github goauthentik/authentik version/2026.5.4
Release 2026.5.4

3 hours ago

See https://docs.goauthentik.io/docs/releases/2026.5#fixed-in-202654

What's Changed

  • website/integrations: dokuwiki: add post logout and logout urls (cherry-pick #22984 to version-2026.5) by @authentik-automation[bot] in #22985
  • website/docs: additional scim provider docs (cherry-pick #22135 to version-2026.5) by @authentik-automation[bot] in #23003
  • root: bump pyo3 (cherry-pick #23036 to version-2026.5) by @authentik-automation[bot] in #23038
  • website/docs: document SCIM source trust model and security implications (cherry-pick #22535 to version-2026.5) by @authentik-automation[bot] in #23125
  • web: Fix user list default paths. (cherry-pick #23062 to version-2026.5) by @authentik-automation[bot] in #23127
  • web/i18n: Fix stale flow locale, unsynchronized locale selector options (cherry-pick #23007 to version-2026.5) by @authentik-automation[bot] in #23148
  • web: Fix stale clipboard tokens, untranslated labels (cherry-pick #23063 to version-2026.5) by @authentik-automation[bot] in #23143
  • website/docs: add Splunk event forwarding docs (cherry-pick #22938 to version-2026.5) by @authentik-automation[bot] in #23163
  • core: fix Invitation Emails Ignoring Selected Template (cherry-pick #23122 to version-2026.5) by @authentik-automation[bot] in #23133
  • packages/django-dramatiq-postgres/broker: purge at start of loop to ensure it runs (cherry-pick #23185 to version-2026.5) by @authentik-automation[bot] in #23188
  • web/stages/identification: Fix passkey autofill dropdown not showing on the identification stage (cherry-pick #23187 to version-2026.5) by @authentik-automation[bot] in #23189
  • website/docs: fix broken custom email template example (cherry-pick #23191 to version-2026.5) by @authentik-automation[bot] in #23192
  • packages/django-postgres-cache: remove custom get_or_set implementation (cherry-pick #23182 to version-2026.5) by @authentik-automation[bot] in #23213
  • website: migrate brand assets to pkg (cherry-pick #22336 to version-2026.5) by @authentik-automation[bot] in #23222
  • packages/django-postgres-cache: fix naive datetime warning (cherry-pick #23033 to version-2026.5) by @authentik-automation[bot] in #23235
  • packages/django-dramatiq-postgres/broker: fix race condition in broker causing completed tasks to be repeated (cherry-pick #23218 to version-2026.5) by @authentik-automation[bot] in #23257
  • website/docs: improve email authenticator docs (cherry-pick #23226 to version-2026.5) by @authentik-automation[bot] in #23263
  • website/docs: remove colons from release notes (cherry-pick #23311 to version-2026.5) by @authentik-automation[bot] in #23312
  • website/docs: clarify user and group filtering on scim provider (cherry-pick #22502 to version-2026.5) by @authentik-automation[bot] in #23358
  • root: Fix SECURITY.md versions (cherry-pick #23370 to version-2026.5) by @authentik-automation[bot] in #23372
  • website/docs: sources: remove support_level labels from docs (cherry-pick #23389 to version-2026.5) by @authentik-automation[bot] in #23391
  • core: bump goauthentik/fips-debian and fips-python in /lifecycle/container (cherry-pick #23362 to version-2026.5) by @authentik-automation[bot] in #23384
  • website/docs: fix 2026.5 release notes mentioning docker-compose.yml (cherry-pick #23385 to version-2026.5) by @authentik-automation[bot] in #23400
  • providers/scim: allow failures during discovery (cherry-pick #23357 to version-2026.5) by @authentik-automation[bot] in #23365
  • website/docs: Add improved akql docs (cherry-pick #22693 to version-2026.5) by @authentik-automation[bot] in #23497
  • providers/scim: account for users with no email during discovery (cherry-pick #23417 to version-2026.5) by @authentik-automation[bot] in #23485
  • web/admin: fix spacing issues in wizard (cherry-pick #23484 to version-2026.5) by @authentik-automation[bot] in #23488
  • policies: skip cache invalidation on User last_login update (cherry-pick #23159 to version-2026.5) by @authentik-automation[bot] in #23421
  • tasks: avoid useless query on monitoring_set (cherry-pick #23161 to version-2026.5) by @authentik-automation[bot] in #23424
  • packages/django-postgres-cache: avoid regex queries when listing keys if possible (cherry-pick #23160 to version-2026.5) by @authentik-automation[bot] in #23423
  • brands: select_related models accessed in the hot path (cherry-pick #23162 to version-2026.5) by @authentik-automation[bot] in #23524
  • sources/ldap: avoid re-creating connections to LDAP server (cherry-pick #23520 to version-2026.5) by @authentik-automation[bot] in #23525
  • tasks/schedules: fix paused schedules getting unpaused on startup (cherry-pick #23521 to version-2026.5) by @authentik-automation[bot] in #23527
  • core: preserve encoded avatar URLs (cherry-pick #23225 to version-2026.5) by @authentik-automation[bot] in #23394
  • providers/*: fix missing declaration for can_discover for outgoing sync providers (cherry-pick #23035 to version-2026.5) by @authentik-automation[bot] in #23233
  • website/docs: improve service account docs (cherry-pick #22145 to version-2026.5) by @authentik-automation[bot] in #22885
  • website: upgrade postman dep to fix pipeline by @PeshekDotDev in #23571
  • core: bump pydantic from 2.13.3 to 2.13.4 (cherry-pick #22207 to version-2026.5) by @authentik-automation[bot] in #23570
  • providers/oauth: Properly return error via post and for request objects (cherry-pick #23037 to version-2026.5) by @authentik-automation[bot] in #23529
  • docs: Americanize and minor fixes (cherry-pick #22600 to version-2026.5) by @authentik-automation[bot] in #22604
  • website/docs: clean up source docs (cherry-pick #23374 to version-2026.5) by @authentik-automation[bot] in #23397
  • website/docs: add expression policy example for welcome emails on user creation (cherry-pick #23486 to version-2026.5) by @authentik-automation[bot] in #23579
  • website/docs: update release notes for 2026.5.4 (cherry-pick #23576 to version-2026.5) by @authentik-automation[bot] in #23586
  • tasks: add pre_delete for TasksModel to avoid OOM when deleting object with many tasks linked (cherry-pick #23664 to version-2026.5) by @authentik-automation[bot] in #23666
  • packages/ak-common/config: coerce file:// and env:// values to their native type (cherry-pick #23758 to version-2026.5) by @rissson in #23759
  • core: handle missing tenant in setup migration (cherry-pick #23034 to version-2026.5) by @authentik-automation[bot] in #23762
  • sources/ldap: optimize the connection endpoints (cherry-pick #23761 to version-2026.5) by @authentik-automation[bot] in #23765
  • providers/ldap: remove incorrect validation for code authenticator extraction (cherry-pick #23006 to version-2026.5) by @authentik-automation[bot] in #23767
  • root: update crossbeam-epoch (cherry-pick #23794 to version-2026.5) by @authentik-automation[bot] in #23795
  • ci: remove GHA-based cherry-pick (cherry-pick #23801 to version-2026.5) by @authentik-cherry-pick[bot] in #23803
  • website/docs: add release notes for 2026.2.5 (cherry-pick #23816 to version-2026.5) by @authentik-cherry-pick[bot] in #23820
  • website: upgrade postman again to fix pipeline by @PeshekDotDev in #23824
  • web: Fix outline selector, lack of outline on focused checkboxes. (cherry-pick #23260 to version-2026.5) by @authentik-cherry-pick[bot] in #23825
  • stages/authenticator_webauthn: disable prevent_duplicate_devices by default (cherry-pick #23823 to version-2026.5) by @authentik-cherry-pick[bot] in #23826
  • web, core: Fix server-side message race condition, type mismatch. (cherry-pick #23151 to version-2026.5) by @authentik-automation[bot] in #23584
  • web: Invitation Wizard Clean Up, Form Validation Fixes (cherry-pick #23316 to version-2026.5) by @authentik-cherry-pick[bot] in #23811
  • website/docs: update release notes for 2026.5.4 again (cherry-pick #23836 to version-2026.5) by @authentik-cherry-pick[bot] in #23838

Full Changelog: version/2026.5.3...version/2026.5.4

Don't miss a new authentik release

NewReleases is sending notifications on new releases.