A small release: proxy-header identity forwarding no longer collides with
environment variables, OIDC group-to-admin mapping now works with more
providers (Zitadel project roles, Microsoft Entra), and the interface gains a
Korean translation. Drop-in, no config changes.
Added
- Korean (ko) translation, bringing the interface to 37 languages.
muximux hash --api-keygenerates the SHA-256api_key_hashform
directly. Plainmuximux hashstill produces a bcrypt hash for a user
password_hash; a bcryptapi_key_hashremains accepted and auto-upgrades
to SHA-256 on first use.
Fixed
- Identity-forwarding placeholders no longer collide with environment
variables. The${user}/${role}/${email}/${display_name}/
${groups}placeholders in a proxy header value are now reserved from the
config loader's${VAR}environment-variable expansion. Previously an
environment variable that happened to share one of those names was
substituted at startup and then forwarded for every user, and each startup
logged a misleading "missing environment variable" warning for the
placeholders. Both are fixed. - OIDC group claims returned as an object are now read (Zitadel). A
groups/roles claim shaped as a JSON object -- notably Zitadel's
urn:zitadel:iam:org:project:roles-- had its keys ignored, so
admin_groupsnever matched. Its keys are now used as the group list. - OIDC group claims that appear only in the ID token are now honored
(Microsoft Entra). Muximux read user claims only from the userinfo
endpoint; Entra returns groups only in the ID token, soadmin_groups
could never match. The verified ID token's claims are now merged with
userinfo (userinfo takes precedence).