Auth0 Appliance Release Notes

Get the latest updates in Auth0

See old releases

2018-04-13: Auth0 14591.30

Fixed

  • Appliance

    Fixed an issue where the adldap connector service would not be available due to a failure in log rotation.


2018-04-04: Auth0 14591.29

Fixed

  • Appliance

    Fix an issue affecting users of legacy endpoints when certain requests headers are missing.

  • Appliance

    Fixed an issue unblocking users from a link that resulted in a 404.


2018-03-28: Auth0 14591.28

Feature

  • Appliance

    Added the ability to configure trusted proxies to support downstream trusted proxies in front of the appliance. This can be a set of ip addresses or ranges.

  • Appliance

    Added the ability to prevent a number of cross-site scripting attacks based on provided browser information.


2018-03-19: Auth0 14591.22

Fixed

  • Appliance

    Fixes an issue where the sandbox timeout value was not properly set.

  • Appliance

    Restores the ability of the WS-Trust metadata exchange endpoint to return additional XSD files that was breaking some customers.

  • Appliance

    Fixes an issue with constraining the length of rules-config values to 255 characters, by removing the constraint.

  • Appliance

    Restores CORS in the following endpoints when Legacy API is disabled:

    • oauth/token
    • oauth/ro
    • oauth/access_token
    • /delegation

  • Appliance

    This allows extensions to continue to work as expected when legacy Lock APIs ae disabled. This is protected by the redirect_improved_pipeline feature-flag that, when enabled, redirects any request made to /i/oauth/authorize to /authorize.

  • Appliance

    Periodically clean unused docker volumes to ensure they do not fill up drive space.

  • Appliance

    Fixes an issue that prevents custom SNS configurations with MFA.

  • Appliance

    Updated the HAPI dependency for core services due to security vulnerability.

  • Appliance

    Fixes an issue in the reverse proxy configuration to allow MFA and custom domains in appliance to work together properly.

  • Appliance

    Fixes a security issue with linking user accounts. This fix properly verifies permissions when linking user accounts. It can be disabled with the flags current_user_user_id_link_allowed and legacy_id_token_jwt_link_with_allowed if customers need time to fix any clients calling the current api's without proper permissions.

  • Appliance

    Fixed CORS issue on various endpoints and issues that prevented WSFed and SAML add-ons to stop working when disabling the Legacy Lock API.

  • Appliance

    This patches fixes an error that causes an exception during login that can terminate authentication services. The users will only see the generic error page (Ooops!...). All transactions in process will be canceled.

  • Appliance

    This patch fixes an issue that forced the use of Elasticsearch v5 for all tenants.

  • Appliance

    The /tokeninfo is currently under the enable_legacy_lock_api flag and prevents this being called if the Legacy APIs are disabled when migrating off. This patch removes it from the Legacy Lock API and creates a new flag allow_legacy_tokeninfo_endpoint.

  • Appliance

    This patch disables the manage status patch that displays internal setup information.

  • Appliance

    This patch fixes an issue that prevents the ability to save an email template for passwordless auth.

  • Appliance

    This patch fixes an issue where v14951 fails on some api2 endpoints with error Payload validation error: 'Additional properties not allowed: allow_legacy_delegation_grant_types.

  • Appliance

    Logrotate rule for auth0-adldap has a typo that prevents logs to being rotated potentially causing the log drive to be entirely consumed.


2017-12-20: Auth0 14591

Added

  • Appliance

    This release includes support for migrating to the new Lock 11. You can find more in the migration guide https://auth0.com/docs/libraries/lock/v11/migration-guide.

  • Appliance

    The appliance now supports the ability to apply configuration and future updates to nodes in sequential order. This will reduce downtime as only one node is reconfigured or updated while other nodes continue to server requests.

Fixed

  • Appliance

    The webtask sandbox dedicated domain is now added to the list of resolvable domain names from within a webtask sandbox.

  • Appliance

    Fixed an issue where the images-extra package was not updated if the kernel was updated when security updates were applied.

  • Appliance

    Returned cache-control headers were updated to ensure sensitive data would not be cached on the local browser.

  • Appliance

    The switch-tenant UI choice is enabled even if the 'Add New Accounts' option is disabled as long as are multiple active tenants.

  • Appliance

    Fixed an issue in 6-node clusters where nodes not configured to run Elastcisearch were attempting to configure logs and log rotation for Elasticsearch and failing.

  • Appliance

    Fixed an issue in a GeoHA setup with Elasticsearch, nodes may not be configured to use correct, local Elasticsearch cluster.

  • Appliance

    Fixed an issue in the NGINX configuration that allowed bypassing restricted access to the /login page in manage when using Basic Authentication with a port number in the Host Header.

  • Appliance

    Elasticsearch indexes are now recreated with the proper number of replicas during the initial setup or, in a GeoHA setup, when re-indexes occurs in the non-primary region.


2017-10-20: Auth0 13896

Fixed

  • Appliance

    The instrumentation value auth0_http_requests_replied is now summarized properly in the 1week statistics for Instrumentation.

  • Appliance

    Instrumentation will properly disabled when configured to do so.

  • Appliance

    Secrets used to communicate with MFA components are now properly rotated on initial appliance setup.

  • Appliance

    The component monitoring Elasticsearch zones in an appliance GeoHA setup no longer leaks connections and eventually restarts.

New

  • Appliance

    The Monthly-Active-User intermediate database storage is now retained and synchronzied betweed nodes calculating MAU to avoid the need to recreate this database.

  • Appliance

    Configuration time should be faster for some configurations due to not restarting components of the webtask rule execution sandbox. This will also make restart times faster for any reboots.


2017-09-14: Auth0 13451

Added

  • Appliance

    Webtask components have been updated to 23.3.9

  • Appliance

    Webtask may now be configured on a dedicated domain. This mirrors how the cloud handles webtask domains and enables safely using extensions in shared-tenant environments. This will require setting up new DNS entries for the new domain and valid, trusted certificates.

  • Appliance

    auth0-stats now reports total internal users in the stats it collects. Note: This will eventually be seen in Support Center.

  • Appliance

    auth0-stats is updated to consider internal users when calculating Monthly Active Users (MAU). Note: This requires a CSE to set the internal user domain properly.

Fixed

  • Appliance

    Updates initiated from the UI appear to be delayed by 1 minute. The attempt to upload stats was not shutting down cleanly and causing a delay in starting the update. Stats are now given 10 seconds to upload at the start of an update.

  • Appliance

    Collecting environment settings during update no longer causes auth0-start to abort update.

  • Appliance

    auth0-start no longer increases CPU eventualy during service checks when Elasticsearch is installed

  • Appliance

    Sensitive data backups no longer will include auth db.