Releases: authelia/authelia
Releases · authelia/authelia
v4.38.8
4.38.8 (2024-4-15)
Bug Fixes
- authorization: mfa not detected in custom policies (#7116) (2bd63fa), closes #7103
- commands: build-info too verbose (#7128) (93fe754)
- commands: missing hash-password help topic (#7136) (ab0d501)
- oidc: potential nil panic with misconfigured client (#7138) (14d04c4), closes #6933
- oidc: return correct extra claims (#7071) (a9021aa)
- web: adjust router basename behaviour (#7130) (e8e5b8a), closes #5902 #5902
Docker Container
docker pull authelia/authelia:4.38.8
docker pull ghcr.io/authelia/authelia:4.38.8
v4.38.7
4.38.7 (2024-3-31)
Bug Fixes
- commands: acl policy check errors on warnings (#7000) (4b24678)
- configuration: incorrect sector_identifier_uri validation (#7037) (a224420)
- configuration: missing request_uris option (#7033) (ab4d14c)
- oidc: delayed user details refresh (#7035) (4d51ae7)
- oidc: form post csp not set correctly (#7017) (2ebc04f)
- oidc: missing introspection claims (#7049) (2ffd5c5)
- oidc: prompt none not handled (#7018) (680546b)
Docker Container
docker pull authelia/authelia:4.38.7
docker pull ghcr.io/authelia/authelia:4.38.7
v4.38.6
v4.38.5
4.38.5 (2024-3-20)
Bug Fixes
- configuration: failure to map deprecated value correctly (#6964) (ef9cbe4), closes #6909
- configuration: rename token_lifespan in configuration example (#6951) (05c8989)
- logging: include logs about logging config (#6960) (6de21b2)
- web: add missing translations and align for consistency (#6950) (6428864)
Docker Container
docker pull authelia/authelia:4.38.5
docker pull ghcr.io/authelia/authelia:4.38.5
v4.38.4
4.38.4 (2024-3-18)
Bug Fixes
- configuration: include logs about loaded files and filters (#6935) (fdb62da)
- server: header inconsistencies (#6929) (2535e33), closes #6882
Build
In addition to the mentioned fixes, we are now building glibc binaries with an older version of glibc to support users who've queried about older operating systems, see #6924.
Docker Container
docker pull authelia/authelia:4.38.4
docker pull ghcr.io/authelia/authelia:4.38.4
v4.38.3
4.38.3 (2024-3-17)
Bug Fixes
- commands: config template empty feedback (#6917) (1f4db5c)
- configuration: include more helpful address mapping logs (#6909) (32424bf)
- handlers: bearer authorization assumed intention (#6920) (2970dd8)
- handlers: bypass fails with authorization header (#6919) (b64c19a), closes #6914
- oidc: expose allow multiple auth methods (#6910) (438e433)
- server: oidc flow failure due to corb (#6921) (427ed6c)
- web: resolve path conflicts between backend and frontend (#6906) (a99bb63)
Docker Container
docker pull authelia/authelia:4.38.3
docker pull ghcr.io/authelia/authelia:4.38.3
v4.38.2
v4.38.1
v4.38.0
4.38.0 (2024-3-14)
Overview
It's important users check the Release Notes on the Blog as there are potential necessary changes with experimental/beta features. This fairly large release is primarily a culmination of effort from @smkent, @nightah, @clems4ever, @mind-ar, @joshgordon, @ezrizhu, and @james-d-elliott. Many others have made contributions in this time either in the form of pull requests, feedback, or some even went as far as contributing their attitudes.
See the change log below for more information about this release.
Bug Fixes
- commands: internal services not cleaned up properly (#4966) (f44700c), closes #4963
- commands: missing pkcs8 option (#5270) (033d3c0)
- commands: no args not enforced on crypto hash generate (#5237) (0f4f5d5)
- commands: storage cmd fail when implicit config absent (#5213) (569af0f)
- configuration: deprecated secrets not mapped (#6150) (5446efb)
- configuration: fail to parse large int duration (#5408) (713f8e9)
- configuration: illogical refresh interval default (#6319) (c49b973)
- configuration: optional value not treated as optional (#5853) (5edd5fc)
- configuration: regression in redis default port (#6428) (f93a0b5)
- configuration: secret permission errors panic (#5141) (622bf42), closes #5138
- configuration: warning about log level env (#6784) (c70c83f)
- handlers: legacy authz failure on nginx (#4956) (ab01fa6)
- logging: injected time format inconsistent (#5004) (b9a6856)
- middlewares: failure to detect remote ip (#5339) (34ec813)
- model: yaml encoding of totp and webauthn fails (#5204) (dfbbf1a)
- notification: error on non-normative login responses (#4729) (8ef90ca), closes #4717
- notification: missing display name (#4653) (a771cc6)
- notification: missing use of timeout (#4652) (a691131)
- notification: smtp auth not configured (#4647) (7b8ed46)
- notifier: mime parts in reverse order (#5623) (13b54b4), closes #5617
- ntp: startup check skipped when it shouldn't be (#5701) (934f68b)
- ntp: version 4 encoded incorrectly (#4773) (b815521)
- oidc: client auth basic fails on correctly encoded header (#5632) (cb116db)
- oidc: client credentials flow not populating session (#5797) (62c36eb)
- oidc: client id not in audience whitelist (#5980) (ad82ec7)
- oidc: csp blocks form_post response form submit (#4719) (cf4010b), closes #4669
- oidc: default response mode not validated (#5129) (c8f75b1)
- oidc: failure to insert with client credentials grant (#5809) (895cdc2)
- oidc: insufficient debug logs on some endpoints (#5783) (f09dbee)
- oidc: par consent state error (#5880) (321a380)
- oidc: par context redirect (#6450) (0d0fda8)
- oidc: par model mapping (#5879) (e42bbca)
- oidc: pkce session generated needlessly (#5762) (896752c)
- oidc: pre-config audience not matched (#6513) (aee9d28)
- oidc: refresh flow scope parameter ignored (#5782) (e250ad3)
- oidc: userinfo endpoint returns additional audience (#5781) (0919173)
- server: errors not logged (#4682) (53a6275)
- storage: postgresql webauthn tbl invalid aaguid constraint (#5183) (fa250ea), closes #5182
- templates: plain text email misleading (#5036) (a91762c), closes #4915
- utils: fix suite setup timeout (#4771) (56f0282), closes #4751
- webauthn credential user id missing (#5882) (4903567)
- webauthn user handle encoding (f567b67)
Features
- add systemd security hardening (#6480) ([...