security: CVE-2026-25922 (2026.2)

[authentik-automation]

See GHSA-jh35-c4cc-wjm4

[codecov]

Codecov Report

❌ Patch coverage is 96.15385% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 93.33%. Comparing base (fdbf9ff) to head (58d0cb8).
⚠️ Report is 3 commits behind head on version-2026.2.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/sources/saml/processors/response.py	90.90%	1 Missing ⚠️

Additional details and impacted files

@@               Coverage Diff               @@
##           version-2026.2   #20238   +/-   ##
===============================================
  Coverage           93.32%   93.33%           
===============================================
  Files                 978      978           
  Lines               54544    54565   +21     
===============================================
+ Hits                50905    50930   +25     
+ Misses               3639     3635    -4     

Flag	Coverage Δ
conformance	37.74% <15.38%> (-0.01%)	⬇️
e2e	43.62% <26.92%> (-0.01%)	⬇️
integration	22.56% <7.69%> (-0.01%)	⬇️
unit	91.51% <96.15%> (+<0.01%)	⬆️
unit-migrate	91.55% <96.15%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	58d0cb8
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/698dde46b0b97e00084ecd9d
😎 Deploy Preview	https://deploy-preview-20238--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	58d0cb8
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/698dde469cbb4e0008e6639c
😎 Deploy Preview	https://deploy-preview-20238--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-58d0cb8e31d21b021efa889552360586684fb637
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-58d0cb8e31d21b021efa889552360586684fb637

Afterwards, run the upgrade commands from the latest release notes.