See https://docs.goauthentik.io/docs/releases/2026.2#fixed-in-202625
What's Changed
- website/docs: 2026.2.4 release notes (cherry-pick #22720 to version-2026.2) by @authentik-automation[bot] in #22737
- website/docs: 2025.12.6 release notes (cherry-pick #22719 to version-2026.2) by @authentik-automation[bot] in #22740
- tests/e2e: fix proxy tests failing due to in-use port (cherry-pick #22785 to version-2026.2) by @authentik-automation[bot] in #22791
- web/admin: fix Docker outpost integration form CA Cert filter (cherry-pick #22863 to version-2026.2) by @authentik-automation[bot] in #22894
- blueprints: handle integrity exception when applying blueprints (cherry-pick #22599 to version-2026.2) by @authentik-automation[bot] in #22926
- endpoints/connectors/agent: fix exception with invalid auth type (cherry-pick #22943 to version-2026.2) by @authentik-automation[bot] in #22950
- providers/radius: fix panic in log due to type (cherry-pick #22965 to version-2026.2) by @authentik-automation[bot] in #22966
- core: bump django from 5.2.14 to v5.2.15 (cherry-pick #22956 to version-2026.2) by @authentik-automation[bot] in #22961
- admin/files: sign custom-domain S3 URLs for the final host (cherry-pick #21704 to version-2026.2) by @authentik-automation[bot] in #23008
- packages/django-postgres-cache: fix naive datetime warning (cherry-pick #23033 to version-2026.2) by @authentik-automation[bot] in #23234
- website/docs: fix 2026.2 release notes docker compose mention take 2 (cherry-pick #23388 to version-2026.2) by @authentik-automation[bot] in #23398
- policies: skip cache invalidation on User last_login update (cherry-pick #23159 to version-2026.2) by @authentik-automation[bot] in #23426
- tasks: avoid useless query on monitoring_set (cherry-pick #23161 to version-2026.2) by @authentik-automation[bot] in #23425
- packages/django-dramatiq-postgres/broker: fix race condition in broker causing completed tasks to be repeated (cherry-pick #23218 to version-2026.2) by @authentik-automation[bot] in #23258
- tasks/schedules: fix paused schedules getting unpaused on startup (cherry-pick #23521 to version-2026.2) by @authentik-automation[bot] in #23526
- brands: select_related models accessed in the hot path (cherry-pick #23162 to version-2026.2) by @authentik-automation[bot] in #23523
- providers/*: fix missing declaration for can_discover for outgoing sync providers (cherry-pick #23035 to version-2026.2) by @authentik-automation[bot] in #23232
- core: preserve encoded avatar URLs (cherry-pick #23225 to version-2026.2) by @authentik-automation[bot] in #23393
- web/flows: fix race condition in continuous login and support source stages in authentication flows (cherry-pick #23049 to version-2026.2) by @GirlBossRush in #23557
- web, core: Fix server-side message race condition, type mismatch. (cherry-pick #23151 to version-2026.2) by @authentik-automation[bot] in #23583
- web: Fix issue where default user path is not preferred. (cherry-pick #22139 to version-2026.2) by @authentik-automation[bot] in #22457
- providers/ldap: remove incorrect validation for code authenticator extraction (cherry-pick #23006 to version-2026.2) by @authentik-automation[bot] in #23766
- providers/SCIM: Add discover support (cherry-pick #20658 to version-2026.2) by @authentik-automation[bot] in #23776
- providers/scim: allow failures during discovery (cherry-pick #23357 to version-2026.2) by @authentik-automation[bot] in #23772
- providers/scim: account for users with no email during discovery (cherry-pick #23417 to version-2026.2) by @authentik-automation[bot] in #23771
- stages/captcha: fix hcaptcha height (#20901) (2026.2) by @gergosimonyi in #23775
- root: in-process per-IP rate throttle (#23015) (2026.2) by @gergosimonyi in #23774
- ci: remove GHA-based cherry-pick (cherry-pick #23801 to version-2026.2) by @authentik-cherry-pick[bot] in #23804
- website/docs: add release notes for
2026.2.5(cherry-pick #23816 to version-2026.2) by @authentik-cherry-pick[bot] in #23821
Full Changelog: version/2026.2.4...version/2026.2.5