Skip to main content

Release 2022.2

Breaking changes

Removal of integrated backup

The integrated backup functionality has been removed due to the following reasons:

  • It caused a lot of issues during restore, with things breaking and difficult to restore backups
  • Limited compatibility (only supported local and S3 backups)
  • Most environments already have a solution for backups, so we feel that investing more time into making this feature better should be spent on more important things.

If you don't already have a standard backup solution for other applications, you can consider these replacements:

Changed URLs for forward auth

akprox in URLs has been changed to outpost.goauthentik.io. All the documentation now reflects this, and outpost integrations will migrate this automatically for you.

New features

Authenticator enrollment picker

In an authenticator validation stage you can now configure multiple configuration stages, which will be present to the user to choose which device they want to enroll.

Minor changes/fixes

  • *: add placeholder custom.css to easily allow user customisation
  • *: rename akprox to outpost.goauthentik.io (#2266)
  • internal: don't attempt to lookup SNI Certificate if no SNI is sent
  • internal: improve error handling for internal reverse proxy
  • internal: increase logging for no hostname found
  • internal: remove uvicorn server header
  • outposts: ensure keypair is set for SSH connections
  • outposts: fix channel not always having a logger attribute
  • outposts: fix compare_ports to support both service and container ports
  • outposts: fix service reconciler re-creating services
  • outposts: make local discovery configurable
  • outposts: remove node_port on V1ServicePort checks to prevent service creation loops
  • outposts/proxy: correctly check host in forward domain redirect
  • outposts/proxy: correctly handle ?rd= param
  • providers/oauth2: add support for explicit response_mode
  • providers/oauth2: fix redirect_uri being lowercased on successful validation
  • providers/proxy: enable TLS in ingress via traefik annotation
  • providers/proxy: improve error handling for invalid backend_override
  • providers/proxy: remove leading slash to allow subdirectories in proxy
  • sources/ldap: log entire exception
  • sources/ldap: use merger that only appends unique items to list
  • sources/saml: fix incorrect ProtocolBinding being sent
  • stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose
  • stages/authenticator_validate: fix handling when single configuration stage is selected
  • stages/authenticator_validate: handle non-existent device_challenges
  • Translate /web/src/locales/en.po in de (#2291)
  • Translate /web/src/locales/en.po in pl (#2274)
  • Translate /web/src/locales/en.po in zh_TW (#2263)
  • Translate /web/src/locales/en.po in zh-Hans (#2262)
  • Translate /web/src/locales/en.po in zh-Hant (#2261)
  • web/admin: fix invalid URLs in example proxy config
  • web/admin: fix mismatched icons in overview and lists

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.2 from here. Afterwards, simply run docker-compose up -d.

The previous backup directory will persist, and can still be used with other tools.

Kubernetes

Update your values to use the new images:

image:
repository: ghcr.io/goauthentik/server
tag: 2022.2.1

Backup-related settings can be removed but will not cause any errors either.