goauthentik/authentik version/2025.10.4

Release 2025.10.4

on GitHub

See See https://docs.goauthentik.io/docs/releases/2025.10#fixed-in-2025104

What's Changed

• web/flow: Fix spurious double submit on ak-stage-autosubmit (cherry-pick #18727 to version-2025.10) by @authentik-automation[bot] in #18932
• website/docs: add note to active directory source doc (cherry-pick #18787 to version-2025.10) by @authentik-automation[bot] in #18965
• website/docs: Backport version picker updates. (cherry-pick #18964 to version-2025.10) by @authentik-automation[bot] in #18974
• web/admin: fix dark theme on map (cherry-pick #18985 to version-2025.10) by @authentik-automation[bot] in #18986
• web/admin: Fix haveibeenpwned link in PasswordPolicyForm (cherry-pick #18984 to version-2025.10) by @authentik-automation[bot] in #18988
• core: use chunked_queryset for expired message deletion (cherry-pick #19028 to version-2025.10) by @authentik-automation[bot] in #19030
• internal: update TLS Suite (cherry-pick #19076 to version-2025.10) by @authentik-automation[bot] in #19077
• website/docs: fix build (cherry-pick #19148 to version-2025.10) by @authentik-automation[bot] in #19150
• web: fix slug auto-updating when editing existing applications (cherry-pick #19169 to version-2025.10) by @authentik-automation[bot] in #19172
• core: fix read replica routing during transactions (cherry-pick #19086 to version-2025.10) by @authentik-automation[bot] in #19240
• web/admin: add banner to flow import form (cherry-pick #19288 to version-2025.10) by @authentik-automation[bot] in #19292
• website/docs: update entra id provider docs (cherry-pick #18366 to version-2025.10) by @authentik-automation[bot] in #19255
• website/docs: Fix typo in GitHub OAuth Source instructions (cherry-pick #18936 to version-2025.10) by @authentik-automation[bot] in #19321
• website/docs: Fix documentation example for app_entitlements_attributes. (cherry-pick #19316 to version-2025.10) by @authentik-automation[bot] in #19325
• website/docs: update m2m doc (cherry-pick #18963 to version-2025.10) by @authentik-automation[bot] in #19323
• website/docs: update LDAP provider docs (cherry-pick #18272 to version-2025.10) by @authentik-automation[bot] in #19344
• web/elements: hidden secrets not propagating (cherry-pick #19029 to version-2025.10) by @authentik-automation[bot] in #19376
• outpost/proxyv2: fix stale session cookie causing 400 error in createState (cherry-pick #19026 to version-2025.10) by @authentik-automation[bot] in #19374
• internal: rework liveness probe and proxy (cherry-pick #19312 to version-2025.10) by @authentik-automation[bot] in #19383
• website/docs: update gws provider docs (cherry-pick #18286 to version-2025.10) by @authentik-automation[bot] in #19399
• website/docs: add import to discord policy (cherry-pick #19397 to version-2025.10) by @authentik-automation[bot] in #19405
• website/docs: mention dynamic overrides in redirect stage documentation (cherry-pick #19368 to version-2025.10) by @authentik-automation[bot] in #19401
• website/docs: limiting permissions of AD service account (cherry-pick #19483 to version-2025.10) by @authentik-automation[bot] in #19488
• providers/oauth2: add logout+jwt token type for oidc logout token. (cherry-pick #19554 to version-2025.10) by @authentik-automation[bot] in #19674
• internal: fix incorrect metric calculation (cherry-pick #19701 to version-2025.10) by @authentik-automation[bot] in #19702
• core: return bad request when user is authenticated and not active (cherry-pick #19706 to version-2025.10) by @authentik-automation[bot] in #19709
• web/admin: fix impersonation form requesting data without being opened (cherry-pick #19673 to version-2025.10) by @authentik-automation[bot] in #19711
• web/sfe: downgrade bootstrap, add access denied test (cherry-pick #19763 to version-2025.10) by @authentik-automation[bot] in #19764
• website/docs: fix Transifex link in translation guide (cherry-pick #19735 to version-2025.10) by @authentik-automation[bot] in #19770
• root: update client-go generation (cherry-pick #19762 and #19906 to version-2025.10) by @rissson in #19933
• recovery: consume token in transaction (cherry-pick #19967 to version-2025.10) by @authentik-automation[bot] in #19981
• providers/oauth2: use compare_digest for client_secret comparison (cherry-pick #19979 to version-2025.10) by @authentik-automation[bot] in #19982
• website/docs: Remove stale 2024 version directives (cherry-pick #19888 to version-2025.10) by @authentik-automation[bot] in #20022
• docs: add instructions for configuring rp-initiated single logout (cherry-pick #20040 to version-2025.10) by @authentik-automation[bot] in #20054
• core: bump django from v5.2.8 to 5.2.11 (version-2025.10) by @melizeche in #20020
• outpost/proxyv2: revalidate auth if session fails to load (cherry-pick #18063 to version-2025.10) by @authentik-automation[bot] in #20058
• website/docs: generate CVE sidebar (cherry-pick #20098 to version-2025.10) by @authentik-automation[bot] in #20100
• outpost/proxyv2: reduce max number of postgres connections (cherry-pick #19211 to version-2025.10) by @authentik-automation[bot] in #20139
• website/docs: add email verification scope doc (cherry-pick #20141 to version-2025.10) by @authentik-automation[bot] in #20204
• website/docs: rac: fixes the property mapping formatting (cherry-pick #20200 to version-2025.10) by @authentik-automation[bot] in #20201
• security: CVE-2026-25922 (2025.10) by @authentik-automation[bot] in #20229
• security: CVE-2026-25748 (2025.10) by @authentik-automation[bot] in #20228
• security: CVE-2026-25227 (2025.10) by @authentik-automation[bot] in #20227
• web: updated package-lock.json to include missing tree-sitter references. by @kensternberg-authentik in #20247

Full Changelog: version/2025.10.3...version/2025.10.4