2022-12-20 21:09:30 +00:00
---
title: Release 2022.12
2023-01-04 18:45:31 +00:00
slug: "/releases/2022.12"
2022-12-20 21:09:30 +00:00
---
2022-12-22 17:49:25 +00:00
## Breaking changes
- Blueprints fetched via OCI require oci:// schema
To better detect if a blueprint should be fetched locally or via OCI, all OCI sourced blueprints require an `oci://` protocol.
2022-12-20 21:09:30 +00:00
## New features
- Bundled GeoIP City database
authentik now comes with a bundled MaxMind GeoLite2 City database. This allows everyone to take advantage of the extra data provided by GeoIP. The default docker-compose file removes the GeoIP update container as it is no longer needed. See more [here ](../core/geoip )
2022-12-28 11:51:39 +00:00
- Improved UX for user & group management and stage/policy binding
2022-12-20 21:09:30 +00:00
2022-12-28 11:51:39 +00:00
Users can now more easily be added to and removed from groups, both when viewing a single user and viewing a group.
When creating new stages or policies, authentik will now automatically offer an option to bind them to the object in whose context they were created in.
2022-12-20 21:09:30 +00:00
2022-12-29 22:28:15 +00:00
Select inputs were previously limited to showing a single page of items (default size of 100 items). These inputs have been replaced by dynamically loading inputs which support searching and better show the properties of the item.
2022-12-21 11:13:11 +00:00
- Preview for OAuth2 and SAML providers
OAuth2 and SAML providers can now preview what the currently selected property/scope mappings's outcome will look like. This helps with seeing what data is sent to the client and implementing and testing custom mappings.
2022-12-28 11:51:39 +00:00
- Customisable Captcha stage
The captcha stage now supports alternate compatible providers, like [hCaptcha ](https://docs.hcaptcha.com/switch/ ) and [Turnstile ](https://developers.cloudflare.com/turnstile/get-started/migrating-from-recaptcha/ ).
2022-12-20 21:09:30 +00:00
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2022.12 from [here ](https://goauthentik.io/version/2022.12/docker-compose.yml ). Afterwards, simply run `docker-compose up -d` .
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2022.12.0
```
## Minor changes/fixes
2022-12-28 11:51:39 +00:00
- blueprints: add !Env tag
2022-12-27 13:00:33 +00:00
- blueprints: add `!If` tag (#4264)
- blueprints: add conditions to blueprint schema
2022-12-21 20:58:50 +00:00
- blueprints: Added conditional entry application (#4167)
2022-12-27 13:00:33 +00:00
- blueprints: better OCI support in UI (#4263)
2022-12-21 20:58:50 +00:00
- blueprints: fixed bug causing filtering with an empty query (#4106)
- blueprints: Support nested custom tags in `!Find` and `!Format` tags (#4127)
2022-12-28 11:51:39 +00:00
- core: add endpoints to add/remove users from group atomically
2022-12-21 20:58:50 +00:00
- core: bundle geoip (#4250)
- events: fix incorrect EventAction being used
- events: improve handling creation of events with non-pickleable objects
- events: remove legacy logger declaration
- events: save login event in session after login
2022-12-27 13:00:33 +00:00
- flows: fix redirect from plan context "redirect" not being wrapped in flow response
2022-12-21 20:58:50 +00:00
- flows: set stage name and verbose_name for in_memory stages
- internal: dont error if environment config isn't found
- internal: remove sentry proxy
- internal: reuse http transport to prevent leaking connections (#3996)
- lib: enable sentry profiles_sample_rate
- lib: fix uploaded files not being saved correctly, add tests
- lifecycle: don't set user/group in gunicorn
- lifecycle: improve explanation for user: root and docket socket mount
- policies: don't log context when policy returns None
- policies: log correct cache state
2022-12-27 13:00:33 +00:00
- policies: make name required
2022-12-21 20:58:50 +00:00
- policies/password: Always add generic message to failing zxcvbn check (#4100)
- providers: add preview for mappings (#4254)
- providers/ldap: improve mapping of LDAP filters to authentik queries
2022-12-27 13:00:33 +00:00
- providers/oauth2: optimise and cache signing key, prevent key being loaded multiple times
2022-12-21 20:58:50 +00:00
- providers/oauth2: set amr values based on login event
- providers/proxy: correctly set id_token_hint if possible
- providers/saml: set AuthnContextClassRef based on login event
- root: allow custom settings via python module
2022-12-27 13:00:33 +00:00
- root: migrate to hosted sentry with rate-limited DSN
- security: fix CVE 2022 23555 (#4274)
- security: fix CVE 2022 46145 (#4140)
- security: fix CVE 2022 46172 (#4275)
2022-12-21 20:58:50 +00:00
- stages/authenticator_duo: fix imported duo devices not being confirmed
- stages/authenticator_validate: fix validation to ensure configuration stage is set
- stages/authenticator_validate: improve validation for not_configured_action
2022-12-27 13:00:33 +00:00
- stages/authenticator_validate: log duo error
2022-12-21 20:58:50 +00:00
- stages/authenticator_validate: save used mfa devices in login event
- stages/captcha: customisable URLs (#3832)
2022-12-27 13:00:33 +00:00
- stages/invitation: fix incorrect pk check for invitation's flow
2022-12-21 20:58:50 +00:00
- stages/user_login: prevent double success message when logging in via source
- stages/user_write: always ignore `component` field and prevent warning
2022-12-28 09:50:30 +00:00
- web: fix authentication with Plex on iOS (#4095)
2022-12-27 13:00:33 +00:00
- web: ignore d3 circular deps warning, treat unresolved import as error
- web: use version family subdomain for in-app doc links
2022-12-21 20:58:50 +00:00
- web/admin: better show metadata download for saml provider
2022-12-27 13:00:33 +00:00
- web/admin: break all in code blocks in event info
- web/admin: clarify phrasing that user ID is required
2022-12-21 20:58:50 +00:00
- web/admin: fix action button order for blueprints
- web/admin: fix alignment in tables with multiple elements in cell
- web/admin: fix empty request being sent due to multiple forms in duo import modal
2022-12-27 13:00:33 +00:00
- web/admin: improve i18n for documentation link in outpost form
2022-12-21 20:58:50 +00:00
- web/admin: improve UI for removing users from groups and groups from users
2022-12-28 11:51:39 +00:00
- web/admin: improve user/group UX for adding/removing users to and from groups
2022-12-27 13:00:33 +00:00
- web/admin: more consistent label usage, use compact labels
2022-12-21 20:58:50 +00:00
- web/admin: rework markdown, correctly render Admonitions, fix links
- web/admin: show bound policies order first to match stages
2022-12-27 13:00:33 +00:00
- web/admin: show policy binding form when creating policy in bound list
- web/admin: show stage binding form when creating stage in bound list
- web/elements: fix alignment for checkboxes in table
- web/elements: fix alignment with checkbox in table
- web/elements: fix log level for diagram
- web/elements: fix table select-all checkbox being checked with no elements
2022-12-28 11:51:39 +00:00
- web/elements: fix wizard form page changing state before being active
2022-12-27 13:00:33 +00:00
- web/elements: unselect top checkbox in table when not all elements are selected
- web/flows: fix display for long redirect URLs
2022-12-21 20:58:50 +00:00
- web/flows: improve error messages for failed duo push
2022-12-27 13:00:33 +00:00
- web/flows: update flow background
- web/user: fix styling for clear all button in notification drawer
2022-12-21 20:58:50 +00:00
2022-12-29 22:59:05 +00:00
## Fixed in 2022.12.1
- api: add filter backend for secret key to allow access to tenants and certificates
- blueprints: fix error when entry with state absent doesn't exist
- blueprints: Resolve yamltags in state and model attributes (#4299)
- outposts: include hostname in outpost heartbeat
- outposts/ldap: only use common cert if cert is configured
- outposts/ldap: use configured certificate for LDAPS when all providers' certificates are identical
- web/admin: migrate selection to ak-search-select
- web/admin: rework outpost health
- web/elements: add grouping and descriptions to search select
- web/elements: make ak-search-select limited in height and scroll
- web/elements: render ak-seach-select dropdown correctly in modals
- web/user: fix user settings stuck loading
2023-01-04 09:15:15 +00:00
## Fixed in 2022.12.2
- admin: use matching environment for system API
- crypto: fix type for has_key
- providers/oauth2: fix null amr value not being removed from id_token
- providers/saml: don't error if no request in API serializer context
- stages/captcha: fix captcha not loading correctly, add tests
- stages/dummy: add toggle to throw error for debugging
- stages/email: make template tests less flaky
- stages/email: use pending user correctly
- stages/prompt: use stage.get_pending_user() to fallback to the correct user
- web: add check compile test to prevent compile errors/warnings
- web: ensure locales are built for tsc check
- web: update tsconfig strictness
- web/admin: add Radio control, search-select fixes (#4333)
- web/admin: fix error in outpost form dropdown
- web/admin: fix error when creating SAML Provider from metadata
- web/elements: correctly display selected empty option when blankable is enabled
- web/elements: fix dropdown menu closing before selecting item sometimes
- web/elements: fix selection of blank elements in search-select, fix issue when re-opening dropdown
- web/elements: tabs: only find pages for directly related slots
- web/elements: trigger search select data update on connected callback
- web/flows: add close button to flow inspector
- web/flows: fix alternate captchas not loading
- web/flows: rework error display, always use ak-stage-flow-error instead of shell
2023-03-02 19:27:51 +00:00
## Fixed in 2022.12.3
- \*: fix [CVE-2023-26481 ](../security/CVE-2023-26481 ), Reported by [@fuomag9 ](https://github.com/fuomag9 )
2022-12-20 21:09:30 +00:00
## API Changes
#### What's Changed
---
2023-11-21 14:08:08 +00:00
##### `GET` /stages/captcha/{stage_uuid}/
2022-12-20 21:09:30 +00:00
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
2023-11-21 14:08:08 +00:00
##### `PUT` /stages/captcha/{stage_uuid}/
2022-12-20 21:09:30 +00:00
###### Request:
Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
- Changed property `private_key` (string)
> Private key, acquired your captcha Provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
2023-11-21 14:08:08 +00:00
##### `PATCH` /stages/captcha/{stage_uuid}/
2022-12-20 21:09:30 +00:00
###### Request:
Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
- Changed property `private_key` (string)
> Private key, acquired your captcha Provider.
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
2023-11-21 14:08:08 +00:00
##### `GET` /flows/executor/{flow_slug}/
2022-12-20 21:09:30 +00:00
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Updated `ak-stage-captcha` component:
New required properties:
- `js_url`
* Added property `js_url` (string)
2023-11-21 14:08:08 +00:00
##### `POST` /flows/executor/{flow_slug}/
2022-12-20 21:09:30 +00:00
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
Updated `ak-stage-captcha` component:
New required properties:
- `js_url`
* Added property `js_url` (string)
##### `POST` /stages/captcha/
###### Request:
Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
- Changed property `private_key` (string)
> Private key, acquired your captcha Provider.
###### Return Type:
Changed response : **201 Created**
- Changed content type : `application/json`
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.
##### `GET` /stages/captcha/
###### Return Type:
Changed response : **200 OK**
- Changed content type : `application/json`
- Changed property `results` (array)
Changed items (object): > CaptchaStage Serializer
- Added property `js_url` (string)
- Added property `api_url` (string)
- Changed property `public_key` (string)
> Public key, acquired your captcha Provider.