Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website: update release notes for 2024.8.3 and 2024.6.5 #11541

Merged
merged 1 commit into from
Sep 27, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
website: update release notes for 2024.8.3 and 2024.6.5
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
BeryJu committed Sep 27, 2024
commit e24988d370514b44646ba2df1fa7213c074d50e0
5 changes: 5 additions & 0 deletions website/docs/releases/2024/v2024.6.md
Original file line number Diff line number Diff line change
@@ -235,6 +235,11 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6

- security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025

## Fixed in 2024.6.5

- security: fix [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540)
- security: fix [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538)

## API Changes

#### What's New
13 changes: 12 additions & 1 deletion website/docs/releases/2024/v2024.8.md
Original file line number Diff line number Diff line change
@@ -261,7 +261,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
- web/admin: improve error handling (cherry-pick #11212) (#11219)
- web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257)

## Fixed on 2024.8.2
## Fixed in 2024.8.2

- core: ensure all providers have correct priority (cherry-pick #11280) (#11281)
- core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269)
@@ -275,6 +275,17 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
- web: revert lockfile lint, re-add integrity (#11380)
- web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300)

## Fixed in 2024.8.3

- events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416)
- providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480)
- security: [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539)
- security: [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537)
- sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498)
- sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534)
- web: Fix missing integrity fields in package-lock.json (#11509)
- web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497)

## API Changes

#### What's New

Unchanged files with check annotations Beta

LABEL org.opencontainers.image.url=https://goauthentik.io
LABEL org.opencontainers.image.description="goauthentik.io LDAP outpost, see https://goauthentik.io for more info."
LABEL org.opencontainers.image.source=https://github.com/goauthentik/authentik
LABEL org.opencontainers.image.version=${VERSION}

Check warning on line 42 in ldap.Dockerfile

GitHub Actions / build-container (ldap)

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
LABEL org.opencontainers.image.revision=${GIT_BUILD_HASH}
COPY --from=builder /go/ldap /
ENV GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
ENV GEOIPUPDATE_VERBOSE="1"
ENV GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID"
ENV GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY"

Check warning on line 88 in Dockerfile

GitHub Actions / build (amd64)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "GEOIPUPDATE_LICENSE_KEY_FILE") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 88 in Dockerfile

GitHub Actions / build (arm64)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "GEOIPUPDATE_LICENSE_KEY_FILE") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
USER root
RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \