goauthentik · rissson · Jun 14, 2024 · May 22, 2024 · May 29, 2024 · Jun 10, 2024
@@ -0,0 +1,138 @@
+---
+title: Release 2024.6
+slug: /releases/2024.6
+---
+
+:::::note
+2024.6 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
+
+To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.6.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
+:::::
+
+## Breaking changes
+
+### PostgreSQL minimum supported version upgrade
+
+authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if you are running an older version.
+
+The provided Helm chart defaults to PostgreSQL 15. If you are using the Helm chart with the default values, no action is required.
+
+The provided Compose file was updated with PostgreSQL 16. You can follow the procedure [here](../../troubleshooting/postgres/upgrade_docker.md) to upgrade.
+
+## New features
+
+-   Google Workspace Provider (preview) (enterprise)
+-   Microsoft Entra Provider (preview) (enterprise)
+-   Reworked proxy provider redirect
+-   Optimize sync and property mapping execution
+-   Read-replica DB support
+
+## Upgrading
+
+authentik now requires PostgreSQL version 14 or later. We recommend upgrading to the latest version if needed. Follow the instructions [here](../../troubleshooting/postgres/upgrade_docker.md) if you need to upgrade PostgreSQL with docker-compose.
+
+### docker-compose
+
+To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
+
+```shell
+wget -O docker-compose.yml https://goauthentik.io/version/2024.6/docker-compose.yml
+docker compose up -d
+```
+
+The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
+
+### Kubernetes
+
+Upgrade the Helm Chart to the new version, using the following commands:
+
+```shell
+helm repo update
+helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6
+```
+
+## Minor changes/fixes
+
+-   core: FIPS (#9683)
+-   core: add include_users flag to single group retrieval (#9721)
+-   core: add option to select group for property mapping testing (#9834)
+-   core: fix auth_method and auth_method_args being overwritten by password stage (#9782)
+-   core: fix condition in task clean_expiring_models (#9603)
+-   core: fix logic for token expiration (#9426)
+-   core: fix source flow_manager not always appending save stage (#9659)
+-   core: fix source_flow_manager saving user-source connection too early (#9559)
+-   core: fix task clean_expiring_models removing valid sessions with using database storage (#9598)
+-   core: groups api: always prefetch users (#9974)
+-   core: groups: optimize recursive children query (#9931)
+-   core: only prefetch related objects when required (#9476)
+-   crypto: update fingerprint at same time as certificate (#10036)
+-   enterprise/audit: fix audit logging with m2m relations (#9571)
+-   enterprise/providers/google: initial account sync to google workspace (#9384)
+-   enterprise/providers/google_workspace: ensure no group is created when no property mappings are set (#9783)
+-   enterprise/providers/microsoft_entra: initial account sync to microsoft entra (#9632)
+-   enterprise/providers/microsoft_entra: fix error when updating connection attributes (#10039)
+-   enterprise/stages/source: fix error when creating source stage from blueprint (#9810)
+-   events: ensure all models' **str** can be called without any further lookups (#9480)
+-   events: fix geoip enrich context not converting to json-seriazable data (#9885)
+-   flows: fix execute API endpoint (#9478)
+-   lib/providers/sync: improve outgoing sync (#9835)
+-   lib/providers/sync: multiple minor fixes (#9667)
+-   lib/sync/outgoing, sources/ldap: fix sync status endpoint (#9855)
+-   lib/sync: fix json error (#9827)
+-   lifecycle/migrate: only acquire lock once (#9856)
+-   lifecycle: always try custom redis URL (#9441)
+-   lifecycle: close database connection after migrating (#9516)
+-   lifecycle: fix ak test-all command
+-   policies: fix ak_call_policy failing when used in testing (#9853)
+-   providers/oauth2: don't handle api scope as special scope (#9910)
+-   providers/proxy: rework redirect mechanism (#8594)
+-   providers/rac: bump guacd to 1.5.5 (#9514)
+-   providers/saml: fix ecdsa support (#9537)
+-   providers/scim, sources/ldap: switch to using postgres advisory locks instead of redis locks (#9511)
+-   providers/scim: fix SCIM ID incorrectly used as primary key (#9557)
+-   providers/scim: fix time_limit not set correctly (#9546)
+-   providers/scim: optimize PropertyMapping fetching and execution (#9689)
+-   providers/sync: improve v3 (#9966)
+-   providers/sync: update attributes on update (#10012)
+-   rbac: fix some rough edges and inconsistencies (#9771)
+-   root: add primary-replica db router (#9479)
+-   root: bump blueprint schema version
+-   root: docker-compose: remove version top level element (#9631)
+-   root: include task_id in events and logs (#9749)
+-   sources/oauth: ensure all UI sources return a valid source (#9401)
+-   sources/oauth: fix OAuth Client sending token request incorrectly (#9474)
+-   sources/oauth: modernizes discord icon (#9817)
+-   sources/saml: fix FlowPlanner error due to pickle (#9708)
+-   sources/scim: fix duplicate groups and invalid schema (#9466)
+-   sources/scim: fix service account user path (#9463)
+-   stages/authenticator_validate: fix priority of auth_method being set to auth_webauthn_pwl (#9909)
+-   stages/authenticator_webauthn: migrate device type import to systemtask and schedule (#9958)
+-   stages/authenticator_webauthn: optimize device types creation (#9932)
+-   stages/captcha: rework (#9959)
+-   stages/email: fix sanitization of email addresses (#9999)
+-   stages/identification: don't check source component (#9410)
+-   stages/user_login: fix non-json-serializable being used (#9886)
+-   tenants: fix scheduled tasks not running on default tenant (#9583)
+-   web/admin: add link to enterprise docs on license page (#9811)
+-   web/admin: fix disabled button color with dark theme (#9465)
+-   web/admin: fix document title for admin interface (#9362)
+-   web/admin: fix entra provider mapping form (#9767)
+-   web/admin: fix scim provider user list (#10028)
+-   web/admin: only show non-backchannel providers in application provider select (#9658)
+-   web/admin: rework initial wizard pages and add grid layout (#9668)
+-   web/admin: show user internal service account as disabled (#9464)
+-   web/admin: use chips to display permissions/scopes (#9912)
+-   web/common: fix locale detection for user-set locale (#9436)
+-   web/flows: fix error when enrolling multiple WebAuthn devices consecutively (#9545)
+-   web/flows: fix error when using consecutive webauthn validator stages (#9629)
+-   web/flows: fix missing fallback for flow logo (#9487)
+-   web: Add missing integrity hashes to package-lock.json (#9527)
+-   web: Add resolved and integrity fields back to package-lock.json (#9419)
+-   web: clean up some repetitive types (#9241)
+-   web: clean up the options rendering in PromptForm (#9564)
+-   web: fix value handling inside controlled components (#9648)
+-   web: markdown: display markdown even when frontmatter is missing (#9404)
+
+## API Changes
+
+<!-- insert output of `make gen-diff` here -->
@@ -412,13 +412,14 @@ const docsSidebar = {
                 description: "Release notes for recent authentik versions",
             },
             items: [
+                "releases/2024/v2024.6",
                 "releases/2024/v2024.4",
                 "releases/2024/v2024.2",
-                "releases/2023/v2023.10",
                 {
                     type: "category",
                     label: "Previous versions",
                     items: [
+                        "releases/2023/v2023.10",
                         "releases/2023/v2023.8",
                         "releases/2023/v2023.6",
                         "releases/2023/v2023.5",