security: CVE-2026-25748 (2025.12)

[authentik-automation]

See GHSA-fj56-5763-j8pp

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.27%. Comparing base (0cabb23) to head (2de427e).
⚠️ Report is 3 commits behind head on version-2025.12.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@                 Coverage Diff                 @@
##           version-2025.12   #20231      +/-   ##
===================================================
+ Coverage            93.03%   93.27%   +0.23%     
===================================================
  Files                  947      947              
  Lines                52561    52561              
===================================================
+ Hits                 48902    49026     +124     
+ Misses                3659     3535     -124     

Flag	Coverage Δ
e2e	44.39% <ø> (+0.62%)	⬆️
integration	23.53% <ø> (+<0.01%)	⬆️
unit	91.57% <ø> (+<0.01%)	⬆️
unit-migrate	91.61% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	2de427e
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/698dde2264fc730008d980e5
😎 Deploy Preview	https://deploy-preview-20231--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	2de427e
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/698dde2268256000085afb40
😎 Deploy Preview	https://deploy-preview-20231--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-2de427e94ec4eb415fe805bf018b4dfc1913de59
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-2de427e94ec4eb415fe805bf018b4dfc1913de59

Afterwards, run the upgrade commands from the latest release notes.