Jens L.

> There probably are security implications with this, like other apps being able to access authentik's cookies. We should probably mention them in the documentation. Oh yeah, I had this...

Could you try to upgrade to 2024.4.1 and then to 2024.4.2? We test version upgrades as part of our CI pipeline, however we only test upgrades from the immediate previous...

The main reason why we haven't updated the postgres tag is because the upgrade procedure for postgres is a lot more manual than it is for redis or mysql. There...

I dont think there's too much to gain there, although I don't have any numbers for performance, but for security especially since postgres isn't exposed to anything there shouldn't be...

The difference is better explained here: https://docs.goauthentik.io/docs/providers/proxy/forward_auth#forward-auth-modes the tl;dr being that for domain-level forward auth you only create on app in authentik which will give you the same result as...

the `openid` scope has technically always been required for OpenID flows (according to the OpenID spec), and I'm not seeing any obvious places where this might have changed from 2023.10...

enabling this setting does not remove existing passwords in authentik, however you can change the password stage to only use the LDAP backend which will not use the passwords in...

I'm reasonably sure there's some logic error somewhere that causes the blueprint tasks to recursively re-trigger which causes the high CPU usage, however the high CPU usage is to be...

please provide the logs of your server container

To hopefully add some clarification to this: This is not a bug, this is intended functionality. Previously, the `/outpost.goauthentik.io` paths would be available under all hostnames, not just the ones...