Release 2024.12.1

See https://docs.goauthentik.io/docs/releases/2024.12#fixed-in-2024121

What's Changed

• website/docs: add new section about impersonation (cherry-pick #12328) by @gcp-cherry-pick-bot in #12424
• website/docs: add content about bindings (cherry-pick #11787) by @gcp-cherry-pick-bot in #12428
• internal: fix URL generation for websocket connection (cherry-pick #12439) by @gcp-cherry-pick-bot in #12440

Full Changelog: version/2024.12.0...version/2024.12.1

Release 2024.12.0

See https://docs.goauthentik.io/docs/releases/2024.12

What's Changed

• translate: Updates for file web/xliff/en.xlf in zh-Hans (cherry-pick #12401) by @gcp-cherry-pick-bot in #12410
• translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (cherry-pick #12400) by @gcp-cherry-pick-bot in #12409
• translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (cherry-pick #12399) by @gcp-cherry-pick-bot in #12408
• translate: Updates for file web/xliff/en.xlf in zh_CN (cherry-pick #12402) by @gcp-cherry-pick-bot in #12411
• events: notification_cleanup: avoid unnecessary loop (cherry-pick #12417) by @gcp-cherry-pick-bot in #12418
• root: expose CONN_MAX_AGE, CONN_HEALTH_CHECKS and DISABLE_SERVER_SIDE_CURSORS for PostgreSQL config (cherry-pick #10159) by @gcp-cherry-pick-bot in #12419
• website/docs: prepare for 2024.12.0 (cherry-pick #12420) by @gcp-cherry-pick-bot in #12422

Full Changelog: version/2024.12.0-rc1...version/2024.12.0

Release 2024.12.0-rc1

See https://docs.goauthentik.io/docs/releases/2024.12

What's Changed

• admin: system api: fix FIPS status schema by @rissson in #10110
• website/docs: Specify Synology DSM Account type to use by @jannickfahlbusch in #10111
• web: bump API Client version by @authentik-automation in #10113
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10109
• website/docs: add more info about multiple replicas by @tanberry in #10117
• policies/reputation: fix existing reputation update by @rissson in #10124
• stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs by @authentik-automation in #10119
• translate: Updates for file web/xliff/en.xlf in zh_CN by @transifex-integration in #10120
• translate: Updates for file web/xliff/en.xlf in zh-Hans by @transifex-integration in #10121
• core, web: update translations by @authentik-automation in #10118
• core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 by @dependabot in #10134
• core: bump ruff from 0.4.8 to 0.4.9 by @dependabot in #10128
• core, web: update translations by @authentik-automation in #10127
• core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #10133
• web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio by @dependabot in #10136
• core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 by @dependabot in #10135
• web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web by @dependabot in #10132
• website: bump react-tooltip from 5.26.4 to 5.27.0 in /website by @dependabot in #10129
• web: fix early modal stack depletion by @kensternberg-authentik in #10068
• website/integations/services: Slack integration docs by @tanberry in #9933
• core: include version in built JS files by @BeryJu in #9558
• web: fix needed because recent upgrade to task breaks spinner button by @kensternberg-authentik in #10142
• web: bump ws from 8.16.0 to 8.17.1 in /web by @dependabot in #10149
• web: bump the storybook group in /web with 7 updates by @dependabot in #10147
• ci: bump docker/build-push-action from 5 to 6 by @dependabot in #10144
• core: bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #10143
• root: use custom model serializer that saves m2m without bulk by @BeryJu in #10139
• root: makefile: add codespell to make website by @rissson in #10116
• web: fix docker build for non-release versions by @rissson in #10154
• website/integrations: gitlab: better service description by @4d62 in #9923
• website/docs: Describe where to apply the auto setup env vars by @m1212e in #9863
• website/integrations: jellyfin: add OIDC configuration by @Redlonghead in #9538
• web: bump the wdio group in /tests/wdio with 4 updates by @dependabot in #10160
• web: bump chromedriver from 126.0.1 to 126.0.2 in /tests/wdio by @dependabot in #10161
• core: bump twilio from 9.1.1 to 9.2.0 by @dependabot in #10162
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10167
• website/docs: 2024.6 release notes: add note about group names by @rissson in #10170
• core: fix error when raising SkipObject in mapping by @BeryJu in #10153
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10174
• website/docs: update template reference by @emmanuel-ferdman in #10166
• web: bump @sentry/browser from 8.9.2 to 8.10.0 in /web in the sentry group by @dependabot in #10185
• core: bump google-api-python-client from 2.133.0 to 2.134.0 by @dependabot in #10183
• web: bump glob from 10.4.1 to 10.4.2 in /web by @dependabot in #10163
• core: rework base for SkipObject exception to better support control flow exceptions by @BeryJu in #10186
• website/docs: Remove hyphen in read replica in Release Notes by @tanberry in #10178
• website/docs: Fix nginx proxy_pass directive documentation by @fotinakis in #10181
• core: bump selenium from 4.21.0 to 4.22.0 by @dependabot in #10194
• core: bump ruff from 0.4.9 to 0.4.10 by @dependabot in #10193
• web: bump typescript from 5.4.5 to 5.5.2 in /tests/wdio by @dependabot in #10192
• web: bump typescript from 5.4.5 to 5.5.2 in /web by @dependabot in #10191
• website: bump typescript from 5.4.5 to 5.5.2 in /website by @dependabot in #10190
• web: bump @sentry/browser from 8.10.0 to 8.11.0 in /web in the sentry group by @dependabot in #10204
• web: bump chromedriver from 126.0.2 to 126.0.3 in /tests/wdio by @dependabot in #10203
• core: bump twilio from 9.2.0 to 9.2.1 by @dependabot in #10202
• core: bump coverage from 7.5.3 to 7.5.4 by @dependabot in #10201
• web/flows: update flow background by @BeryJu in #10206
• website/docs: fix #9552 openssl rand base64 line wrap by @jogerj in #10211
• website/integrations: fix typo in documentation for OIDC setup with Paperless-ngx by @rwh85 in #10218
• security: fix CVE-2024-38371 by @BeryJu in #10229
• security: fix CVE-2024-37905 by @BeryJu in #10230
• core: bump debugpy from 1.8.1 to 1.8.2 by @dependabot in #10225
• web: bump @sentry/browser from 8.11.0 to 8.12.0 in /web in the sentry group by @dependabot in #10226
• core: bump webauthn from 2.1.0 to 2.2.0 by @dependabot in #10224
• web: bump chromedriver from 126.0.3 to 126.0.4 in /tests/wdio by @dependabot in #10223
• core: bump pdoc from 14.5.0 to 14.5.1 by @dependabot in #10221
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10228
• website/docs: update 2024.2 release notes with security fixes by @rissson in #10232
• website/docs: update 2024.4 release notes with latest changes by @rissson in #10231
• website/docs: update 2024.6 release notes with latest changes (cherry-pick #10228) by @gcp-cherry-pick-bot in #10243
• website/docs: remove RC disclaimer from 2024.6 release notes by @rissson in #10245
• website/docs: remove RC disclaimer from 2024.6 release notes (cherry-pick #10245) by @gcp-cherry-pick-bot in #10246
• security: update supported versions by @rissson in #10247
• security: update supported versions (cherry-pick #10247) by @gcp-cherry-pick-bot in #10248
• website/docs: update geoip and asn example to use the proper syntax by @rissson in #10249
• website/docs: update the Welcome page by @tanberry in #10222
• website/docs: update geoip and asn example to use the proper syntax (cherry-pick #10249) by @gcp-cherry-pick-bot in #10250
• web: bump API Client version by @authentik-automation in #10252
• web/flows: remove continue button from AutoSubmit stage by @BeryJu in #10253
• w...

Release 2024.10.5

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024105

What's Changed

• root: fix database ssl options not set correctly (cherry-pick #12180) by @gcp-cherry-pick-bot in #12183
• web: backport fix impersonate api by @BeryJu in #12184
• web/flows: resize captcha iframes (cherry-pick #12260) by @gcp-cherry-pick-bot in #12304
• stages/identification: fix invalid challenge warning when no captcha stage is set (cherry-pick #12312) by @gcp-cherry-pick-bot in #12314
• enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (cherry-pick #12311) by @gcp-cherry-pick-bot in #12315
• flows: better test stage's challenge responses (cherry-pick #12316) by @gcp-cherry-pick-bot in #12317

Full Changelog: version/2024.10.4...version/2024.10.5

Release 2024.8.6

See https://docs.goauthentik.io/docs/releases/2024.8#fixed-in-202486

What's Changed

• providers/proxy: fix redirect_uri (cherry-pick #12121) by @gcp-cherry-pick-bot in #12126
• providers/oauth2: fix redirect uri input (cherry-pick #12122) by @gcp-cherry-pick-bot in #12128
• web: bump API Client version (cherry-pick #12129) by @gcp-cherry-pick-bot in #12131
• providers/oauth2: fix migration (cherry-pick #12138) by @gcp-cherry-pick-bot in #12140

Full Changelog: version/2024.8.5...version/2024.8.6

Release 2024.8.5

See https://docs.goauthentik.io/docs/releases/2024.8#fixed-in-202485

Note that this security release includes backwards incompatible database changes; see https://docs.goauthentik.io/docs/security/cves/CVE-2024-52289#patches

Full Changelog: version/2024.8.4...version/2024.8.5

Release 2024.10.4

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024104

What's Changed

• providers/proxy: fix redirect_uri (cherry-pick #12121) by @gcp-cherry-pick-bot in #12125
• providers/oauth2: fix redirect uri input (cherry-pick #12122) by @gcp-cherry-pick-bot in #12127
• web: bump API Client version (cherry-pick #12129) by @gcp-cherry-pick-bot in #12130
• providers/oauth2: fix migration dependencies (cherry-pick #12123) by @gcp-cherry-pick-bot in #12132
• providers/oauth2: fix migration (cherry-pick #12138) by @gcp-cherry-pick-bot in #12139

Full Changelog: version/2024.10.3...version/2024.10.4

Release 2024.10.3

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024103

Note that this security release includes backwards incompatible database changes; see https://docs.goauthentik.io/docs/security/cves/CVE-2024-52289#patches

What's Changed

• providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) by @gcp-cherry-pick-bot in #12030
• rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) by @gcp-cherry-pick-bot in #12043
• web/flows: fix invisible captcha call (cherry-pick #12048) by @gcp-cherry-pick-bot in #12049
• core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (cherry-pick #12080) by @gcp-cherry-pick-bot in #12081
• providers/scim: accept string and int for SCIM IDs (cherry-pick #12093) by @gcp-cherry-pick-bot in #12095
• root: fix activation of locale not being scoped (cherry-pick #12091) by @gcp-cherry-pick-bot in #12096
• root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094) by @gcp-cherry-pick-bot in #12097
• website/docs: group CVEs by year (cherry-pick #12099) by @gcp-cherry-pick-bot in #12100
• internal: add CSP header to files in /media (cherry-pick #12092) by @gcp-cherry-pick-bot in #12108
• website/docs: add CSP to hardening (cherry-pick #11970) by @gcp-cherry-pick-bot in #12116
• security: fix CVE 2024 52287 (cherry-pick #12114) by @gcp-cherry-pick-bot in #12117

Full Changelog: version/2024.10.2...version/2024.10.3

Release 2024.10.2

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024102

What's Changed

• website/docs: fix slug matching redirect URI causing broken refresh (cherry-pick #11950) by @gcp-cherry-pick-bot in #11954
• stages/password: use recovery flow from brand (cherry-pick #11953) by @gcp-cherry-pick-bot in #11969
• stages/captcha: Run interactive captcha in Frame (cherry-pick #11857) by @gcp-cherry-pick-bot in #11991
• blueprints: add default Password policy (cherry-pick #11793) by @gcp-cherry-pick-bot in #11993
• providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (cherry-pick #11968) by @gcp-cherry-pick-bot in #12005
• crypto: validate that generated certificate's name is unique (cherry-pick #12015) by @gcp-cherry-pick-bot in #12016
• providers/oauth2: fix manual device code entry (cherry-pick #12017) by @gcp-cherry-pick-bot in #12019
• core: use versioned_script for path only (cherry-pick #12003) by @gcp-cherry-pick-bot in #12023
• website/docs: 2024.10.2 release notes (cherry-pick #12025) by @gcp-cherry-pick-bot in #12026

Full Changelog: version/2024.10.1...version/2024.10.2

Release 2024.10.1

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024101

What's Changed

• website: update supported versions (cherry-pick #11841) by @gcp-cherry-pick-bot in #11872
• providers/oauth2: fix size limited index for tokens (cherry-pick #11879) by @gcp-cherry-pick-bot in #11905
• core: add None check to a device's extra_description (cherry-pick #11904) by @gcp-cherry-pick-bot in #11906
• enterprise/rac: fix API Schema for invalidation_flow (cherry-pick #11907) by @gcp-cherry-pick-bot in #11908
• website/docs: fix release notes to say Federation (cherry-pick #11889) by @gcp-cherry-pick-bot in #11923
• website: fix docs redirect (cherry-pick #11873) by @gcp-cherry-pick-bot in #11922
• website/docs: add info about invalidation flow, default flows in general (cherry-pick #11800) by @gcp-cherry-pick-bot in #11921
• website: remove RC disclaimer for version 2024.10 (cherry-pick #11871) by @gcp-cherry-pick-bot in #11920
• website/docs: 2024.10.1 Release Notes (cherry-pick #11926) by @gcp-cherry-pick-bot in #11928

Full Changelog: version/2024.10.0...version/2024.10.1