Auth0 Appliance Release Notes

Get the latest updates in Auth0

See old releases

2017-08-16: Auth0 13130

Added

  • Appliance

    Tenant logs can now be offloaded to an external endpoint over TCP/HTTP. This can support many endpoints that supprt this, including logstash and Splunk. If using TLS/HTTPS it does require a valid certificate on the receiving service.

  • Appliance

    The local appliance domain is now reachable within auth0-sandbox containers. This eliminates the need to make the appliance domain endpoints resolvable and reachable by public DNS.

Fixed

  • Appliance

    Database backups done through the CLI are now done in quiet mode to avoid over-filling the response buffer (and prematurely terminating the backup job).

  • Appliance

    Daily stats for the last 7 days now appears in the dashboard correctly.

  • Appliance

    Auth0-sandbox webtask containers no longer log within the container, which could potentially consume more disk space than necessary since logs are kept elsewhere.


2017-07-01: Auth0 12628

Added

  • Appliance

    Legacy grant types are deprecated. New tenants and clients do not support these grant types by default, but they can be enabled. See this https://auth0.com/docs/clients/client-grant-types for more details on grant types.

  • Appliance

    The appliance now supports Multi-Factor Authentication with SMS and Push Notifications. Mobile clients can be built with the Guardian SDK that will work with the appliance. The appliance does not support the Auth0-branded Guardian client. See https://auth0.com/docs/multifactor-authentication for using and configuration Multi-Factor Authentication.

  • Appliance

    The grafana dashboard can now be configured to use an alternate client for authentication besides the Auth0 client. This can help in scenarios where you want to expose instrumentation to other users in test environments.

  • Appliance

    Limitd buckets no longer require the entire configuration to be specified in the limitd configuration page. Only buckets that are different from the system default need to be specified.

  • Appliance

    Limitd buckets can be specifically removed (i.e. unlimited) via configuration.

Fixed

  • Appliance

    Instrumentation, if enabled, now includes jitter during its collection process to avoid spiking the CPU during collection periods

  • Appliance

    telegraf and influxdb now do proper log rotation.

  • Appliance

    Certification uploads should now correctly trigger a change if either the key or the pem change.

  • Appliance

    Dashboard admin invites will always go out with the configured default email as the send-from address. This could potentially break Dashboard Admin invite flows if there is no configured default send-from email address.


2017-05-01: Auth0 11638

Added

  • Appliance

    New event types are added to the statistics calculation in calculating active users.

  • Appliance

    Support for GeoHA with Elasticsearch. This allows user search via Elasticsearch to be used in GeoHA environments.

  • Appliance

    Old webtask images are now automatically removed after an appliance update. Webtask keep the current images plus the one for one release prior, all others will be removed.

  • Appliance

    Webtask components have been updated to the latest as of release time. While largely internal, it will allow the appliance to keep pace with the latest extensions.

  • Appliance

    Sensitive data is now required to be exported separately and stored seprately from standard backups. This keeps a better separation between keys and data. Both sets of backups are needed in order to succesfully complete restoration. Senstivie data is backuped up via the a0cli command line just like database backups.

  • Appliance

    Users can now be exported via the a0cli for a limited set of whitelisted fields.

Fixed

  • Appliance

    Logrotation added for elasticsearch. This should make sure logs are kept to a reasonable size, if Elasticsearch is enabled. The last 4 log files are retained.

  • Appliance

    Nginx is now properly configured wtih the default server_names_hash_bucket size on initial installs.

  • Appliance

    New version of limitd is available that addresses some memory leaks.

  • Appliance

    Minimum master databases are now set properly for Elasticsearch on initial setup. This affects how many failed nodes ES requires to be available to maintain a writeable cluster.

  • Appliance

    Logrotation added for influxdb and telegraph. This should make sure logs are kept to a reasonable size, if instrumentation is enabled. The last 5 log files are retained.

  • Appliance

    A sandbox error is no longer displayed in the manage UI if a sandbox other than auth0-sandbox is enabled.


2017-03-21: Auth0 11112

Added

  • Appliance

    Webtask Editor is now available in appliance. This allow you to edit webtask right from a web page. See https://webtask.io/docs/editor for more details on the editor.

  • Appliance

    Hooks Feature is now available in appliance. This allows you to plug in code on specific events. See https://auth0.com/docs/hooks for more details.

  • Appliance

    Webtask components have been updated. While mostly internal, this will allow the appliance to keep pace with the latest extensions.

  • Appliance

    Longer server name lengths can be accomodated in nginx via configuration.

Fixed

  • Appliance

    SSO timeout setting now applies users API endpoint.

  • Appliance

    Grafana no longer restricts users by domain name.

  • Appliance

    Mongo2es service properly stops and does not uninstall when transitioning to or from Elasticsearch.


2017-02-20: Auth0 10755

Added

  • Appliance

    From configuration, can enable tenant verification prior to creation of tenant log collections.

  • Appliance

    Mongo client updated to 3.2 and added scripts to update the mongo database to 3.2

  • Appliance

    Usage calculations have now been updated to include breakdown per tenant per client per conneciton per strategy per month.

  • Appliance

    The new authentication pipeline is now included. Please verify major auth flows before moving it to production.

  • Appliance

    Webtask runtime components have been updated to 18.3.2

Fixed

  • Appliance

    auth0-server no longer logs sensitive data on failed requests

  • Appliance

    Sandbox parameters should be properly created if missing for a tenant

  • Appliance

    Users modified/updated via the Users api are now properly forwarded to ElasticSearch, if enabled.


2017-01-16: Auth0 10258

Added

  • Appliance

    Elasticsearch Preview is now available to some customers as a limited release.

  • Appliance

    Webtask domain must now be setup as part of initial appliance node setup.

  • Appliance

    Webtask runtime components have been updated to 17.3.5

  • Appliance

    Use of the user search hint and user search timeout can now be modified if needed

  • Appliance

    API2 CPU and Memory limits can now be set, like for other services.

Fixed

  • Appliance

    The default smtp address is used for emails from 2nd level brute force notifications.

  • Appliance

    The default redirect url can now be configure

  • Appliance

    Auth0 Docs use the correct client secret so will now show up.

  • Appliance

    Logs should not be truncated during configuration updates.

  • Appliance

    Webtask configuration overrides are now properly merged with standard default values.

  • Appliance

    auth0-stats no longer hands on single-replica instances

  • Appliance

    apt-mirror.it.auth0.com is now access via https instead of http.


2016-11-23: Auth0 9632

Added

  • Appliance

    Webtask on the appliance is now upgraded to version 14.5.1.

  • Appliance

    Webtask endpoints added to healthchecks for Appliance.

  • Appliance

    Appliance will no longer forward arbitrary fwd. parameters for authentication requests.

  • Appliance

    Add-as-arbiter scripts have been extended to support two-arbiter configurations

  • Appliance

    Fixed a mis-match in per_page limits on user searches.

  • Appliance

    api v1 has been split from auth0-server to run from a separate service, auth0-api1.

  • Appliance

    Encryption and hashing keys are rotated during initial appliance setup when set-as-first is run.

  • Appliance

    Instrumentation metrics can now be sent to a DataDog endpoint by providing a DataDog API Key in configuration.

  • Appliance

    Azure WAAD thumbprints are now automatically updated nightly from one of the appliance nodes.

Fixed

  • Appliance

    During re-configuration, webtask should be restarted only when necessary.

  • Appliance

    Internet connectivity healthcheck moved from ping to HTTP HEAD request

  • Appliance

    Ensure dhcpclient is stopped when switching networking from dynamic to static

  • Appliance

    The multifactor auth link now links to #/multifactor instead of #/guardian

  • Appliance

    The appliance can be setup to us proxies on initial install and during updates.