Auth0 Appliance Release Notes

Get the latest updates in Auth0

See old releases

2017-02-20: Auth0 10755

Added

  • Appliance

    From configuration, can enable tenant verification prior to creation of tenant log collections.

  • Appliance

    Mongo client updated to 3.2 and added scripts to update the mongo database to 3.2

  • Appliance

    Usage calculations have now been updated to include breakdown per tenant per client per conneciton per strategy per month.

  • Appliance

    The new authentication pipeline is now included. Please verify major auth flows before moving it to production.

  • Appliance

    Webtask runtime components have been updated to 18.3.2

Fixed

  • Appliance

    auth0-server no longer logs sensitive data on failed requests

  • Appliance

    Sandbox parameters should be properly created if missing for a tenant

  • Appliance

    Users modified/updated via the Users api are now properly forwarded to ElasticSearch, if enabled.


2017-01-16: Auth0 10258

Added

  • Appliance

    Elasticsearch Preview is now available to some customers as a limited release.

  • Appliance

    Webtask domain must now be setup as part of initial appliance node setup.

  • Appliance

    Webtask runtime components have been updated to 17.3.5

  • Appliance

    Use of the user search hint and user search timeout can now be modified if needed

  • Appliance

    API2 CPU and Memory limits can now be set, like for other services.

Fixed

  • Appliance

    The default smtp address is used for emails from 2nd level brute force notifications.

  • Appliance

    The default redirect url can now be configure

  • Appliance

    Auth0 Docs use the correct client secret so will now show up.

  • Appliance

    Logs should not be truncated during configuration updates.

  • Appliance

    Webtask configuration overrides are now properly merged with standard default values.

  • Appliance

    auth0-stats no longer hands on single-replica instances

  • Appliance

    apt-mirror.it.auth0.com is now access via https instead of http.


2016-11-23: Auth0 9632

Added

  • Appliance

    Webtask on the appliance is now upgraded to version 14.5.1.

  • Appliance

    Webtask endpoints added to healthchecks for Appliance.

  • Appliance

    Appliance will no longer forward arbitrary fwd. parameters for authentication requests.

  • Appliance

    Add-as-arbiter scripts have been extended to support two-arbiter configurations

  • Appliance

    Fixed a mis-match in per_page limits on user searches.

  • Appliance

    api v1 has been split from auth0-server to run from a separate service, auth0-api1.

  • Appliance

    Encryption and hashing keys are rotated during initial appliance setup when set-as-first is run.

  • Appliance

    Instrumentation metrics can now be sent to a DataDog endpoint by providing a DataDog API Key in configuration.

  • Appliance

    Azure WAAD thumbprints are now automatically updated nightly from one of the appliance nodes.

Fixed

  • Appliance

    During re-configuration, webtask should be restarted only when necessary.

  • Appliance

    Internet connectivity healthcheck moved from ping to HTTP HEAD request

  • Appliance

    Ensure dhcpclient is stopped when switching networking from dynamic to static

  • Appliance

    The multifactor auth link now links to #/multifactor instead of #/guardian

  • Appliance

    The appliance can be setup to us proxies on initial install and during updates.


2016-10-13: Auth0 8986

Added

  • Appliance

    You can now add trusted certificates to the cert store on the appliance. This helps for certain situations, like the use of a transparent proxy.

  • Appliance

    Per node instrumentation is now available. Instrumentation provides historical data and a UX for the node that shows system metrics, database metrics, and transaction rates. Detailed instrumentation for 24 hours is retained, and down-sampled metrics are available for 7 days.

  • Appliance

    You can configure log retention in the dashboard. The log retention period applies to all tenants, and defaults to 30 days. Performance can be adversely affected by setting this beyond 30 days. Please consult your CSE.

  • Appliance

    You can disable http for authenticated health checks in the management dashboard. By default both http and https are allowed, with the http interface intended for use on isolated networks. If you aren't on an isolated network or only want to allow https, then you can disable http.

  • Appliance

    The docker repository can now use port 443 instead of port 5000 for getting updates. In some environments using a non-standard port was problematic.

  • Appliance

    Added a posture check to the configuration process. This ensures that the services came up correctly after configuration, and that all configuration has completed running.

  • Appliance

    Extensions are now supported. You must have configured webtasks (auth0-sandbox mode) for extensions to work, and a certificate issued by a public certificate authority. A few extensions from the public cloud do not work on the appliance, and you will not see those extensions in the extensions gallery.

Changed

  • Appliance

    Improved CLI scriptability by always returning 0 on success, and 1 on failure. Also standardized output for commands, and error handling. The CLI also now automatically updates to the metadata version for the cluster release.

Fixed

  • Appliance

    The client credentials authentication flow no longer depends upon webtasks.

  • Appliance

    Appliance tenants are now created as premium customers.

  • Appliance

    When using proxy protocol (typically AWS), tenant logs fail when auth0-sandbox is configured (webtasks).

  • Appliance

    The consistency checks at startup for tty1 (auth0-start) forced an application update sometimes when first adding a node to an operating cluster. These checks now only warn.

  • Appliance

    The update process sometimes failed when both configuration and app updates are indicated. The app update is applied first, and it may in some circumstances apply invalid settings, causing a failure. Now configuration updates are always applied before application updates.


2016-09-01: Auth0 8293

Added

  • Appliance

    Customers can disable TLS for SMTP. Normally Auth0 servers negotation TlS with SMTP servers using START_TLS. In some cases customers want to actively disable the use of TLS. You can now force TLS off for SMTP.

Changed

  • Appliance

    Performance fixes and enhancements.

Fixed

  • Appliance

    Filtering of patch releases done improperly, resulting in update to the latest version rather than selected version in some cases.


2016-08-08: Auth0 7941

Added

  • Appliance

    A connectivity command can now be ran against an instance in the cluster using the CLI to verify connecting on a ip address and port for each node.

  • Appliance

    A nslookup command can now be ran against an instance in the cluster using the CLI to verify dns setup for each node.

  • Appliance

    CSE can now adjust the maximum memory for several processes that can vary under load to match the profiles being used by the customer.

  • Appliance

    An additional fix was made to backup decompression logic.

Changed

  • Appliance

    Open logout redirects are now disabled by default on new appliances. Logout redirects must be white listed.

  • Appliance

    Webtasks are now enabled by default on new installations for rule execution.