13e2eea72f
* web/user: migrate to top navbar Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: prepare config from server Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * re-sort Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove old interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update issue template Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use notification badge Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: re-add go-to-admin button Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * *: fix remaining redirects directly to admin Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * make settings better Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: ensure sources and stages are sorted Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add sessions and consent Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/oauth2: add post wrapper to stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * website/docs: add new interface to release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
91 lines
4 KiB
Markdown
91 lines
4 KiB
Markdown
---
|
|
title: Release 2021.9
|
|
slug: "2021.9"
|
|
---
|
|
|
|
## Headline Changes
|
|
|
|
- Split user interface
|
|
|
|
This release splits the administration interface from the end-user interface. This makes things clearer for end-users, as all their options are layed out more clearly.
|
|
|
|
Additionally, the new end-user interface will be more customisable than the admin interface, allowing Administrators to configure what their users can see.
|
|
|
|
The admin interface remains the same, and familiar buttons will redirect you between interfaces.
|
|
|
|
- New proxy
|
|
|
|
The proxy outpost has been rewritten from scratch. This replaces the old proxy, which was based on oauth2_proxy. The new proxy allows us a much greater degree of flexibility, is much lighter and reports errors better.
|
|
|
|
When using a managed outpost, authentik will automatically upgrade to the new proxy outpost. The embedded outpost also uses the new proxy.
|
|
|
|
authentik also now deploys ServiceMonitor CRDs in your Kubernetes cluster (when possibly), to record the metrics of the outposts.
|
|
|
|
If you're using a manually deployed outpost, keep in mind that the ports change to 9000 and 9443 instead of 4180 and 4443
|
|
|
|
- New metrics
|
|
|
|
This version introduces new and simplified Prometheus metrics. There is a new common monitoring port across the server and all outposts, 9300. This port requires no authentication, making it easier to configure.
|
|
|
|
For the core application, this endpoint contains metrics for both authentik and the inbuilt outpost.
|
|
|
|
## Minor changes
|
|
|
|
- *: use common user agent for all outgoing requests
|
|
- admin: migrate to new update check, add option to disable update check
|
|
- api: add additional filters for ldap and proxy providers
|
|
- core: optimise groups api by removing member superuser status
|
|
- core: remove ?v from static files
|
|
- events: add mark_all_seen
|
|
- events: allow setting a mapping for webhook transport to customise request payloads
|
|
- internal: fix font loading errors on safari
|
|
- lifecycle: fix worker startup error when docker socket's group is not called docker
|
|
- outpost: fix spans being sent without parent context
|
|
- outpost: update global outpost config on refresh
|
|
- outposts: add expected outpost replica count to metrics
|
|
- outposts/controllers: re-create service when mismatched ports to prevent errors
|
|
- outposts/controllers/kubernetes: don't create service monitor for embedded outpost
|
|
- outposts/ldap: improve logging of client IPs
|
|
- policies/password: fix symbols not being checked correctly
|
|
- root: include authentik version in backup naming
|
|
- root: show location header in logs when redirecting
|
|
- sources/oauth: prevent potentially confidential data from being logged
|
|
- stages/authenticator_duo: add API to "import" devices from duo
|
|
- stages/identification: fix empty user_fields query returning first user
|
|
- tenants: optimise db queries in middleware
|
|
- web: allow duplicate messages
|
|
- web: ignore network error
|
|
- web/admin: fix notification clear all not triggering render
|
|
- web/admin: fix user selection in token form
|
|
- web/admin: increase default expiry for refresh tokens
|
|
- web/admin: show applications instead of providers in outpost form
|
|
- web/flows: fix display error when using IdentificationStage without input fields
|
|
|
|
## Fixed in 2021.9.1-rc2
|
|
|
|
- core: fix token expiry for service accounts being only 30 minutes
|
|
- outposts: add consistent name and type to metrics
|
|
- outposts/proxy: remove deprecated rs256
|
|
- policies: improve error handling when using bindings without policy
|
|
- providers/saml: improved error handling
|
|
- stages/email: don't crash when testing stage does not exist
|
|
- web: update background image
|
|
|
|
## Upgrading
|
|
|
|
This release does not introduce any new requirements.
|
|
|
|
### docker-compose
|
|
|
|
Download the docker-compose file for 2021.9 from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.9/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
|
|
|
### Kubernetes
|
|
|
|
Update your values to use the new images:
|
|
|
|
```yaml
|
|
image:
|
|
repository: ghcr.io/goauthentik/server
|
|
tag: 2021.9.1
|
|
```
|