# Which Problems Are Solved
Stabilize the usage of webkeys.
# How the Problems Are Solved
- Remove all legacy signing key code from the OIDC API
- Remove the webkey feature flag from proto
- Remove the webkey feature flag from console
- Cleanup documentation
# Additional Changes
- Resolved some canonical header linter errors in OIDC
- Use the constant for `projections.lock` in the saml package.
# Additional Context
- Closes#10029
- After #10105
- After #10061
# Which Problems Are Solved
Stabilize the optimized introspection code and cleanup unused code.
# How the Problems Are Solved
- `oidc_legacy_introspection` feature flag is removed and reserved.
- `OPStorage` which are no longer needed have their bodies removed.
- The method definitions need to remain in place so the interface
remains implemented.
- A panic is thrown in case any such method is still called
# Additional Changes
- A number of `OPStorage` methods related to token creation were already
unused. These are also cleaned up.
# Additional Context
- Closes#10027
- #7822
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
This pull request updates several dependencies in the
`docs/package.json` file to their latest minor versions, ensuring
compatibility and access to the latest features and fixes.
Dependency updates:
* Updated `@docusaurus/core`, `@docusaurus/faster`,
`@docusaurus/preset-classic`, `@docusaurus/theme-mermaid`, and
`@docusaurus/theme-search-algolia` from version `^3.8.0` to `^3.8.1` in
the `dependencies` section.
* Updated `@docusaurus/module-type-aliases` and `@docusaurus/types` from
version `^3.8.0` to `^3.8.1` in the `devDependencies` section.
Co-authored-by: Florian Forster <florian@zitadel>
# Which Problems Are Solved
Token Exchange will not move from Beta to GA feature, as there are still
some unsolved issues
# How the Problems Are Solved
Remove from roadmap
# Which Problems Are Solved
As we migrate resources to the new API, whenever a an implementation got
merged, the API reference was added to the docs sidenav. As these new
services and their implementation are not yet released, it can be
confusing for developers as the corresponding endpoints return 404 or
unimplemented errors.
# How the Problems Are Solved
Currently we just remove it from the sidenav and will add it once
they're released. We're looking into a proper solution for the API
references.
# Additional Changes
None
# Additional Context
None
# Which Problems Are Solved
The output of the sql statement of tech advisory was unclear on how the
data should be compared
# How the Problems Are Solved
An additional column is added to the output to show the effective
difference of the old and new position.
# Which Problems Are Solved
The current public roadmap can be hard to understand for customers and
it doesn't show the timelines for the different versions. which results
in a lot of requests.
It only outlines what is already fixed on the timeline, but doesn't give
any possibilities to outline future topics / features, which not yet
have a timeline
# How the Problems Are Solved
A new roadmap page is added
- Outline for each version when it will have which state
- Outline different zitadel versions with its features, deprecations,
breaking changes, etc.
- Show future topics, which are not yet on the roadmap
# Which Problems Are Solved
If the sql statement of technical advisory 10016 gets executed on
cockroach the following error is raised:
```
ERROR: WITH clause "fixed" does not return any columns
SQLSTATE: 0A000
HINT: missing RETURNING clause?
```
# How the Problems Are Solved
Fixed the statement by adding `returning` to statement
> [!IMPORTANT]
> We need to change the ENV `VERCEL_FORCE_NO_BUILD_CACHE` to `0` which
is currently `1` to enable the cache on all deployments
This pull request includes several updates to the documentation and
benchmarking components, focusing on improving performance, error
handling, and compatibility with newer versions of Docusaurus. The key
changes include the removal of outdated configurations, updates to
dependencies, and enhancements to the `BenchmarkChart` component for
better error handling and data validation.
### Documentation and Configuration Updates:
* **Removed outdated Babel and Webpack configurations**: The
`babel.config.js` file was deleted, and the Webpack configuration was
removed from `docusaurus.config.js` to align with the latest Docusaurus
setup.
[[1]](diffhunk://#diff-2ed4f5b03d34a87ef641e9e36af4a98a1c0ddaf74d07ce93665957be69b7b09aL1-L4)
[[2]](diffhunk://#diff-28742c737e523f302e6de471b7fc27284dc8cf720be639e6afe4c17a550cd654L204-L225)
* **Added experimental features in Docusaurus**: Introduced a `future`
section in `docusaurus.config.js` to enable experimental features like
`swcJsLoader`, `rspackBundler`, and `lightningCssMinimizer`, while
disabling problematic settings due to known issues.
### Dependency Updates:
* **Upgraded Docusaurus and related packages**: Updated dependencies in
`package.json` to use Docusaurus version `^3.8.0` and newer versions of
associated plugins and themes for improved performance and
compatibility.
[[1]](diffhunk://#diff-adfa337ce44dc2902621da20152a048dac41878cf3716dfc4cc56d03aa212a56L25-R39)
[[2]](diffhunk://#diff-adfa337ce44dc2902621da20152a048dac41878cf3716dfc4cc56d03aa212a56L66-R67)
### Component Enhancements:
* **Improved `BenchmarkChart` error handling**: Refactored the
`BenchmarkChart` component to validate input data, handle errors
gracefully, and provide meaningful fallback messages when data is
missing or invalid.
[[1]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eL4-R21)
[[2]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eR72-R76)
* **Fixed edge cases in chart rendering**: Addressed issues like invalid
timestamps, undefined `p99` values, and empty data sets to ensure robust
chart generation.
[[1]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eL19-L29)
[[2]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eL38-R61)
### Documentation Benchmark Updates:
* **Simplified imports in benchmark files**: Replaced the use of
`raw-loader` with direct imports for benchmark data in multiple `.mdx`
files to streamline the documentation setup.
[[1]](diffhunk://#diff-a9710709396e5ff6756aedf89dfcbd62aeea15368ba33bf3932ebf33046a29e8L66-R66)
[[2]](diffhunk://#diff-0a9b6103c97c58792450bfd2d337bbb8a6b72df2ae326cc56ebc96e01c0acd6bL35-R35)
[[3]](diffhunk://#diff-38f45388e065c57f1282a43bb319354da3c218e96d95ca20f4d11709f48491b8L36-R36)
[[4]](diffhunk://#diff-b8e792ebe42fcb16a493e35d23b58a91c2117d949953487e70f379c64e5cb7c0L36-R36)
[[5]](diffhunk://#diff-3778acfa893504004008b162fa95f21f1c7c40dcf1868bbbaaa504ac5d51901aL38-R38)
<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->
# Which Problems Are Solved
Broken links on the default settings page.
# How the Problems Are Solved
Fixed the reference
# Additional Changes
# Additional Context
# Which Problems Are Solved
The login v1 allowed to use JWTs as IdP using the JWT IDP. The login V2
uses idp intents for such cases, which were not yet able to handle JWT
IdPs.
# How the Problems Are Solved
- Added handling of JWT IdPs in `StartIdPIntent` and `RetrieveIdPIntent`
- The redirect returned by the start, uses the existing `authRequestID`
and `userAgentID` parameter names for compatibility reasons.
- Added `/idps/jwt` endpoint to handle the proxied (callback) endpoint ,
which extracts and validates the JWT against the configured endpoint.
# Additional Changes
None
# Additional Context
- closes#9758
# Which Problems Are Solved
Currently if a user signs in using an IdP, once they sign out of
Zitadel, the corresponding IdP session is not terminated. This can be
the desired behavior. In some cases, e.g. when using a shared computer
it results in a potential security risk, since a follower user might be
able to sign in as the previous using the still open IdP session.
# How the Problems Are Solved
- Admins can enabled a federated logout option on SAML IdPs through the
Admin and Management APIs.
- During the termination of a login V1 session using OIDC end_session
endpoint, Zitadel will check if an IdP was used to authenticate that
session.
- In case there was a SAML IdP used with Federated Logout enabled, it
will intercept the logout process, store the information into the shared
cache and redirect to the federated logout endpoint in the V1 login.
- The V1 login federated logout endpoint checks every request on an
existing cache entry. On success it will create a SAML logout request
for the used IdP and either redirect or POST to the configured SLO
endpoint. The cache entry is updated with a `redirected` state.
- A SLO endpoint is added to the `/idp` handlers, which will handle the
SAML logout responses. At the moment it will check again for an existing
federated logout entry (with state `redirected`) in the cache. On
success, the user is redirected to the initially provided
`post_logout_redirect_uri` from the end_session request.
# Additional Changes
None
# Additional Context
- This PR merges the https://github.com/zitadel/zitadel/pull/9841 and
https://github.com/zitadel/zitadel/pull/9854 to main, additionally
updating the docs on Entra ID SAML.
- closes#9228
- backport to 3.x
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
# Which Problems Are Solved
Resource management of projects and sub-resources was before limited by
the context provided by the management API, which would mean you could
only manage resources belonging to a specific organization.
# How the Problems Are Solved
With the addition of a resource-based API, it is now possible to manage
projects and sub-resources on the basis of the resources themselves,
which means that as long as you have the permission for the resource,
you can create, read, update and delete it.
- CreateProject to create a project under an organization
- UpdateProject to update an existing project
- DeleteProject to delete an existing project
- DeactivateProject and ActivateProject to change the status of a
project
- GetProject to query for a specific project with an identifier
- ListProject to query for projects and granted projects
- CreateProjectGrant to create a project grant with project and granted
organization
- UpdateProjectGrant to update the roles of a project grant
- DeactivateProjectGrant and ActivateProjectGrant to change the status
of a project grant
- DeleteProjectGrant to delete an existing project grant
- ListProjectGrants to query for project grants
- AddProjectRole to add a role to an existing project
- UpdateProjectRole to change texts of an existing role
- RemoveProjectRole to remove an existing role
- ListProjectRoles to query for project roles
# Additional Changes
- Changes to ListProjects, which now contains granted projects as well
- Changes to messages as defined in the
[API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md)
- Permission checks for project functionality on query and command side
- Added testing to unit tests on command side
- Change update endpoints to no error returns if nothing changes in the
resource
- Changed all integration test utility to the new service
- ListProjects now also correctly lists `granted projects`
- Permission checks for project grant and project role functionality on
query and command side
- Change existing pre checks so that they also work resource specific
without resourceowner
- Added the resourceowner to the grant and role if no resourceowner is
provided
- Corrected import tests with project grants and roles
- Added testing to unit tests on command side
- Change update endpoints to no error returns if nothing changes in the
resource
- Changed all integration test utility to the new service
- Corrected some naming in the proto files to adhere to the API_DESIGN
# Additional Context
Closes#9177
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->
# Which Problems Are Solved
These changes introduce resource-based API endpoints for managing
instances and custom domains.
There are 4 types of changes:
- Endpoint implementation: consisting of the protobuf interface and the
implementation of the endpoint. E.g:
606439a172
- (Integration) Tests: testing the implemented endpoint. E.g:
cdfe1f0372
- Fixes: Bugs found during development that are being fixed. E.g:
acbbeedd32
- Miscellaneous: code needed to put everything together or that doesn't
fit any of the above categories. E.g:
529df92abc or
6802cb5468
# How the Problems Are Solved
_Ticked checkboxes indicate that the functionality is complete_
- [x] Instance
- [x] Create endpoint
- [x] Create endpoint tests
- [x] Update endpoint
- [x] Update endpoint tests
- [x] Get endpoint
- [x] Get endpoint tests
- [x] Delete endpoint
- [x] Delete endpoint tests
- [x] Custom Domains
- [x] Add custom domain
- [x] Add custom domain tests
- [x] Remove custom domain
- [x] Remove custom domain tests
- [x] List custom domains
- [x] List custom domains tests
- [x] Trusted Domains
- [x] Add trusted domain
- [x] Add trusted domain tests
- [x] Remove trusted domain
- [x] Remove trusted domain tests
- [x] List trusted domains
- [x] List trusted domains tests
# Additional Changes
When looking for instances (through the `ListInstances` endpoint)
matching a given query, if you ask for the results to be order by a
specific column, the query will fail due to a syntax error. This is
fixed in acbbeedd32 . Further explanation
can be found in the commit message
# Additional Context
- Relates to #9452
- CreateInstance has been excluded:
https://github.com/zitadel/zitadel/issues/9930
- Permission checks / instance retrieval (middleware) needs to be
changed to allow context based permission checks
(https://github.com/zitadel/zitadel/issues/9929), required for
ListInstances
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
# Which Problems Are Solved
This PR aims to clarify how to use the zitadel SDK with OAuth token
introspection.
# How the Problems Are Solved
Reworked the setup process on console needed to create the JSON key and
a PAT.
# Additional Changes
- Closes#5559
# Which Problems Are Solved
- Allow users to use SHA-256 and SHA-512 hashing algorithms. These
algorithms are used by Linux's crypt(3) function.
- Allow users to import passwords using the PHPass algorithm. This
algorithm is used by older PHP systems, WordPress in particular.
# How the Problems Are Solved
- Upgrade passwap to
[v0.9.0](https://github.com/zitadel/passwap/releases/tag/v0.9.0)
- Add sha2 and phpass as a new verifier option in defaults.yaml
# Additional Changes
- Updated docs to explain the two algorithms
# Additional Context
Implements the changes in the passwap library from
https://github.com/zitadel/passwap/pull/59 and
https://github.com/zitadel/passwap/pull/60
We are bringing our DPA and privacy policy document in line with our
changes to the corporate structure, changes to subprocessors, and new
cookie technologies.
This PR replaces #3055 which included more changes to terms of service.
The changes to terms of service will follow in a second step.
---------
Co-authored-by: Florian Forster <florian@zitadel.com>
# Which Problems Are Solved
The `auth.auth_requests` table is not cleaned up so long running Zitadel
installations can contain many rows.
The mirror command can take long because a the data are first copied
into memory (or disk) on cockroach and users do not get any output from
mirror. This is unfortunate because people don't know if Zitadel got
stuck.
# How the Problems Are Solved
Enhance logging throughout the projection processes and introduce a
configuration option for the maximum age of authentication requests.
# Additional Changes
None
# Additional Context
closes https://github.com/zitadel/zitadel/issues/9764
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
# Which Problems Are Solved
In some docs pages, we propose to generate a Zitadel masterkey using the
command `tr -dc A-Za-z0-9 </dev/urandom | head -c 32`. However, this
fails on some systems/locations with the error message `tr: Illegal byte
sequence`.
# How the Problems Are Solved
We replace the command by this more portable variant: `LC_ALL=C tr -dc
'[:graph:]' </dev/urandom | head -c 32`
# Additional Changes
None
# Additional Context
Found by @fcoppede while testing #9496. The new command works for him.
# Which Problems Are Solved
This PR resolves the issue #9648
# How the Problems Are Solved
Resolves a typo in the documentation
# Additional Context
- Closes #9648
- Discussion #9648
# Which Problems Are Solved
Actions v2 is not a feature flag anymore, include functionality on
executions is not used and json tags of proto messages are handled
incorrectly.
# How the Problems Are Solved
- Remove actions from the feature flags on system and instance level
- Remove include type on executions, only in the API, later maybe in the
handling logic as well
- Use protojson in request and response handling of actions v2
# Additional Changes
- Correct integration tests for request and response handling
- Use json.RawMessage for events, so that the event payload is not
base64 encoded
- Added separate context for async webhook calls, that executions are
not cancelled when called async
# Additional Context
Related to #9759Closes#9710
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
# Which Problems Are Solved
The docs overview pages and navs don't visually distinguish between
deprecated and GA APIs.
This makes it hard to find the right methods for the job already.
As we are implementing the resource API and continously deprecate
obsolete APIs, this only gets worse.
# How the Problems Are Solved
The UI items in docs overview pages are striked through and pushed to
the bottom of the list.
This applies to side navs as well as card lists.
For example, [see management user
methods](https://docs-git-strikethrough-deprecated-apis-zitadel.vercel.app/docs/apis/resources/mgmt/users):
A method is considered deprecated if it has this option set in the
protos rpc definition:
```protobuf
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
}
```
# Additional Changes
None
# Additional Context
- Relates to #9680
---------
Co-authored-by: David Skewis <david@zitadel.com>
# Which Problems Are Solved
Typo in `default-settings.mdx`
# How the Problems Are Solved
Corrects the typo 🙂
# Additional Changes
None
# Additional Context
None
Bumps [image-size](https://github.com/image-size/image-size) from 1.1.1
to 1.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/image-size/image-size/releases">image-size's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.1</h2>
<h2>Fixes</h2>
<ul>
<li>fix potential Denial of Service via specially crafted payloads in <a
href="640a67d9e8</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/image-size/image-size/compare/v1.2.0...v1.2.1">https://github.com/image-size/image-size/compare/v1.2.0...v1.2.1</a></p>
<h2>v1.2.0</h2>
<p>This release adds support for JPEG-XL ( <a
href="https://redirect.github.com/image-size/image-size/issues/409">#409</a>
)</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a4178fbb33"><code>a4178fb</code></a>
1.2.1</li>
<li><a
href="640a67d9e8"><code>640a67d</code></a>
fix potential Denial of Service via specially crafted payloads</li>
<li><a
href="9d41448d78"><code>9d41448</code></a>
1.2.0</li>
<li><a
href="405a244dae"><code>405a244</code></a>
fixups</li>
<li><a
href="76c5c9a8aa"><code>76c5c9a</code></a>
mention jpeg-xl in the readme</li>
<li><a
href="a10262c7c3"><code>a10262c</code></a>
Add support for JPEG XL (<a
href="https://redirect.github.com/image-size/image-size/issues/409">#409</a>)</li>
<li><a
href="a7a24a3fc4"><code>a7a24a3</code></a>
(app): Fix typo in comments (<a
href="https://redirect.github.com/image-size/image-size/issues/411">#411</a>)</li>
<li><a
href="9f482134b3"><code>9f48213</code></a>
update dependencies, and reformat code with eslint 9</li>
<li><a
href="64dda84cca"><code>64dda84</code></a>
refactor formats that use a ISO-BMFF container</li>
<li><a
href="e3ea53801d"><code>e3ea538</code></a>
no need to create hex strings in j2c</li>
<li>Additional commits viewable in <a
href="https://github.com/image-size/image-size/compare/v1.1.1...v1.2.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/zitadel/zitadel/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's
changelog</a>.</em></p>
<blockquote>
<h2>3.3.8</h2>
<ul>
<li>Fixed a way to break Nano ID by passing non-integer size (by <a
href="https://github.com/myndzi"><code>@myndzi</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3044cd5e73"><code>3044cd5</code></a>
Release 3.3.8 version</li>
<li><a
href="4fe34959c3"><code>4fe3495</code></a>
Update size limit</li>
<li><a
href="d643045f40"><code>d643045</code></a>
Fix pool pollution, infinite loop (<a
href="https://redirect.github.com/ai/nanoid/issues/510">#510</a>)</li>
<li>See full diff in <a
href="https://github.com/ai/nanoid/compare/3.3.7...3.3.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/zitadel/zitadel/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Which Problems Are Solved
With the recent updates of our customer portal design, our onboarding
guide and customer portal docs were outdated.
# How the Problems Are Solved
- Updated screenshots of customer portal
- Updated screenshots of onboarding in management console
- Updated quickstarts with changes that have been made in the onbaording
---------
Co-authored-by: Maximilian <mpa@zitadel.com>
# Which Problems Are Solved
The Kubernetes and Knative deployment docs suggest to depend on
CockroachDB installations even though we sunset the CockroachDB support
with the upcoming major version. This can be annoying for users who
create new environments using CockroachDB.
# How the Problems Are Solved
- The Kubernetes deployment is removed and points to examples in the
chart repo directy. This removes redundancies that are prone to getting
outdated without notice.
- The Knative deployment uses commands to deploy a PostgreSQL
StatefulSet instead of a CockroachDB StatefulSet. The DB command from
the Knative Tutorial is used, as users are likely to be familiar with
the tutorials configuration already. The static Kubernetes YAML files
for the DB as well as for the Zitadel Knative service are removed
altogether, as they are prone to getting outdated without notice and
don't serve any purpose.
# Additional Changes
- The outdated and boring video guide for Knative is removed.
- The Knative configuration is changed, so the first-time login becomes
easier which improves DevX.
- The current docker compose file doesn't work, this PR fixes it and
upgrades the used Postgres to v17.
# Additional Context
- Closes https://github.com/zitadel/zitadel-charts/issues/322
- Replaces https://github.com/zitadel/zitadel/pull/9540
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
# Which Problems Are Solved
Allow verification of imported salted passwords hashed with plain md5.
# How the Problems Are Solved
- Upgrade passwap to
[v0.7.0](https://github.com/zitadel/passwap/releases/tag/v0.7.0)
- Add md5salted as a new verifier option in `defaults.yaml`
# Additional Changes
- go version and libraries updated (required by passkey v0.7.0)
- secrets.md verifiers updated
- configuration verifiers updated
- added MD5salted and missing MD5Plain to test cases
# Which Problems Are Solved
- Refresh Tokens issued by third party authentication providers are lost
# How the Problems Are Solved
- Allows the existing post authentication action to capture the refresh
token
# Additional Changes
- Docs updated to reflect the new property
# Additional Context
- Partially addresses #7851 by allowing the refresh token to be
captured.
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
# Which Problems Are Solved
Running local development of the docs didn't work due to errors with
sidebar imports.
# How the Problems Are Solved
The imports held the sidebar items in a "default" object. Changed the
imports
# Additional Changes
removed some comments
# Which Problems Are Solved
The reverse proxy docs have too many links to the third party proxy
provider. This is noisy and might result in unintentional redirects.
# How the Problems Are Solved
The link to the proxy provider is only shown on the first occurence of
the provider name instead of all occurences.
# Which Problems Are Solved
We configured the default base URL for the hosted v2 login to
`/ui/v2/login`. However, the docs still instruct readers to configure
the URL explicitly. This is unneccesary mental overhead and a risk of
self-DOS due to typos.
# How the Problems Are Solved
The docs instruct readers to not configure the base URL in order to use
the default.
Co-authored-by: Livio Spring <livio.a@gmail.com>
# Which Problems Are Solved
- Lack of support for the Romanian language in the application.
# How the Problems Are Solved
- Added translations for the Romanian language
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
# Which Problems Are Solved
Actions v2 are not executed in different functions, as provided by the
actions v1.
# How the Problems Are Solved
Add functionality to call actions v2 through OIDC and SAML logic to
complement tokens and SAMLResponses.
# Additional Changes
- Corrected testing for retrieved intent information
- Added testing for IDP types
- Corrected handling of context for issuer in SAML logic
# Additional Context
- Closes#7247
- Dependent on https://github.com/zitadel/saml/pull/97
- docs for migration are done in separate issue:
https://github.com/zitadel/zitadel/issues/9456
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
# Which Problems Are Solved
Currently I am not able to run the new login with a service account with
an IAM_OWNER role.
As the role is missing some permissions which the LOGIN_CLIENT role does
have
# How the Problems Are Solved
Added session permissions to the IAM_OWNER
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
