This release delivers license onboarding UI, browser-aware license enforcement, and a dual-action Request License + Activate Token flow — along with important bug fixes to auth redirects and deployment type validation.
Show full release notes
New Features
- Public license onboarding page at
/license/admin/license_lead_info.html— accessible before any license is activated. - Dual-action license UI: Request License and Activate Token forms on a single page, consistent with scan-agent UX patterns.
- Browser-aware middleware: HTML
Acceptheader requests from unlicensed browsers now receive a 307 redirect to the onboarding page instead of a JSON 403. - License-aware auth:
/loginroutes now pre-check license status and redirect to onboarding when no license exists.
Bug Fixes
- Fixed
SECUREONE_LICENSE_SERVER_URL is not configurederror — addedDEFAULT_LICENSE_SERVER_URLfallback with env-var priority chain. - Fixed
deployment_type422 enum validation error — added normalization to map free-text values (Host Binary,self-hosted,cloud) to validonprem/saasenum values. - Fixed env-var public path override silently replacing defaults —
_public_paths()now merges env paths withDEFAULT_PUBLIC_PATHS. - Fixed
/license/admin/license_lead_info.htmlreturning 403 — route added to public path allowlist and permission bypass list.
Configuration
- New
.envlicense block:SECUREONE_LICENSE_ENFORCE,SECUREONE_LICENSE_FILE,SECUREONE_LICENSE_PUBLIC_KEY_PATH,SECUREONE_LICENSE_ALGORITHMS,SECUREONE_LICENSE_SERVER_URL, all endpoint paths, andSECUREONE_LICENSE_SYNC_INTERVAL_SECONDS.
Internal / Architecture
- New
app/routers/license_lead_info.pywith_render_page()helper,action-based POST dispatch, dual protected + public router registration. - New RBAC resources:
ADMIN_SETTINGS_LICENSE_LEAD_INFOandADMIN_SETTINGS_LICENSE_LEAD_INFO_SUBMIT. app/core/licensing.py: Added_normalize_license_request_payload(),_normalize_deployment_type(), default URL fallback chain.
Usage of this software is subject to the license agreement.