v0.9.0-alpha.1 · Tags · Synced / Kratos

v0.9.0-alpha.1

72bd2ed6 · autogen: pin v0.9.0-alpha.1 release commit · Mar 21, 2022

Ory Kratos v0.9 is here! We're extremely happy to announce that the new release is out and once again it's been made even better thanks to the incredible contributions from our awesome community. <3

Enjoy!

Here's an overview of things you can expect from the v0.9 release:

1. We introduced 1:1 compatibility between self-hosting Ory Kratos and using Ory Cloud. The configuration works the same across all modes of operation and deployment!
2. Passwordless login with WebAuthn is now available! Authentication with YubiKeys, TouchID, FaceID, Microsoft Hello, and other WebAuthn-supported methods is now available. The refactored infrastructure lays a foundation for more passwordless flows to come.
3. All the docs are now available in a single repo. Go to the [ory/docs](https://github.com/ory/docs) repository to find docs for all Ory projects.
4. You can now load custom email templates that'll make your essential messaging like project invitations or password recovery emails look slick.
5. We've laid the foundation for adding SMS-dependant flows.
6. Security is always a top priority. We've made changes and updates such as CSP nonces, SSRF defenses, session invalidation hooks, and more.
7. Kratos now gracefully handles cookie errors.
8. Password policies are now configurable.
9. Added configuration to control the flow of webhooks. Now you can cancel flows & run them in the background.
10. You can import identities along with their credentials (password, social sign-in connections, WebAuthn, ...).
11. Infra: we migrated all of our CIs from CircleCI to GitHub Actions.
12. We moved the admin API from `/` to `admin`. **This is a breaking change**. Please read the explanation and proceed with caution!
13. Bugfix: fixed a bug in the handling of secrets. **This is a breaking change**. Please read the explanation and proceed with caution!
14. Bugfix: several bugs in different self-service flows are no more.

As you can see, this release introduces breaking changes. We tried to keep the HTTP API as backward-compatible as possible by introducing HTTP redirects and other measures, but this update requires you to take extra care. Make sure you've read the release notes and understand the risk before updating.

You must apply SQL migrations for this release. **Make sure to create backup before you start!**