2.4.2

• support any JDBC compatible database for storing usage statistics
• use database connection pooling for usage statistics (improves the performance and reliability of it)
• allow to use Spring Expression Language inside the kubernetes-pod-patches and kubernetes-additional-manifests configuration properties
• add proxy.kubernetes.pod-wait-time property to configure the time ShinyProxy waits for a Kubernetes pod to become ready
• add warning when using the removed server.use-forward-headers property
• Fix: do not throw StackOverflowException when OpenID Connect throws an exception (e.g., when there is a configuration issue)
• Fix: do not cause a redirect loop when ShinyProxy cannot verify an OpenID Connect token, but the user is correctly logged in (e.g., when there is a configuration issue)
• Fix: disable debug log level for org.springframework.web.servlet.DispatcherServlet since it interfere with requests being proxied to the app
• Fix: POST requests don't work when using OpenID Connect
• Fix: make heartbeat mechanism less intrusive such that it doesn't break the websockets connection. Especially useful on slow connections and when using Shiny apps with large plots.

2.4.1

• Fix: rebuild JAR packages using OpenJDK 8 so that they can be run using OpenJDK 8

2.4.0

• support arbitrary settings at app level for the Kubernetes backend using pod patches
• support for creating additional Kubernetes resources when an app starts and removing these when the app stops
• instrument ShinyProxy for deployment using a Kubernetes operator
• support Kubernetes liveness and readiness probes
• improved handling of concurrent users of a proxied resource (increase proxy client's queue size to 100)
• include version of ShinyProxy in startup messsage
• support logout redirection for SAML authentication (proxy.saml.logout-url)
• Fix: support compilation with both OpenJDK and Oracle JDK
• Fix: POST requests to apps a.o. large file uploads
• Fix: correct checksums generated by builds
• Fix: build snapshot Docker images and push to Docker Hub
• Fix: update dependencies so that Google Social Login is supported

2.3.1

• support hosting of Zeppelin notebooks on ShinyProxy (by using non-greedy pattern matching to get app name)
• possibility to set secure flag on cookies (server.secureCookies)
• set HttpOnly on cookies set by ShinyProxy
• set X-Frame-Options header using server.frameOptions
• perform CSRF check on the login form and set X-Content-Type-Options header to nosniff
• allow to set a forceAuthN flag when using SAML authentication (proxy.saml.force-authn)
• improved parsing of custom OIDC role claims
• improved support for the 'emails' claim in OIDC
• Fix: AJAX error when using Keycloak
• Fix: 'Error: 200' page in case of login expiration
• Fix: 404 when a user makes concurrent /app_direct calls;
• Fix: error when stopping containers in a different namespace;
• Fix: documentation for web service authentication

2.3.0

• support for (encrypted) SAML 2.0 based authentication and authorization;
• support for writing application logs to S3 buckets;
• additional logging for OpenID Connect based authentication and authorization

2.2.2

• fine-grained control on container runtime constraints with new fields container-memory-request, container-memory-limit, container-cpu-request and container-cpu-limit; this works both for a plain Docker back-end (except for container-cpu-request) and for a Kubernetes backend (all fields);
• support for providing Kubernetes secrets to apps (using secret key refs)
• additional documentation on request dumping (logging.requestdump)
• app_direct URLs require a trailing slash, so /app_direct/myapp now redirects to
  /app_direct/myapp/ for convenience
• fix: global privileged flag was no longer working
• fix: proxy could take a long time to start on Kubernetes pods

2.2.1

• landing-page can now be used to redirect the user to a single Shiny app (/app/<app-name> or /app_direct/<app-name>) instead of the list of Shiny apps (default; /)
• fix: enable proxying of other request methods beside GET
• fix: re-enable basic auth for API usage when OAuth2 is not being used

2.2.0

• added new OAuth2 compliant security mechanism for the ShinyProxy API to allow for secured embedding of Shiny apps in broader applications or platforms
• replaced endpoint URLs with user-friendly URLs based on app name i.e. /app/<app-name> (standard ShinyProxy interface) and /app_direct/<app-name> (direct access to the Shiny app)
• moved configuration of authentication method webservice to proxy.webservice
• new setting logging.requestdump to enable full request dump
• fix: ShinyProxy will now throw an exception if specs are defined with the same id
• fix: uptime field in admin interface now displays 0 for initializing apps
• fix: influxdb now records non-ASCII usernames correctly
• fix: 400 bad request when launching proxy via api without body
• fix: error when setting proxy.openid.roles-claim is miss-spelled or missing in the id token

2.1.0

• new Kerberos authentication and authorization back-end, which also allows to use Kerberos
  tickets for downstream usage inside the Shiny or Dash apps (including support for
  constrained delegation)
• new authentication method webservice for custom web services that handle authentication
  with a HTTP POST call returning a session id and user information
• allow user to set node-selector for a Kubernetes cluster using proxy.kubernetes.node-selector
• add support for non-ico favicons i.e. png
• updated Keycloak dependency to 4.7.0
• fix: openid login does not trigger login log event
• fix: timing issue with heartbeat on small requests
• fix: proxy.admin-groups didn't work for multiple groups
• fix: tear down proxies once done testing with them in TestConcurrentUsers
• fix: use app.id instead of app.name in the index.html of templates when app logos are
  used for the landing page

2.0.5

• add favicon-path to allow for easy use of custom favicons for ShinyProxy
• add ShinyProxy API documentation
• introduce proxy.keycloak.use-resource-role-mappings to allow for switching between client roles and realm roles
• add proxy.keycloak.name-attribute to allow for specific attributes to be used as the user's name
• add possibility to specify the proxy.openid.logout-url for OpenID Connect based authentication
• document proxy.openid.username-attribute
• fix: container-env setting was ignored
• fix: authentication: none still hides apps if access-groups is set