The latest version of the release notes can be found on the website.
- add option to ignore OpenID session expire (see docs)
- streamline fallback config (do not use LDAP in fallback config and use same config for all deployment options)
- add mobile viewport meta tags, contributed by @tanho63 and @andrewsali
- preserve subpath when starting an app
- add compatibility with Dash.jl apps (see demo)
- add support for admin users in addition to admin groups (see docs)
- add RuntimeValue
SHINYPROXY_USER_TIMEZONEcontaining the timezone of the user (retrieved from the browser) (see docs). - Fix: prevent NullPointerExceptions in OpenID code
- Fix: when a user opens an app before being authenticated, redirect user back to that app after login
- Fix: make stopping an app more reliable (e.g. if stopping an app fails halfway)
- Fix: prevent errors when requests during the start of an app fail because of a network issue. This is also a workaround for a bug in Firefox.
- Fix improve behavior of refreshing the OpenID session, preventing unexpected logouts
- Fix: prevent corrupt file downloads
- Fix: prevent errors with UTF-8 characters on some platforms
- Fix: prevent error when uploading files in RStudio
- Fix: try to prevent the user from going back to the IDP when using OIDC or SAML, which causes the user to see an error. Note: because of some browser protections, this cannot be prevented completely. When the user clicks the back button multiple times, they may end up on the IDP page, however, the case where the user accidentally clicks the back button has been fixed.
- Fix: ensure compatibility with
coder/code-server(VS Code) versions after 4.10.1, by including any non-standard port in theX-Forwarded-Hostheader - Fix: allow using=in query string parameters - Security: the HTML page of an (active) app contained the full details of that app, including runtime values that were hidden since 3.0.0. This has been fixed by only showing the non-sensitive information.
- Security: when using
noneauthentication, (anonymous) users had access to the admin page and can see only their apps. This includes more information than what is returned from the API (e.g. the exact docker image used), but only for the apps started by that user. Updating is strongly advised when usingnoneauthentication.
Deprecations
- Component: Social Authentication
Replacement: use the regular OpenID Connect implementation. Concrete update steps and examples will be provided with the next release.
Reason: the Social Authentication plugins are deprecated and no longer supported by the Spring Project. The next ShinyProxy release will upgrade to Spring Boot 3, which no longer supports these plugins. - Component: Keycloak Authentication
Replacement: use the regular OpenID Connect implementation. Concrete update steps and examples will be provided with the next release.
Reason: Further releases will still support Keycloak by using the general OpenID backend. The Keycloak project has deprecated the Keycloak adapters. The next ShinyProxy release will upgrade to Spring Boot 3, which no longer supports these plugins. In addition, the general OpenID authentication has advanced features and better integration.