add 2024.10 release notes

goauthentik · Oct 28, 2024 · 4bc11a7 · 4bc11a7
1 parent 30b7ae1
commit 4bc11a7
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 105 deletions.
diff --git a/website/docs/releases/2024/v2024.10.md b/website/docs/releases/2024/v2024.10.md
@@ -11,19 +11,10 @@ To try out the release candidate, replace your Docker image tag with the latest
 
 ## Highlights
 
+- **FIPS/FAL3 for FedRAMP "very high" compliance (Enterprise+)** <span class="badge badge--primary">Enterprise</span>: with support for SAML encryption and now JWE (JSON Web Encryption) support, authentik can now be configured for FIPS compliance at Federal Assurance Level (FAL) 3.
 - **Chrome Device Trust** <span class="badge badge--primary">Enterprise</span> <span class="badge badge--info">Preview</span>: Verify that your users are logging in from managed devices and validate the devices' complience with company policies.
-- **Captcha on Identification stage**: run a CAPTCHA process in the background while the user is entering their identification.
+- **Captcha on Identification stage**: Run a CAPTCHA process in the background while the user is entering their identification.
 - **Kerberos source**: authentik can now integrate with existing Kerberos environments by allowing users to log in with their Kerberos credentials or SPNEGO or syncing users into authentik.
-- **FIPS/FAL3 (Enterprise+)** <span class="badge badge--primary">Enterprise</span>: with JWE support and SAML encryption support, authentik can now be configured to be FIPS/FAL3 compliant
-    - say something about "for FedRAMP very high"
-    - @fletcher
-- **Policies added to Wizard**: @ken
-- **Restructure Documentation**:
-    - increase findability
-    - task-based
-    - ??? @tana
-
-^^^ consider removing 2-3 of those
 
 ## Breaking changes
 
@@ -35,18 +26,25 @@ We have no breaking changes this release!
 
     The sign-out experience when the session in an application ends can be configured now. Previously where this was always a static page, any flow can be used now. This can be used for additional validation, or redirecting the user to a custom URL.
 
-- **JWE support for OAuth**: You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik.
-- **Chrome Device Trust**
-    - https://github.com/goauthentik/authentik/pull/10477
-- **FIPS/FAL3 (Enterprise, kinda) (for CF)**
-    - Mainly JWE https://github.com/goauthentik/authentik/pull/11344
-- **Captcha on identification stage (for CF)**
-    - https://github.com/goauthentik/authentik/pull/11711
+- **JWE support for OAuth**
+
+    You can now configure JSON Web Encryption with the OAuth 2.0 Provider, which will encrypt all the tokens created by authentik.
+
+- **Chrome Device Trust** <span class="badge badge--primary">Enterprise</span> <span class="badge badge--info">Preview</span>
+
+    This is a new stage for Enterprise clients that verifies the user through the Chrome Verified Access API. This stage only works with Google Chrome. You'll need to bring your own [Verified Access API instance](https://developers.google.com/chrome/verified-access/overview) via Google Cloud.
+
+- **Captcha on identification stage**
+
+    We've added an optional Captcha stage baked into an Identification stage to run in the background while the user inputs their information. Using this will hopefully result in lower total time per flow for the end user.
+
 - **Autoselect 2FA device**
-    - https://github.com/goauthentik/authentik/pull/11087
-- **Cobalt pentest results**
-    - blablabla
-- **remember me**: @ken
+
+    Users who configure multiple 2FA devices will now land on their last used device's prompt, skipping the device picker. This will hopefually result in lower total average time per flow for the end user.
+
+- **New structure for authentik's technical documentation**
+
+     We've restructured the documentation in authentik to be more task-based, with sections, titles, and headings that follow the workflow of installing, configuring, and using the product. Previously, our docs were organized by components. This new focus on tasks increases findability within the Table of Contents, and provide a high-level guide of the typical workflows with authentik.
 
 ## Upgrading
 
@@ -79,87 +77,46 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10
 ## Minor changes/fixes
 
 -   \*: fix deprecated calls to sentry start_span (#11655)
--   Revert "website: latest migration to new structure" (#11634)
 -   admin: refactor update check (#11272)
 -   admin: store version history (#11520)
 -   blueprints: fix validation error when using internal storage (#11654)
--   ci: bump peter-evans/create-pull-request from 6 to 7 (#11186)
--   ci: fix failing release attestation (#11107)
--   ci: fix failing release attestation (cherry-pick #11107) (#11120)
--   ci: require ci-web.build for merging (#11627)
--   ci: use codecov/test-results-action (#11268)
 -   core: ensure all providers have correct priority (#11280)
--   core: ensure all providers have correct priority (cherry-pick #11280) (#11281)
 -   core: ensure proxy provider is correctly looked up (#11267)
--   core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269)
 -   core: extract object matching from flow manager (#11458)
 -   core: fix change_user_type always requiring usernames (#11177)
--   core: fix change_user_type always requiring usernames (cherry-pick #11177) (#11178)
 -   core: fix missing argument name escaping for property mapping (#11231)
--   core: fix missing argument name escaping for property mapping (cherry-pick #11231) (#11252)
 -   core: fix permission check for scoped impersonation (#11315)
 -   core: fix permission check for scoped impersonation (#11603)
--   core: fix permission check for scoped impersonation (cherry-pick #11315) (#11316)
 -   enterprise: fix API mixin license validity check (#11331)
--   enterprise: fix API mixin license validity check (cherry-pick #11331) (#11342)
 -   enterprise: fix incorrect comparison for latest validity date (#11109)
--   enterprise: fix incorrect comparison for latest validity date (cherry-pick #11109) (#11110)
 -   enterprise: show specific error if Install ID is invalid in license (#11317)
--   enterprise: show specific error if Install ID is invalid in license (cherry-pick #11317) (#11319)
 -   events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)
--   events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416)
 -   events: optimise marking events as seen (#11297)
--   events: optimise marking events as seen (cherry-pick #11297) (#11299)
 -   fix: proxy provider - docker traefik label (#11460)
 -   flows: include Outpost instance in flow context and save in login event (#11318)
 -   flows: provider invalidation (#5048)
 -   internal: fix go paginator not setting page correctly (#11253)
--   internal: fix go paginator not setting page correctly (cherry-pick #11253) (#11255)
 -   internal: restore /ping behaviour for embedded outpost (#11568)
 -   policies/event_matcher: fix inconsistent behaviour (#11724)
 -   providers/ldap: fix incorrect permission check for search access (#11217)
--   providers/ldap: fix incorrect permission check for search access (cherry-pick #11217) (#11218)
 -   providers/ldap: fix migration assuming search group is set (#11170)
--   providers/ldap: fix migration assuming search group is set (cherry-pick #11170) (#11172)
 -   providers/ldap: rework search_group migration to work with read replicas (#11228)
--   providers/ldap: rework search_group migration to work with read replicas (cherry-pick #11228) (#11229)
 -   providers/oauth2: add indexes on tokens (#11524)
 -   providers/oauth2: add initial JWE support (#11344)
 -   providers/oauth2: audit_ignore last_login change for generated service account (#11085)
--   providers/oauth2: audit_ignore last_login change for generated service account (cherry-pick #11085) (#11086)
 -   providers/oauth2: don't overwrite attributes when updating service acccount (#11709)
 -   providers/oauth2: improve indexes on tokens (#11543)
 -   providers/proxy: fix URL path getting lost when partial URL is given to rd= (#11354)
--   providers/proxy: fix URL path getting lost when partial URL is given to rd= (cherry-pick #11354) (#11355)
 -   providers/proxy: fix panic, keep session storages open (#11439)
--   providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480)
 -   providers/saml: fix incorrect ds:Reference URI (#11699)
 -   providers/scim: add option to ignore SCIM server cert (#11437)
--   release: 2024.8.0
--   release: 2024.8.0-rc1
--   release: 2024.8.0-rc2
--   release: 2024.8.1
--   release: 2024.8.2
--   release: 2024.8.2 (#11395)
--   release: 2024.8.3
--   release: 2024.8.3 (#11542)
--   root: backport release 2024.8.1 (#11273)
--   root: backport s3 storage changes (#11181)
--   root: backport s3 storage changes (cherry-pick #11181) (#11183)
 -   root: fix ensure `outpost_connection_discovery runs on worker startup (#11260)
--   root: fix ensure `outpost_connection_discovery runs on worker startup (cherry-pick #11260) (#11270)
--   root: version 2024.8 backport (#11166)
 -   schemas: fix XML Schema loading...for some reason?
 -   security: fix CVE-2024-47070 (#11536)
--   security: fix CVE-2024-47070 (cherry-pick #11536) (#11539)
 -   security: fix CVE-2024-47077 (#11535)
--   security: fix CVE-2024-47077 (cherry-pick #11535) (#11537)
 -   sources/ldap: fix mapping check, fix debug endpoint (#11442)
--   sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498)
 -   sources/ldap: fix missing search attribute (#11125)
--   sources/ldap: fix missing search attribute (cherry-pick #11125) (#11340)
 -   sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532)
--   sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534)
 -   sources/saml: fix NameIDFormat descriptor in metadata generation (#11614)
 -   stages/authenticator: use RBAC for devices API (#11482)
 -   stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11138)
@@ -169,69 +126,28 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.10
 -   stages/identification: dynamically find login challenges (#11571)
 -   stages/password: add error message when exceeding maximum tries (#11679)
 -   tests/e2e: add forward auth e2e test (#11374)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#11292)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#11664)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#11697)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#11751)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#11737)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#11153)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11284)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11519)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11662)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11735)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11283)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11516)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11663)
--   translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11732)
--   translate: Updates for file web/xliff/en.xlf in fr (#11293)
--   translate: Updates for file web/xliff/en.xlf in fr (#11698)
--   translate: Updates for file web/xliff/en.xlf in fr (#11752)
--   translate: Updates for file web/xliff/en.xlf in zh-Hans (#11071)
--   translate: Updates for file web/xliff/en.xlf in zh-Hans (#11137)
--   translate: Updates for file web/xliff/en.xlf in zh-Hans (#11259)
--   translate: Updates for file web/xliff/en.xlf in zh-Hans (#11367)
--   translate: Updates for file web/xliff/en.xlf in zh-Hans (#11518)
--   translate: Updates for file web/xliff/en.xlf in zh-Hans (#11734)
--   translate: Updates for file web/xliff/en.xlf in zh_CN (#11070)
--   translate: Updates for file web/xliff/en.xlf in zh_CN (#11136)
--   translate: Updates for file web/xliff/en.xlf in zh_CN (#11258)
--   translate: Updates for file web/xliff/en.xlf in zh_CN (#11366)
--   translate: Updates for file web/xliff/en.xlf in zh_CN (#11517)
--   translate: Updates for file web/xliff/en.xlf in zh_CN (#11733)
 -   web/admin: display webauthn device type (#11481)
 -   web/admin: fix Authentication flow being required (#11496)
--   web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497)
 -   web/admin: fix duplicate flow labels (#11689)
 -   web/admin: fix error in Outpost creation form (#11173)
--   web/admin: fix error in Outpost creation form (cherry-pick #11173) (#11175)
 -   web/admin: fix invalid create date shown for MFA registered before date was saved (#11728)
 -   web/admin: fix misc dual select on different forms (#11203)
--   web/admin: fix misc dual select on different forms (#11203)
 -   web/admin: fix missing Sync object button SCIM Provider (#11211)
--   web/admin: fix missing Sync object button SCIM Provider (cherry-pick #11211) (#11213)
 -   web/admin: fix notification property mapping forms (#11298)
--   web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300)
 -   web/admin: fix sync single button throwing error (#11727)
 -   web/admin: improve error handling (#11212)
--   web/admin: improve error handling (cherry-pick #11212) (#11219)
 -   web/users: show - if device was registered before we started saving the time (#11256)
--   web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257)
 -   web: Adjust Wdio MaxInstances, add Knip (#11089)
 -   web: Fix css loading in unit tests, remove unneeded dot paths (#11629)
 -   web: add missing id attribute for button in ak-flow-input-password (#11413)
 -   web: audit and update package.json and associated test harness, with upgrade to WebdriverIO 9 (#11596)
 -   web: fix dual-select with dynamic selection (#11133)
--   web: fix dual-select with dynamic selection (cherry-pick #11133) (#11134)
 -   web: fix e2e tests to work with latest WebdriverIO and authentik 2024.8 (#11105)
 -   web: fix readonly fields appearing white in dark theme (#11271)
 -   web: provide simple tables for API-less displays (#11028)
 -   web: provide storybook demos and docs for existing tests (#11651)
--   web: reformat package lock files
--   web: revert lockfile lint, re-add integrity (#11380)
 -   web: revert lockfile lint, re-add integrity (#11380)
 -   web: small fixes for elements and forms (#11546)
--   web: unify unit and end-to-end tests (#11598)
--   web: unit tests for the simple things, with fixes that the tests revealed (#11633)
 
 ## API Changes
 

diff --git a/website/sidebars.js b/website/sidebars.js
@@ -2,13 +2,14 @@ import { generateVersionDropdown } from "./src/utils.js";
 import apiReference from "./docs/developer-docs/api/reference/sidebar";
 
 const releases = [
+    "releases/2024/v2024.10",
     "releases/2024/v2024.8",
     "releases/2024/v2024.6",
-    "releases/2024/v2024.4",
     {
         type: "category",
         label: "Previous versions",
         items: [
+            "releases/2024/v2024.4",
             "releases/2024/v2024.2",
             "releases/2023/v2023.10",
             "releases/2023/v2023.8",