Release 2024.2.0-rc1

See https://goauthentik.io/docs/releases/2024.2

What's Changed

• web: bump API Client version by @authentik-automation in #7365
• web: bump @rollup/plugin-replace from 5.0.4 to 5.0.5 in /web by @dependabot in #7380
• web: bump ts-lit-plugin from 2.0.0 to 2.0.1 in /web by @dependabot in #7379
• core: bump goauthentik.io/api/v3 from 3.2023101.1 to 3.2023102.1 by @dependabot in #7378
• web: bump the storybook group in /web with 5 updates by @dependabot in #7382
• website/integrations: add SonarQube by @senare in #7167
• web: bump rollup from 4.1.4 to 4.1.5 in /web by @dependabot in #7370
• web/admin: fix html error on oauth2 provider page by @kensternberg-authentik in #7384
• stages/email: fix duplicate querystring encoding by @BeryJu in #7386
• web: bump core-js from 3.33.1 to 3.33.2 in /web by @dependabot in #7390
• web: bump the eslint group in /web with 2 updates by @dependabot in #7389
• web: bump the sentry group in /web with 2 updates by @dependabot in #7366
• web: bump the eslint group in /tests/wdio with 2 updates by @dependabot in #7388
• core: bump pytest-django from 4.5.2 to 4.6.0 by @dependabot in #7387
• web: bump rollup from 4.1.5 to 4.2.0 in /web by @dependabot in #7403
• web: bump pyright from 1.1.333 to 1.1.334 in /web by @dependabot in #7402
• web: bump the sentry group in /web with 2 updates by @dependabot in #7401
• core: bump twisted from 23.8.0 to 23.10.0 by @dependabot in #7398
• core: bump github.com/redis/go-redis/v9 from 9.2.1 to 9.3.0 by @dependabot in #7396
• core: bump webauthn from 1.11.0 to 1.11.1 by @dependabot in #7399
• core: bump sentry-sdk from 1.32.0 to 1.33.1 by @dependabot in #7397
• website/integrations: argocd: add missing url in ArgoCD configuration by @gc4g40u6 in #7404
• root: Improve multi arch Docker image build speed by @PKizzle in #7355
• web: bump the eslint group in /tests/wdio with 1 update by @dependabot in #7415
• web: bump the eslint group in /web with 1 update by @dependabot in #7414
• core: bump django from 4.2.6 to 4.2.7 by @dependabot in #7413
• core: bump selenium from 4.14.0 to 4.15.0 by @dependabot in #7411
• website: bump react-tooltip from 5.21.6 to 5.22.0 in /website by @dependabot in #7412
• translate: Updates for file web/xliff/en.xlf in fr by @transifex-integration in #7416
• website/blog: draft for happy bday blog by @tanberry in #7408
• providers/oauth2: set auth_via for token and other endpoints by @BeryJu in #7417
• web: bump the wdio group in /tests/wdio with 4 updates by @dependabot in #7423
• core: bump sentry-sdk from 1.33.1 to 1.34.0 by @dependabot in #7421
• web: bump yaml from 2.3.3 to 2.3.4 in /web by @dependabot in #7420
• core: bump selenium from 4.15.0 to 4.15.1 by @dependabot in #7422
• ci: explicitly give write permissions to packages by @BeryJu in #7428
• providers/proxy: fix closed redis client by @BeryJu in #7385
• web: bump the eslint group in /tests/wdio with 2 updates by @dependabot in #7452
• core: bump ruff from 0.1.3 to 0.1.4 by @dependabot in #7451
• core: bump selenium from 4.15.1 to 4.15.2 by @dependabot in #7449
• core: bump uvicorn from 0.23.2 to 0.24.0 by @dependabot in #7450
• web: bump the eslint group in /web with 2 updates by @dependabot in #7447
• web: bump rollup from 4.2.0 to 4.3.0 in /web by @dependabot in #7448
• core: bump github.com/gorilla/handlers from 1.5.1 to 1.5.2 by @dependabot in #7444
• core: bump github.com/gorilla/securecookie from 1.1.1 to 1.1.2 by @dependabot in #7440
• core: bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #7441
• core: bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 by @dependabot in #7445
• core: bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #7442
• core: bump github.com/gorilla/mux from 1.8.0 to 1.8.1 by @dependabot in #7443
• core: bump github.com/gorilla/sessions from 1.2.1 to 1.2.2 by @dependabot in #7446
• web/admin: fix chart label on dashboard user page by @macmoritz in #7434
• website: bump the docusaurus group in /website with 3 updates by @dependabot in #7400
• sources/oauth: fix patreon by @BeryJu in #7454
• web/flows: attempt to fix bitwareden android compatibility by @BeryJu in #7455
• web: bump @lit-labs/context from 0.4.1 to 0.5.1 in /web by @dependabot in #7368
• web: bump @lit/localize-tools from 0.7.0 to 0.7.1 in /web by @dependabot in #7369
• translate: Updates for file web/xliff/en.xlf in zh_CN by @transifex-integration in #7458
• translate: Updates for file web/xliff/en.xlf in zh-Hans by @transifex-integration in #7459
• translate: Updates for file web/xliff/en.xlf in fr by @transifex-integration in #7461
• web: bump mermaid from 10.6.0 to 10.6.1 in /web by @dependabot in #7475
• web: bump @types/codemirror from 5.60.12 to 5.60.13 in /web by @dependabot in #7471
• web: bump the eslint group in /tests/wdio with 2 updates by @dependabot in #7467
• web: bump the storybook group in /web with 5 updates by @dependabot in #7468
• core: bump uvicorn from 0.24.0 to 0.24.0.post1 by @dependabot in #7472
• web: bump the eslint group in /web with 2 updates by @dependabot in #7469
• website/integrations: add FreshRSS by @foux in #7301
• web: bump @types/chart.js from 2.9.39 to 2.9.40 in /web by @dependabot in #7470
• web: rollback dependabot context by @kensternberg-authentik in #7479
• Web: bugfix: broken backchannel selector by @kensternberg-authentik in #7480
• web: bump @formatjs/intl-listformat from 7.5.0 to 7.5.1 in /web by @dependabot in #7473
• website: bump @types/react from 18.2.36 to 18.2.37 in /website by @dependabot in #7487
• web: bump @types/grecaptcha from 3.0.6 to 3.0.7 in /web by @dependabot in #7485
• web: bump pyright from 1.1.334 to 1.1.335 in /web by @dependabot in #7484
• core: bump golang from 1.21.3-bookworm to 1.21.4-bookworm by @dependabot in #7483
• website/docs: Fix a small grammar issue by @agt-ru in #7490
• events: fix gdpr compliance always running by @rissson in #7491
• website: update comparison by @BeryJu in #7493
• website/docs: fix anchor link by @agt-ru in #7492
• website/docs: update release notes for 2023.10.3 by @rissson in #7506
• core: fix worker beat toggle inverted by @BeryJu in #7508
• website/docs: update release notes for 2023.10.3 by @rissson in #7510
• ci: fix permissions for release pipeline to publish binaries by ...

Release 2023.8.7

See https://goauthentik.io/docs/releases/2023.8#fixed-in-202387

What's Changed

• security: fix CVE-2024-23647 (cherry-pick #8345) by @gcp-cherry-pick-bot in #8346

Full Changelog: version/2023.8.6...version/2023.8.7

Release 2023.10.7

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023107

What's Changed

• sources/oauth: revert azure_ad profile URL change (cherry-pick #8139) by @gcp-cherry-pick-bot in #8141
• web/flows: fix icon for generic oauth source with dark theme (cherry-pick #8148) by @gcp-cherry-pick-bot in #8151
• sources/oauth: fix azure_ad user_id and add test and fallback (cherry-pick #8146) by @gcp-cherry-pick-bot in #8152
• sources/oauth: fix URLs being overwritten by OIDC urls (cherry-pick #8147) by @gcp-cherry-pick-bot in #8156
• rbac: fix invitations listing with restricted permissions (cherry-pick #8227) by @gcp-cherry-pick-bot in #8229
• stages/authenticator_validate: use friendly_name for stage selector when enrolling (cherry-pick #8255) by @gcp-cherry-pick-bot in #8256
• security: fix CVE-2024-23647 (cherry-pick #8345) by @gcp-cherry-pick-bot in #8347

Full Changelog: version/2023.10.6...version/2023.10.7

Release 2023.8.6

See https://goauthentik.io/docs/releases/2023.8#fixed-in-202386

What's Changed

• providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) by @gcp-cherry-pick-bot in #8106

Full Changelog: version/2023.8.5...version/2023.8.6

Release 2023.10.6

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023106

What's Changed

• providers/oauth2: remember session_id from initial token (cherry-pick #7976) by @gcp-cherry-pick-bot in #7977
• outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014) by @gcp-cherry-pick-bot in #8020
• providers/proxy: use access token (cherry-pick #8022) by @gcp-cherry-pick-bot in #8023
• outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) by @gcp-cherry-pick-bot in #8024
• rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068) by @gcp-cherry-pick-bot in #8070
• web/flows: fix device picker incorrect foreground color (cherry-pick #8067) by @gcp-cherry-pick-bot in #8069
• providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) by @gcp-cherry-pick-bot in #8105

Full Changelog: version/2023.10.5...version/2023.10.6

Release 2023.10.5

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023105

What's Changed

• tests: fix flaky tests (cherry-pick #7676) by @gcp-cherry-pick-bot in #7939
• providers/scim: change familyName default (cherry-pick #7904) by @gcp-cherry-pick-bot in #7930
• web: fix overflow glitch on ak-page-header (cherry-pick #7883) by @gcp-cherry-pick-bot in #7931
• root: Fix cache related image build issues (cherry-pick #7831) by @gcp-cherry-pick-bot in #7932
• web/user: fix search not updating app (cherry-pick #7825) by @gcp-cherry-pick-bot in #7933
• blueprints: improve file change handler (cherry-pick #7813) by @gcp-cherry-pick-bot in #7934
• root: don't show warning when app has no URLs to import (cherry-pick #7765) by @gcp-cherry-pick-bot in #7935
• stages/email: improve error handling for incorrect template syntax (cherry-pick #7758) by @gcp-cherry-pick-bot in #7936
• events: include user agent in events (cherry-pick #7693) by @gcp-cherry-pick-bot in #7938
• events: add better fallback for sanitize_item to ensure everything can be saved as JSON (cherry-pick #7694) by @gcp-cherry-pick-bot in #7937

Full Changelog: version/2023.10.4...version/2023.10.5

Release 2023.8.5

See https://goauthentik.io/docs/releases/2023.8#fixed-in-202385

What's Changed

• security: fix CVE-2023-48228 (cherry-pick #7666) by @gcp-cherry-pick-bot in #7669

Full Changelog: version/2023.8.4...version/2023.8.5

Release 2023.10.4

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023104

What's Changed

• providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541) by @gcp-cherry-pick-bot in #7544
• stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) by @gcp-cherry-pick-bot in #7584
• events: sanitize functions (cherry-pick #7587) by @gcp-cherry-pick-bot in #7589
• providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477) by @gcp-cherry-pick-bot in #7596
• events: fix missing model_* events when not directly authenticated (cherry-pick #7588) by @gcp-cherry-pick-bot in #7597
• ci: fix permissions for release pipeline to publish binaries (cherry-pick #7512) by @gcp-cherry-pick-bot in #7621
• core: bump golang from 1.21.3-bookworm to 1.21.4-bookworm (cherry-pick #7483) by @gcp-cherry-pick-bot in #7622
• events: don't update internal service accounts unless needed (cherry-pick #7611) by @gcp-cherry-pick-bot in #7640
• security: fix CVE-2023-48228 (cherry-pick #7666) by @gcp-cherry-pick-bot in #7668

Full Changelog: version/2023.10.3...version/2023.10.4

Release 2023.10.3

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023103

Note: for this specific release, we will not be publishing binary versions of the outposts due to a CI/CD issue. No changes affect those outposts, you can still run 2023.10.2.

What's Changed

• root: Improve multi arch Docker image build speed (cherry-pick #7355) by @gcp-cherry-pick-bot in #7426
• providers/oauth2: set auth_via for token and other endpoints (cherry-pick #7417) by @gcp-cherry-pick-bot in #7427
• stages/email: fix duplicate querystring encoding (cherry-pick #7386) by @gcp-cherry-pick-bot in #7425
• web/admin: fix html error on oauth2 provider page (cherry-pick #7384) by @gcp-cherry-pick-bot in #7424
• ci: explicitly give write permissions to packages (cherry-pick #7428) by @gcp-cherry-pick-bot in #7430
• providers/proxy: fix closed redis client (cherry-pick #7385) by @gcp-cherry-pick-bot in #7429
• sources/oauth: fix patreon (cherry-pick #7454) by @gcp-cherry-pick-bot in #7456
• web/flows: attempt to fix bitwareden android compatibility (cherry-pick #7455) by @gcp-cherry-pick-bot in #7457
• events: fix gdpr compliance always running (cherry-pick #7491) by @gcp-cherry-pick-bot in #7505
• Web: bugfix: broken backchannel selector (cherry-pick #7480) by @gcp-cherry-pick-bot in #7507
• core: fix worker beat toggle inverted (cherry-pick #7508) by @gcp-cherry-pick-bot in #7509

Full Changelog: version/2023.10.2...version/2023.10.3

Release 2023.8.4

See https://goauthentik.io/docs/releases/2023.8#fixed-in-202384

What's Changed

• providers/saml: set WantAuthnRequestsSigned in metadata (cherry-pick #6851) by @gcp-cherry-pick-bot in #6880
• sources/ldap: fix inverted interpretation of FreeIPA nsaccountlock (cherry-pick #6877) by @gcp-cherry-pick-bot in #6879

New Contributors

• @gcp-cherry-pick-bot made their first contribution in #6880

Full Changelog: version/2023.8.3...version/2023.8.4