Skip to content

11.0.0
Compare
Choose a tag to compare
@rra rra released this 20 May 21:59
· 196 commits to main since this release
11.0.0
This tag was signed with the committer’s verified signature. The key has expired.
rra Russ Allbery
GPG key ID: 7D80315C5736DE75
Expired
Learn about vigilant mode.
8ede617
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Backwards-incompatible changes

  • Drop support for getting user metadata from OpenID Connect token claims. LDAP, for both user metadata and group membership, is now required when using an OpenID Connect authentication, including CILogon.
  • Remove support for getting group GIDs from a ForgeRock Identity Management server. LDAP support should be used instead.
  • Drop support for LDAP groups without GIDs. Either Firestore GID assignment must be enabled or LDAP must contain a GID for each group. Groups without GIDs in LDAP will be ignored if Firestore is not enabled.
  • Retrieval of the UID and primary GID from LDAP is now enabled by default unless Firestore is enabled.
  • Replace config.tokenLifetimeMinutes with config.tokenLifetime, which accepts one or more time intervals with suffixes w, d, h, m, and s for weeks, days, hours, minutes, and seconds, respectively.
  • Change the default of config.cilogon.usernameClaim to username. This is what we use for all current CILogon integrations.
  • Change the default of config.ldap.groupSearchByDn to true. To preserve the previous behavior of searching by the bare username, this setting must be explicitly set to false.
  • Support for config.loglevel in Helm values has been dropped. Use config.logLevel instead (note the capital L).
  • Remove the /auth/analyze route. This was an old way for a user to see information about their token that has been deprecated for many releases. The output used the old JWT token claim format and was missing a great deal of useful information. /auth/api/v1/user-info and /auth/api/v1/token-info should be used instead.

New features

  • Support overriding the HTTP authentication realm for WWW-Authenticate challenges by setting config.realm.
  • Support overriding the OpenID Connect issuer (iss claim) and key ID (kid claim) for the internal OpenID Connect server by setting config.oidcServer.issuer and config.oidcServer.kid, respectively.

Other changes

  • Drop support for running a local development instance of Gafaelfawr. This support wasn't used during development and has some maintenance cost. Integration testing of development versions of Gafaelfawr should instead be done in a development Phalanx environment.
  • Move the docker-compose.yaml file, now used only for creating Alembic migrations, into the alembic subdirectory and update the documentation for creating new Alembic migraitons accordingly.

What's Changed

  • DM-43689: Move more development dependencies to requirements by @rra in #996
  • Bump @babel/eslint-parser from 7.23.10 to 7.24.1 in /ui by @dependabot in #994
  • Bump react-datepicker from 6.3.0 to 6.6.0 in /ui by @dependabot in #993
  • Bump date-fns from 3.5.0 to 3.6.0 in /ui by @dependabot in #991
  • DM-43689: Update JavaScript dependencies by @rra in #997
  • DM-43714: Switch to tox-uv, fix docs by @rra in #998
  • DM-43714: Use frozen dependencies for tox by @rra in #1005
  • Bump medyagh/setup-minikube from 0.0.15 to 0.0.16 by @dependabot in #999
  • Add explicit mention of Keycloak to docs by @rra in #1006
  • DM-44136: Update Docker base image by @rra in #1010
  • Bump eslint-plugin-html from 8.0.0 to 8.1.1 in /ui by @dependabot in #1009
  • DM-44136: Drop support for ForgeRock by @rra in #1011
  • Bump gatsby from 5.13.3 to 5.13.4 in /ui by @dependabot in #1002
  • Bump react-datepicker from 6.6.0 to 6.9.0 in /ui by @dependabot in #1007
  • Bump react-is from 18.2.0 to 18.3.1 in /ui by @dependabot in #1008
  • Bump react-icons from 5.0.1 to 5.1.0 in /ui by @dependabot in #1004
  • DM-44136: Update dependencies by @rra in #1012
  • DM-44136: Simplify sources of user metadata by @rra in #1013
  • DM-44136: Stop importing symbols from _pytest by @rra in #1014
  • DM-44136: Switch to native Pydantic camel-case support by @rra in #1015
  • DM-44136: Simplify Docker container construction by @rra in #1016
  • DM-44136: Use Annotated for dependencies and handlers by @rra in #1017
  • Bump react-icons from 5.1.0 to 5.2.0 in /ui by @dependabot in #1018
  • DM-44136: Update dependencies by @rra in #1020
  • DM-44136: Move database test helper functions to module by @rra in #1021
  • DM-44136: Refactor OIDC tests by @rra in #1022
  • DM-44136: Add test for disabling LDAP attributes by @rra in #1023
  • DM-44289: Remove /auth/analyze routes by @rra in #1024
  • DM-44269: Drop support for a local development instance by @rra in #1025
  • DM-44269: Remove workaround for FastAPI bug by @rra in #1026
  • DM-44269: Rework the Gafaelfawr configuration layer by @rra in #1029
  • Bump gatsby from 5.13.4 to 5.13.5 in /ui by @dependabot in #1030
  • Bump react-icons from 5.2.0 to 5.2.1 in /ui by @dependabot in #1028
  • Bump styled-components from 6.1.9 to 6.1.11 in /ui by @dependabot in #1027
  • DM-44269: Prepare Gafaelfawr 11.0.0 release by @rra in #1031

Full Changelog: 10.1.0...11.0.0

Contributors

rra and dependabot
Assets 2
Loading