauthentik/server
|
||||
tag: 2022.1.1
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user