Release 2021.7
Headline Changes
SSL Support for LDAP Providers
You can now configure certificates for your LDAP Providers, meaning that all communication will be done encrypted.
Currently, only SSL on port 636 is supported, not StartTLS.
Add bundled docs
You can now browse the authentik docs for your version by browsing to
/help
. This means you don't have to rely on an internet connection to check the docs, and you also have the correct docs for your currently running version.
Minor changes
- api: Tunnel Sentry requests through authentik to prevent them being blocked by ad-blockers
- core: fix error when setting icon/background to url longer than 100 chars
- events: fix error when slack notification request failed without a response
- flows: allow variable substitution in flow titles
- outposts/ldap: Fix LDAP outpost missing a
member
field on groups with all member DNs - outposts/ldap: Fix LDAP outpost not parsing arrays from user and group attributes correctly
- providers/oauth2: allow blank redirect_uris to allow any redirect_uri
- providers/saml: fix parsing of POST bindings
- root: add PROXY protocol support for http, https, ldap and ldaps servers
- root: Allow configuration of Redis port
- root: set samesite to None for SAML POST flows
- root: subclass SessionMiddleware to set Secure and SameSite flag depending on context
- web: fix error when showing error message of request
Fixed in 2021.7.1-rc2
- core: add email filter for user
- core: add group filter by member username and pk
- core: broaden error catching for propertymappings
- lib: fix outpost fake-ip not working, add tests
- outpost: fix 100% CPU Usage when not connected to websocket
- outposts: ensure outpost SAs always have permissions to fake IP
- outposts: fix git hash not being set in outposts
- outposts: save certificate fingerprint and check before re-fetching to cleanup logs
- outposts/ldap: add tracing for LDAP bind and search
- outposts/ldap: improve parsing of LDAP filters
- outposts/ldap: optimise backend Search API requests
- outposts/proxy: add X-Auth-Groups header to pass groups
- providers/oauth2: handler PropertyMapping exceptions and create event
- providers/saml: improve error handling for property mappings
- sources/ldap: improve error handling for property mappings
- web: fix icon flashing in header, fix notification header icon in dark mode
- web: separate websocket connection from messages
- web/admin: fix missing dark theme for notifications
- web/admin: fix negative count for policies when more cached than total policies
- web/admin: improve UI for notification toggle
- website/docs: clear up outpost uuids
- website/docs: remove duplicate proxy docs
Fixed in 2021.7.1
- core: add tests for flow_manager
- core: fix CheckApplication's for_user flag not being checked correctly
- core: fix pagination not working correctly with applications API
- providers/oauth2: fix blank redirect_uri not working with TokenView
- root: add code of conduct and PR template
- root: add contributing file
- tenants: make event retention configurable on tenant level
- tenants: set tenant uuid in sentry
- web/admin: add notice for event_retention
- web/admin: add status card for https and timedrift
- web/admin: default to authentication flow for LDAP provider
- web/admin: fix ApplicationView's CheckAccess not sending UserID correctly
- website/docs: add go requirement
- website/docs: update terminology for dark mode
Fixed in 2021.7.2
- ci: fix sentry sourcemap path
- e2e: fix broken selenium by locking images
- events: ensure fallback result is set for on_failure
- events: remove default result for MonitoredTasks, only save when result was set
- flows: don't check redirect URL when set from flow plan (set from authentik or policy)
- flows: fix unhandled error in stage execution not being logged as SYSTEM_EXCEPTION event
- outpost: bump timer for periodic config reloads
- outposts: catch invalid ServiceConnection error in outpost controller
- providers/oauth2: fix error when requesting jwks keys with no rs256 aet
- providers/proxy: fix hosts for ingress not being compared correctly
- providers/saml: fix Error when getting metadata for invalid ID
- providers/saml: fix metadata being inaccessible without authentication
- sources/ldap: improve ms-ad password complexity checking
- sources/plex: add background task to monitor validity of plex token
- stages/email: fix error when re-requesting email after token has expired
- stages/invitation: delete invite only after full enrollment flow is completed
- web/admin: add re-authenticate button for plex
- web/admin: add UI to copy invitation link
- web/admin: fix empty column when no invitation expiry was set
- web/admin: fix LDAP Provider bind flow list being empty
- web/admin: fully remove response cloning due to errors
Fixed in 2021.7.3
- core: fix users not being able to update their profile
- lifecycle: decrease default worker count on compose
- providers/saml: fix error when WantAssertionsSigned is missing
- providers/saml: fix error when PropertyMapping return value isn't string
- web/admin: fix user's email field being required
- web/admin: fix source form's userMatchingMode being swapped
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2021.7 from here. Afterwards, simply run docker-compose up -d
.
Kubernetes
Upgrade to the latest chart version to get the new images.