authentik/website/docs/releases/v2022.1.md

3.3 KiB

title slug
Release 2022.1 2022.1

Breaking changes

This release mostly removes legacy fields and features that have been deprecated for several releases.

  • LDAP Outposts:

    This release removes the accountStatus and superuser fields. Use the direct replacements goauthentik.io/ldap/active and goauthentik.io/ldap/superuser.

  • Proxy Outposts:

    This release consolidates headers sent by authentik to have a common prefix.

    The following headers have been removed:

    • X-Auth-Username, use X-authentik-username
    • X-Auth-Groups, use X-authentik-groups
    • X-Forwarded-Email, use X-authentik-email
    • X-Forwarded-Preferred-Username, use X-authentik-username
    • X-Forwarded-User, use X-authentik-uid
  • API:

    The deprecated /api/v2beta/ Endpoint is removed. Use /api/v3/.

  • Backup:

    The integrated backup has been deprecated for the following reasons:

    • Difficulty with restores not working properly
    • Inflexible configuration (fixed retention, limited to once a day, only S3 supported)
    • Most users will already have an existing backup infrastructure

Minor changes/fixes

  • core: dont return 404 when trying to view key of expired token
  • crypto: fully parse certificate on validation in serializer to prevent invalid certificates from being saved
  • flows: handle error if flow title contains invalid format string
  • internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
  • internal: use math.MaxInt for compatibility
  • lifecycle: add early check for missing/invalid secret key
  • outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
  • outposts/proxyv2: fix before-redirect url not being saved in proxy mode
  • outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
  • providers/oauth2: change default redirect uri behaviour; set first used url when blank and use star for wildcard
  • root: allow customisation of ports in compose without override
  • root: decrease to 10 backup history
  • root: fix backups running every minute instead of once
  • stages/authenticator_webauthn: make more WebAuthn options configurable
  • web: add polyfill for Intl.ListFormat
  • web: directly read csrf token before injecting into request
  • web: fix double plural in label
  • web/admin: also set embedded outpost host when it doesn't include scheme
  • web/admin: fix missing configure flow setting on webuahtn setup stage form
  • web/flows: remove node directly instead of using removeChild()

Fixed in 2022.1.2

  • internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
  • lib: disable backup by default, add note to configuration
  • lifecycle: replace lowercase, deprecated prometheus_multiproc_dir
  • outposts: allow custom label for docker containers
  • policies/hibp: ensure password is encodable
  • providers/proxy: add PathPrefix to auto-traefik labels
  • root: upgrade python dependencies

Upgrading

This release does not introduce any new requirements.

docker-compose

Download the docker-compose file for 2022.1 from here. Afterwards, simply run docker-compose up -d.

Kubernetes

Update your values to use the new images:

image:
  repository: ghcr.io/goauthentik/server
  tag: 2022.1.1-rc1