ShinyProxy - Open Source Enterprise Deployment for Shiny and data science apps
The latest version of the release notes can be found on the website.
We want to thank all contributors that made this release possible. The "pre-initialization" feature was developed in cooperation with UCLouvain and NPL Markets. We would also like to thank AWS for contributing an initial version of the ECS backend. See the support page if your organization wants to sponsor a specific feature in ShinyProxy.
update to JDK 17
update to Spring Boot 3.2
add support for pre-initializing containers (see docs)
add support for sharing a container among multiple users (see docs)
add support for autoscaling number of pre-initializer or shared containers (see docs)
add AWS ECS backend, for running containers on AWS ECS Fargate, (see backend docs and app docs )
add option to show notification (a.k.a message of the day) to all users (see docs), contributed by @ziyunxiao
allow to use request and response objects in templates (e.g. to check the status code), see example
replace in-memory caches by Caffeine library to reduce chance of memory leaks
cache whether a user is an admin
cache the maximum number of instances a user can start
cache proxyId for common endpoints
cache (app) favicons and logos
various performance improvements
support YAML array notation in proxy.kubernetes.image-pull-secrets
property
allow configuring OpenID connect JWKS algorithm (see docs)
allow to use the (decoded) OpenID access token in SpEL (see docs)
allow to use the JSON response returned by the authentication webservice in SpEL (see docs)
allow to use groups when using webservice authentication (see docs)
allow to use custom name for container names (see docs: Docker, Docker Swarm and Kubernetes)
use proxyId instead of containerId in service name on Kubernetes
allow to configure time to wait before Docker swarm service is ready (see docs)
replace Docker library by an up to date version
update Docker library to be compatible with recent Docker releases
add option to control cache headers sent by an app (see docs)
add option to control the maximum number of running apps per app or in total (see docs)
add cache headers to ShinyProxy assets (CSS and JS files)
send userid and groups as HTTP headers (see docs)
add option to send custom attributes as HTTP headers (see docs)
allow apps to link to an (external) page/url instead of starting a container (see docs)
check if app has crashed on websocket connection error
add authorized versions of kubernetes-pod-patches
, kubernetes-additional-manifests
and kubernetes-additional-persistent-manifests
, allowing to control when these properties are applied (see docs)
improve Proxy status API endpoint
add support for specifying a (different) favicon per app (see docs)
add options to specify width, height, style and CSS class of app logos (see docs)
drop social authentication, use the OpenID backend instead
drop keycloak authentication, use the OpenID backend instead
in the parameter form, do not reset values for other (default) parameters when changing a (default) parameter (but only if the resulting combination is allowed)
add log message to "auth-success" page to ease debugging when the redirect does not work
the authFailed
metric is now increased when the /auth-error
is shown to a user (e.g. after a login using OIDC failed)
collect the spec id in the startFailed
(Prometheus) metrics (see updated dashboard)
add (Prometheus) metric for crashed apps (see updated dashboard)
OpenID: extract roles claim from user-info, in addition to extracting it from the ID token
OpenID: log all claims from ID token and user-info, even if no roles-claim
is specified
the leader election of ShinyProxy now only runs on ShinyProxy replicas that are running the latest version. This allows to implement more advanced features.
implement container-dns when using Kubernetes
allow apps to override the mail-to-address (see docs)
allow to override the subject of the support email (see docs)
allow specifying docker-user
option for apps (works with Docker and Docker swarm)
allow specifying docker-ipc
option for apps (works with Docker)
allow specifying docker-runtime
option for apps (works with Docker only)
allow specifying docker-device-requests
for apps (works with Docker only)
allow redirecting the user to the first available app (see docs), contributed by @nickmelis
allow redirecting the user to the only app available app (see docs), contributed by @nickmelis
Fix: loading favicon when using context-path
Fix: automatically add context-path to path in proxy.landing-page
Fix: counter metrics when using multiple replicas
Fix: correctly collect logs when using Docker Swarm
Fix: delay release of Docker port, in order to prevent issues when the Docker daemon does not release the port immediately
Fix: report correct app id in report issue e-mail
Fix: cleanup WebSocket handles when WebSocket connection is closed or app is stopped (caused a memory leak in specific circumstances)
Fix: parse Kubernetes events when pod runs in a different namespace
Fix: prevent NPE in KubernetesManifestsRemover
with certain CRDs
Fix: do not expose logoUrl
property of spec in API
Fix: log warning when ShinyProxy cannot access the logs of a Kubernetes pod
Fix: make track-app-url
work with non-absolute URLs
Fix: validation when creating new app instance (in switch instances modal)
Note: when using Prometheus
for Usage Statistics, you have
to update the configuration: change the
property management.metrics.export.prometheus.enabled: true
to management.prometheus.metrics.export.enabled: true
A typical configuration should be changed from:
proxy:
# ...
usage-stats-url: micrometer
management:
metrics:
export:
prometheus:
enabled: true
# ...
to
proxy:
# ...
usage-stats-url: micrometer
management:
prometheus:
metrics:
export:
enabled: true
# ...
Note: when using Redis for session or app persistence (e.g. when using the ShinyProxy Operator), you have to update the Redis configuration:
spring.redis
to spring.data.redis
spring.redis.ssl: true
to spring.data.redis.ssl.enabled: true
spring.data.redis.database
(default is 0))A typical Redis session configuration should be changed from:
spring:
session:
store-type: redis
redis:
host: redis
password: ${REDIS_PASSWORD}
ssl: true
# this config implicitly uses database 0
to:
spring:
session:
store-type: redis
data:
redis:
host: redis
password: ${REDIS_PASSWORD}
database: 1
ssl:
enabled: true
The latest version of the release notes can be found on the website.
SHINYPROXY_USER_TIMEZONE
containing the timezone of the user (retrieved from the browser) (see docs).coder/code-server
(VS Code) versions after 4.10.1, by including any non-standard port in the X-Forwarded-Host
header - Fix: allow using =
in query string parametersnone
authentication, (anonymous) users had access to the admin page and can see only their apps. This includes more information than what is returned from the API (e.g. the exact docker image used), but only for the apps started by that user. Updating is strongly advised when using none
authentication.The latest version of the release notes can be found on the website.
groups
property of users/app
and /app_direct
as Forbidden (instead of Internal Server Error and logging exceptions),
) in the container-cmd
propertyThe latest version of the release notes can be found on the website.
My Apps
modal that shows the current (active) applications of the user. This can also be shown inline on the main page.App Details
modal to the app page, the Switch Instance
modal and the ( new) My Apps
modal. In addition to showing basic information about an app, it also shows when an app will be stopped by ShinyProxy (e.g. because of heartbeat timeout or max-lifetime). - show a message when the user has access to zero apps (instead of an empty page)/mypath
to a different port on the same container, see docs
Switch Instance
modal before opening an app such that the user can re-open an existing app or choose the name for a new app, see docs.kubernetes-additional-manifests
that allows to specify how existing Kubernetes resources must be updated (see docs)proxy.kubernetes.debug-patches
is enabled additional manifests are now logged as wellkubernetes-additional-manifests
and kubernetes-additional-persistent-manifests
propertieskubernetes-additional-manifests
are deleted such that the SPeL expressions in these properties are not evaluated when the manifests are deleted. Therefore, ShinyProxy can now delete resources of which the name is dynamic (using SpEL) or when the spec is unknown (e.g. when using the operator or App Recovery).max-instances
, heartbeat-timeout
, max-lifetime
and target-path
properties (see docs)userinfo-url
endpoint when using OIDC (see docs)ActiveProxiesService
/auth-error
page when their session expires when using OIDCapp_stopped_or_non_existent
) on /app_direct
endpointemails
claim when using OIDCFix: update Spring Boot to 2.5.12 in order to mitigate CVE-2022-22965 See the GitHub issue for the latest updates on how this issue affects ShinyProxy.
Note: when using Redis for session persistence (e.g. when using the ShinyProxy Operator), you have to change the Redis configuration to use a different database (or a different namespace). By default, database 0
is used, you must change this to use database 1
(or any other free database). Use the spring.redis.database
property for this (see example). This change will require the users to re-login. This change is required because the data format of the session information has changed in Spring.
A typical Redis session configuration should be changed from:
spring:
session:
store-type: redis
redis:
host: redis
password: ${REDIS_PASSWORD}
to:
spring:
session:
store-type: redis
redis:
host: redis
password: ${REDIS_PASSWORD}
database: 1
proxy.default-stop-proxy-on-logout
option to not stop apps on logout of a user (see docs)proxy.stop-proxies-on-shutdown
option to not stop apps on shutdown of ShinyProxy (see docs)heartbeat-timeout
property to the specification of proxies (see docs)heartbeat-timeout
property (see docs)kubernetes-additional-persistent-manifests
option to specification of apps. These Kubernetes manifests are created when an app starts, but are never removed (in contrast to kubernetes-additional-manifests
) (see docs)absolute_apps_running
, absolute_users_logged_in
, absolute_users_logged_in
metrics to Micrometer (i.e. Prometheus) metrics, providing a way more consistent and correct valueproxy.usage-stats-micrometer-prefix
to optionally prefix Micrometer (i.e. Prometheus) metricstarget-path
option to specification of apps (see docs)Restart app
button to navigation barStop app
button to navigation barhide-navbar-on-main-page-link
option to the specification of apps. When this option is enabled, the sp_hide_navbar
query parameter will be added to the link on the main page to that app. This way you can control that an individual app is opened with the navbar hidden, while it is still possible to show the navbar for that app (by changing the URL).proxy.openid-logout-url
(so that id_token_hint
can be provided) (see docs)http.proxyHost
and http.proxyPort
system properties for HTTP requests made by the SAML component (e.g. to fetch SAML metadata), contributed by @bartleboeuf
access-users
property to proxy specification. This allows to configure a list of users that should have access to the app (see docs)access-expression
property to proxy specification. This allows to configure a SpEL expression to determine whether a user has access to an app (see docs)proxy.operator.force-transfer
option. When enabled a user is automatically transferred to the latest ShinyProxy instance when not using any apps. This is checked both on the main page and before starting a new app (see the operator docs).proxy.operator.show-transfer-message-app-page
option (see the operator docs).proxy.operator.show-transfer-message-main-page
option (see the operator docs).DELETE /api/proxy/id
API endpointproxy.same-site-cookie
property so that it also changes the SameSite Policy for session cookies created by Undertow (i.e. the session cookie when not using Redis)server.secure-cookies
property so that it also changes the Secure flag for session cookies created by Spring (i.e. the session cookie when using Redis)undefined
in the browser when navigating away while an app is starting, for example, by logging out or navigating to the main page.#{proxySpec.containerSpecs[0].env.get('SHINYPROXY_PUBLIC_PATH')}
in the specification of an app will no longer work. The code can be replaced
by #{proxy.getRuntimeValue('SHINYPROXY_PUBLIC_PATH')}
(see the SpEL docs)proxy.same-site-cookie
to Lax
, in order
to ensure compatibility with changes to cookies in browsers (see the docs)server.secure-cookies: true
when using proxy.same-site-cookie: None
(e.g. for making SAML work properly), see the docs
This release consists only of a security update. In previous releases, the SAML and Keycloak authentication backends did not protect against session fixation. If an attacker can deploy a malicious application in ShinyProxy or an attacker has control over web applications hosted on the same domain (or subdomain) of the ShinyProxy server, such an attacker was able to fix the session id of a user and ultimately hijack the session of a user. This requires the victim to either open the malicious app or webpage. Updating to ShinyProxy 2.5.1 or 2.6.0 is advised when using the Keycloak or SAML backend. Other authentication backends (e.g. OpenID Connect, LDAP) are not vulnerable. Therefore, it is possible to switch to another authentication backend as a workaround.
Security Fix: enable session fixation protection when using SAML authentication
Security Fix: enable session fixation protection when using Keycloak authentication
Note: the documentation of the Keycloak library advices to not employ session fixation protection, since this breaks "universal logout". However, since this is a non-standard extension of the OIDC protocol, we prefer the security benefits of this protection over the "universal logout" feature.
/saml/logout
endpoint), contributed by @DefensePoint
/saml/SingleLogout
endpoint)proxy.saml.log-attributes
)/saml/metadata
endpoint/auth-error
and logging a warning message.proxy.saml.max-authentication-age
).proxy.same-site-cookie
).SHINYPROXY_PUBLIC_PATH
environment variable to app containers in order to allow compatibility with Dash 1.3 and RStudio. [sp_hide_navbar=true
on app pages in order to hide the navbar./etc/shinyproxy
config directory no longer exists. Configuration files should be placed inside the /opt/shinyproxy/application.yml
directory. [SHINYPROXY_OIDC_ACCESS_TOKEN
is always set when using OIDC and Redis for session storageSee the full release notes (with pointers to the documentation) at https://shinyproxy.io/downloads/#250
/auth-error
kubernetes-pod-patches
and kubernetes-additional-manifests
configuration propertiesproxy.kubernetes.pod-wait-time
property to configure the time ShinyProxy waits for a Kubernetes pod to become readyserver.use-forward-headers
propertyStackOverflowException
when OpenID Connect throws an exception (e.g., when there is a configuration issue)org.springframework.web.servlet.DispatcherServlet
since it interfere with requests being proxied to the app