Skip to content

website/docs: 2025.12.4 release notes#20226

Merged
rissson merged 3 commits intomainfrom
release-notes-2025.12.4
Feb 12, 2026
Merged

website/docs: 2025.12.4 release notes#20226
rissson merged 3 commits intomainfrom
release-notes-2025.12.4

Conversation

@rissson
Copy link
Member

@rissson rissson commented Feb 12, 2026

Details

REPLACE ME

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make docs)

@rissson
website/docs: 2025.12.4 release notes
adbab61 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson rissson self-assigned this Feb 12, 2026
@rissson rissson requested a review from a team as a code owner February 12, 2026 14:04
@rissson rissson added backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2 labels Feb 12, 2026
@netlify
Copy link

netlify bot commented Feb 12, 2026
edited
Loading

Deploy Preview for authentik-integrations ready!

Name Link
🔨 Latest commit 3990578
🔍 Latest deploy log https://app.netlify.com/projects/authentik-integrations/deploys/698def0720eb76000883f8d2
😎 Deploy Preview https://deploy-preview-20226--authentik-integrations.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Feb 12, 2026
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 3990578
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/698def0739f7ec000868ef7d
😎 Deploy Preview https://deploy-preview-20226--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Feb 12, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.27%. Comparing base (aeb2457) to head (3990578).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #20226      +/-   ##
==========================================
- Coverage   93.28%   93.27%   -0.02%     
==========================================
  Files         981      981              
  Lines       55058    55058              
==========================================
- Hits        51362    51353       -9     
- Misses       3696     3705       +9
Flag Coverage Δ
conformance 37.48% <ø> (+<0.01%) ⬆️
e2e 43.30% <ø> (+<0.01%) ⬆️
integration 22.42% <ø> (-0.05%) ⬇️
unit 91.26% <ø> (+0.90%) ⬆️
unit-migrate 91.55% <ø> (+2.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rissson
wip
08bf143 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@github-actions
Copy link
Contributor

github-actions bot commented Feb 12, 2026
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-3990578e10c3723b7423108393392afd5ae75c9a
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-3990578e10c3723b7423108393392afd5ae75c9a

Afterwards, run the upgrade commands from the latest release notes.

@rissson rissson enabled auto-merge (squash) February 12, 2026 15:24
@rissson rissson merged commit f1ee092 into main Feb 12, 2026
101 of 102 checks passed
@rissson rissson deleted the release-notes-2025.12.4 branch February 12, 2026 15:52
authentik-automation bot pushed a commit that referenced this pull request Feb 12, 2026
@rissson @authentik-automation
website/docs: 2025.12.4 release notes (#20226)
616081a
@authentik-automation authentik-automation bot mentioned this pull request Feb 12, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Feb 12, 2026

🍒 Cherry-pick to version-2025.12 created: #20252

authentik-automation bot pushed a commit that referenced this pull request Feb 12, 2026
@rissson @authentik-automation
website/docs: 2025.12.4 release notes (#20226)
4d89e57
@authentik-automation authentik-automation bot mentioned this pull request Feb 12, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Feb 12, 2026

🍒 Cherry-pick to version-2026.2 created: #20253

rissson added a commit that referenced this pull request Feb 12, 2026
@authentik-automation @rissson
website/docs: 2025.12.4 release notes (cherry-pick #20226 to version-…
8f1cb63 
…2026.2) (#20253)

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
rissson added a commit that referenced this pull request Feb 12, 2026
@authentik-automation @rissson
website/docs: 2025.12.4 release notes (cherry-pick #20226 to version-…
529993e 
…2025.12) (#20252)

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
kensternberg-authentik added a commit that referenced this pull request Feb 12, 2026
@kensternberg-authentik
Merge branch 'main' into web/flow/move-dialogs-into-the-light
7c1d1f8 
* main: (59 commits)
  website/docs: 2025.12.4 release notes (#20226)
  website/docs: 2025.10.4 release notes (#20242)
  security: CVE-2026-25748 (#20240)
  security: CVE-2026-25922 (#20241)
  security: CVE-2026-25227 (#20239)
  ci: fix release testing (#20207)
  core: Apply CSpell corrections. (#20191)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1770842608 (#20213)
  core, web: update translations (#20215)
  core: bump library/node from 25.6.0-trixie to 25.6.1-trixie in /website (#20220)
  core: bump google-api-python-client from 2.189.0 to 2.190.0 (#20217)
  core: bump webauthn from 2.7.0 to 2.7.1 (#20218)
  ci: bump docker/build-push-action from 6.18.0 to 6.19.1 (#20221)
  website/integrations: Update Komga instructions to add "email_verified" attribute to "email" claim. (#20135)
  website: Apply CSpell corrections. (#20189)
  providers/saml: send logoutResponse on sp-init logout (#17691)
  website/docs: ssf: update SSF documentation (#20195)
  website/docs: draft of new WS-Fed provider docs  (#20091)
  website/docs: add email verification scope doc (#20141)
  website/docs: correct reference to overriden S3 variable (#20156)
  ...
kensternberg-authentik added a commit that referenced this pull request Feb 12, 2026
@kensternberg-authentik
Merge branch 'main' into web/flow/extract-flow-inspector
d8cb305 
* main: (59 commits)
  website/docs: 2025.12.4 release notes (#20226)
  website/docs: 2025.10.4 release notes (#20242)
  security: CVE-2026-25748 (#20240)
  security: CVE-2026-25922 (#20241)
  security: CVE-2026-25227 (#20239)
  ci: fix release testing (#20207)
  core: Apply CSpell corrections. (#20191)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1770842608 (#20213)
  core, web: update translations (#20215)
  core: bump library/node from 25.6.0-trixie to 25.6.1-trixie in /website (#20220)
  core: bump google-api-python-client from 2.189.0 to 2.190.0 (#20217)
  core: bump webauthn from 2.7.0 to 2.7.1 (#20218)
  ci: bump docker/build-push-action from 6.18.0 to 6.19.1 (#20221)
  website/integrations: Update Komga instructions to add "email_verified" attribute to "email" claim. (#20135)
  website: Apply CSpell corrections. (#20189)
  providers/saml: send logoutResponse on sp-init logout (#17691)
  website/docs: ssf: update SSF documentation (#20195)
  website/docs: draft of new WS-Fed provider docs  (#20091)
  website/docs: add email verification scope doc (#20141)
  website/docs: correct reference to overriden S3 variable (#20156)
  ...
kensternberg-authentik added a commit that referenced this pull request Feb 13, 2026
@kensternberg-authentik
Merge branch 'main' into web/flow/tablize-token-component-relationshi…
96aafd7 
…p-v3

* main: (105 commits)
  website/docs: Custom CSS (#19991)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1770992049 (#20285)
  stage/invitation: Send invite via email UI (#19823)
  root: remove unused `django-cte` (#20090)
  core: bump ruff from 0.15.0 to 0.15.1 (#20273)
  core, web: update translations (#20271)
  ci: bump docker/build-push-action from 6.19.1 to 6.19.2 (#20274)
  enterprise/lifecycle: fix multiple reviews showing up in "Reviews" when the user is a member of multiple reviewer groups (#20266)
  ci: fix binary outpost build on release (#20248)
  web: add pretty names for lifecycle review events in event logs (#20264)
  web: fix italic formatting in lifecycle rule help text (#20263)
  website/docs: 2025.8.6 release notes (#20243)
  website/docs: 2025.12.4 release notes (#20226)
  website/docs: 2025.10.4 release notes (#20242)
  security: CVE-2026-25748 (#20240)
  security: CVE-2026-25922 (#20241)
  security: CVE-2026-25227 (#20239)
  ci: fix release testing (#20207)
  core: Apply CSpell corrections. (#20191)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1770842608 (#20213)
  ...
kensternberg-authentik added a commit that referenced this pull request Feb 13, 2026
@kensternberg-authentik
Merge branch 'web/flow/tablize-token-component-relationship-v3' into …
2acc605 
…web/flow/tablize-token-component-relationship

* web/flow/tablize-token-component-relationship-v3: (75 commits)
  Removed the cache; it's extra code for no benefit whatsoever; the table is constructed ONCE at start-up, there's never going to be a cache hit.  The FlowExecutorStageFactory produces StageMappings (StageMapping[]), which is itself a warehouse of singular server-component -> client-component relationships, fetching the client from the bundle as needed.  The StageMapping only does the fetch once per instance, so (for example) a password failure will reinstantiate a PasswordStage, but it will not fetch it a second time.
  Tidy.
  website/docs: Custom CSS (#19991)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1770992049 (#20285)
  stage/invitation: Send invite via email UI (#19823)
  root: remove unused `django-cte` (#20090)
  core: bump ruff from 0.15.0 to 0.15.1 (#20273)
  core, web: update translations (#20271)
  ci: bump docker/build-push-action from 6.19.1 to 6.19.2 (#20274)
  enterprise/lifecycle: fix multiple reviews showing up in "Reviews" when the user is a member of multiple reviewer groups (#20266)
  ci: fix binary outpost build on release (#20248)
  web: add pretty names for lifecycle review events in event logs (#20264)
  web: fix italic formatting in lifecycle rule help text (#20263)
  website/docs: 2025.8.6 release notes (#20243)
  website/docs: 2025.12.4 release notes (#20226)
  website/docs: 2025.10.4 release notes (#20242)
  security: CVE-2026-25748 (#20240)
  security: CVE-2026-25922 (#20241)
  security: CVE-2026-25227 (#20239)
  ci: fix release testing (#20207)
  ...
kensternberg-authentik added a commit that referenced this pull request Feb 13, 2026
@kensternberg-authentik
Merge branch 'web/flow/tablize-token-component-relationship' into web…
b741094 
…/flow/20030-one-true-api

* web/flow/tablize-token-component-relationship: (76 commits)
  Removed comments about the cache.  Added comments about where to find the FlowExecutor stage table. Moved the import of WebAuthnAuthenticticatorRegisterState from FlowExecutor.ts to FlowExecutorStages.ts; both files are bundled together, so this is a no-op functionally, but it's easier to confirm that StageEntries without import expressions (STageModuleCallbacks) have their stages bundled (pre-imported) if the import statement is in the same file.
  Removed the cache; it's extra code for no benefit whatsoever; the table is constructed ONCE at start-up, there's never going to be a cache hit.  The FlowExecutorStageFactory produces StageMappings (StageMapping[]), which is itself a warehouse of singular server-component -> client-component relationships, fetching the client from the bundle as needed.  The StageMapping only does the fetch once per instance, so (for example) a password failure will reinstantiate a PasswordStage, but it will not fetch it a second time.
  Tidy.
  website/docs: Custom CSS (#19991)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1770992049 (#20285)
  stage/invitation: Send invite via email UI (#19823)
  root: remove unused `django-cte` (#20090)
  core: bump ruff from 0.15.0 to 0.15.1 (#20273)
  core, web: update translations (#20271)
  ci: bump docker/build-push-action from 6.19.1 to 6.19.2 (#20274)
  enterprise/lifecycle: fix multiple reviews showing up in "Reviews" when the user is a member of multiple reviewer groups (#20266)
  ci: fix binary outpost build on release (#20248)
  web: add pretty names for lifecycle review events in event logs (#20264)
  web: fix italic formatting in lifecycle rule help text (#20263)
  website/docs: 2025.8.6 release notes (#20243)
  website/docs: 2025.12.4 release notes (#20226)
  website/docs: 2025.10.4 release notes (#20242)
  security: CVE-2026-25748 (#20240)
  security: CVE-2026-25922 (#20241)
  security: CVE-2026-25227 (#20239)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@melizeche melizeche melizeche approved these changes

@gergosimonyi gergosimonyi gergosimonyi approved these changes

Assignees

@rissson rissson

Labels

backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rissson @melizeche @gergosimonyi