ory/kratos v0.8.1-alpha.1

on GitHub

This maintenance release important security updates for the base Docker Images (e.g. Alpine). Additionally, several hiccups with the new ARM support have been resolved and the binaries are now downloadable for all major platforms. Please note that passwords now have to be at least 8 characters long, following recommendations from Microsoft and others.

Enjoy this release!

Breaking Changes

To celebrate this change, we cleaned up the ways you install Ory software, and will roll this out to all other projects soon:

There is now one central brew / bash curl repository:

-brew install ory/kratos/kratos
+brew install ory/tap/kratos

-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) kratos

Bug Fixes

• Add base64 to ReadSchema (#1918) (8c8815b), closes #1529

• Add error.id to invalid cookie/token settings flow (#1919) (73610d4), closes #1888

• Adds missing webauthn authentication method (#1914) (44892f3)

• Allow use of relative URLs in config (#1754) (5f73bb0), closes #1446

• Bodget docs commit (f9d2f82)

• Build docs on release (2cf137a)

• De-duplicate message IDs (#1973) (9d8e197)

• Do not use csrf for meta endpoints (#1927) (fd14798)

• Docs links (#2008) (8515e17)

• E2e test regression (#1937) (c9be009)

• Include text label for link email field (07a1dbb), closes #1909

• Panic on webhook with nil body (#1890) (4bf1825), closes #1885

• Paths (8c852c7)

• Require minimum length of 8 characters password (#2009) (bb5846e):

  Kratos follows NIST Digital Identity Guidelines - 5.1.1.2 Memorized Secret Verifiers and password policy says

  Passwords must have a minimum length of 8 characters and all characters (unicode, ASCII) must be allowed.

• Resolve freebsd build issue (#2004) (9c75fe9), closes #1645

• Revert tag (f1d7b9e), closes #1945

• Set dockerfile (c860b99)

• Skip docs publishing for pre releases (eb6d8cd)

• Speed up git clone (d3e4bde)

• Support complex lifespans (#2050) (0edbebe)

• Update docs after release (850be90)

• Update sdk orb (94e12e6)

• Use bcrypt for password hashing in example (a9196f2)

• Use new ory installation method (09cfc7e)

• Verification error code (#1967) (44411ab), closes #1956

Code Generation

• Pin v0.8.1-alpha.1 release commit (8247416)

Documentation

• Add Content-Type to recommended CORS allowed headers (#2015) (dd890ab)

• Add subdomain configuration in csrf page (#1896) (681750f):

  Add some instructions as to how kratos can be configured to work across subdomains.

• debug: Fix typo (#1976) (0647554)

• Fix incorrect tag (bbd2355), closes #2032 #2028

• Fixed date format example (#2038) (fc4703a)

• Improve text around bcrypt (#2037) (ba6981e)

• Levenshtein-Distance has been released (#2040) (393b6b3)

• Minor fixes (#2010) (12918db)

• Password-strength meter has been dropped (#2041) (9848fb3)

• Remove unintended characters in subdomain section in csrf page (#1897) (dfb9007)

• This has been done (#2045) (7e8c91a)

• Totp unlink image in 2fa docs (#1957) (7afb731)

• Update email template docs (#1960) (#1968) (b0f25a9)

• Webhooks have landed (#2035) (80e53eb)

Features

• Add alpine dockerfile (587eaee)

• Add new goreleaser build chain (#1932) (cf1714d):

  This patch adds full compatibility with ARM architectures, including Apple Silicon (M1). We additionally added cryptographically signed signatures verifiable using cosign for both binaries as well as docker images.

• Add quickstart mimicking hosted ui (813fb4c)

• Add x-total-count to paginated pages (b633ec3)

• Advanced e-mail templating support (#1859) (54b97b4), closes #834 #925

• Allow wildcard domains for redirect_to checks (#1528) (349cdcf), closes #943:

  Support wildcard domains in redirect_to checks.

• Buildkit with multi stage build (#2025) (57ab7f7)

• cmd: Add OIDC credential include (#2017) (1482844):

  With this change, the kratos identities get CLI can additionally fetch OIDC credentials.

• Configurable health endpoints access logging (#1934) (1301f68):

  This PR introduces a new boolean configuration parameter that allows turning off logging of health endpoints requests in the access log. The implementation is basically a rip-off from Ory Hydra and the configuration parameter is the same:

  serve.public.request_log.disable_for_health
  serve.admin.request_log.disable_for_health
  

  The default value is false.

• Generalise courier (#2019) (1762a73)

• Integrate sbom generation to goreleaser (#1850) (305bb28)

• Make admin recovery to work without emails #1419 (#1750) (db00e85)

• oidc: Add spotify provider (#2024) (0064e35)

Tests

• Add web hook test cases (#2051) (316e940)
• e2e: Improved SDK set up and arm fix (#1933) (c914ba1)
• e2e: Split e2e script into setup and test phase (#2027) (1761418)
• Fix changed message ID (#2013) (0bb66de)
• Update snapshots (a820653)

Changelog

• 648a7bb autogen(docs): generate and format documentation
• 3709345 autogen(docs): generate and format documentation
• 97fed15 autogen(docs): generate and format documentation
• 947ad62 autogen(docs): generate and format documentation
• 423ca0f autogen(docs): generate and format documentation
• 4cd63b9 autogen(docs): generate and format documentation
• ca45260 autogen(docs): generate and format documentation
• 12fb064 autogen(docs): generate and format documentation
• d32c374 autogen(docs): generate and format documentation
• 9fa7986 autogen(docs): generate and format documentation
• e2377bc autogen(docs): generate and format documentation
• d0963d8 autogen(docs): generate and format documentation
• 36f1794 autogen(docs): generate and format documentation
• c9ce2ba autogen(docs): generate and format documentation
• 1522fbf autogen(docs): generate and format documentation
• fd395f1 autogen(docs): generate and format documentation
• 2c6dabe autogen(docs): generate and format documentation
• 6bfd55e autogen(docs): generate and format documentation
• 3d9c349 autogen(docs): generate and format documentation
• 0b426d2 autogen(docs): generate and format documentation
• 8e31605 autogen(docs): generate and format documentation
• 54eaf3a autogen(docs): generate and format documentation
• a97bfd1 autogen(docs): generate and format documentation
• 2109ea4 autogen(docs): generate and format documentation
• 69296ff autogen(docs): generate and format documentation
• 8f96bf4 autogen(docs): generate and format documentation
• 2b7cd12 autogen(docs): generate and format documentation
• 64bf08d autogen(docs): generate cli docs
• 25b148f autogen(docs): generate cli docs
• 33a50f6 autogen(docs): generate cli docs
• 39e0eb6 autogen(docs): generate cli docs
• 2637470 autogen(docs): generate cli docs
• ac7efc3 autogen(docs): generate cli docs
• 7faf83a autogen(docs): generate cli docs
• 810d39a autogen(docs): generate cli docs
• 0f6c55b autogen(docs): generate cli docs
• f08cecd autogen(docs): generate cli docs
• ee217e9 autogen(docs): generate cli docs
• 70e75e1 autogen(docs): generate cli docs
• 249ccef autogen(docs): generate cli docs
• 437cc99 autogen(docs): generate cli docs
• 4d6bdb7 autogen(docs): generate cli docs
• 25b0f47 autogen(docs): generate cli docs
• 966b968 autogen(docs): generate cli docs
• b7ef125 autogen(docs): generate cli docs
• 6bbfe25 autogen(docs): generate cli docs
• 92f0fb9 autogen(docs): generate cli docs
• b56ff6e autogen(docs): generate cli docs
• 1e794fe autogen(docs): generate cli docs
• 7c78bc7 autogen(docs): update milestone document
• bf80e96 autogen(docs): update milestone document
• 31a3c19 autogen(docs): update milestone document
• fc17cf8 autogen(docs): update milestone document
• ea5e959 autogen(docs): update milestone document
• 31fa367 autogen(docs): update milestone document
• 8393e0a autogen(docs): update milestone document
• 981f4e3 autogen(docs): update milestone document
• bf03cc9 autogen(docs): update milestone document
• 54513cd autogen: add v0.8.0-alpha.3 to version.schema.json
• 2526a53 autogen: pin v0.8.0-alpha.4-pre.0 release commit
• 3e443b7 autogen: pin v0.8.0-alpha.4.pre.0 release commit
• d4214db autogen: pin v0.8.0-alpha.4.pre.1 release commit
• 3b9be10 autogen: pin v0.8.0-alpha.4.pre.2 release commit
• 8247416 autogen: pin v0.8.1-alpha.1 release commit
• 0711c8c autogen: update release artifacts
• 9e23831 chore: bump alpine images (#1974)
• dd460db chore: fix issues reported by the CI (#2018)
• ee4524f chore: update docusaurus template
• 7806591 chore: update docusaurus template (#1902)
• c50c2fe chore: update docusaurus template (#1929)
• f6efc92 chore: update repository templates
• 84c12c2 chore: update repository templates
• adc748e chore: use json.Marshal for the message context (#1975)
• ea868b4 ci: bump goreleaser orb (#2014)
• 0647554 docs(debug): fix typo (#1976)
• 393b6b3 docs: Levenshtein-Distance has been released (#2040)
• dd890ab docs: add Content-Type to recommended CORS allowed headers (#2015)
• 681750f docs: add subdomain configuration in csrf page (#1896)
• bbd2355 docs: fix incorrect tag
• fc4703a docs: fixed date format example (#2038)
• ba6981e docs: improve text around bcrypt (#2037)
• 12918db docs: minor fixes (#2010)
• 9848fb3 docs: password-strength meter has been dropped (#2041)
• dfb9007 docs: remove unintended characters in subdomain section in csrf page (#1897)
• 7e8c91a docs: this has been done (#2045)
• 7afb731 docs: totp unlink image in 2fa docs (#1957)
• b0f25a9 docs: update email template docs (#1960) (#1968)
• 80e53eb docs: webhooks have landed (#2035)
• 1482844 feat(cmd): add OIDC credential include (#2017)
• 0064e35 feat(oidc): add spotify provider (#2024)
• db00e85 feat: Make admin recovery to work without emails #1419 (#1750)
• 587eaee feat: add alpine dockerfile
• cf1714d feat: add new goreleaser build chain (#1932)
• 813fb4c feat: add quickstart mimicking hosted ui
• b633ec3 feat: add x-total-count to paginated pages
• 54b97b4 feat: advanced e-mail templating support (#1859)
• 349cdcf feat: allow wildcard domains for redirect_to checks (#1528)
• 57ab7f7 feat: buildkit with multi stage build (#2025)
• 1301f68 feat: configurable health endpoints access logging (#1934)
• 1762a73 feat: generalise courier (#2019)
• 305bb28 feat: integrate sbom generation to goreleaser (#1850)
• bb5846e fix: Require minimum length of 8 characters password (#2009)
• 8c8815b fix: add base64 to ReadSchema (#1918)
• 73610d4 fix: add error.id to invalid cookie/token settings flow (#1919)
• 44892f3 fix: adds missing webauthn authentication method (#1914)
• 5f73bb0 fix: allow use of relative URLs in config (#1754)
• f9d2f82 fix: bodget docs commit
• 2cf137a fix: build docs on release
• 9d8e197 fix: de-duplicate message IDs (#1973)
• fd14798 fix: do not use csrf for meta endpoints (#1927)
• 8515e17 fix: docs links (#2008)
• c9be009 fix: e2e test regression (#1937)
• 07a1dbb fix: include text label for link email field
• 4bf1825 fix: panic on webhook with nil body (#1890)
• 8c852c7 fix: paths
• 9c75fe9 fix: resolve freebsd build issue (#2004)
• f1d7b9e fix: revert tag
• c860b99 fix: set dockerfile
• eb6d8cd fix: skip docs publishing for pre releases
• d3e4bde fix: speed up git clone
• 0edbebe fix: support complex lifespans (#2050)
• 850be90 fix: update docs after release
• 94e12e6 fix: update sdk orb
• a9196f2 fix: use bcrypt for password hashing in example
• 09cfc7e fix: use new ory installation method
• 44411ab fix: verification error code (#1967)
• c914ba1 test(e2e): improved SDK set up and arm fix (#1933)
• 1761418 test(e2e): split e2e script into setup and test phase (#2027)
• 316e940 test: add web hook test cases (#2051)
• 0bb66de test: fix changed message ID (#2013)
• a820653 test: update snapshots

Docker images

• docker pull oryd/kratos:v0.8.1-alpha.1
• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.8
• docker pull oryd/kratos:v0.8.1

Artifacts can be verified with cosign using this public key.