This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/releases/v2021.9.md
Jens L 13e2eea72f
web/user: new end-user interface (#1404)
* web/user: migrate to top navbar

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: prepare config from server

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* re-sort

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove old interface

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update issue template

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use notification badge

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: re-add go-to-admin button

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: fix remaining redirects directly to admin

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* make settings better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* api: ensure sources and stages are sorted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* web/user: add sessions and consent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* providers/oauth2: add post wrapper to stage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* website/docs: add new interface to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 22:17:05 +02:00

91 lines
4 KiB
Markdown

---
title: Release 2021.9
slug: "2021.9"
---
## Headline Changes
- Split user interface
This release splits the administration interface from the end-user interface. This makes things clearer for end-users, as all their options are layed out more clearly.
Additionally, the new end-user interface will be more customisable than the admin interface, allowing Administrators to configure what their users can see.
The admin interface remains the same, and familiar buttons will redirect you between interfaces.
- New proxy
The proxy outpost has been rewritten from scratch. This replaces the old proxy, which was based on oauth2_proxy. The new proxy allows us a much greater degree of flexibility, is much lighter and reports errors better.
When using a managed outpost, authentik will automatically upgrade to the new proxy outpost. The embedded outpost also uses the new proxy.
authentik also now deploys ServiceMonitor CRDs in your Kubernetes cluster (when possibly), to record the metrics of the outposts.
If you're using a manually deployed outpost, keep in mind that the ports change to 9000 and 9443 instead of 4180 and 4443
- New metrics
This version introduces new and simplified Prometheus metrics. There is a new common monitoring port across the server and all outposts, 9300. This port requires no authentication, making it easier to configure.
For the core application, this endpoint contains metrics for both authentik and the inbuilt outpost.
## Minor changes
- *: use common user agent for all outgoing requests
- admin: migrate to new update check, add option to disable update check
- api: add additional filters for ldap and proxy providers
- core: optimise groups api by removing member superuser status
- core: remove ?v from static files
- events: add mark_all_seen
- events: allow setting a mapping for webhook transport to customise request payloads
- internal: fix font loading errors on safari
- lifecycle: fix worker startup error when docker socket's group is not called docker
- outpost: fix spans being sent without parent context
- outpost: update global outpost config on refresh
- outposts: add expected outpost replica count to metrics
- outposts/controllers: re-create service when mismatched ports to prevent errors
- outposts/controllers/kubernetes: don't create service monitor for embedded outpost
- outposts/ldap: improve logging of client IPs
- policies/password: fix symbols not being checked correctly
- root: include authentik version in backup naming
- root: show location header in logs when redirecting
- sources/oauth: prevent potentially confidential data from being logged
- stages/authenticator_duo: add API to "import" devices from duo
- stages/identification: fix empty user_fields query returning first user
- tenants: optimise db queries in middleware
- web: allow duplicate messages
- web: ignore network error
- web/admin: fix notification clear all not triggering render
- web/admin: fix user selection in token form
- web/admin: increase default expiry for refresh tokens
- web/admin: show applications instead of providers in outpost form
- web/flows: fix display error when using IdentificationStage without input fields
## Fixed in 2021.9.1-rc2
- core: fix token expiry for service accounts being only 30 minutes
- outposts: add consistent name and type to metrics
- outposts/proxy: remove deprecated rs256
- policies: improve error handling when using bindings without policy
- providers/saml: improved error handling
- stages/email: don't crash when testing stage does not exist
- web: update background image
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the docker-compose file for 2021.9 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes
Update your values to use the new images:
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2021.9.1
```