Release 2022.2
Breaking changes
Removal of integrated backup
The integrated backup functionality has been removed due to the following reasons:
- It caused a lot of issues during restore, with things breaking and difficult to restore backups
- Limited compatibility (only supported local and S3 backups)
- Most environments already have a solution for backups, so we feel that investing more time into making this feature better should be spent on more important things.
If you don't already have a standard backup solution for other applications, you can consider these replacements:
- https://github.com/kartoza/docker-pg-backup for docker-compose and
- https://devtron.ai/blog/creating-a-kubernetes-cron-job-to-backup-postgres-db/ or https://cwienczek.com/2020/06/simple-backup-of-postgres-database-in-kubernetes/ for Kubernetes
Changed URLs for forward auth
akprox
in URLs has been changed to outpost.goauthentik.io
. All the documentation now reflects this, and outpost integrations will migrate this automatically for you.
New features
Authenticator enrollment picker
In an authenticator validation stage you can now configure multiple configuration stages, which will be present to the user to choose which device they want to enroll.
Minor changes/fixes
- *: add placeholder custom.css to easily allow user customisation
- *: rename akprox to outpost.goauthentik.io (#2266)
- internal: don't attempt to lookup SNI Certificate if no SNI is sent
- internal: improve error handling for internal reverse proxy
- internal: increase logging for no hostname found
- internal: remove uvicorn server header
- outposts: ensure keypair is set for SSH connections
- outposts: fix channel not always having a logger attribute
- outposts: fix compare_ports to support both service and container ports
- outposts: fix service reconciler re-creating services
- outposts: make local discovery configurable
- outposts: remove node_port on V1ServicePort checks to prevent service creation loops
- outposts/proxy: correctly check host in forward domain redirect
- outposts/proxy: correctly handle ?rd= param
- providers/oauth2: add support for explicit response_mode
- providers/oauth2: fix redirect_uri being lowercased on successful validation
- providers/proxy: enable TLS in ingress via traefik annotation
- providers/proxy: improve error handling for invalid backend_override
- providers/proxy: remove leading slash to allow subdirectories in proxy
- sources/ldap: log entire exception
- sources/ldap: use merger that only appends unique items to list
- sources/saml: fix incorrect ProtocolBinding being sent
- stages/authenticator_validate: add ability to select multiple configuration stages which the user can choose
- stages/authenticator_validate: fix handling when single configuration stage is selected
- stages/authenticator_validate: handle non-existent device_challenges
- Translate /web/src/locales/en.po in de (#2291)
- Translate /web/src/locales/en.po in pl (#2274)
- Translate /web/src/locales/en.po in zh_TW (#2263)
- Translate /web/src/locales/en.po in zh-Hans (#2262)
- Translate /web/src/locales/en.po in zh-Hant (#2261)
- web/admin: fix invalid URLs in example proxy config
- web/admin: fix mismatched icons in overview and lists
Upgrading
This release does not introduce any new requirements.
docker-compose
Download the docker-compose file for 2022.2 from here. Afterwards, simply run docker-compose up -d
.
The previous backup directory will persist, and can still be used with other tools.
Kubernetes
Update your values to use the new images:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.2.1
Backup-related settings can be removed but will not cause any errors either.