Release 2024.2.3

See https://docs.goauthentik.io/docs/releases/2024.2#fixed-in-202423

What's Changed

• enterprise: only check for valid license existing for creating Enterprise objects (cherry-pick #8813) by @gcp-cherry-pick-bot in #8822
• stages/email: Disable autoescape for text templates (cherry-pick #8812) by @gcp-cherry-pick-bot in #8824
• stages/email: fix issue when sending emails to users with same display as email (cherry-pick #8850) by @gcp-cherry-pick-bot in #8852
• tenants: really ensure default tenant cannot be deleted (cherry-pick #8875) by @gcp-cherry-pick-bot in #8876
• api: capabilities: properly set can_save_media when s3 is enabled (cherry-pick #8896) by @gcp-cherry-pick-bot in #8897
• enterprise/rac: fix connection token management (cherry-pick #8909) by @gcp-cherry-pick-bot in #8912
• stages/user_write: ensure user data is json-serializable (cherry-pick #8926) by @gcp-cherry-pick-bot in #8928
• events: discard notification if user has empty email (cherry-pick #8938) by @gcp-cherry-pick-bot in #8951
• website/docs: config: remove options moved to tenants (cherry-pick #8976) by @gcp-cherry-pick-bot in #8977
• lifecycle: migrate: ensure template schema exists before migrating (cherry-pick #8952) by @gcp-cherry-pick-bot in #9022

Full Changelog: version/2024.2.2...version/2024.2.3

Release 2024.2.2

See https://docs.goauthentik.io/docs/releases/2024.2#fixed-in-202422

What's Changed

• providers/oauth2: fix inconsistent sub value when setting via mapping (cherry-pick #8677) by @gcp-cherry-pick-bot in #8682
• core: fix blueprint export (cherry-pick #8695) by @gcp-cherry-pick-bot in #8696
• enterprise: fix read_only activating when no license is installed (cherry-pick #8697) by @gcp-cherry-pick-bot in #8698
• website/docs: s3: fix environment variables (cherry-pick #8722) by @gcp-cherry-pick-bot in #8726
• enterprise: force license usage update after change to license (cherry-pick #8723) by @gcp-cherry-pick-bot in #8725
• root: fix container build (cherry-pick #8727) by @gcp-cherry-pick-bot in #8728
• ci: fix missing DOCKER_USERNAME secret (cherry-pick #8730) by @gcp-cherry-pick-bot in #8733
• providers/oauth2: fix offline_access requests when prompt doesn't include consent (cherry-pick #8731) by @gcp-cherry-pick-bot in #8732
• website/docs: s3: fix migration docs (cherry-pick #8735) by @gcp-cherry-pick-bot in #8737
• stages/authenticator_webauthn: fix error when enrolling new device (cherry-pick #8738) by @gcp-cherry-pick-bot in #8740
• ci: fix missing output on composite action (cherry-pick #8741) by @gcp-cherry-pick-bot in #8742
• web/admin: don't mark property mappings as required anywhere (cherry-pick #8752) by @gcp-cherry-pick-bot in #8755
• web/admin: don't mark remaining property mappings as required (cherry-pick #8772) by @gcp-cherry-pick-bot in #8773
• root: ensure consistent install_id (cherry-pick #8775) by @gcp-cherry-pick-bot in #8776
• website/docs: installation: kubernetes: fix values (cherry-pick #8783) by @gcp-cherry-pick-bot in #8792
• providers/oauth2: fix validation ordering (cherry-pick #8793) by @gcp-cherry-pick-bot in #8795
• flows: fix mismatched redirect behaviour for invalid and valid flows (cherry-pick #8794) by @gcp-cherry-pick-bot in #8796

Full Changelog: version/2024.2.1...version/2024.2.2

Release 2024.2.1

See https://goauthentik.io/docs/releases/2024.2#fixed-in-202421

What's Changed

• stages/authenticator_validate: fix error with get_webauthn_challenge_without_user (cherry-pick #8625) by @gcp-cherry-pick-bot in #8626
• ci: fix missing tags from release (cherry-pick #8645) by @gcp-cherry-pick-bot in #8647
• events: sanitize args and kwargs saved in system tasks (cherry-pick #8644) by @gcp-cherry-pick-bot in #8648
• brands: fix context processor when request doesn't have a tenant (cherry-pick #8643) by @gcp-cherry-pick-bot in #8646

Full Changelog: version/2024.2.0...version/2024.2.1

Release 2024.2.0

See https://goauthentik.io/docs/releases/2024.2

What's Changed

• website/docs: kubernetes installation: update values (cherry-pick #8575) by @gcp-cherry-pick-bot in #8576
• rbac: fix permission decorator for global permissions (cherry-pick #8591) by @gcp-cherry-pick-bot in #8597
• web: spell customization with a Z (cherry-pick #8596) by @gcp-cherry-pick-bot in #8602
• web/flows: fix webauthn retry (cherry-pick #8599) by @gcp-cherry-pick-bot in #8603

Full Changelog: version/2024.2.0-rc2...version/2024.2.0

Release 2024.2.0-rc2

See https://goauthentik.io/docs/releases/2024.2

What's Changed

• ci: fix release sentry step (cherry-pick #8540) by @gcp-cherry-pick-bot in #8541
• web: change "delete" verb to "remove" for one-to-many relationships (cherry-pick #8535) by @gcp-cherry-pick-bot in #8537
• web/flows: improve authenticator styling (cherry-pick #8560) by @gcp-cherry-pick-bot in #8570
• ci: main: use correct previous version (cherry-pick #8539) by @gcp-cherry-pick-bot in #8572
• root: fix app settings load order (cherry-pick #8569) by @gcp-cherry-pick-bot in #8571

Full Changelog: version/2024.2.0-rc1...version/2024.2.0-rc2

Release 2024.2.0-rc1

See https://goauthentik.io/docs/releases/2024.2

What's Changed

• web: bump API Client version by @authentik-automation in #7365
• web: bump @rollup/plugin-replace from 5.0.4 to 5.0.5 in /web by @dependabot in #7380
• web: bump ts-lit-plugin from 2.0.0 to 2.0.1 in /web by @dependabot in #7379
• core: bump goauthentik.io/api/v3 from 3.2023101.1 to 3.2023102.1 by @dependabot in #7378
• web: bump the storybook group in /web with 5 updates by @dependabot in #7382
• website/integrations: add SonarQube by @senare in #7167
• web: bump rollup from 4.1.4 to 4.1.5 in /web by @dependabot in #7370
• web/admin: fix html error on oauth2 provider page by @kensternberg-authentik in #7384
• stages/email: fix duplicate querystring encoding by @BeryJu in #7386
• web: bump core-js from 3.33.1 to 3.33.2 in /web by @dependabot in #7390
• web: bump the eslint group in /web with 2 updates by @dependabot in #7389
• web: bump the sentry group in /web with 2 updates by @dependabot in #7366
• web: bump the eslint group in /tests/wdio with 2 updates by @dependabot in #7388
• core: bump pytest-django from 4.5.2 to 4.6.0 by @dependabot in #7387
• web: bump rollup from 4.1.5 to 4.2.0 in /web by @dependabot in #7403
• web: bump pyright from 1.1.333 to 1.1.334 in /web by @dependabot in #7402
• web: bump the sentry group in /web with 2 updates by @dependabot in #7401
• core: bump twisted from 23.8.0 to 23.10.0 by @dependabot in #7398
• core: bump github.com/redis/go-redis/v9 from 9.2.1 to 9.3.0 by @dependabot in #7396
• core: bump webauthn from 1.11.0 to 1.11.1 by @dependabot in #7399
• core: bump sentry-sdk from 1.32.0 to 1.33.1 by @dependabot in #7397
• website/integrations: argocd: add missing url in ArgoCD configuration by @gc4g40u6 in #7404
• root: Improve multi arch Docker image build speed by @PKizzle in #7355
• web: bump the eslint group in /tests/wdio with 1 update by @dependabot in #7415
• web: bump the eslint group in /web with 1 update by @dependabot in #7414
• core: bump django from 4.2.6 to 4.2.7 by @dependabot in #7413
• core: bump selenium from 4.14.0 to 4.15.0 by @dependabot in #7411
• website: bump react-tooltip from 5.21.6 to 5.22.0 in /website by @dependabot in #7412
• translate: Updates for file web/xliff/en.xlf in fr by @transifex-integration in #7416
• website/blog: draft for happy bday blog by @tanberry in #7408
• providers/oauth2: set auth_via for token and other endpoints by @BeryJu in #7417
• web: bump the wdio group in /tests/wdio with 4 updates by @dependabot in #7423
• core: bump sentry-sdk from 1.33.1 to 1.34.0 by @dependabot in #7421
• web: bump yaml from 2.3.3 to 2.3.4 in /web by @dependabot in #7420
• core: bump selenium from 4.15.0 to 4.15.1 by @dependabot in #7422
• ci: explicitly give write permissions to packages by @BeryJu in #7428
• providers/proxy: fix closed redis client by @BeryJu in #7385
• web: bump the eslint group in /tests/wdio with 2 updates by @dependabot in #7452
• core: bump ruff from 0.1.3 to 0.1.4 by @dependabot in #7451
• core: bump selenium from 4.15.1 to 4.15.2 by @dependabot in #7449
• core: bump uvicorn from 0.23.2 to 0.24.0 by @dependabot in #7450
• web: bump the eslint group in /web with 2 updates by @dependabot in #7447
• web: bump rollup from 4.2.0 to 4.3.0 in /web by @dependabot in #7448
• core: bump github.com/gorilla/handlers from 1.5.1 to 1.5.2 by @dependabot in #7444
• core: bump github.com/gorilla/securecookie from 1.1.1 to 1.1.2 by @dependabot in #7440
• core: bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #7441
• core: bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 by @dependabot in #7445
• core: bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #7442
• core: bump github.com/gorilla/mux from 1.8.0 to 1.8.1 by @dependabot in #7443
• core: bump github.com/gorilla/sessions from 1.2.1 to 1.2.2 by @dependabot in #7446
• web/admin: fix chart label on dashboard user page by @macmoritz in #7434
• website: bump the docusaurus group in /website with 3 updates by @dependabot in #7400
• sources/oauth: fix patreon by @BeryJu in #7454
• web/flows: attempt to fix bitwareden android compatibility by @BeryJu in #7455
• web: bump @lit-labs/context from 0.4.1 to 0.5.1 in /web by @dependabot in #7368
• web: bump @lit/localize-tools from 0.7.0 to 0.7.1 in /web by @dependabot in #7369
• translate: Updates for file web/xliff/en.xlf in zh_CN by @transifex-integration in #7458
• translate: Updates for file web/xliff/en.xlf in zh-Hans by @transifex-integration in #7459
• translate: Updates for file web/xliff/en.xlf in fr by @transifex-integration in #7461
• web: bump mermaid from 10.6.0 to 10.6.1 in /web by @dependabot in #7475
• web: bump @types/codemirror from 5.60.12 to 5.60.13 in /web by @dependabot in #7471
• web: bump the eslint group in /tests/wdio with 2 updates by @dependabot in #7467
• web: bump the storybook group in /web with 5 updates by @dependabot in #7468
• core: bump uvicorn from 0.24.0 to 0.24.0.post1 by @dependabot in #7472
• web: bump the eslint group in /web with 2 updates by @dependabot in #7469
• website/integrations: add FreshRSS by @foux in #7301
• web: bump @types/chart.js from 2.9.39 to 2.9.40 in /web by @dependabot in #7470
• web: rollback dependabot context by @kensternberg-authentik in #7479
• Web: bugfix: broken backchannel selector by @kensternberg-authentik in #7480
• web: bump @formatjs/intl-listformat from 7.5.0 to 7.5.1 in /web by @dependabot in #7473
• website: bump @types/react from 18.2.36 to 18.2.37 in /website by @dependabot in #7487
• web: bump @types/grecaptcha from 3.0.6 to 3.0.7 in /web by @dependabot in #7485
• web: bump pyright from 1.1.334 to 1.1.335 in /web by @dependabot in #7484
• core: bump golang from 1.21.3-bookworm to 1.21.4-bookworm by @dependabot in #7483
• website/docs: Fix a small grammar issue by @agt-ru in #7490
• events: fix gdpr compliance always running by @rissson in #7491
• website: update comparison by @BeryJu in #7493
• website/docs: fix anchor link by @agt-ru in #7492
• website/docs: update release notes for 2023.10.3 by @rissson in #7506
• core: fix worker beat toggle inverted by @BeryJu in #7508
• website/docs: update release notes for 2023.10.3 by @rissson in #7510
• ci: fix permissions for release pipeline to publish binaries by ...

Release 2023.8.7

See https://goauthentik.io/docs/releases/2023.8#fixed-in-202387

What's Changed

• security: fix CVE-2024-23647 (cherry-pick #8345) by @gcp-cherry-pick-bot in #8346

Full Changelog: version/2023.8.6...version/2023.8.7

Release 2023.10.7

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023107

What's Changed

• sources/oauth: revert azure_ad profile URL change (cherry-pick #8139) by @gcp-cherry-pick-bot in #8141
• web/flows: fix icon for generic oauth source with dark theme (cherry-pick #8148) by @gcp-cherry-pick-bot in #8151
• sources/oauth: fix azure_ad user_id and add test and fallback (cherry-pick #8146) by @gcp-cherry-pick-bot in #8152
• sources/oauth: fix URLs being overwritten by OIDC urls (cherry-pick #8147) by @gcp-cherry-pick-bot in #8156
• rbac: fix invitations listing with restricted permissions (cherry-pick #8227) by @gcp-cherry-pick-bot in #8229
• stages/authenticator_validate: use friendly_name for stage selector when enrolling (cherry-pick #8255) by @gcp-cherry-pick-bot in #8256
• security: fix CVE-2024-23647 (cherry-pick #8345) by @gcp-cherry-pick-bot in #8347

Full Changelog: version/2023.10.6...version/2023.10.7

Release 2023.8.6

See https://goauthentik.io/docs/releases/2023.8#fixed-in-202386

What's Changed

• providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) by @gcp-cherry-pick-bot in #8106

Full Changelog: version/2023.8.5...version/2023.8.6

Release 2023.10.6

See https://goauthentik.io/docs/releases/2023.10#fixed-in-2023106

What's Changed

• providers/oauth2: remember session_id from initial token (cherry-pick #7976) by @gcp-cherry-pick-bot in #7977
• outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014) by @gcp-cherry-pick-bot in #8020
• providers/proxy: use access token (cherry-pick #8022) by @gcp-cherry-pick-bot in #8023
• outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021) by @gcp-cherry-pick-bot in #8024
• rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068) by @gcp-cherry-pick-bot in #8070
• web/flows: fix device picker incorrect foreground color (cherry-pick #8067) by @gcp-cherry-pick-bot in #8069
• providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) by @gcp-cherry-pick-bot in #8105

Full Changelog: version/2023.10.5...version/2023.10.6