v0.11.1
- Fixed several bugs to improve overall stability.
- Optimized performance for faster load times and smoother operation.
- Improved tracing capabilities for better debugging and issue resolution.
We are constantly working to improve Ory Kratos and this release is no exception. Thank you for using Ory and please let us know if you have any feedback or encounter any issues.
Breaking Changes
The /admin/courier/messages
endpoint now uses keysetpagination
instead.
Bug Fixes
-
Add missing indexes for identity delete (#2952) (dc311f9):
This significantly improves the performance of identity deletes.
-
Cors headers not added to the response #2922 (#2934) (1ed6839)
-
Flaky test now stable (4e5dcd0)
-
Pin geckodriver version to bypass GitHub API quota (#2972) (585cb9e)
-
Remove unused x-session-cookie parameter (#2983) (56b5c26):
This patch removes the undocumented and experimental
X-Session-Cookie
header from the/sessions/whoami
endpoint. -
Respect
return_to
URL parameter in registration flow when the user is already registered (#2957) (3462ce1) -
Set config at the start (e58bc6e)
-
Spurious cancelation of async webhooks, better tracing (#2969) (72de640):
Previously, async webhooks (response.ignore=true) would be canceled
early once the incoming Kratos request was served and it's associated
context released. We now dissociate the cancellation of async hooks
from the normal request processing flow. -
TOTP internal context after saving settings (#2960) (8b647b1), closes #2680
-
Update pquerna/otp to fix TOTP URL encoding (#2951) (7248636):
v1.4.0 fixes generating TOTP URLs. Query params now use %20 instead of +
to encode spaces. + was not correctly interpreted by some Android
authenticator apps, and would show up in the issuer name, e.g. "My+Issuer"
instead of "My Issuer". -
Update year (d77e2cf)
-
Webhook tracing instrumentation+memory leak (f0044a3)
Code Generation
- Pin v0.11.1 release commit (41595c5)
Documentation
Features
-
Add client IP to span events (7ce3a74)
-
Improve error message when no session is found (#2988) (7ad2b97)
-
Remove duplicate queries from whoami calls (#2995) (b50a222), closes #2402:
Introduces an expand API to the identity persister which greatly improves whoami performance.
Tests
- Improve parallelization (e8e8ce5)
- Regenerate csrf if verification flow expired (#2455) (7025081)
- Update integrity snapshots (#3000) (6d26e5c)
Changelog
- 727439c autogen(docs): generate and bump docs
- b3b6f88 autogen(docs): regenerate and update changelog
- d8d47c9 autogen(docs): regenerate and update changelog
- ac05259 autogen(docs): regenerate and update changelog
- d8a2cbd autogen(docs): regenerate and update changelog
- a3096c7 autogen(docs): regenerate and update changelog
- e11ba52 autogen(docs): regenerate and update changelog
- 4e1d470 autogen(docs): regenerate and update changelog
- 0b109cd autogen(docs): regenerate and update changelog
- 97e9356 autogen(docs): regenerate and update changelog
- 5917258 autogen(docs): regenerate and update changelog
- d895a26 autogen(docs): regenerate and update changelog
- b6bd3f4 autogen(docs): regenerate and update changelog
- 8fbb1bb autogen(docs): regenerate and update changelog
- 8bb3f2a autogen(docs): regenerate and update changelog
- 83131fc autogen(docs): regenerate and update changelog
- 935d115 autogen(docs): regenerate and update changelog
- 94e01a9 autogen(docs): regenerate and update changelog
- c52425e autogen(docs): regenerate and update changelog
- 6fddfbf autogen(docs): regenerate and update changelog
- 03b3c29 autogen(docs): regenerate and update changelog
- 6134150 autogen(docs): regenerate and update changelog
- ce72501 autogen(openapi): regenerate swagger spec and internal client
- bef1a6c autogen: add v0.11.0 to version.schema.json
- 41595c5 autogen: pin v0.11.1 release commit
- 2f9b001 chore: add missing security annotations to admin handlers (#2937)
- 561e568 chore: cleanup test (#2964)
- 20da533 chore: pin nancy (#2977)
- 131b8c5 chore: update repository templates to ory/meta@a1264fa
- ab1abee ci: fix dockle action
- fc2787b docs: improve api headline (#2989)
- b407aa9 feat: add NID to logs in courier (#2956)
- 7ce3a74 feat: add client IP to span events
- 7ad2b97 feat: improve error message when no session is found (#2988)
- 04d0280 feat: improve tracing (#2992)
- b50a222 feat: remove duplicate queries from whoami calls (#2995)
- efb8ae8 feat: require verification on login (#2927)
- fc7aa86 feat: store errors of courier message (#2914)
- 8b647b1 fix: TOTP internal context after saving settings (#2960)
- bbb3995 fix: add missing indexes (#2973)
- dc311f9 fix: add missing indexes for identity delete (#2952)
- 1ed6839 fix: cors headers not added to the response #2922 (#2934)
- ae8ad7b fix: dont reset to false (#2965)
- 4e5dcd0 fix: flaky test now stable
- 3e06c99 fix: listing sessions query (#2958)
- 3b50711 fix: missing index on courier list count (#3002)
- 585cb9e fix: pin geckodriver version to bypass GitHub API quota (#2972)
- a7720b2 fix: quickstart demos (#2940)
- 33b01bb fix: remove duplicate query in GetIdentity (#2987)
- 56b5c26 fix: remove unused x-session-cookie parameter (#2983)
- ca35b45 fix: resilient social sign in (#3011)
- 3462ce1 fix: respect
return_to
URL parameter in registration flow when the user is already registered (#2957) - e892113 fix: set accept header for GitLab (#2998)
- e58bc6e fix: set config at the start
- 72de640 fix: spurious cancelation of async webhooks, better tracing (#2969)
- 7248636 fix: update pquerna/otp to fix TOTP URL encoding (#2951)
- d77e2cf fix: update year
- f0044a3 fix: webhook tracing instrumentation+memory leak
- e8e8ce5 test: improve parallelization
- 7025081 test: regenerate csrf if verification flow expired (#2455)
- 6d26e5c test: update integrity snapshots (#3000)
Artifacts can be verified with cosign using this public key.