Release notes from shinyproxy

v3.2.2

2025-11-12T14:17:43Z

The latest version of the release notes can be found on the website.

update dependencies
Fix: make compatible with Docker version 29

v3.2.1

2025-10-28T15:35:15Z

The latest version of the release notes can be found on the website.

This is a security update, it's highly recommended to update to this version.
Make sure to update any customized templates to the latest version, this is
required to fix the XSS bugs.

update dependencies
ECS: correctly clean-up task-definitions on shutdown (when not using Redis)
ECS: correctly stops apps on shutdown (when not using Redis)
ECS: allow to use read-only root filesystem
ECS: ShinyProxy now requires the ecs:TagResource and
ecs:ListTaskDefinitions permissions,
see docs
Security: fix multiple XSS vulnerabilities. In specific situations, an
attacker can craft a dangerous app instance name, allowing XSS.

v3.2.0

2025-10-28T15:36:57Z

The latest version of the release notes can be found on the website.

update to JDK 21
update to Spring Boot 3.4
use stripped down version of bootstrap to mitigate vulnerabilities
add the ShinyProxy Operator for Docker
expose all apps (including apps a user has no access to) as a variable in templates (see docs)
support links in app descriptions
allow to show apps in grid on main page (see docs)
don't include - Default in title of app page
improve using ShinyProxy on a mobile device
much improved monitoring stack
allow to embed Grafana into ShinyProxy
support monitoring stack on Docker hosts (see ShinyProxy Operator docs)
don't restart crashed Kubernetes container (or pod), this makes debugging a crashed app easier
log reason a Kubernetes pod crashed
log reason a Docker container crashed
check health of a container before showing the app crashed page
show version and debugging information on admin page
exit with an error code when ShinyProxy crashes
more clearly log error when ShinyProxy crashes
improve error when defining duplicate users
shutdown ShinyProxy container when the JVM goes out of memory (only in official Docker image)
tweak Java memory settings for more efficient memory usage (only in official Docker image)
ensure that logs for failed apps are correctly shown in Grafana
check container health during startup, such that failures are detected more quickly
allow to record custom user attributes in usage statistics (see docs)
add CSV usage stats backend (see docs)
allow using serverName in access-expression to limit apps to specific domains
allow using SpEL in the proxy.title and proxy.logo-url properties
ECS: create single log group for each spec instead of for each proxy
ECS: rename the proxy.ecs.enable-cloudwatch to proxy.ecs.enable-cloud-watch for consistency (the old property still works)
ECS: support repository credentials (pull secrets) (see docs)
ECS: support adding SecretManger secrets (see docs), contributed by @axel-nagel
Docker: bind host port of Docker containers on 127.0.0.1 instead of 0.0.0.0 (see docs to change this)
Docker: allow specifying default docker network (see docs)
Docker: allow to use group-add for Docker containers (see docs)
Docker: allow to use Loki Docker driver for collecting logs (see docs)
add delegate_app_status and appInfo Prometheus metrics (see docs)
add option to not use default OpenID scopes (see docs)
support fetching groups using the Microsoft Graph API when using OpenID (see docs)
add option to enforce HTTPS in the OpenID redirect URI (see docs)
allow to use the NameID as username when using SAML (see docs)
allow to handle usernames as case-insensitive (see docs)
add custom header authentication backend (see docs)
log message when receiving invalid status code when ShinyProxy checks reachability of app
allow to add extra fields to the App Details dialog (see docs)
ensure ShinyProxy can be seamlessly (without downtime) upgraded even if storage schema of Spring session changes
make the Docker and Kubernetes resources configuration more flexible (see docs)
validate Kubernetes resources configuration, such that a more user-friendly error is reported
Note: for improved security, ShinyProxy now uses a (single) Kubernetes
service to access pods. Therefore, ShinyProxy should have permission to manage
Kubernetes services. The manifests of the operator are updated to support this.
Fix: don't send emails with zero-byte attachments
Fix: don't add request headers that contain non-allowed (i.e. everything except ISO-8859-1/ISO-Latin-1) characters
Fix: don't use protocol of docker.url as target protocol for connecting to apps
Fix: gracefully handle errors in usage stats, to not brake the apps
Fix: prevent memory leak in SpecExpressionResolver
Fix: prevent memory leak in ProxyMappingManager
Fix: prevent IllegalStateException: creationTime key must not be null
Fix: prevent ConcurrentModificationException error
Fix: correctly load existing app when spec is removed
Fix: show app crashed page instead of reloading page in specific situations
Fix: prevent NullPointerException for requests without a User-Agent header

v3.1.1

2024-06-20T12:02:33Z

The latest version of the release notes can be found on the website.

update dependencies
improve performance of fetching proxies owned by a user
add API endpoint to replace pre-initialized and shared containers
when opening an app that has an external-app configured, redirect to this URL when starting the app
allow specifying client-authentication-method in OpenID configuration, (see docs), contributed by @MohamedAnouar
Fix: stop containers started using container pre-initialization and sharing when ShinyProxy stops
Fix: add workaround for authentication issue when opening a link to ShinyProxy from a MS Office application
Fix: retry (proxied) request to app when the app closes the TCP connection (fixes issues with loading assets of Shiny apps)
Fix: throw error on startup when app recovery is used together with container pre-initialization and sharing
Fix: force apps to not use compression on HTML responses such that the iframe script can be injected
Fix: allow admin to stop apps of other users again
Fix: avoid Thymeleaf warning
Fix: issue when using Datatables and SAML
Fix: do not load demo config when using spring.config.location
Fix: ensure Docker port is only released when container has been stopped

v3.1.0

2024-05-07T08:43:03Z

The latest version of the release notes can be found on the website.

We want to thank all contributors that made this release possible. The
"pre-initialization" feature was developed in cooperation with UCLouvain and NPL
Markets. We would also like to thank AWS for contributing an initial version of
the ECS backend. See the support page if your organization wants to sponsor a
specific feature in ShinyProxy.

update to JDK 17
update to Spring Boot 3.2
add support for pre-initializing containers (see docs)
add support for sharing a container among multiple users (see docs)
add support for autoscaling number of pre-initializer or shared containers (see docs)
add AWS ECS backend, for running containers on AWS ECS Fargate, (see backend docs and app docs )
add option to show notification (a.k.a message of the day) to all users (see docs), contributed by @ziyunxiao
allow to use request and response objects in templates (e.g. to check the status code), see example
replace in-memory caches by Caffeine library to reduce chance of memory leaks
cache whether a user is an admin
cache the maximum number of instances a user can start
cache proxyId for common endpoints
cache (app) favicons and logos
various performance improvements
support YAML array notation in proxy.kubernetes.image-pull-secrets property
allow configuring OpenID connect JWKS algorithm (see docs)
allow to use the (decoded) OpenID access token in SpEL (see docs)
allow to use the JSON response returned by the authentication webservice in SpEL (see docs)
allow to use groups when using webservice authentication (see docs)
allow to use custom name for container names (see docs: Docker, Docker Swarm and Kubernetes)
use proxyId instead of containerId in service name on Kubernetes
allow to configure time to wait before Docker swarm service is ready (see docs)
replace Docker library by an up to date version
update Docker library to be compatible with recent Docker releases
add option to control cache headers sent by an app (see docs)
add option to control the maximum number of running apps per app or in total (see docs)
add cache headers to ShinyProxy assets (CSS and JS files)
send userid and groups as HTTP headers (see docs)
add option to send custom attributes as HTTP headers (see docs)
allow apps to link to an (external) page/url instead of starting a container (see docs)
check if app has crashed on websocket connection error
add authorized versions of kubernetes-pod-patches, kubernetes-additional-manifests and kubernetes-additional-persistent-manifests, allowing to control when these properties are applied (see docs)
improve Proxy status API endpoint
add support for specifying a (different) favicon per app (see docs)
add options to specify width, height, style and CSS class of app logos (see docs)
drop social authentication, use the OpenID backend instead
drop keycloak authentication, use the OpenID backend instead
in the parameter form, do not reset values for other (default) parameters when changing a (default) parameter (but only if the resulting combination is allowed)
add log message to "auth-success" page to ease debugging when the redirect does not work
the authFailed metric is now increased when the /auth-error is shown to a user (e.g. after a login using OIDC failed)
collect the spec id in the startFailed (Prometheus) metrics (see updated dashboard)
add (Prometheus) metric for crashed apps (see updated dashboard)
OpenID: extract roles claim from user-info, in addition to extracting it from the ID token
OpenID: log all claims from ID token and user-info, even if no roles-claim is specified
the leader election of ShinyProxy now only runs on ShinyProxy replicas that are running the latest version. This allows to implement more advanced features.
implement container-dns when using Kubernetes
allow apps to override the mail-to-address (see docs)
allow to override the subject of the support email (see docs)
allow specifying docker-user option for apps (works with Docker and Docker swarm)
allow specifying docker-ipc option for apps (works with Docker)
allow specifying docker-runtime option for apps (works with Docker only)
allow specifying docker-device-requests for apps (works with Docker only)
allow redirecting the user to the first available app (see docs), contributed by @nickmelis
allow redirecting the user to the only app available app (see docs), contributed by @nickmelis
Fix: loading favicon when using context-path
Fix: automatically add context-path to path in proxy.landing-page
Fix: counter metrics when using multiple replicas
Fix: correctly collect logs when using Docker Swarm
Fix: delay release of Docker port, in order to prevent issues when the Docker daemon does not release the port immediately
Fix: report correct app id in report issue e-mail
Fix: cleanup WebSocket handles when WebSocket connection is closed or app is stopped (caused a memory leak in specific circumstances)
Fix: parse Kubernetes events when pod runs in a different namespace
Fix: prevent NPE in KubernetesManifestsRemover with certain CRDs
Fix: do not expose logoUrl property of spec in API
Fix: log warning when ShinyProxy cannot access the logs of a Kubernetes pod
Fix: make track-app-url work with non-absolute URLs
Fix: validation when creating new app instance (in switch instances modal)

Note: when using Prometheus
for Usage Statistics, you have
to update the configuration: change the
property management.metrics.export.prometheus.enabled: true
to management.prometheus.metrics.export.enabled: true

A typical configuration should be changed from:

proxy:

  #  ...

  usage-stats-url: micrometer

management:
  metrics:
    export:
      prometheus:
        enabled: true

#  ...

proxy:

  #  ...

  usage-stats-url: micrometer

management:
  prometheus:
    metrics:
      export:
        enabled: true

#  ...

Note: when using Redis for session or app persistence (e.g. when using the
ShinyProxy Operator),
you have to update the Redis configuration:
- move all properties from spring.redis to spring.data.redis
- change spring.redis.ssl: true to spring.data.redis.ssl.enabled: true
- the internal data format of (Spring) session information has changed and is
  incompatible with the new format. Clear the database or use a different
  redis database (i.e. changing or adding spring.data.redis.database
  (default is 0))
A typical Redis session configuration should be changed from:
```
spring:
  session:
    store-type: redis
  redis:
    host: redis
    password: ${REDIS_PASSWORD}
    ssl: true
  # this config implicitly uses database 0
```
to:
```
spring:
  session:
    store-type: redis
  data:
    redis:
      host: redis
      password: ${REDIS_PASSWORD}
      database: 1
      ssl:
        enabled: true
```

v3.0.2

2023-07-27T06:42:16Z

The latest version of the release notes can be found on the website.

add option to ignore OpenID session expire (see docs)
streamline fallback config (do not use LDAP in fallback config and use same config for all deployment options)
add mobile viewport meta tags, contributed by @tanho63 and @andrewsali
preserve subpath when starting an app
add compatibility with Dash.jl apps (see demo)
add support for admin users in addition to admin groups (see docs)
add RuntimeValue SHINYPROXY_USER_TIMEZONE containing the timezone of the user (retrieved from the browser) (see docs).
Fix: prevent NullPointerExceptions in OpenID code
Fix: when a user opens an app before being authenticated, redirect user back to that app after login
Fix: make stopping an app more reliable (e.g. if stopping an app fails halfway)
Fix: prevent errors when requests during the start of an app fail because of a network issue. This is also a workaround for a bug in Firefox.
Fix improve behavior of refreshing the OpenID session, preventing unexpected logouts
Fix: prevent corrupt file downloads
Fix: prevent errors with UTF-8 characters on some platforms
Fix: prevent error when uploading files in RStudio
Fix: try to prevent the user from going back to the IDP when using OIDC or SAML, which causes the user to see an error. Note: because of some browser protections, this cannot be prevented completely. When the user clicks the back button multiple times, they may end up on the IDP page, however, the case where the user accidentally clicks the back button has been fixed.
Fix: ensure compatibility with coder/code-server (VS Code) versions after 4.10.1, by including any non-standard port in the X-Forwarded-Host header - Fix: allow using = in query string parameters
Security: the HTML page of an (active) app contained the full details of that app, including runtime values that were hidden since 3.0.0. This has been fixed by only showing the non-sensitive information.
Security: when using none authentication, (anonymous) users had access to the admin page and can see only their apps. This includes more information than what is returned from the API (e.g. the exact docker image used), but only for the apps started by that user. Updating is strongly advised when using none authentication.

Deprecations

Component: Social Authentication

Replacement: use the regular OpenID Connect implementation. Concrete update steps and examples will be provided with the next release.

Reason: the Social Authentication plugins are deprecated and no longer supported by the Spring Project. The next ShinyProxy release will upgrade to Spring Boot 3, which no longer supports these plugins.
Component: Keycloak Authentication

Replacement: use the regular OpenID Connect implementation. Concrete update steps and examples will be provided with the next release.

Reason: Further releases will still support Keycloak by using the general OpenID backend. The Keycloak project has deprecated the Keycloak adapters. The next ShinyProxy release will upgrade to Spring Boot 3, which no longer supports these plugins. In addition, the general OpenID authentication has advanced features and better integration.

v3.0.1

2023-07-25T15:02:13Z

The latest version of the release notes can be found on the website.

support YAML arrays for the groups property of users
Fix: handle invalid requests to the /app and /app_direct as Forbidden (instead of Internal Server Error and logging exceptions)
Fix: do not parse commas (,) in the container-cmd property
Fix: do not add Content-Length header when Transfer-Encoding header is present while injecting JavaScript file into the iframe

v3.0.0

2023-03-02T12:33:47Z

The latest version of the release notes can be found on the website.

add support for app parameters such that the user must select some (arbitrary) parameters before starting an app (see docs).
add support for running multiple ShinyProxy replicas providing scaling and high availability (see docs)
add option to automatically pull Docker image when using Docker engine
add support for Shiny bookmarking
add option to track the URL of the app in the browser. This ensures the URL in the browser changes together with the (active) URL of the iframe.
add Prometheus metrics for the duration of the individual steps of starting an app (e.g. scheduling, pulling image, starting of application) see docs)
support using multiple usage statistics plugins at the same time, ( see docs). - add My Apps modal that shows the current (active) applications of the user. This can also be shown inline on the main page.
add App Details modal to the app page, the Switch Instance modal and the ( new) My Apps modal. In addition to showing basic information about an app, it also shows when an app will be stopped by ShinyProxy (e.g. because of heartbeat timeout or max-lifetime). - show a message when the user has access to zero apps (instead of an empty page)
add support for additional port mappings. For example proxying the path /mypath to a different port on the same container, see docs
inject a javascript file into the iframe on the server (instead of on the client). The previous method did not work all the time on all browsers. - improve admin page
add option to show the Switch Instance modal before opening an app such that the user can re-open an existing app or choose the name for a new app, see docs.
add support for secrets when using Docker Swarm, see docs - add support for memory and cpu requests and limits when using Docker Swarm
add support for private registries when using Docker and Docker Swarm, see docs
the duration of the API call to start an app is now limited at 10 seconds, therefore there is no need to increase request timeouts of proxies or loadbalancers
do not show internal errors and stack traces to users for improved security (errors are still logged)
improve error reporting when app fails to start on Kubernetes: warnings reported by Kubernetes are now logged in ShinyProxy logs (e.g. issues with the image, issues with the nodes or scaling etc.)
add option to output logs as (structured) JSON (using logstash format) (see docs)
logged stack traces are now more concise (when using the JSON format)
improve collecting applications logs on Kubernetes by ensuring that logs are always flushed
improve application log writing to S3: logs are now send to S3 every 10 seconds and every 1MB (previously the Docker backend would write the logs to S3 on every write)
improve App Recovery by not using the application spec when recovering applications. Therefore, the spec of running applications can be changed or removed, after which the ShinyProxy can be restarted ( see updated docs)
add support for setting an annotation to kubernetes-additional-manifests that allows to specify how existing Kubernetes resources must be updated (see docs)
when proxy.kubernetes.debug-patches is enabled additional manifests are now logged as well
add support for using auth related objects in SPeL expressions in the kubernetes-additional-manifests and kubernetes-additional-persistent-manifests properties
change the way kubernetes-additional-manifests are deleted such that the SPeL expressions in these properties are not evaluated when the manifests are deleted. Therefore, ShinyProxy can now delete resources of which the name is dynamic (using SpEL) or when the spec is unknown (e.g. when using the operator or App Recovery).
make it possible to use SpEL in max-instances, heartbeat-timeout, max-lifetime and target-path properties (see docs)
the API no longer returns security-sensitive runtime values
the API no longer includes the spec when returning information about an app, such that the API does not return security-sensitive information
the API now returns only a limited set of properties when querying for specs ( also to improve security), this can optionally be reverted (see docs)
add option to configure CORS (see docs)
add option to add custom headers to HTTP responses (see docs)
add option to disable default security headers (see docs)
add OpenAPI specification and swagger API docs
drop kerberos support
OIDC access tokens are now automatically refreshed, such that a new container always has a non-expired access tokens. ShinyProxy now also respects the max session lifetime of the OIDC Identity Provider.
make it possible to use PKCE when using OIDC (see docs)
make it possible to use the userinfo-url endpoint when using OIDC (see docs)
Fix: properly handle when user reloads the page while starting or stopping an app
Fix: ensure height of apps is correct when using custom navbar
Fix: restore ShinyProxy acting as an OAuth Resource Server
Fix: memory leak in ActiveProxiesService
Fix: prevent the user from ending on the /auth-error page when their session expires when using OIDC
Fix: always redirect to the main page after logging in. Otherwise, users might end up on internal API endpoints or on pages that no longer exist (e.g. removed app or instances).
Fix: replace the SAML implementation using the new Spring implementation for improved security
Fix: do no return internal errors (e.g. app_stopped_or_non_existent) on /app_direct endpoint
Fix: correctly parse emails claim when using OIDC

v2.6.1

2022-04-01T13:21:36Z

Fix: update Spring Boot to 2.5.12 in order to mitigate CVE-2022-22965 See the GitHub issue for the latest updates on how this issue affects ShinyProxy.
Note: when using Redis for session persistence (e.g. when using the ShinyProxy Operator), you have to change the Redis configuration to use a different database (or a different namespace). By default, database 0 is used, you must change this to use database 1 (or any other free database). Use the spring.redis.database property for this (see example). This change will require the users to re-login. This change is required because the data format of the session information has changed in Spring.

A typical Redis session configuration should be changed from:
```
spring:
  session:
    store-type: redis
  redis:
    host: redis
    password: ${REDIS_PASSWORD}
```
to:
```
spring:
  session:
    store-type: redis
  redis:
    host: redis
    password: ${REDIS_PASSWORD}
    database: 1
```

v2.6.0

2021-11-05T15:16:22Z

add proxy.default-stop-proxy-on-logout option to not stop apps on logout of a user (see docs)
add option to limit the maximum lifetime of an app (see docs)
add proxy.stop-proxies-on-shutdown option to not stop apps on shutdown of ShinyProxy (see docs)
optionally restore running apps on startup (known as App Recovery)
add heartbeat-timeout property to the specification of proxies (see docs)
allow to disable the heartbeat-timeout property (see docs)
add authentication information to SpEL context (see docs)
add way to easily use runtime-values in SpEL (see docs)
add kubernetes-additional-persistent-manifests option to specification of apps. These Kubernetes manifests are created when an app starts, but are never removed (in contrast to kubernetes-additional-manifests) (see docs)
add absolute_apps_running, absolute_users_logged_in, absolute_users_logged_in metrics to Micrometer (i.e. Prometheus) metrics, providing a way more consistent and correct value
add proxy.usage-stats-micrometer-prefix to optionally prefix Micrometer (i.e. Prometheus) metrics
add target-path option to specification of apps (see docs)
add a fallback heartbeat system for when the app does not use websockets and does not send HTTP requests often enough. This makes it easier to run applications which do not have these functionalities (e.g. traditional server-rendered apps, static html files etc.).
add Restart app button to navigation bar
add Stop app button to navigation bar
add mechanism to automatically reconnect the websocket connection in case it gets disconnected (see docs)
add support for running multiple instances of the same app by a single user (see docs)
add hide-navbar-on-main-page-link option to the specification of apps. When this option is enabled, the sp_hide_navbar query parameter will be added to the link on the main page to that app. This way you can control that an individual app is opened with the navbar hidden, while it is still possible to show the navbar for that app (by changing the URL).
automatically extend the lifetime of the session of a user when a websocket connection is active. This prevents the user from automatically getting logged out when using an app that only uses a websocket connection and no HTTP requests (see the corresponding GitHub issue)
add support for using SpEL in proxy.openid-logout-url (so that id_token_hint can be provided) (see docs)
add support for using http.proxyHost and http.proxyPort system properties for HTTP requests made by the SAML component (e.g. to fetch SAML metadata), contributed by @bartleboeuf
updated admin page to show more information
add support for grouping apps (see docs)
add support for specifying metadata to an app that can be used in the template (see docs)
add access-users property to proxy specification. This allows to configure a list of users that should have access to the app (see docs)
add access-expression property to proxy specification. This allows to configure a SpEL expression to determine whether a user has access to an app (see docs)
Operator: add proxy.operator.force-transfer option. When enabled a user is automatically transferred to the latest ShinyProxy instance when not using any apps. This is checked both on the main page and before starting a new app (see the operator docs).
Operator: automatically transfer user to latest ShinyProxy instance before logging in and after logging out (see the operator docs).
Operator: add proxy.operator.show-transfer-message-app-page option (see the operator docs).
Operator: add proxy.operator.show-transfer-message-main-page option (see the operator docs).
Fix: make issue form a client-side feature, such that current running app isn't closed
Fix: make it possible to run Jupyter Notebooks using ShinyProxy
Fix: make it easier to run Python Flask applications using ShinyProxy
Fix: update jQuery library so that the Bootstrap collapse module properly works
Fix: parsing of OIDC roles when these are provided as an embedded JSON string
Fix: return JSON on the DELETE /api/proxy/id API endpoint
Fix: show message when a login attempt is rejected because of an expired session
Fix: ensure API is accessible using access token when using Keycloak
Fix: cleanup any started container if user logs out during startup of an app
Fix: all web assets (JavaScript and CSS files) are now included in ShinyProxy itself and not loaded from a CDN
Fix: adapt the proxy.same-site-cookie property so that it also changes the SameSite Policy for session cookies created by Undertow (i.e. the session cookie when not using Redis)
Fix: adapt the server.secure-cookies property so that it also changes the Secure flag for session cookies created by Spring (i.e. the session cookie when using Redis)
Fix: update all included dependencies
Fix: do not show undefined in the browser when navigating away while an app is starting, for example, by logging out or navigating to the main page.
Fix: support parsing Keycloak JWKS information when it contains an ECDSA key
Note: using #{proxySpec.containerSpecs[0].env.get('SHINYPROXY_PUBLIC_PATH')}
in the specification of an app will no longer work. The code can be replaced
by #{proxy.getRuntimeValue('SHINYPROXY_PUBLIC_PATH')} (see the SpEL docs)
Note: change the default value for proxy.same-site-cookie to Lax, in order
to ensure compatibility with changes to cookies in browsers (see the docs)

When using SAML this value may need to be changed (see the docs)
Note: make sure to use server.secure-cookies: true when using proxy.same-site-cookie: None (e.g. for making SAML work properly), see the docs