v3.1.0

The latest version of the release notes can be found on the website.

We want to thank all contributors that made this release possible. The
"pre-initialization" feature was developed in cooperation with UCLouvain and NPL
Markets. We would also like to thank AWS for contributing an initial version of
the ECS backend. See the support page if your organization wants to sponsor a
specific feature in ShinyProxy.

• update to JDK 17

• update to Spring Boot 3.2

• add support for pre-initializing containers (see docs)

• add support for sharing a container among multiple users (see docs)

• add support for autoscaling number of pre-initializer or shared containers (see docs)

• add AWS ECS backend, for running containers on AWS ECS Fargate, (see backend docs and app docs )

• add option to show notification (a.k.a message of the day) to all users (see docs), contributed by @ziyunxiao

• allow to use request and response objects in templates (e.g. to check the status code), see example

• replace in-memory caches by Caffeine library to reduce chance of memory leaks

• cache whether a user is an admin

• cache the maximum number of instances a user can start

• cache proxyId for common endpoints

• cache (app) favicons and logos

• various performance improvements

• support YAML array notation in proxy.kubernetes.image-pull-secrets property

• allow configuring OpenID connect JWKS algorithm (see docs)

• allow to use the (decoded) OpenID access token in SpEL (see docs)

• allow to use the JSON response returned by the authentication webservice in SpEL (see docs)

• allow to use groups when using webservice authentication (see docs)

• allow to use custom name for container names (see docs: Docker, Docker Swarm and Kubernetes)

• use proxyId instead of containerId in service name on Kubernetes

• allow to configure time to wait before Docker swarm service is ready (see docs)

• replace Docker library by an up to date version

• update Docker library to be compatible with recent Docker releases

• add option to control cache headers sent by an app (see docs)

• add option to control the maximum number of running apps per app or in total (see docs)

• add cache headers to ShinyProxy assets (CSS and JS files)

• send userid and groups as HTTP headers (see docs)

• add option to send custom attributes as HTTP headers (see docs)

• allow apps to link to an (external) page/url instead of starting a container (see docs)

• check if app has crashed on websocket connection error

• add authorized versions of kubernetes-pod-patches, kubernetes-additional-manifests and kubernetes-additional-persistent-manifests, allowing to control when these properties are applied (see docs)

• improve Proxy status API endpoint

• add support for specifying a (different) favicon per app (see docs)

• add options to specify width, height, style and CSS class of app logos (see docs)

• drop social authentication, use the OpenID backend instead

• drop keycloak authentication, use the OpenID backend instead

• in the parameter form, do not reset values for other (default) parameters when changing a (default) parameter (but only if the resulting combination is allowed)

• add log message to "auth-success" page to ease debugging when the redirect does not work

• the authFailed metric is now increased when the /auth-error is shown to a user (e.g. after a login using OIDC failed)

• collect the spec id in the startFailed (Prometheus) metrics (see updated dashboard)

• add (Prometheus) metric for crashed apps (see updated dashboard)

• OpenID: extract roles claim from user-info, in addition to extracting it from the ID token

• OpenID: log all claims from ID token and user-info, even if no roles-claim is specified

• the leader election of ShinyProxy now only runs on ShinyProxy replicas that are running the latest version. This allows to implement more advanced features.

• implement container-dns when using Kubernetes

• allow apps to override the mail-to-address (see docs)

• allow to override the subject of the support email (see docs)

• allow specifying docker-user option for apps (works with Docker and Docker swarm)

• allow specifying docker-ipc option for apps (works with Docker)

• allow specifying docker-runtime option for apps (works with Docker only)

• allow specifying docker-device-requests for apps (works with Docker only)

• allow redirecting the user to the first available app (see docs), contributed by @nickmelis

• allow redirecting the user to the only app available app (see docs), contributed by @nickmelis

• Fix: loading favicon when using context-path

• Fix: automatically add context-path to path in proxy.landing-page

• Fix: counter metrics when using multiple replicas

• Fix: correctly collect logs when using Docker Swarm

• Fix: delay release of Docker port, in order to prevent issues when the Docker daemon does not release the port immediately

• Fix: report correct app id in report issue e-mail

• Fix: cleanup WebSocket handles when WebSocket connection is closed or app is stopped (caused a memory leak in specific circumstances)

• Fix: parse Kubernetes events when pod runs in a different namespace

• Fix: prevent NPE in KubernetesManifestsRemover with certain CRDs

• Fix: do not expose logoUrl property of spec in API

• Fix: log warning when ShinyProxy cannot access the logs of a Kubernetes pod

• Fix: make track-app-url work with non-absolute URLs

• Fix: validation when creating new app instance (in switch instances modal)

• Note: when using Prometheus
  for Usage Statistics, you have
  to update the configuration: change the
  property management.metrics.export.prometheus.enabled: true
  to management.prometheus.metrics.export.enabled: true

  A typical configuration should be changed from:

  proxy:
  
    #  ...
  
    usage-stats-url: micrometer
  
  management:
    metrics:
      export:
        prometheus:
          enabled: true
  
  #  ...

  to

  proxy:
  
    #  ...
  
    usage-stats-url: micrometer
  
  management:
    prometheus:
      metrics:
        export:
          enabled: true
  
  #  ...

• Note: when using Redis for session or app persistence (e.g. when using the
  ShinyProxy Operator),
  you have to update the Redis configuration:

  • move all properties from spring.redis to spring.data.redis
  • change spring.redis.ssl: true to spring.data.redis.ssl.enabled: true
  • the internal data format of (Spring) session information has changed and is
    incompatible with the new format. Clear the database or use a different
    redis database (i.e. changing or adding spring.data.redis.database
    (default is 0))

  A typical Redis session configuration should be changed from:

  spring:
    session:
      store-...

v3.0.2

The latest version of the release notes can be found on the website.

• add option to ignore OpenID session expire (see docs)
• streamline fallback config (do not use LDAP in fallback config and use same config for all deployment options)
• add mobile viewport meta tags, contributed by @tanho63 and @andrewsali
• preserve subpath when starting an app
• add compatibility with Dash.jl apps (see demo)
• add support for admin users in addition to admin groups (see docs)
• add RuntimeValue SHINYPROXY_USER_TIMEZONE containing the timezone of the user (retrieved from the browser) (see docs).
• Fix: prevent NullPointerExceptions in OpenID code
• Fix: when a user opens an app before being authenticated, redirect user back to that app after login
• Fix: make stopping an app more reliable (e.g. if stopping an app fails halfway)
• Fix: prevent errors when requests during the start of an app fail because of a network issue. This is also a workaround for a bug in Firefox.
• Fix improve behavior of refreshing the OpenID session, preventing unexpected logouts
• Fix: prevent corrupt file downloads
• Fix: prevent errors with UTF-8 characters on some platforms
• Fix: prevent error when uploading files in RStudio
• Fix: try to prevent the user from going back to the IDP when using OIDC or SAML, which causes the user to see an error. Note: because of some browser protections, this cannot be prevented completely. When the user clicks the back button multiple times, they may end up on the IDP page, however, the case where the user accidentally clicks the back button has been fixed.
• Fix: ensure compatibility with coder/code-server (VS Code) versions after 4.10.1, by including any non-standard port in the X-Forwarded-Host header - Fix: allow using = in query string parameters
• Security: the HTML page of an (active) app contained the full details of that app, including runtime values that were hidden since 3.0.0. This has been fixed by only showing the non-sensitive information.
• Security: when using none authentication, (anonymous) users had access to the admin page and can see only their apps. This includes more information than what is returned from the API (e.g. the exact docker image used), but only for the apps started by that user. Updating is strongly advised when using none authentication.

Deprecations

• Component: Social Authentication
  
  Replacement: use the regular OpenID Connect implementation. Concrete update steps and examples will be provided with the next release.
  
  Reason: the Social Authentication plugins are deprecated and no longer supported by the Spring Project. The next ShinyProxy release will upgrade to Spring Boot 3, which no longer supports these plugins.
• Component: Keycloak Authentication
  
  Replacement: use the regular OpenID Connect implementation. Concrete update steps and examples will be provided with the next release.
  
  Reason: Further releases will still support Keycloak by using the general OpenID backend. The Keycloak project has deprecated the Keycloak adapters. The next ShinyProxy release will upgrade to Spring Boot 3, which no longer supports these plugins. In addition, the general OpenID authentication has advanced features and better integration.

v3.0.1

The latest version of the release notes can be found on the website.

• support YAML arrays for the groups property of users
• Fix: handle invalid requests to the /app and /app_direct as Forbidden (instead of Internal Server Error and logging exceptions)
• Fix: do not parse commas (,) in the container-cmd property
• Fix: do not add Content-Length header when Transfer-Encoding header is present while injecting JavaScript file into the iframe

v3.0.0

The latest version of the release notes can be found on the website.

• add support for app parameters such that the user must select some (arbitrary) parameters before starting an app (see docs).
• add support for running multiple ShinyProxy replicas providing scaling and high availability (see docs)
• add option to automatically pull Docker image when using Docker engine
• add support for Shiny bookmarking
• add option to track the URL of the app in the browser. This ensures the URL in the browser changes together with the (active) URL of the iframe.
• add Prometheus metrics for the duration of the individual steps of starting an app (e.g. scheduling, pulling image, starting of application) see docs)
• support using multiple usage statistics plugins at the same time, ( see docs). - add My Apps modal that shows the current (active) applications of the user. This can also be shown inline on the main page.
• add App Details modal to the app page, the Switch Instance modal and the ( new) My Apps modal. In addition to showing basic information about an app, it also shows when an app will be stopped by ShinyProxy (e.g. because of heartbeat timeout or max-lifetime). - show a message when the user has access to zero apps (instead of an empty page)
• add support for additional port mappings. For example proxying the path /mypath to a different port on the same container, see docs
• inject a javascript file into the iframe on the server (instead of on the client). The previous method did not work all the time on all browsers. - improve admin page
• add option to show the Switch Instance modal before opening an app such that the user can re-open an existing app or choose the name for a new app, see docs.
• add support for secrets when using Docker Swarm, see docs - add support for memory and cpu requests and limits when using Docker Swarm
• add support for private registries when using Docker and Docker Swarm, see docs
• the duration of the API call to start an app is now limited at 10 seconds, therefore there is no need to increase request timeouts of proxies or loadbalancers
• do not show internal errors and stack traces to users for improved security (errors are still logged)
• improve error reporting when app fails to start on Kubernetes: warnings reported by Kubernetes are now logged in ShinyProxy logs (e.g. issues with the image, issues with the nodes or scaling etc.)
• add option to output logs as (structured) JSON (using logstash format) (see docs)
• logged stack traces are now more concise (when using the JSON format)
• improve collecting applications logs on Kubernetes by ensuring that logs are always flushed
• improve application log writing to S3: logs are now send to S3 every 10 seconds and every 1MB (previously the Docker backend would write the logs to S3 on every write)
• improve App Recovery by not using the application spec when recovering applications. Therefore, the spec of running applications can be changed or removed, after which the ShinyProxy can be restarted ( see updated docs)
• add support for setting an annotation to kubernetes-additional-manifests that allows to specify how existing Kubernetes resources must be updated (see docs)
• when proxy.kubernetes.debug-patches is enabled additional manifests are now logged as well
• add support for using auth related objects in SPeL expressions in the kubernetes-additional-manifests and kubernetes-additional-persistent-manifests properties
• change the way kubernetes-additional-manifests are deleted such that the SPeL expressions in these properties are not evaluated when the manifests are deleted. Therefore, ShinyProxy can now delete resources of which the name is dynamic (using SpEL) or when the spec is unknown (e.g. when using the operator or App Recovery).
• make it possible to use SpEL in max-instances, heartbeat-timeout, max-lifetime and target-path properties (see docs)
• the API no longer returns security-sensitive runtime values
• the API no longer includes the spec when returning information about an app, such that the API does not return security-sensitive information
• the API now returns only a limited set of properties when querying for specs ( also to improve security), this can optionally be reverted (see docs)
• add option to configure CORS (see docs)
• add option to add custom headers to HTTP responses (see docs)
• add option to disable default security headers (see docs)
• add OpenAPI specification and swagger API docs
• drop kerberos support
• OIDC access tokens are now automatically refreshed, such that a new container always has a non-expired access tokens. ShinyProxy now also respects the max session lifetime of the OIDC Identity Provider.
• make it possible to use PKCE when using OIDC (see docs)
• make it possible to use the userinfo-url endpoint when using OIDC (see docs)
• Fix: properly handle when user reloads the page while starting or stopping an app
• Fix: ensure height of apps is correct when using custom navbar
• Fix: restore ShinyProxy acting as an OAuth Resource Server
• Fix: memory leak in ActiveProxiesService
• Fix: prevent the user from ending on the /auth-error page when their session expires when using OIDC
• Fix: always redirect to the main page after logging in. Otherwise, users might end up on internal API endpoints or on pages that no longer exist (e.g. removed app or instances).
• Fix: replace the SAML implementation using the new Spring implementation for improved security
• Fix: do no return internal errors (e.g. app_stopped_or_non_existent) on /app_direct endpoint
• Fix: correctly parse emails claim when using OIDC

v2.6.1

• Fix: update Spring Boot to 2.5.12 in order to mitigate CVE-2022-22965 See the GitHub issue for the latest updates on how this issue affects ShinyProxy.

• Note: when using Redis for session persistence (e.g. when using the ShinyProxy Operator), you have to change the Redis configuration to use a different database (or a different namespace). By default, database 0 is used, you must change this to use database 1 (or any other free database). Use the spring.redis.database property for this (see example). This change will require the users to re-login. This change is required because the data format of the session information has changed in Spring.

  A typical Redis session configuration should be changed from:

  spring:
    session:
      store-type: redis
    redis:
      host: redis
      password: ${REDIS_PASSWORD}

  to:

  spring:
    session:
      store-type: redis
    redis:
      host: redis
      password: ${REDIS_PASSWORD}
      database: 1

v2.6.0

• add proxy.default-stop-proxy-on-logout option to not stop apps on logout of a user (see docs)
• add option to limit the maximum lifetime of an app (see docs)
• add proxy.stop-proxies-on-shutdown option to not stop apps on shutdown of ShinyProxy (see docs)
• optionally restore running apps on startup (known as App Recovery)
• add heartbeat-timeout property to the specification of proxies (see docs)
• allow to disable the heartbeat-timeout property (see docs)
• add authentication information to SpEL context (see docs)
• add way to easily use runtime-values in SpEL (see docs)
• add kubernetes-additional-persistent-manifests option to specification of apps. These Kubernetes manifests are created when an app starts, but are never removed (in contrast to kubernetes-additional-manifests) (see docs)
• add absolute_apps_running, absolute_users_logged_in, absolute_users_logged_in metrics to Micrometer (i.e. Prometheus) metrics, providing a way more consistent and correct value
• add proxy.usage-stats-micrometer-prefix to optionally prefix Micrometer (i.e. Prometheus) metrics
• add target-path option to specification of apps (see docs)
• add a fallback heartbeat system for when the app does not use websockets and does not send HTTP requests often enough. This makes it easier to run applications which do not have these functionalities (e.g. traditional server-rendered apps, static html files etc.).
• add Restart app button to navigation bar
• add Stop app button to navigation bar
• add mechanism to automatically reconnect the websocket connection in case it gets disconnected (see docs)
• add support for running multiple instances of the same app by a single user (see docs)
• add hide-navbar-on-main-page-link option to the specification of apps. When this option is enabled, the sp_hide_navbar query parameter will be added to the link on the main page to that app. This way you can control that an individual app is opened with the navbar hidden, while it is still possible to show the navbar for that app (by changing the URL).
• automatically extend the lifetime of the session of a user when a websocket connection is active. This prevents the user from automatically getting logged out when using an app that only uses a websocket connection and no HTTP requests (see the corresponding GitHub issue)
• add support for using SpEL in proxy.openid-logout-url (so that id_token_hint can be provided) (see docs)
• add support for using http.proxyHost and http.proxyPort system properties for HTTP requests made by the SAML component (e.g. to fetch SAML metadata), contributed by @bartleboeuf
• updated admin page to show more information
• add support for grouping apps (see docs)
• add support for specifying metadata to an app that can be used in the template (see docs)
• add access-users property to proxy specification. This allows to configure a list of users that should have access to the app (see docs)
• add access-expression property to proxy specification. This allows to configure a SpEL expression to determine whether a user has access to an app (see docs)
• Operator: add proxy.operator.force-transfer option. When enabled a user is automatically transferred to the latest ShinyProxy instance when not using any apps. This is checked both on the main page and before starting a new app (see the operator docs).
• Operator: automatically transfer user to latest ShinyProxy instance before logging in and after logging out (see the operator docs).
• Operator: add proxy.operator.show-transfer-message-app-page option (see the operator docs).
• Operator: add proxy.operator.show-transfer-message-main-page option (see the operator docs).
• Fix: make issue form a client-side feature, such that current running app isn't closed
• Fix: make it possible to run Jupyter Notebooks using ShinyProxy
• Fix: make it easier to run Python Flask applications using ShinyProxy
• Fix: update jQuery library so that the Bootstrap collapse module properly works
• Fix: parsing of OIDC roles when these are provided as an embedded JSON string
• Fix: return JSON on the DELETE /api/proxy/id API endpoint
• Fix: show message when a login attempt is rejected because of an expired session
• Fix: ensure API is accessible using access token when using Keycloak
• Fix: cleanup any started container if user logs out during startup of an app
• Fix: all web assets (JavaScript and CSS files) are now included in ShinyProxy itself and not loaded from a CDN
• Fix: adapt the proxy.same-site-cookie property so that it also changes the SameSite Policy for session cookies created by Undertow (i.e. the session cookie when not using Redis)
• Fix: adapt the server.secure-cookies property so that it also changes the Secure flag for session cookies created by Spring (i.e. the session cookie when using Redis)
• Fix: update all included dependencies
• Fix: do not show undefined in the browser when navigating away while an app is starting, for example, by logging out or navigating to the main page.
• Fix: support parsing Keycloak JWKS information when it contains an ECDSA key
• Note: using #{proxySpec.containerSpecs[0].env.get('SHINYPROXY_PUBLIC_PATH')}
  in the specification of an app will no longer work. The code can be replaced
  by #{proxy.getRuntimeValue('SHINYPROXY_PUBLIC_PATH')} (see the SpEL docs)
• Note: change the default value for proxy.same-site-cookie to Lax, in order
  to ensure compatibility with changes to cookies in browsers (see the docs)
  
  When using SAML this value may need to be changed (see the docs)
• Note: make sure to use server.secure-cookies: true when using proxy.same-site-cookie: None (e.g. for making SAML work properly), see the docs

v2.5.1

This release consists only of a security update. In previous releases, the SAML and Keycloak authentication backends did not protect against session fixation. If an attacker can deploy a malicious application in ShinyProxy or an attacker has control over web applications hosted on the same domain (or subdomain) of the ShinyProxy server, such an attacker was able to fix the session id of a user and ultimately hijack the session of a user. This requires the victim to either open the malicious app or webpage. Updating to ShinyProxy 2.5.1 or 2.6.0 is advised when using the Keycloak or SAML backend. Other authentication backends (e.g. OpenID Connect, LDAP) are not vulnerable. Therefore, it is possible to switch to
another authentication backend as a workaround.

• Security Fix: enable session fixation protection when using SAML authentication

• Security Fix: enable session fixation protection when using Keycloak authentication

  Note: the documentation of the Keycloak library advices to not employ session fixation protection, since this breaks "universal logout". However, since this is a non-standard extension of the OIDC protocol, we prefer the security benefits of this protection over the "universal logout" feature.

v2.5.0

• add support for exposing Prometheus metrics
• add support for SAML Logout (using the /saml/logout endpoint), contributed by @DefensePoint
• add support for SAML Single Logout (using the /saml/SingleLogout endpoint)
• add option to log SAML attributes whenever a user authenticates using SAML (proxy.saml.log-attributes)
• expose SAML metadata on /saml/metadata endpoint
• properly handle receiving expired SAML credentials by redirecting the user to /auth-error and logging a warning message.
• add option to configure the max authentication age of SAML credentials (proxy.saml.max-authentication-age).
• allow to specify the Same Site policy for Cookies (proxy.same-site-cookie).
• add load balancer support for SAML authentication, contributed by @johannestang.
• provide the SHINYPROXY_PUBLIC_PATH environment variable to app containers in order to allow compatibility with Dash 1.3 and RStudio. [
• refactor label and annotations of application containers. These labels and annotations can be processed by monitoring software, such as Grafana Loki.
• allow to specify the query parameter sp_hide_navbar=true on app pages in order to hide the navbar.
• Docker image was improved in order to reduce the image size (~300MB vs ~800MB). Note: the /etc/shinyproxy config directory no longer exists. Configuration files should be placed inside the /opt/shinyproxy/application.yml directory. [
• Fix: ensure SHINYPROXY_OIDC_ACCESS_TOKEN is always set when using OIDC and Redis for session storage
• Fix: ensure clicking back button after authenticating does not cause errors when using SAML with (Azure) Active Directory
• Fix: do not hardcode JS and CSS versions inside templates to allow easier upgrade
• Fix: prevent redirect-loop when using OIDC and email is missing in attributes
• Fix: handle stale session cookies and state when using OIDC (and Keycloak). This prevents errors when the user keeps an OIDC login page open for too long or using stale bookmarks.
• Fix: username not shown when using OIDC, SAML ...

See the full release notes (with pointers to the documentation) at https://shinyproxy.io/downloads/#250

2.4.3

• use GitHub Actions to test ShinyProxy against multiple Java and Kubernetes versions
• Fix: properly cleanup proxies at shutdown
• Fix: include health of Redis into readiness probe (but only when Redis is used)
• Fix: fix SAML and Kerberos authentication (since 2.4.2 it would throw an Exception at startup)
• Fix: take server context-path into account when redirecting to/auth-error

2.4.2

• support any JDBC compatible database for storing usage statistics
• use database connection pooling for usage statistics (improves the performance and reliability of it)
• allow to use Spring Expression Language inside the kubernetes-pod-patches and kubernetes-additional-manifests configuration properties
• add proxy.kubernetes.pod-wait-time property to configure the time ShinyProxy waits for a Kubernetes pod to become ready
• add warning when using the removed server.use-forward-headers property
• Fix: do not throw StackOverflowException when OpenID Connect throws an exception (e.g., when there is a configuration issue)
• Fix: do not cause a redirect loop when ShinyProxy cannot verify an OpenID Connect token, but the user is correctly logged in (e.g., when there is a configuration issue)
• Fix: disable debug log level for org.springframework.web.servlet.DispatcherServlet since it interfere with requests being proxied to the app
• Fix: POST requests don't work when using OpenID Connect
• Fix: make heartbeat mechanism less intrusive such that it doesn't break the websockets connection. Especially useful on slow connections and when using Shiny apps with large plots.