github goauthentik/authentik version/2024.10.3
Release 2024.10.3

10 days ago

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024103

Note that this security release includes backwards incompatible database changes; see https://docs.goauthentik.io/docs/security/cves/CVE-2024-52289#patches

What's Changed

  • providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) by @gcp-cherry-pick-bot in #12030
  • rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) by @gcp-cherry-pick-bot in #12043
  • web/flows: fix invisible captcha call (cherry-pick #12048) by @gcp-cherry-pick-bot in #12049
  • core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (cherry-pick #12080) by @gcp-cherry-pick-bot in #12081
  • providers/scim: accept string and int for SCIM IDs (cherry-pick #12093) by @gcp-cherry-pick-bot in #12095
  • root: fix activation of locale not being scoped (cherry-pick #12091) by @gcp-cherry-pick-bot in #12096
  • root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094) by @gcp-cherry-pick-bot in #12097
  • website/docs: group CVEs by year (cherry-pick #12099) by @gcp-cherry-pick-bot in #12100
  • internal: add CSP header to files in /media (cherry-pick #12092) by @gcp-cherry-pick-bot in #12108
  • website/docs: add CSP to hardening (cherry-pick #11970) by @gcp-cherry-pick-bot in #12116
  • security: fix CVE 2024 52287 (cherry-pick #12114) by @gcp-cherry-pick-bot in #12117

Full Changelog: version/2024.10.2...version/2024.10.3

Don't miss a new authentik release

NewReleases is sending notifications on new releases.