github Yeraze/meshmonitor v2.7.3
v2.7.3 - Anonymous Access Control & OIDC Migration
on GitHub

latest releases: v2.19.14, v2.19.13, v2.19.12...
one month ago

What's New in v2.7.3

๐Ÿ”’ Anonymous Access Control (#237)

Added ability to completely disable anonymous access to MeshMonitor, requiring authentication before accessing any features.

New Environment Variable:

  • DISABLE_ANONYMOUS - Set to true to require authentication (default: false)

Features:

  • Beautiful centered login page with MeshMonitor branding
  • Support for both local auth and OIDC authentication
  • Fully backward compatible (disabled by default)
  • Works with all authentication modes:
    • Local authentication only
    • OIDC authentication only
    • Hybrid authentication (both local and OIDC)

When Enabled:

  • Unauthenticated users see login page instead of app
  • No access to maps, messages, or any features without authentication
  • Anonymous users receive empty permissions

๐Ÿ”„ OIDC Account Migration (#236)

Fixed OIDC authentication failure when native-login users with the same username already exist.

Problem Solved:
Previously, when an OIDC user attempted first login and a native-login user with the same username/email existed, authentication failed with: 

SqliteError: UNIQUE constraint failed: users.username

Solution:
Automatically migrate existing native-login accounts to OIDC authentication when collision detected.

Migration Features:

  • โœ… Preserves user ID and all foreign key relationships
  • โœ… Preserves username, permissions, and admin status
  • โœ… Updates email and display name from OIDC provider
  • โœ… Removes password hash (no longer needed)
  • โœ… Creates audit log entry

Migration Flow:
When an OIDC user attempts first login:

  1. Checks if user exists by OIDC subject
  2. If not found, checks for native-login user with same username
  3. Falls back to checking for user with same email
  4. If native-login user found โ†’ automatically migrates to OIDC
  5. If no collision โ†’ creates new OIDC user

This ensures seamless transition from native authentication to OIDC providers like Authentik, Keycloak, or Auth0.

Test Results

  • โœ… All system tests passed (Quick Start, Reverse Proxy, OIDC integration)
  • โœ… All auth route unit tests passing (34/34)
  • โœ… TypeScript compilation successful

Installation

Docker

docker pull ghcr.io/yeraze/meshmonitor:v2.7.3

Docker Compose

Update your docker-compose.yml: 

services:
  meshmonitor:
    image: ghcr.io/yeraze/meshmonitor:v2.7.3
    environment:
      - DISABLE_ANONYMOUS=false  # Set to true to require authentication
      # ... other environment variables

Kubernetes (Helm)

helm upgrade meshmonitor oci://ghcr.io/yeraze/meshmonitor-chart --version 2.7.3

Configuration

Add to your .env file: 

# Disable anonymous access (require authentication)
DISABLE_ANONYMOUS=false  # Set to true to require login

Full Changelog

  • feat: Add DISABLE_ANONYMOUS environment variable (#237) @Yeraze
  • fix: Migrate native-login users to OIDC on first login (#236)

Resolves: #232, #235

๐Ÿš€ MeshMonitor v2.7.3

๐Ÿ“ฆ Installation

Docker (recommended): 

docker run -d \
  --name meshmonitor \
  -p 8080:3001 \
  -v meshmonitor-data:/data \
  ghcr.io/Yeraze/meshmonitor:v2.7.3

๐Ÿงช Testing

โœ… All tests passed
โœ… TypeScript checks passed
โœ… Docker images built for linux/amd64, linux/arm64, linux/arm/v7

๐Ÿ“‹ Changes

See commit history for detailed changes.

Check out latest releases or
releases around Yeraze/meshmonitor v2.7.3

Don't miss a new meshmonitor release

NewReleases is sending notifications on new releases.

Get notifications