github goauthentik/authentik version/2026.2.3
Release 2026.2.3
on GitHub

4 hours ago

See https://docs.goauthentik.io/docs/releases/2026.2#fixed-in-202623

What's Changed

  • core: bump django from v5.2.12 to 5.2.13 (cherry-pick #21520 to version-2026.2) by @authentik-automation[bot] in #21526
  • endpoints: fix tasks failing (cherry-pick #20904 to version-2026.2) by @authentik-automation[bot] in #21538
  • website/docs: add another sentence to First Steps about restricting access to apps (cherry-pick #21517 to version-2026.2) by @authentik-automation[bot] in #21542
  • lib/sync/outgoing: avoid expensive query to get number of sync pages (cherry-pick #21575 to version-2026.2) by @authentik-automation[bot] in #21581
  • packages/django-dramatiq-postgres: reset db connections in raise_connection_error (cherry-pick #21577 to version-2026.2) by @authentik-automation[bot] in #21599
  • providers/oauth2: fix time logic in refresh_token_threshold (cherry-pick #21537 to version-2026.2) by @authentik-automation[bot] in #21598
  • blueprints: fix reconcile calling @Property (cherry-pick #21576 to version-2026.2) by @authentik-automation[bot] in #21616
  • website/docs: add a single page about our user interface, document Consent stage (cherry-pick #20533 to version-2026.2) by @authentik-automation[bot] in #21619
  • website/docs: remove broken version tag from oauth doc (cherry-pick #21628 to version-2026.2) by @authentik-automation[bot] in #21629
  • web/flows: prevent leader tab deadlock in continuous login flow (cherry-pick #21583 to version-2026.2) by @authentik-automation[bot] in #21627
  • providers/oauth2: allow cross provider token introspection for federated providers (cherry-pick #21513 to version-2026.2) by @authentik-automation[bot] in #21748
  • providers/oauth2: don't auto-set redirect_uri (cherry-pick #21746 to version-2026.2) by @authentik-automation[bot] in #21750
  • ci: fix postgres path for postgres 18 tests (2026.2) (#21767) by @BeryJu in #21789
  • website/docs: add authorization header info to all proxy configs (cherry-pick #21664 to version-2026.2) by @authentik-automation[bot] in #21786
  • providers/oauth2: clip device authorization scope against the provider's ScopeMapping set (cherry-pick #21701 to version-2026.2) by @authentik-automation[bot] in #21799
  • website/docs: improve social login docs titles (cherry-pick #21816 to version-2026.2) by @authentik-automation[bot] in #21818
  • providers/radius: fix message authenticator validation (cherry-pick #21824 to version-2026.2) by @authentik-automation[bot] in #21828
  • web/packages: Rework SFE rendering (cherry-pick #21833 to version-2026.2) by @authentik-automation[bot] in #21850
  • core: fix search for app entitlements failing (cherry-pick #21944 to version-2026.2) by @authentik-automation[bot] in #21988
  • rbac: ensure migration 0056 runs before 0010 removes group field (cherry-pick #21964 to version-2026.2) by @authentik-automation[bot] in #22033
  • root: update django to 5.2.14 (cherry-pick #22064 to version-2026.2) by @authentik-automation[bot] in #22066
  • packages/django-dramatiq-postgres/broker: avoid task processing stopping on decode error (cherry-pick #22110 to version-2026.2) by @authentik-automation[bot] in #22127
  • tenants/settings: present unset flags as False (cherry-pick #22162 to version-2026.2) by @authentik-automation[bot] in #22164
  • events: fix destination_group_obj not being nullable (cherry-pick #22161 to version-2026.2) by @authentik-automation[bot] in #22165
  • internal: fix lint by @gergosimonyi in #22263
  • internal: Automated internal backport: GHSA-973w-j457-rp2m.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22289
  • internal: Automated internal backport: CVE-2026-42849.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22287
  • internal: Automated internal backport: CVE-2026-41577.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22286
  • internal: Automated internal backport: CVE-2026-41569.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22285
  • internal: Automated internal backport: CVE-2026-40172.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22284
  • internal: Automated internal backport: CVE-2026-40166.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22283
  • internal: Automated internal backport: CVE-2026-40165.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22282
  • internal: Automated internal backport: GHSA-5wcc-hf24-rf5h.sec.patch to authentik-2026.2 by @authentik-automation[bot] in #22288
  • website/docs: release notes for 2025.12.5 and 2026.2.3 (cherry-pick #22310 to version-2026.2) by @authentik-automation[bot] in #22312

Full Changelog: version/2026.2.3-rc1...version/2026.2.3

Check out latest releases or
releases around goauthentik/authentik version/2026.2.3

Don't miss a new authentik release

NewReleases is sending notifications on new releases.

Get notifications