Compare commits
9 Commits
main
...
version/20
| Author | SHA1 | Date | |
|---|---|---|---|
| 249dc276d4 | |||
| 5fb7dc4cb3 | |||
| 82930ee807 | |||
| ac25fbab54 | |||
| 15cb6b18f6 | |||
| fdd39b4b4c | |||
| 589304df4f | |||
| 4d920ff477 | |||
| 88dc616c5e |
@ -1,5 +1,5 @@
|
||||
[bumpversion]
|
||||
current_version = 2024.10.5
|
||||
current_version = 2024.12.0
|
||||
tag = True
|
||||
commit = True
|
||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?
|
||||
|
||||
2
.github/workflows/codeql-analysis.yml
vendored
2
.github/workflows/codeql-analysis.yml
vendored
@ -2,7 +2,7 @@ name: "CodeQL"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main, "*", next, version*]
|
||||
branches: [main, next, version*]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
schedule:
|
||||
|
||||
@ -20,8 +20,8 @@ Even if the issue is not a CVE, we still greatly appreciate your help in hardeni
|
||||
|
||||
| Version | Supported |
|
||||
| --------- | --------- |
|
||||
| 2024.8.x | ✅ |
|
||||
| 2024.10.x | ✅ |
|
||||
| 2024.12.x | ✅ |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
from os import environ
|
||||
|
||||
__version__ = "2024.10.5"
|
||||
__version__ = "2024.12.0"
|
||||
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
|
||||
|
||||
|
||||
|
||||
@ -138,7 +138,6 @@ def notification_cleanup(self: SystemTask):
|
||||
"""Cleanup seen notifications and notifications whose event expired."""
|
||||
notifications = Notification.objects.filter(Q(event=None) | Q(seen=True))
|
||||
amount = notifications.count()
|
||||
for notification in notifications:
|
||||
notification.delete()
|
||||
notifications.delete()
|
||||
LOGGER.debug("Expired notifications", amount=amount)
|
||||
self.set_status(TaskStatus.SUCCESSFUL, f"Expired {amount} Notifications")
|
||||
|
||||
@ -280,9 +280,24 @@ class ConfigLoader:
|
||||
self.log("warning", "Failed to parse config as int", path=path, exc=str(exc))
|
||||
return default
|
||||
|
||||
def get_optional_int(self, path: str, default=None) -> int | None:
|
||||
"""Wrapper for get that converts value into int or None if set"""
|
||||
value = self.get(path, default)
|
||||
|
||||
try:
|
||||
return int(value)
|
||||
except (ValueError, TypeError) as exc:
|
||||
if value is None or (isinstance(value, str) and value.lower() == "null"):
|
||||
return None
|
||||
self.log("warning", "Failed to parse config as int", path=path, exc=str(exc))
|
||||
return default
|
||||
|
||||
def get_bool(self, path: str, default=False) -> bool:
|
||||
"""Wrapper for get that converts value into boolean"""
|
||||
return str(self.get(path, default)).lower() == "true"
|
||||
value = self.get(path, UNSET)
|
||||
if value is UNSET:
|
||||
return default
|
||||
return str(self.get(path)).lower() == "true"
|
||||
|
||||
def get_keys(self, path: str, sep=".") -> list[str]:
|
||||
"""List attribute keys by using yaml path"""
|
||||
@ -354,20 +369,33 @@ def django_db_config(config: ConfigLoader | None = None) -> dict:
|
||||
"sslcert": config.get("postgresql.sslcert"),
|
||||
"sslkey": config.get("postgresql.sslkey"),
|
||||
},
|
||||
"CONN_MAX_AGE": CONFIG.get_optional_int("postgresql.conn_max_age", 0),
|
||||
"CONN_HEALTH_CHECKS": CONFIG.get_bool("postgresql.conn_health_checks", False),
|
||||
"DISABLE_SERVER_SIDE_CURSORS": CONFIG.get_bool(
|
||||
"postgresql.disable_server_side_cursors", False
|
||||
),
|
||||
"TEST": {
|
||||
"NAME": config.get("postgresql.test.name"),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
conn_max_age = CONFIG.get_optional_int("postgresql.conn_max_age", UNSET)
|
||||
disable_server_side_cursors = CONFIG.get_bool("postgresql.disable_server_side_cursors", UNSET)
|
||||
if config.get_bool("postgresql.use_pgpool", False):
|
||||
db["default"]["DISABLE_SERVER_SIDE_CURSORS"] = True
|
||||
if disable_server_side_cursors is not UNSET:
|
||||
db["default"]["DISABLE_SERVER_SIDE_CURSORS"] = disable_server_side_cursors
|
||||
|
||||
if config.get_bool("postgresql.use_pgbouncer", False):
|
||||
# https://docs.djangoproject.com/en/4.0/ref/databases/#transaction-pooling-server-side-cursors
|
||||
db["default"]["DISABLE_SERVER_SIDE_CURSORS"] = True
|
||||
# https://docs.djangoproject.com/en/4.0/ref/databases/#persistent-connections
|
||||
db["default"]["CONN_MAX_AGE"] = None # persistent
|
||||
if disable_server_side_cursors is not UNSET:
|
||||
db["default"]["DISABLE_SERVER_SIDE_CURSORS"] = disable_server_side_cursors
|
||||
if conn_max_age is not UNSET:
|
||||
db["default"]["CONN_MAX_AGE"] = conn_max_age
|
||||
|
||||
for replica in config.get_keys("postgresql.read_replicas"):
|
||||
_database = deepcopy(db["default"])
|
||||
|
||||
@ -6,8 +6,6 @@ postgresql:
|
||||
user: authentik
|
||||
port: 5432
|
||||
password: "env://POSTGRES_PASSWORD"
|
||||
use_pgbouncer: false
|
||||
use_pgpool: false
|
||||
test:
|
||||
name: test_authentik
|
||||
read_replicas: {}
|
||||
|
||||
@ -214,6 +214,9 @@ class TestConfig(TestCase):
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"DISABLE_SERVER_SIDE_CURSORS": False,
|
||||
}
|
||||
},
|
||||
)
|
||||
@ -251,6 +254,9 @@ class TestConfig(TestCase):
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"DISABLE_SERVER_SIDE_CURSORS": False,
|
||||
},
|
||||
"replica_0": {
|
||||
"ENGINE": "authentik.root.db",
|
||||
@ -266,6 +272,72 @@ class TestConfig(TestCase):
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"DISABLE_SERVER_SIDE_CURSORS": False,
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
def test_db_read_replicas_pgbouncer(self):
|
||||
"""Test read replicas"""
|
||||
config = ConfigLoader()
|
||||
config.set("postgresql.host", "foo")
|
||||
config.set("postgresql.name", "foo")
|
||||
config.set("postgresql.user", "foo")
|
||||
config.set("postgresql.password", "foo")
|
||||
config.set("postgresql.port", "foo")
|
||||
config.set("postgresql.sslmode", "foo")
|
||||
config.set("postgresql.sslrootcert", "foo")
|
||||
config.set("postgresql.sslcert", "foo")
|
||||
config.set("postgresql.sslkey", "foo")
|
||||
config.set("postgresql.test.name", "foo")
|
||||
config.set("postgresql.use_pgbouncer", True)
|
||||
# Read replica
|
||||
config.set("postgresql.read_replicas.0.host", "bar")
|
||||
# Override conn_max_age
|
||||
config.set("postgresql.read_replicas.0.conn_max_age", 10)
|
||||
# This isn't supported
|
||||
config.set("postgresql.read_replicas.0.use_pgbouncer", False)
|
||||
conf = django_db_config(config)
|
||||
self.assertEqual(
|
||||
conf,
|
||||
{
|
||||
"default": {
|
||||
"DISABLE_SERVER_SIDE_CURSORS": True,
|
||||
"CONN_MAX_AGE": None,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"ENGINE": "authentik.root.db",
|
||||
"HOST": "foo",
|
||||
"NAME": "foo",
|
||||
"OPTIONS": {
|
||||
"sslcert": "foo",
|
||||
"sslkey": "foo",
|
||||
"sslmode": "foo",
|
||||
"sslrootcert": "foo",
|
||||
},
|
||||
"PASSWORD": "foo",
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
},
|
||||
"replica_0": {
|
||||
"DISABLE_SERVER_SIDE_CURSORS": True,
|
||||
"CONN_MAX_AGE": 10,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"ENGINE": "authentik.root.db",
|
||||
"HOST": "bar",
|
||||
"NAME": "foo",
|
||||
"OPTIONS": {
|
||||
"sslcert": "foo",
|
||||
"sslkey": "foo",
|
||||
"sslmode": "foo",
|
||||
"sslrootcert": "foo",
|
||||
},
|
||||
"PASSWORD": "foo",
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
},
|
||||
},
|
||||
)
|
||||
@ -294,6 +366,8 @@ class TestConfig(TestCase):
|
||||
{
|
||||
"default": {
|
||||
"DISABLE_SERVER_SIDE_CURSORS": True,
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"ENGINE": "authentik.root.db",
|
||||
"HOST": "foo",
|
||||
"NAME": "foo",
|
||||
@ -310,6 +384,8 @@ class TestConfig(TestCase):
|
||||
},
|
||||
"replica_0": {
|
||||
"DISABLE_SERVER_SIDE_CURSORS": True,
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
"ENGINE": "authentik.root.db",
|
||||
"HOST": "bar",
|
||||
"NAME": "foo",
|
||||
@ -362,6 +438,9 @@ class TestConfig(TestCase):
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
"DISABLE_SERVER_SIDE_CURSORS": False,
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
},
|
||||
"replica_0": {
|
||||
"ENGINE": "authentik.root.db",
|
||||
@ -377,6 +456,9 @@ class TestConfig(TestCase):
|
||||
"PORT": "foo",
|
||||
"TEST": {"NAME": "foo"},
|
||||
"USER": "foo",
|
||||
"DISABLE_SERVER_SIDE_CURSORS": False,
|
||||
"CONN_MAX_AGE": 0,
|
||||
"CONN_HEALTH_CHECKS": False,
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"$schema": "http://json-schema.org/draft-07/schema",
|
||||
"$id": "https://goauthentik.io/blueprints/schema.json",
|
||||
"type": "object",
|
||||
"title": "authentik 2024.10.5 Blueprint schema",
|
||||
"title": "authentik 2024.12.0 Blueprint schema",
|
||||
"required": [
|
||||
"version",
|
||||
"entries"
|
||||
|
||||
@ -31,7 +31,7 @@ services:
|
||||
volumes:
|
||||
- redis:/data
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.5}
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.0}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
@ -54,7 +54,7 @@ services:
|
||||
redis:
|
||||
condition: service_healthy
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.5}
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.0}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
|
||||
@ -29,4 +29,4 @@ func UserAgent() string {
|
||||
return fmt.Sprintf("authentik@%s", FullVersion())
|
||||
}
|
||||
|
||||
const VERSION = "2024.10.5"
|
||||
const VERSION = "2024.12.0"
|
||||
|
||||
@ -15,7 +15,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-26 00:09+0000\n"
|
||||
"POT-Creation-Date: 2024-12-18 13:31+0000\n"
|
||||
"PO-Revision-Date: 2022-09-26 16:47+0000\n"
|
||||
"Last-Translator: deluxghost, 2024\n"
|
||||
"Language-Team: Chinese Simplified (https://app.transifex.com/authentik/teams/119923/zh-Hans/)\n"
|
||||
@ -1898,6 +1898,10 @@ msgstr "Kerberos 领域"
|
||||
msgid "Custom krb5.conf to use. Uses the system one by default"
|
||||
msgstr "要使用的自定义 krb5.conf。默认使用系统自带"
|
||||
|
||||
#: authentik/sources/kerberos/models.py
|
||||
msgid "KAdmin server type"
|
||||
msgstr "KAdmin 服务器类型"
|
||||
|
||||
#: authentik/sources/kerberos/models.py
|
||||
msgid "Sync users from Kerberos into authentik"
|
||||
msgstr "从 Kerberos 同步用户到 authentik"
|
||||
@ -2858,7 +2862,7 @@ msgstr ""
|
||||
#, python-format
|
||||
msgid ""
|
||||
"\n"
|
||||
" If you did not request a password change, please ignore this Email. The link above is valid for %(expires)s.\n"
|
||||
" If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n"
|
||||
" "
|
||||
msgstr ""
|
||||
"\n"
|
||||
@ -2882,7 +2886,7 @@ msgstr ""
|
||||
#, python-format
|
||||
msgid ""
|
||||
"\n"
|
||||
"If you did not request a password change, please ignore this Email. The link above is valid for %(expires)s.\n"
|
||||
"If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n"
|
||||
msgstr ""
|
||||
"\n"
|
||||
"如果您没有请求更改密码,请忽略此电子邮件。上面的链接在 %(expires)s 内有效。\n"
|
||||
@ -3151,6 +3155,22 @@ msgstr "输入阶段"
|
||||
msgid "Passwords don't match."
|
||||
msgstr "密码不匹配。"
|
||||
|
||||
#: authentik/stages/redirect/api.py
|
||||
msgid "Target URL should be present when mode is Static."
|
||||
msgstr "当模式为静态时,目标 URL 应存在。"
|
||||
|
||||
#: authentik/stages/redirect/api.py
|
||||
msgid "Target Flow should be present when mode is Flow."
|
||||
msgstr "当模式为流程时,目标流程应存在。"
|
||||
|
||||
#: authentik/stages/redirect/models.py
|
||||
msgid "Redirect Stage"
|
||||
msgstr "重定向阶段"
|
||||
|
||||
#: authentik/stages/redirect/models.py
|
||||
msgid "Redirect Stages"
|
||||
msgstr "重定向阶段"
|
||||
|
||||
#: authentik/stages/user_delete/models.py
|
||||
msgid "User Delete Stage"
|
||||
msgstr "用户删除阶段"
|
||||
|
||||
@ -14,7 +14,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-26 00:09+0000\n"
|
||||
"POT-Creation-Date: 2024-12-18 13:31+0000\n"
|
||||
"PO-Revision-Date: 2022-09-26 16:47+0000\n"
|
||||
"Last-Translator: deluxghost, 2024\n"
|
||||
"Language-Team: Chinese (China) (https://app.transifex.com/authentik/teams/119923/zh_CN/)\n"
|
||||
@ -1897,6 +1897,10 @@ msgstr "Kerberos 领域"
|
||||
msgid "Custom krb5.conf to use. Uses the system one by default"
|
||||
msgstr "要使用的自定义 krb5.conf。默认使用系统自带"
|
||||
|
||||
#: authentik/sources/kerberos/models.py
|
||||
msgid "KAdmin server type"
|
||||
msgstr "KAdmin 服务器类型"
|
||||
|
||||
#: authentik/sources/kerberos/models.py
|
||||
msgid "Sync users from Kerberos into authentik"
|
||||
msgstr "从 Kerberos 同步用户到 authentik"
|
||||
@ -2857,7 +2861,7 @@ msgstr ""
|
||||
#, python-format
|
||||
msgid ""
|
||||
"\n"
|
||||
" If you did not request a password change, please ignore this Email. The link above is valid for %(expires)s.\n"
|
||||
" If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n"
|
||||
" "
|
||||
msgstr ""
|
||||
"\n"
|
||||
@ -2881,7 +2885,7 @@ msgstr ""
|
||||
#, python-format
|
||||
msgid ""
|
||||
"\n"
|
||||
"If you did not request a password change, please ignore this Email. The link above is valid for %(expires)s.\n"
|
||||
"If you did not request a password change, please ignore this email. The link above is valid for %(expires)s.\n"
|
||||
msgstr ""
|
||||
"\n"
|
||||
"如果您没有请求更改密码,请忽略此电子邮件。上面的链接在 %(expires)s 内有效。\n"
|
||||
@ -3150,6 +3154,22 @@ msgstr "输入阶段"
|
||||
msgid "Passwords don't match."
|
||||
msgstr "密码不匹配。"
|
||||
|
||||
#: authentik/stages/redirect/api.py
|
||||
msgid "Target URL should be present when mode is Static."
|
||||
msgstr "当模式为静态时,目标 URL 应存在。"
|
||||
|
||||
#: authentik/stages/redirect/api.py
|
||||
msgid "Target Flow should be present when mode is Flow."
|
||||
msgstr "当模式为流程时,目标流程应存在。"
|
||||
|
||||
#: authentik/stages/redirect/models.py
|
||||
msgid "Redirect Stage"
|
||||
msgstr "重定向阶段"
|
||||
|
||||
#: authentik/stages/redirect/models.py
|
||||
msgid "Redirect Stages"
|
||||
msgstr "重定向阶段"
|
||||
|
||||
#: authentik/stages/user_delete/models.py
|
||||
msgid "User Delete Stage"
|
||||
msgstr "用户删除阶段"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
{
|
||||
"name": "@goauthentik/authentik",
|
||||
"version": "2024.10.5",
|
||||
"version": "2024.12.0",
|
||||
"private": true
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
[tool.poetry]
|
||||
name = "authentik"
|
||||
version = "2024.10.5"
|
||||
version = "2024.12.0"
|
||||
description = ""
|
||||
authors = ["authentik Team <hello@goauthentik.io>"]
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
openapi: 3.0.3
|
||||
info:
|
||||
title: authentik
|
||||
version: 2024.10.5
|
||||
version: 2024.12.0
|
||||
description: Making authentication simple.
|
||||
contact:
|
||||
email: hello@goauthentik.io
|
||||
|
||||
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
|
||||
export const ERROR_CLASS = "pf-m-danger";
|
||||
export const PROGRESS_CLASS = "pf-m-in-progress";
|
||||
export const CURRENT_CLASS = "pf-m-current";
|
||||
export const VERSION = "2024.10.5";
|
||||
export const VERSION = "2024.12.0";
|
||||
export const TITLE_DEFAULT = "authentik";
|
||||
export const ROUTE_SEPARATOR = ";";
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
|
||||
<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
|
||||
<file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
|
||||
<body>
|
||||
<trans-unit id="s4caed5b7a7e5d89b">
|
||||
@ -596,9 +596,9 @@
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="saa0e2675da69651b">
|
||||
<source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
|
||||
<target>未找到 URL "
|
||||
<x id="0" equiv-text="${this.url}"/>"。</target>
|
||||
<source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
|
||||
<target>未找到 URL "
|
||||
<x id="0" equiv-text="${this.url}"/>"。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s58cd9c2fe836d9c6">
|
||||
@ -1737,8 +1737,8 @@
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sa90b7809586c35ce">
|
||||
<source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
|
||||
<target>输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
|
||||
<source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
|
||||
<target>输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s0410779cb47de312">
|
||||
@ -2901,8 +2901,8 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s76768bebabb7d543">
|
||||
<source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
|
||||
<target>包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
|
||||
<source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
|
||||
<target>包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s026555347e589f0e">
|
||||
@ -3648,8 +3648,8 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s7b1fba26d245cb1c">
|
||||
<source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
|
||||
<target>使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。</target>
|
||||
<source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
|
||||
<target>使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s44536d20bb5c8257">
|
||||
@ -3825,10 +3825,10 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sa95a538bfbb86111">
|
||||
<source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
|
||||
<source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
|
||||
<target>您确定要更新
|
||||
<x id="0" equiv-text="${this.objectLabel}"/>"
|
||||
<x id="1" equiv-text="${this.obj?.name}"/>" 吗?</target>
|
||||
<x id="0" equiv-text="${this.objectLabel}"/>"
|
||||
<x id="1" equiv-text="${this.obj?.name}"/>" 吗?</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sc92d7cfb6ee1fec6">
|
||||
@ -4904,7 +4904,7 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sdf1d8edef27236f0">
|
||||
<source>A "roaming" authenticator, like a YubiKey</source>
|
||||
<source>A "roaming" authenticator, like a YubiKey</source>
|
||||
<target>像 YubiKey 这样的“漫游”身份验证器</target>
|
||||
|
||||
</trans-unit>
|
||||
@ -5273,7 +5273,7 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s1608b2f94fa0dbd4">
|
||||
<source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
|
||||
<source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
|
||||
<target>如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。</target>
|
||||
|
||||
</trans-unit>
|
||||
@ -7674,7 +7674,7 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||
<target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s824e0943a7104668">
|
||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||
<target>此用户将会被添加到组 &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||
@ -9020,7 +9020,7 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||
<target>同步组</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2d5f69929bb7221d">
|
||||
<source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
|
||||
<source><x id="0" equiv-text="${p.name}"/> ("<x id="1" equiv-text="${p.fieldKey}"/>", of type <x id="2" equiv-text="${p.type}"/>)</source>
|
||||
<target><x id="0" equiv-text="${p.name}"/>(&quot;<x id="1" equiv-text="${p.fieldKey}"/>&quot;,类型为 <x id="2" equiv-text="${p.type}"/>)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sa38c5a2731be3a46">
|
||||
@ -9272,8 +9272,8 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||
<target>授权流程成功后有效的重定向 URI。还可以在此处为隐式流程指定任何来源。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4c49d27de60a532b">
|
||||
<source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
|
||||
<target>要允许任何重定向 URI,请设置模式为正则表达式,并将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
|
||||
<source>To allow any redirect URI, set the mode to Regex and the value to ".*". Be aware of the possible security implications this can have.</source>
|
||||
<target>要允许任何重定向 URI,请设置模式为正则表达式,并将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s43f899a86c6a3484">
|
||||
<source>Redirect URIs/Origins</source>
|
||||
@ -9301,67 +9301,88 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3cc2b33d2a8000d3">
|
||||
<source>KAdmin type</source>
|
||||
<target>KAdmin 类型</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s624e1c8739507529">
|
||||
<source>MIT krb5 kadmin</source>
|
||||
<target>MIT krb5 kadmin</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s6d225d9e74dfff6f">
|
||||
<source>Heimdal kadmin</source>
|
||||
<target>Heimdal kadmin</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc9e494c8346b7cb5">
|
||||
<source>Other</source>
|
||||
<target>其他</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sbf6c78047e8ec8f8">
|
||||
<source>Other type of kadmin</source>
|
||||
<target>其他类型 kadmin</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb53d0b77abef2316">
|
||||
<source>To let a user directly reset their password, configure a recovery flow on the currently active brand.</source>
|
||||
<target>要让用户直接重置密码,请在当前活动的品牌上配置恢复流程。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2e5226fcf269689b">
|
||||
<source>Consent given lasts indefinitely</source>
|
||||
<target>无限期同意授权</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7eff620292ed9349">
|
||||
<source>Consent expires</source>
|
||||
<target>同意授权会过期</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1cc032bcc50b2942">
|
||||
<source>Available Policies</source>
|
||||
<target>可用策略</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3ad64193ad5f4a5e">
|
||||
<source>Selected Policies</source>
|
||||
<target>已选策略</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc487e11d5987dbb4">
|
||||
<source>Redirect the user to another flow, potentially with all gathered context</source>
|
||||
<target>将用户重定向到另一个流程,可能包含所有已收集的上下文</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sad9d5481474d4f5b">
|
||||
<source>Static</source>
|
||||
<target>静态</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="se87a96950464bc89">
|
||||
<source>Target URL</source>
|
||||
<target>目标 URL</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7f3097955b19736a">
|
||||
<source>Redirect the user to a static URL.</source>
|
||||
<target>将用户重定向到一个静态 URL。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9bdee1c5130c8240">
|
||||
<source>Target Flow</source>
|
||||
<target>目标流程</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sa5d1405b8d6529c7">
|
||||
<source>Redirect the user to a Flow.</source>
|
||||
<target>将用户重定向到一个流程。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7c9db337d14d42b3">
|
||||
<source>Keep flow context</source>
|
||||
<target>保留流程上下文</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s0d7dea184036a74d">
|
||||
<source>Require no authentication</source>
|
||||
<target>需要无身份验证</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s66f533986ba6182c">
|
||||
<source>Require superuser</source>
|
||||
<target>需要管理员用户</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s26c0a8789930b5fd">
|
||||
<source>Require being redirected from another flow</source>
|
||||
<target>需要重定向自另一个流程</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sbfaee8cfbf4e44e8">
|
||||
<source>Require Outpost (flow can only be executed from an outpost)</source>
|
||||
<target>需要前哨(流程只能从前哨执行)</target>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
</xliff>
|
||||
</xliff>
|
||||
@ -4967,16 +4967,6 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
<source>Always require consent</source>
|
||||
<target>始终需要征得同意授权</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s8ce8bdc9cc9c8604">
|
||||
<source>Consent given last indefinitely</source>
|
||||
<target>无限期同意授权</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sb986f15fa9b17805">
|
||||
<source>Consent expires.</source>
|
||||
<target>同意授权会过期。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s6f328f2d8382d998">
|
||||
<source>Consent expires in</source>
|
||||
@ -5478,16 +5468,6 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||
<source>Require authentication</source>
|
||||
<target>需要身份验证</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s239c2a351cde6d39">
|
||||
<source>Require no authentication.</source>
|
||||
<target>需要无身份验证。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="s98beadfeeb3acb66">
|
||||
<source>Require superuser.</source>
|
||||
<target>需要管理员用户。</target>
|
||||
|
||||
</trans-unit>
|
||||
<trans-unit id="sfad9279cc42c6b61">
|
||||
<source>Required authentication level for this flow.</source>
|
||||
@ -7765,10 +7745,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||
<source>Event volume</source>
|
||||
<target>事件容量</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s047a5f0211fedc72">
|
||||
<source>Require Outpost (flow can only be executed from an outpost).</source>
|
||||
<target>需要前哨(流程只能从前哨执行)。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3271da6c18c25b18">
|
||||
<source>Connection settings.</source>
|
||||
<target>连接设置。</target>
|
||||
@ -9322,6 +9298,90 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||
<trans-unit id="s4f8a3f7792e6b940">
|
||||
<source>JWTs signed by the selected providers can be used to authenticate to this provider.</source>
|
||||
<target>由已选提供程序签发的 JWT 可以用于此提供程序的身份验证。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3cc2b33d2a8000d3">
|
||||
<source>KAdmin type</source>
|
||||
<target>KAdmin 类型</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s624e1c8739507529">
|
||||
<source>MIT krb5 kadmin</source>
|
||||
<target>MIT krb5 kadmin</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s6d225d9e74dfff6f">
|
||||
<source>Heimdal kadmin</source>
|
||||
<target>Heimdal kadmin</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc9e494c8346b7cb5">
|
||||
<source>Other</source>
|
||||
<target>其他</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sbf6c78047e8ec8f8">
|
||||
<source>Other type of kadmin</source>
|
||||
<target>其他类型 kadmin</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb53d0b77abef2316">
|
||||
<source>To let a user directly reset their password, configure a recovery flow on the currently active brand.</source>
|
||||
<target>要让用户直接重置密码,请在当前活动的品牌上配置恢复流程。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2e5226fcf269689b">
|
||||
<source>Consent given lasts indefinitely</source>
|
||||
<target>无限期同意授权</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7eff620292ed9349">
|
||||
<source>Consent expires</source>
|
||||
<target>同意授权会过期</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1cc032bcc50b2942">
|
||||
<source>Available Policies</source>
|
||||
<target>可用策略</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3ad64193ad5f4a5e">
|
||||
<source>Selected Policies</source>
|
||||
<target>已选策略</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc487e11d5987dbb4">
|
||||
<source>Redirect the user to another flow, potentially with all gathered context</source>
|
||||
<target>将用户重定向到另一个流程,可能包含所有已收集的上下文</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sad9d5481474d4f5b">
|
||||
<source>Static</source>
|
||||
<target>静态</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="se87a96950464bc89">
|
||||
<source>Target URL</source>
|
||||
<target>目标 URL</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7f3097955b19736a">
|
||||
<source>Redirect the user to a static URL.</source>
|
||||
<target>将用户重定向到一个静态 URL。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9bdee1c5130c8240">
|
||||
<source>Target Flow</source>
|
||||
<target>目标流程</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sa5d1405b8d6529c7">
|
||||
<source>Redirect the user to a Flow.</source>
|
||||
<target>将用户重定向到一个流程。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7c9db337d14d42b3">
|
||||
<source>Keep flow context</source>
|
||||
<target>保留流程上下文</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s0d7dea184036a74d">
|
||||
<source>Require no authentication</source>
|
||||
<target>需要无身份验证</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s66f533986ba6182c">
|
||||
<source>Require superuser</source>
|
||||
<target>需要管理员用户</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s26c0a8789930b5fd">
|
||||
<source>Require being redirected from another flow</source>
|
||||
<target>需要重定向自另一个流程</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sbfaee8cfbf4e44e8">
|
||||
<source>Require Outpost (flow can only be executed from an outpost)</source>
|
||||
<target>需要前哨(流程只能从前哨执行)</target>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
||||
@ -70,14 +70,17 @@ To check if your config has been applied correctly, you can run the following co
|
||||
- `AUTHENTIK_POSTGRESQL__USER`: Database user
|
||||
- `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
|
||||
- `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
|
||||
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer
|
||||
- `AUTHENTIK_POSTGRESQL__USE_PGPOOL`: Adjust configuration to support connection to Pgpool
|
||||
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer. Deprecated, see below
|
||||
- `AUTHENTIK_POSTGRESQL__USE_PGPOOL`: Adjust configuration to support connection to Pgpool. Deprecated, see below
|
||||
- `AUTHENTIK_POSTGRESQL__SSLMODE`: Strictness of ssl verification. Defaults to `"verify-ca"`
|
||||
- `AUTHENTIK_POSTGRESQL__SSLROOTCERT`: CA root for server ssl verification
|
||||
- `AUTHENTIK_POSTGRESQL__SSLCERT`: Path to x509 client certificate to authenticate to server
|
||||
- `AUTHENTIK_POSTGRESQL__SSLKEY`: Path to private key of `SSLCERT` certificate
|
||||
- `AUTHENTIK_POSTGRESQL__CONN_MAX_AGE`: Database connection lifetime. Defaults to `0` (no persistent connections). Can be set to `null` for unlimited persistent connections. See [Django's documentation](https://docs.djangoproject.com/en/stable/ref/settings/#conn-max-age) for more details.
|
||||
- `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK`: Existing persistent database connections will be health checked before they are reused if set to `true`. Defaults to `false`. See [Django's documentation](https://docs.djangoproject.com/en/stable/ref/settings/#conn-health-checks) for more details.
|
||||
- `AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS`: Disable server side cursors when set to `true`. Defaults to `false`. See [Django's documentation](https://docs.djangoproject.com/en/stable/ref/settings/#disable-server-side-cursors) for more details.
|
||||
|
||||
All PostgreSQL settings, apart from `USE_PGBOUNCER` and `USE_PGPOOL`, support hot-reloading. Adding and removing read replicas doesn't support hot-reloading.
|
||||
The PostgreSQL settings `HOST`, `PORT`, `USER`, and `PASSWORD` support hot-reloading. Adding and removing read replicas doesn't support hot-reloading.
|
||||
|
||||
### Read replicas
|
||||
|
||||
@ -96,8 +99,25 @@ The same PostgreSQL settings as described above are used for each read replica.
|
||||
- `AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__SSLROOTCERT`
|
||||
- `AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__SSLCERT`
|
||||
- `AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__SSLKEY`
|
||||
- `AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__CONN_MAX_AGE`
|
||||
- `AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__CONN_HEALTH_CHECK`
|
||||
- `AUTHENTIK_POSTGRESQL__READ_REPLICAS__0__DISABLE_SERVER_SIDE_CURSORS`
|
||||
|
||||
Note that `USE_PGBOUNCER` and `USE_PGPOOL` are inherited from the main database configuration and are _not_ overridable on read replicas.
|
||||
### Using a PostgreSQL connection pooler (PgBouncer or PgPool)
|
||||
|
||||
When your PostgreSQL database(s) are running behind a connection pooler, like PgBouncer or PgPool, two settings need to be overridden:
|
||||
|
||||
- `AUTHENTIK_POSTGRESQL__CONN_MAX_AGE`
|
||||
|
||||
A connection pooler running in session pool mode (PgBouncer default) can be incompatible with unlimited persistent connections enabled by setting this to `null`: If the connection from the connection pooler to the database server is dropped, the connection pooler will wait for the client to disconnect before releasing the connection; however this will **never** happen as authentik is configured to keep the connection to the connection pooler forever.
|
||||
|
||||
To address this incompatibility, either configure the connection pooler to run in transaction pool mode, or update this setting to a value lower than any timeouts that may cause the connection to the database to be dropped (up to `0`).
|
||||
|
||||
- `AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS`
|
||||
|
||||
Using a connection pooler in transaction pool mode (e.g. PgPool, or PgBouncer in transaction or statement pool mode) requires disabling server-side cursors, so this setting must be set to `false`.
|
||||
|
||||
Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform health checks on persistent database connections before they are re-used.
|
||||
|
||||
## Redis Settings
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ Parameters:
|
||||
Description: authentik server memory in MiB
|
||||
Type: Number
|
||||
AuthentikVersion:
|
||||
Default: 2024.10.5
|
||||
Default: 2024.12.0
|
||||
Description: authentik Docker image tag
|
||||
Type: String
|
||||
AuthentikWorkerCPU:
|
||||
|
||||
@ -3,12 +3,6 @@ title: Release 2024.12
|
||||
slug: "/releases/2024.12"
|
||||
---
|
||||
|
||||
:::::note
|
||||
2024.12 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
|
||||
|
||||
To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.12.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
|
||||
:::::
|
||||
|
||||
## Highlights
|
||||
|
||||
- **Redirect stage** Conditionally redirect users to other flows and URLs.
|
||||
@ -24,6 +18,16 @@ To try out the release candidate, replace your Docker image tag with the latest
|
||||
|
||||
You can disable this behavior in the **Admin interface** under **System** > **Settings**.
|
||||
|
||||
- **Deprecated PostgreSQL `USE_PGBOUNCER` and `USE_PGPOOL` settings**
|
||||
|
||||
With this release, the `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER` and `AUTHENTIK_POSTGRESQL__USE_PGPOOL` settings have been deprecated in favor of exposing the underlying database settings: `AUTHENTIK_POSTGRESQL__CONN_MAX_AGE` and `AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS`.
|
||||
|
||||
If you are using PgBouncer or PgPool as connection poolers and wish to maintain the same behavior as previous versions, `AUTHENTIK_POSTGRESQL__DISABLE_SERVER_SIDE_CURSORS` must be set to `true`. Moreover, if you are using PgBouncer `AUTHENTIK_POSTGRESQL__CONN_MAX_AGE` must be set to `null`.
|
||||
|
||||
The newly exposed settings allow supporting a wider set of connection pooler configurations. For details on how these settings interact with different configurations of connection poolers, please refer to the [PostgreSQL documentation](../../install-config/configuration/configuration.mdx#postgresql-settings).
|
||||
|
||||
These settings will be removed in a future version.
|
||||
|
||||
## New features
|
||||
|
||||
- **Redirect stage**
|
||||
@ -92,6 +96,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.12
|
||||
- enterprise/rac: fix API Schema for invalidation_flow (#11907)
|
||||
- enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
|
||||
- enterprise: allow deletion/modification of users when in read-only mode (#12289)
|
||||
- events: notification_cleanup: avoid unnecessary loop (cherry-pick #12417) (#12418)
|
||||
- flows: better test stage's challenge responses (#12316)
|
||||
- flows: silent authz flow (#12213)
|
||||
- internal: add CSP header to files in `/media` (#12092)
|
||||
@ -112,6 +117,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.12
|
||||
- providers/scim: accept string and int for SCIM IDs (#12093)
|
||||
- rbac: fix incorrect object_description for object-level permissions (#12029)
|
||||
- root: check remote IP for proxy protocol same as HTTP/etc (#12094)
|
||||
- root: expose CONN_MAX_AGE, CONN_HEALTH_CHECKS and DISABLE_SERVER_SIDE_CURSORS for PostgreSQL config (cherry-pick #10159) (#12419)
|
||||
- root: fix activation of locale not being scoped (#12091)
|
||||
- root: fix database ssl options not set correctly (#12180)
|
||||
- root: fix health status code (#12255)
|
||||
|
||||
Reference in New Issue
Block a user