See https://docs.goauthentik.io/docs/releases/2026.5#fixed-in-202652
What's Changed
- website/docs: Fix release notes cards (cherry-pick #22554 to version-2026.5) by @authentik-automation[bot] in #22555
- root: update security release versions (cherry-pick #22583 to version-2026.5) by @authentik-automation[bot] in #22591
- endpoints/connectors/agent: allow federated auth via ssh hostkey lookup (cherry-pick #22594 to version-2026.5) by @authentik-automation[bot] in #22597
- website/docs: Bump package-lock by @GirlBossRush in #22552
- providers/radius: fix eap debug logging (cherry-pick #22551 to version-2026.5) by @authentik-automation[bot] in #22579
- events: fix Event.log_deprecation not checking that cause is a string (cherry-pick #22598 to version-2026.5) by @authentik-automation[bot] in #22683
- packages/ak-common/db: fix conn_max_age causing spinning (cherry-pick #22679 to version-2026.5) by @authentik-automation[bot] in #22686
- packages/ak-common/db: fix certificates options not allowing file paths (cherry-pick #22680 to version-2026.5) by @authentik-automation[bot] in #22685
- providers/oauth2: fix session decode when upgrading from 2026.2 (cherry-pick #22684 to version-2026.5) by @authentik-automation[bot] in #22692
- enterprise/providers/scim: fix last_updated for OAuth interactive (cherry-pick #22678 to version-2026.5) by @authentik-automation[bot] in #22700
- security: automated internal backport of patch GHSA-c3m2-jqmq-pvp3.sec.patch to authentik-2026.5 by @authentik-automation[bot] in #22729
- security: automated internal backport of patch GHSA-wr38-7xg8-fqxr.sec.patch to authentik-2026.5 by @authentik-automation[bot] in #22730
- security: automated internal backport of patch GHSA-xp7f-xjjx-gwm8.sec.patch to authentik-2026.5 by @authentik-automation[bot] in #22731
Full Changelog: version/2026.5.0...version/2026.5.2