mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-06 15:02:13 +00:00
82e232af72f92a62a4bacbc96eeaf09ba1be05d0
3664 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Silvan
|
82e232af72 |
fix(mirror): add max auth request age configuration (#9812)
# Which Problems Are Solved
The `auth.auth_requests` table is not cleaned up so long running Zitadel
installations can contain many rows.
The mirror command can take long because a the data are first copied
into memory (or disk) on cockroach and users do not get any output from
mirror. This is unfortunate because people don't know if Zitadel got
stuck.
# How the Problems Are Solved
Enhance logging throughout the projection processes and introduce a
configuration option for the maximum age of authentication requests.
# Additional Changes
None
# Additional Context
closes https://github.com/zitadel/zitadel/issues/9764
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
Tim Möhlmann
|
19aacdab26 |
fix(instance): add web key generation to instance defaults (#9815)
# Which Problems Are Solved
Webkeys were not generated with new instances when the webkey feature
flag was enabled for instance defaults. This would cause a redirect loop
with console for new instances on QA / coud.
# How the Problems Are Solved
- uncomment the webkeys section on defaults.yaml
- Fix field naming of webkey config
# Additional Changes
- Add all available features as comments.
- Make the improved performance type enum parsable from the config,
untill now they were just ints.
- Running of the enumer command created missing enum entries for feature
keys.
# Additional Context
- Needs to be back-ported to v3 / next-rc
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
Ramon
|
0af5346288 |
fix: Improve Actions V2 Texts and reenable in settings (#9814)
# Which Problems Are Solved
This pr includes improved texts to make the usage of Actions V2 more
easy.
Since the removal of the Actions V2 Feature Flag we removed the code
that checks if it's enabled in the settings sidenav.
# How the Problems Are Solved
Added new texts to translations. Removed sidenav logic that checks for
Actions V2 Feature Flag
# Additional Context
- Part of #7248
- Part of #9688
---------
Co-authored-by: Max Peintner <peintnerm@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
(cherry picked from commit
|
||
|
David Skewis
|
9fd64b2dec |
fix: update session recordings for posthog (#9775)
<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->
# Which Problems Are Solved
- Updates to only capture 10% of events with posthog
# How the Problems Are Solved
- Uses a feature flag rolled out to 10% of users to enable the capture
# Additional Changes
N/A
# Additional Context
N/A
(cherry picked from commit
|
||
|
Stefan Benz
|
ff6d593922 |
fix: remove action feature flag and include execution (#9727)
# Which Problems Are Solved
Actions v2 is not a feature flag anymore, include functionality on
executions is not used and json tags of proto messages are handled
incorrectly.
# How the Problems Are Solved
- Remove actions from the feature flags on system and instance level
- Remove include type on executions, only in the API, later maybe in the
handling logic as well
- Use protojson in request and response handling of actions v2
# Additional Changes
- Correct integration tests for request and response handling
- Use json.RawMessage for events, so that the event payload is not
base64 encoded
- Added separate context for async webhook calls, that executions are
not cancelled when called async
# Additional Context
Related to #9759
Closes #9710
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
Livio Spring
|
6d0829da81 |
chore: only download release relevant artifacts (#9808)
<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->
# Which Problems Are Solved
https://github.com/zitadel/zitadel/pull/9765 fixed an issue for with
actions cache service. The PR updated the push action, which now also
provides a build summary. The "release" step tries to download all
artifacts, which now fails:
https://github.com/zitadel/zitadel/actions/runs/14660464768/job/41145285454
# How the Problems Are Solved
Only download relevant artifacts, which are published as part of the
release.
# Additional Changes
None
# Additional Context
None
(cherry picked from commit
|
||
|
Livio Spring
|
cd19b264b3 |
fix(actions): handle empty deny list correctly (#9753)
<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->
# Which Problems Are Solved
A customer reached out that after an upgrade, actions would always fail
with the error "host is denied" when calling an external API.
This is due to a security fix
(https://github.com/zitadel/zitadel/security/advisories/GHSA-6cf5-w9h3-4rqv),
where a DNS lookup was added to check whether the host name resolves to
a denied IP or subnet.
If the lookup fails due to the internal DNS setup, the action fails as
well. Additionally, the lookup was also performed when the deny list was
empty.
# How the Problems Are Solved
- Prevent DNS lookup when deny list is empty
- Properly initiate deny list and prevent empty entries
# Additional Changes
- Log the reason for blocked address (domain, IP, subnet)
# Additional Context
- reported by a customer
- needs backport to 2.70.x, 2.71.x and 3.0.0 rc
(cherry picked from commit
|
||
|
Stygmates
|
fcc2cb170d |
fix: text buttons overflow in login page (#9637)
# Which Problems Are Solved
The text of some of the buttons in the login page overflows in some
languages
# How the Problems Are Solved
Updated the css to set the overflow to hidden and text-overflow to
ellipsis, this is the simplest fix I could come up with, if you have a
better alternative feel free to tell me what you would prefer 🙏
# Additional Changes
None
# Additional Context
I couldn't test the following case locally since I had trouble setting
up a SMTP provider locally, but the class affected by my change should
also target this case, if someone could test it before merging it
🙏:
- Closes #7619
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
(cherry picked from commit
|
||
|
Max Peintner
|
ba3cfd7bae |
fix(console): list of unique v2 sessions (#9778)
This PR ensures that the list of recent sessions has no duplicate
entries.
To ensure the sessions are unique, we create a map using the loginName
property.
---------
Co-authored-by: conblem <mail@conblem.me>
(cherry picked from commit
|
||
|
Ramon
|
3348acdbab |
feat: Actions V2 improvements in console (#9759)
# Which Problems Are Solved
This PR allows one to edit the order of Actions V2 Targets in an
Execution. Editing of Targets was also added back again.
# How the Problems Are Solved
One of the changes is the addition of the CorrectlyTypedExecution which
restricts the Grpc types a bit more to make working with them easier.
Some fields may be optional in the Grpc Protobuf but in reality are
always set.
Typings were generally improved to make them more accurate and safer to
work with.
# Additional Changes
Removal of the Actions V2 Feature flag as it will be enabled by default
anyways.
# Additional Context
This pr used some advanced Angular Signals logic which is very
interesting for future PR's.
- Part of the tasks from #7248
---------
Co-authored-by: Max Peintner <peintnerm@gmail.com>
(cherry picked from commit
|
||
|
Zach Hirschtritt
|
7fceb5eaf8 |
fix: Auto cleanup failed Setup steps if process is killed (#9736)
# Which Problems Are Solved
When running a long-running Zitadel Setup, Kubernetes might decide to
move a pod to a new node automatically. Currently, this puts any
migrations into a broken state that an operator needs to manually run
the "cleanup" command on - assuming they catch the error.
The only super long running commands are typically projection pre-fill
operations, which depending on the size of the event table for that
projection, can take many hours - plenty of time for Kubernetes to make
unexpected decisions, especially in a busy cluster.
# How the Problems Are Solved
This change listens on `os.Interrupt` and `syscall.SIGTERM`, cancels the
current Setup context, and runs the `Cleanup` command. The logs then
look something like this:
```shell
...
INFO[0000] verify migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:43" name=repeatable_delete_stale_org_fields
INFO[0000] starting migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:66" name=repeatable_delete_stale_org_fields
INFO[0000] execute delete query caller="/Users/zach/src/zitadel/cmd/setup/39.go:37" instance_id=281297936179003398 migration=repeatable_delete_stale_org_fields progress=1/1
INFO[0000] verify migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:43" name=repeatable_fill_fields_for_instance_domains
INFO[0000] starting migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:66" name=repeatable_fill_fields_for_instance_domains
----- SIGTERM signal issued -----
INFO[0000] received interrupt signal, shutting down: interrupt caller="/Users/zach/src/zitadel/cmd/setup/setup.go:121"
INFO[0000] query failed caller="/Users/zach/src/zitadel/internal/eventstore/repository/sql/query.go:135" error="timeout: context already done: context canceled"
DEBU[0000] filter eventstore failed caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:155" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" projection=instance_domain_fields
DEBU[0000] unable to rollback tx caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:110" error="sql: transaction has already been committed or rolled back" projection=instance_domain_fields
INFO[0000] process events failed caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:72" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" projection=instance_domain_fields
DEBU[0000] trigger iteration caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:73" iteration=0 projection=instance_domain_fields
ERRO[0000] migration failed caller="/Users/zach/src/zitadel/internal/migration/migration.go:68" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" name=repeatable_fill_fields_for_instance_domains
ERRO[0000] migration finish failed caller="/Users/zach/src/zitadel/internal/migration/migration.go:71" error="context canceled" name=repeatable_fill_fields_for_instance_domains
----- Cleanup before exiting -----
INFO[0000] cleanup started caller="/Users/zach/src/zitadel/cmd/setup/cleanup.go:30"
INFO[0000] cleanup migration caller="/Users/zach/src/zitadel/cmd/setup/cleanup.go:47" name=repeatable_fill_fields_for_instance_domains
```
# Additional Changes
* `mustExecuteMigration` -> `executeMigration`: **must**Execute logged a
Fatal error previously which calls os.Exit so no cleanup was possible.
Instead, this PR returns an error and assigns it to a shared error in
the Setup closure that defer can check.
* `initProjections` now returns an error instead of exiting
# Additional Context
This behavior might be unwelcome or at least unexpected in some cases.
Putting it behind a feature flag or config setting is likely a good
followup.
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
(cherry picked from commit
|
||
|
Livio Spring
|
94bfa859f4 |
chore(ci): fix container build (#9765)
<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->
# Which Problems Are Solved
While creating a new release, the [pipeline
failed](https://github.com/zitadel/zitadel/actions/runs/14509737111/job/40705906723)
as GH sunset the old actions cache service:
https://github.blog/changelog/2025-03-20-notification-of-upcoming-breaking-changes-in-github-actions/#decommissioned-cache-service-brownouts
# How the Problems Are Solved
The `driver-opts` parameter is removed from the buildx actions to use
the latest stable image. ([new cache service is used by BuildKit >=
v0.20.0](https://docs.docker.com/build/ci/github-actions/cache/#cache-backend-api))
# Additional Changes
Updated docker/build-push-action to v6 in a first attempt to solve the
issue, but kept it as it gave some more insights (incl. build summary)
# Additional Context
Since the containers are only built on workflow triggers, here's the
corresponding pipeline run:
https://github.com/zitadel/zitadel/actions/runs/14513926232
(cherry picked from commit
|
||
|
Kenta Yamaguchi
|
a20f74441e |
chore(i18n): add IAM_LOGIN_CLIENT (#9681)
# Which Problems Are Solved
The i18n element `IAM_LOGIN_CLIENT` is missing a translation.
# How the Problems Are Solved
Added translations for `IAM_LOGIN_CLIENT` in each language.
Please note that the translations were generated using Copilot, so they
may not be entirely accurate (I'm only confident that they are correct
for English and Japanese). I appreciate any corrections or improvements.
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
(cherry picked from commit
|
||
|
Trong Huu Nguyen
|
051c36588b |
fix(console): correct count for users list, show create timestamp in user details (#9705)
This pull request fixes a couple of minor issues with the user list and
details pages in Console.
# Which Problems Are Solved
1. The total count in the users list was the total number of results
returned. This made the pagination not work when there were more than
`pageSize * 2` users.
2. The user details page did not show the created timestamp when viewing
a
user.
# How the Problems Are Solved
1. The response includes the total number calculated by the backend. Use
that instead.
2. Inverse the ternary returning the creation date.
# Additional Changes
None
# Additional Context
None
---------
Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no>
(cherry picked from commit
|
||
|
dependabot[bot]
|
ff0c55c4b2 |
chore(deps): bump @babel/runtime from 7.24.7 to 7.26.10 in /docs (#9575)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.24.7 to 7.26.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@babel/runtime</code>'s releases</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <p>Thanks <a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a> and <a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a> for your first PRs!</p> <p>This release includes a fix for <a href="https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8">https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8</a>, a security vulnerability which affects the <code>.replace</code> method of transpiled regular expressions that use named capturing groups.</p> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 6</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@babel-bot</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> <li>Yunyoung Jordan Choi (<a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a></li> <li><a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a></li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@babel/runtime</code>'s changelog</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17130">#17130</a> Use <code>.ts</code> files with explicit reexports to solve name conflicts (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17127">#17127</a> Do not depend on <code>@types/gensync</code> in Babel 7 (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h2>v7.26.7 (2025-01-24)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-helpers</code>, <code>babel-preset-env</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17086">#17086</a> Make "object without properties" helpers ES6-compatible (<a href="https://github.com/tquetano-netflix"><code>@tquetano-netflix</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-typeof-symbol</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17085">#17085</a> fix: Correctly handle <code>typeof</code> in arrow functions (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
56cc81fc1c |
chore(deps): bump @babel/helpers from 7.24.7 to 7.26.10 in /docs (#9576)
Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.24.7 to 7.26.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@babel/helpers</code>'s releases</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <p>Thanks <a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a> and <a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a> for your first PRs!</p> <p>This release includes a fix for <a href="https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8">https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8</a>, a security vulnerability which affects the <code>.replace</code> method of transpiled regular expressions that use named capturing groups.</p> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 6</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@babel-bot</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> <li>Yunyoung Jordan Choi (<a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a></li> <li><a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a></li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@babel/helpers</code>'s changelog</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17130">#17130</a> Use <code>.ts</code> files with explicit reexports to solve name conflicts (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17127">#17127</a> Do not depend on <code>@types/gensync</code> in Babel 7 (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h2>v7.26.7 (2025-01-24)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-helpers</code>, <code>babel-preset-env</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17086">#17086</a> Make "object without properties" helpers ES6-compatible (<a href="https://github.com/tquetano-netflix"><code>@tquetano-netflix</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-typeof-symbol</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17085">#17085</a> fix: Correctly handle <code>typeof</code> in arrow functions (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Stefan Benz
|
57b08dcf10 | Merge remote-tracking branch 'origin/main' into next-rc v3.0.0-rc.2 | ||
|
Stefan Benz
|
8fdd58f506 |
docs: add actions v2 docs (#9652)
# Which Problems Are Solved There is no documentation yet for Actions v2 regarding the different usable types and for migrating from Actions v1 to v2. # How the Problems Are Solved Add documentation for all use-cases. # Additional Changes None # Additional Context Closes #9456 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Livio Spring
|
a7a5124643 |
fix(mirror): initialize meter to prevent panic (#9712)
# Which Problems Are Solved With the change of #9561, the `mirror` command panics as there's no metrics provider configured. # How the Problems Are Solved Correctly initialize the provider (no-op by default) for the mirror command. # Additional Changes None # Additional Context relates to #9561 -> needs backports to 2.66.x - 2.71.x and 3.0.0-rc Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Livio Spring
|
79a5585f91 |
fix(login): handle requests without auth request correctly (#9713)
# Which Problems Are Solved We found some paths in the login UI, where requests without any `AuthRequest` were not handled correctly and could potentially panic. This also includes providing the `AuthRequest` as part of `ctx` object in actions V1. # How the Problems Are Solved - Check for the existance of an `AuthRequest` were needed and return an error otherwise. - Provide correct state of the `AuthRequest` for actions V1 # Additional Changes None # Additional Context - Noticed as part of a support request - requires backport to at least 2.70.x Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Emanuel Vintilă
|
7a5d1d67ba |
docs: fix typo in default-settings.mdx (#9719)
# Which Problems Are Solved
Typo in `default-settings.mdx`
# How the Problems Are Solved
Corrects the typo 🙂
# Additional Changes
None
# Additional Context
None
|
||
|
dependabot[bot]
|
c815ff2a35 |
chore(deps): bump image-size from 1.1.1 to 1.2.1 in /docs (#9700)
Bumps [image-size](https://github.com/image-size/image-size) from 1.1.1 to 1.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/image-size/image-size/releases">image-size's releases</a>.</em></p> <blockquote> <h2>v1.2.1</h2> <h2>Fixes</h2> <ul> <li>fix potential Denial of Service via specially crafted payloads in <a href=" |
||
|
Livio Spring
|
0f0a55ca18 |
chore!: ensure breaking change
create commit to ensure breaking change BREAKING CHANGE: breaking change for v3v3.0.0-rc.1 |
||
|
Fabienne Bühler
|
07ce3b6905 |
chore!: Introduce ZITADEL v3 (#9645)
This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com> |
||
|
Elio Bischof
|
d14a23ae7e |
chore(deps): group easily mergable dependabot PRs (#9689)
# Which Problems Are Solved
Dependabot creates a PR for each individual dependency update. This is
noisy and toil.
# How the Problems Are Solved
The easily mergable updates are grouped into fewer PRs.
Major updates and security updates are not grouped, as they might need
special attention.
For the github-actions updates, also the major updates are grouped, as
we have immediate and good enough feedback from the pipeline if a new
major doesn't work.
# Additional Changes
The e2e dependencies are also auto-updated.
# Additional Context
- We aggreed on grouping the dependabot PRs in todays Scrum daily.
- I don't know how to test the config. We might just have to merge it
and look how it goes 🤷♂️
|
||
|
Livio Spring
|
315503beab | Merge commit from fork | ||
|
Livio Spring
|
14de8ecac2 | Merge commit from fork | ||
|
Stefan Benz
|
2eb187f141 |
fix(migration): check if ldap2 already exists (#9674)
# Which Problems Are Solved With v2.71.0 the `idp_templates6_ldap3` projection was created but never filled, as it was a subtable. To fix this we altered the `idp_templates6_ldap3` to `idp_templates6_ldap2` with v2.71.5. This was unfortunately without a check that the `idp_templates_ldap2`was already existing, which resulted in an error in the setup step. # How the Problems Are Solved Add check if `idp_templates6_ldap2` is already existing, before renaming `idp_templates6_ldap3` -> `idp_templates6_ldap2`. # Additional Changes None # Additional Context Closes #9669 |
||
|
Silvan
|
817670f1f7 |
perf: improve scalability of session api (#9635)
This pull request improves the scalability of the session API by enhancing middleware tracing and refining SQL query behavior for user authentication methods. # Which Problems Are Solved - Eventstore subscriptions locked each other during they wrote the events to the event channels of the subscribers in push. - `ListUserAuthMethodTypesRequired` query used `Bitmap heap scan` to join the tables needed. - The auth and oidc package triggered projections often when data were read. - The session API triggered the user projection each time a user was searched to write the user check command. # How the Problems Are Solved - the `sync.Mutex` was replaced with `sync.RWMutex` to allow parallel read of the map - The query was refactored to use index scans only - if the data should already be up-to-date `shouldTriggerBulk` is set to false - as the user should already exist for some time the trigger was removed. # Additional Changes - refactoring of `tracing#Span.End` calls # Additional Context - part of https://github.com/zitadel/zitadel/issues/9239 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> |
||
|
dependabot[bot]
|
79d1e7d434 |
chore(deps): bump axios from 1.7.4 to 1.8.3 in /e2e (#9572)
Bumps [axios](https://github.com/axios/axios) from 1.7.4 to 1.8.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.8.3</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li>add missing type for allowAbsoluteUrls (<a href="https://redirect.github.com/axios/axios/issues/6818">#6818</a>) (<a href=" |
||
|
dependabot[bot]
|
bdf15a20f7 |
chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /docs (#9057)
Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.8</h2> <ul> <li>Fixed a way to break Nano ID by passing non-integer size (by <a href="https://github.com/myndzi"><code>@myndzi</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Zach Hirschtritt
|
c1535b7b49 |
feat: add prometheus metrics on projection handlers (#9561)
# Which Problems Are Solved With current provided telemetry it's difficult to predict when a projection handler is under increased load until it's too late and causes downstream issues. Importantly, projection updating is in the critical path for many login flows and increased latency there can result in system downtime for users. # How the Problems Are Solved This PR adds three new prometheus-style metrics: 1. **projection_events_processed** (_labels: projection, success_) - This metric gives us a counter of the number of events processed per projection update run and whether they we're processed without error. A high number of events being processed can let us know how busy a particular projection handler is. 2. **projection_handle_timer** _(labels: projection)_ - This is the time it takes to process a projection update given a batch of events - time to take the current_states lock, query for new events, reduce, update_the projection, and update current_states. 3. **projection_state_latency** _(labels: projection)_ - This is the time from the last event processed in the current_states table for a given projection. It tells us how old was the last event you processed? Or, how far behind are you running for this projection? Higher latencies could mean high load or stalled projection handling. # Additional Changes I also had to initialize the global otel metrics provider (`metrics.M`) in the `setup` step additionally to `start` since projection handlers are initialized at setup. The initialization checks if a metrics provider is already set (in case of `start-from-setup` or `start-from-init` to prevent overwriting, which causes the otel metrics provider to stop working. # Additional Context ## Example Dashboards   --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com> |
||
|
Stefan Benz
|
6b23c33cb6 |
fix: rename idp_templates6_ldap3 to ldap2 if necessary (#9565)
# Which Problems Are Solved Zitadel setup with v2.71.0 could result in errors regarding the idp_templates6_ldap3 subtable. # How the Problems Are Solved Rename the subtable idp_templates6_ldap3 to idp_templates6_ldap2 if no idp_templates6_ldap2 is existing and rename column `rootCA` to `root_ca`. # Additional Changes None # Additional Context Related PR #9292 --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> |
||
|
Stefan Benz
|
0e10ed0e0b |
fix: SAML and OIDC issuer (in proxied use cases) (#9638)
# Which Problems Are Solved When using implicit flow through the session API and a login UI on a custom domain (proxy), the tokens were signed by the API domain of the instance, rather than the public (proxy) domain. The SAML response had the same issue. Additionally, the saml library had an issue and lost the issuer context. This prevented also a successful login through the hosted login UI. # How the Problems Are Solved - The issuer of the SAML and Auth request is persisted to provide the information when signing the responses and tokens. - The SAML library is updated to the latest version. # Additional Changes None # Additional Context None |
||
|
Max
|
1c0c08307f |
feat: add EXPOSE command to Dockerfile (#9458)
# Which Problems Are Solved
- Solves a problem of healthcheck/use of zitadel in gitlab CI pipeline
# How the Problems Are Solved
- Adds an EXPOSE command to the Dockerfile
# Additional Changes
# Additional Context
- https://docs.docker.com/reference/dockerfile/#expose
-
|
||
|
Livio Spring
|
3424204291 |
chore(workflow): run jobs on public runners (#9643)
# Which Problems Are Solved Build and test workflows are currently running on specific GitHub hosted runners. These is not needed for most worklfows and just costs more. # How the Problems Are Solved Moved all the steps apart from integration-tests to public runners. # Additional Changes None # Additional Context None |
||
|
Ramon
|
b04babb4ef |
fix: update console deps (#9628)
# Which Problems Are Solved Closes most of the dependabot alerts # How the Problems Are Solved Updating Versions as much as possible. Angular upgrade was left out on purpose. # Additional Changes Some refactoring of unused code, which I stumbled upon looking at our used deps. |
||
|
Fabienne Bühler
|
febf410d80 |
docs: Update customer portal docs/screenshots (#9604)
# Which Problems Are Solved With the recent updates of our customer portal design, our onboarding guide and customer portal docs were outdated. # How the Problems Are Solved - Updated screenshots of customer portal - Updated screenshots of onboarding in management console - Updated quickstarts with changes that have been made in the onbaording --------- Co-authored-by: Maximilian <mpa@zitadel.com> |
||
|
Livio Spring
|
57bfecf7f7 |
fix(actions): correctly handle api.v1.appendUserGrant (#9598)
# Which Problems Are Solved It was not possible to use the `api.v1.appendUserGrant` function in the `postCreation` trigger action as documented. # How the Problems Are Solved - Correctly initialize the javascript / Goja function - Added `projectID` and `projectGrantID` (as documented), but kept `projectId` and `projectGrantId` (for backwards compatibility) when mapping the object in the `appendUserGrant` function # Additional Changes None # Additional Context - A customer reached out to support regarding this issue. - requires back port to 2.70.x |
||
|
Iraq
|
596970cc7e |
chore: updating go to 1.24 (#9507)
# Which Problems Are Solved Updating go to 1.24 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> |
||
|
Livio Spring
|
e7c7f9b800 |
fix: correct event type for permission removed (#9626)
# Which Problems Are Solved When we recently changed some permission for the `SYSTEM_OWNER` role on QA, we noticed that there we multiple `permission.added` even when we removed specific permissions. # How the Problems Are Solved Fixed the event type when removing permissions. # Additional Changes None # Additional Context Noticed when rolling out some changes on QA |
||
|
Livio Spring
|
54e513f312 |
fix(console): pass verification code for phone verification (#9616)
# Which Problems Are Solved While testing totally unrelated issues, I noticed that the phone verification in Console didn't work anymore. # How the Problems Are Solved Pass the verification `code` entered by the user to the API. # Additional Changes None # Additional Context probably relates to https://github.com/zitadel/zitadel/pull/9312 |
||
|
Livio Spring
|
c2c02492b9 |
chore: update dependencies (#9614)
# Which Problems Are Solved Multiple dependencies used by the Zitadel backend are outdated. # How the Problems Are Solved Update all direct dependencies (apart from the following two) to the latest version: - github.com/go-webauthn/webauthn: see https://github.com/zitadel/zitadel/issues/9615 - github.com/nicksnyder/go-i18n/v2 (v2.5.0 / 2.5.1 prevent the use of reserved keys such as `description`: https://github.com/nicksnyder/go-i18n/releases/tag/v2.5.0) # Additional Changes None # Additional Context None |
||
|
Tim Möhlmann
|
c3258ecf78 |
chore(deps): upgrade go mods from zitadel organization (#9601)
# Which Problems Are Solved Outdated dependencies foir packages developed by Zitadel. Some of them included important security updates from sub-dependencies. # How the Problems Are Solved Upgrade all packages under `github.com/zitadel/*` to the latest released version. # Additional Changes - The `github.com/superseriousbusiness/exifremove` was removed from Github. We copied the cached go mod code to https://github.com/zitadel/exifremove and use this module now. # Additional Context - Related to https://github.com/zitadel/zitadel/issues/9422 - Closes https://github.com/zitadel/zitadel/issues/9443 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> |
||
|
Elio Bischof
|
103b190af7 |
docs(self-hosting): use postgres for deployment docs (#9571)
# Which Problems Are Solved The Kubernetes and Knative deployment docs suggest to depend on CockroachDB installations even though we sunset the CockroachDB support with the upcoming major version. This can be annoying for users who create new environments using CockroachDB. # How the Problems Are Solved - The Kubernetes deployment is removed and points to examples in the chart repo directy. This removes redundancies that are prone to getting outdated without notice. - The Knative deployment uses commands to deploy a PostgreSQL StatefulSet instead of a CockroachDB StatefulSet. The DB command from the Knative Tutorial is used, as users are likely to be familiar with the tutorials configuration already. The static Kubernetes YAML files for the DB as well as for the Zitadel Knative service are removed altogether, as they are prone to getting outdated without notice and don't serve any purpose. # Additional Changes - The outdated and boring video guide for Knative is removed. - The Knative configuration is changed, so the first-time login becomes easier which improves DevX. - The current docker compose file doesn't work, this PR fixes it and upgrades the used Postgres to v17. # Additional Context - Closes https://github.com/zitadel/zitadel-charts/issues/322 - Replaces https://github.com/zitadel/zitadel/pull/9540 Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> |
||
|
Ramon
|
8b1b9cbb98 |
fix: allow native applications to use https:// on loopback redirect addresses (#9073)
# Which Problems Are Solved - The current validation for native redirect URIs does not allow HTTPS loopback addresses. # How the Problems Are Solved - Enhanced the validation logic to permit HTTPS loopback addresses, ensuring that developers can use these addresses without encountering validation errors. - Updated zitadel/oidc to latest version # Additional Context - Closes #4091 - This pr need to be closed first in our OIDC lib: https://github.com/zitadel/oidc/pull/691 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> |
||
|
Miro Trisc
|
e4c12864e5 |
feat(crypto): support md5 salted for imported password hashes (#9596)
# Which Problems Are Solved Allow verification of imported salted passwords hashed with plain md5. # How the Problems Are Solved - Upgrade passwap to [v0.7.0](https://github.com/zitadel/passwap/releases/tag/v0.7.0) - Add md5salted as a new verifier option in `defaults.yaml` # Additional Changes - go version and libraries updated (required by passkey v0.7.0) - secrets.md verifiers updated - configuration verifiers updated - added MD5salted and missing MD5Plain to test cases |
||
|
Harsha Reddy
|
dc64e35128 |
feat: Make service name configurable for Metrics and Tracing (#9563)
# Which Problems Are Solved The service name is hardcoded in the metrics code. Making the service name to be configurable helps when running multiple instances of Zitadel. The defaults remain unchanged, the service name will be defaulted to ZITADEL. # How the Problems Are Solved Add a config option to override the name in defaults.yaml and pass it down to the corresponding metrics or tracing module (google or otel) # Additional Changes NA # Additional Context NA |
||
|
Faey
|
833e654a07 |
feat(actions): Add refresh token to post authentication action context (#9493)
# Which Problems Are Solved - Refresh Tokens issued by third party authentication providers are lost # How the Problems Are Solved - Allows the existing post authentication action to capture the refresh token # Additional Changes - Docs updated to reflect the new property # Additional Context - Partially addresses #7851 by allowing the refresh token to be captured. Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Stefan Benz
|
352fa6aa6f |
fix: milestone multiple results per instance domain instead of primary instance domain (#9564)
# Which Problems Are Solved The milestones query returns multiple results for every milestone for every instance domain. # How the Problems Are Solved Corrected where condition on milestone query. # Additional Changes None # Additional Context None Co-authored-by: Livio Spring <livio.a@gmail.com> |