See https://docs.goauthentik.io/docs/releases/2025.10#fixed-in-2025103

What's Changed

• website/docs: fix broken link in source switching doc (cherry-pick #18317 to version-2025.10) by @authentik-automation[bot] in #18319
• website/docs: further improvments to source switch doc (cherry-pick #18320 to version-2025.10) by @authentik-automation[bot] in #18323
• website/docs: enhance blueprint docs (cherry-pick #15984 to version-2025.10) by @authentik-automation[bot] in #18322
• website/docs: added missed edits on Blueprints docs (cherry-pick #18321 to version-2025.10) by @authentik-automation[bot] in #18324
• website/docs: add high availability doc (cherry-pick #18182 to version-2025.10) by @authentik-automation[bot] in #18325
• website/docs: update info about docker socket mount (cherry-pick #18344 to version-2025.10) by @authentik-automation[bot] in #18365
• outposts: set container healthcheck inline (cherry-pick #18298 to version-2025.10) by @authentik-automation[bot] in #18370
• web/admin: add entitlement search (cherry-pick #18291 to version-2025.10) by @authentik-automation[bot] in #18390
• lib/sync/outgoing: check if there is a provider before creating tasks (cherry-pick #18394 to version-2025.10) by @authentik-automation[bot] in #18397
• web/admin: fix wording in password stage (cherry-pick #18393 to version-2025.10) by @authentik-automation[bot] in #18395
• web: Fix stale table rows (cherry-pick #17940 to version-2025.10) by @authentik-automation[bot] in #18373
• web: revert Fix stale table rows (cherry-pick #17940 to version-2025.10) by @rissson in #18407
• stages/prompt: set allow_blank for _read_only fields (cherry-pick #18297 to version-2025.10) by @authentik-automation[bot] in #18406
• packages/django-channels-postgres: fix notify size check (cherry-pick #18347 to version-2025.10) by @authentik-automation[bot] in #18409
• website/docs: improve creds recovery docs (cherry-pick #18385 to version-2025.10) by @authentik-automation[bot] in #18411
• web: Fix stale table rows (cherry-pick #17940 to version-2025.10) by @authentik-automation[bot] in #18408
• web/admin: fixes capitalization in application wizard title (cherry-pick #17959 to version-2025.10) by @authentik-automation[bot] in #17962
• website/docs: update certificate doc (cherry-pick #18295 to version-2025.10) by @authentik-automation[bot] in #18326
• providers/scim: compare users/groups before sending update request (cherry-pick #18456 to version-2025.10) by @authentik-automation[bot] in #18465
• web/admin: fix brands default switch label (cherry-pick #18518 to version-2025.10) by @authentik-automation[bot] in #18522
• website/docs: expressions: fix markdown (cherry-pick #18613 to version-2025.10) by @authentik-automation[bot] in #18617
• website/docs: adds note about ak_create_jwt function (cherry-pick #18614 to version-2025.10) by @authentik-automation[bot] in #18626
• flows: refresh unauthenticated tabs (cherry-pick #18621 to version-2025.10) by @authentik-automation[bot] in #18633
• root: fix missing authentik_device cookie causing error (cherry-pick #18642 to version-2025.10) by @authentik-automation[bot] in #18644
• enterprise/stages/mtls: fix traefik certificate parsing (cherry-pick #18607 to version-2025.10) by @authentik-automation[bot] in #18645
• web: Fix row expansion on modal trigger buttons. (cherry-pick #18412 to version-2025.10) by @authentik-automation[bot] in #18647
• web/admin: fix event volume chart not updating with query (cherry-pick #18649 to version-2025.10) by @authentik-automation[bot] in #18653
• sources/ldap: make server info optional (cherry-pick #18648 to version-2025.10) by @authentik-automation[bot] in #18654
• website/docs: install-config: fix dump_config command (cherry-pick #18659 to version-2025.10) by @authentik-automation[bot] in #18671
• root: skip current tab when refreshing others (cherry-pick #18674 to version-2025.10) by @authentik-automation[bot] in #18675
• web: Hide device picker when challenges are not present. (cherry-pick #18611 to version-2025.10) by @authentik-automation[bot] in #18681
• web: Improved table selection behavior (cherry-pick #18622 to version-2025.10) by @authentik-automation[bot] in #18685
• website/docs: background tasks: add more detail about "next run" (cherry-pick #18660 to version-2025.10) by @authentik-automation[bot] in #18672
• outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart (cherry-pick #18211 to version-2025.10) by @authentik-automation[bot] in #18742
• core: optimize list applications (cherry-pick #18330 to version-2025.10) by @authentik-automation[bot] in #18791
• core: list applications fix (cherry-pick #18798 to version-2025.10) by @authentik-automation[bot] in #18827
• packages/django-dramatiq-postgres: broker: close django connections on consumer close (cherry-pick #18833 to version-2025.10) by @authentik-automation[bot] in #18835
• website/docs: add icon info to style guide (cherry-pick #18832 to version-2025.10) by @authentik-automation[bot] in #18834
• website/docs: 2025.10.3 release notes (cherry-pick #18868 to version-2025.10) by @authentik-automation[bot] in #18872

Full Changelog: version/2025.10.2...version/2025.10.3

See https://next.goauthentik.io/docs/releases/2025.12

What's Changed

• root: bump version to 2025.12.0-rc1 by @authentik-automation[bot] in #17603
• website/integrations: Zoom: Fix punctuation in description by @dominic-r in #17608
• website: fix active menu link background overlap by @dominic-r in #17607
• ci: use forked release action to deal with large release notes by @BeryJu in #17625
• translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_BR by @transifex-integration[bot] in #17622
• core, web: update translations by @authentik-automation[bot] in #17605
• website/docs: add short-lived certificate recommendation by @dewi-tik in #17628
• website/integrations: random fixes by @dewi-tik in #17631
• web: sync web/package-lock.json by @melizeche in #17611
• ci: link to next. for pre-release docs by @BeryJu in #17634
• enterprise: add prometheus metrics for license usage and expiry by @BeryJu in #17606
• core: bump djangorestframework from 3.16.0 (our fork) to v3.16.1 (official package) by @melizeche in #16594
• website/integrations: add zendesk by @PeshekDotDev in #17541
• website/integrations: add terraform cloud by @dominic-r in #17610
• core: bump github.com/getsentry/sentry-go from 0.36.0 to 0.36.1 by @dependabot[bot] in #17646
• web: bump style-mod from 4.1.2 to 4.1.3 in /web by @dependabot[bot] in #17647
• core: bump astral-sh/uv from 0.9.4 to 0.9.5 by @dependabot[bot] in #17645
• providers/proxy: drop headers with underscores by @BeryJu in #17650
• website/docs: rel notes 2025.10: add 3 more integration guides by @tanberry in #17641
• core, web: update translations by @authentik-automation[bot] in #17643
• translate: Updates for file web/xliff/en.xlf in pt_BR by @transifex-integration[bot] in #17639
• web: bump knip from 5.66.1 to 5.66.2 in /web by @dependabot[bot] in #17619
• web: bump @types/node from 22.15.19 to 24.9.1 in /web by @dependabot[bot] in #17618
• web: bump @types/node from 24.9.0 to 24.9.1 in /packages/prettier-config by @dependabot[bot] in #17617
• lib/sync/outgoing: store sync settings in database by @rissson in #17630
• web: bump vite from 7.1.10 to 7.1.11 in /web by @dependabot[bot] in #17604
• website: bump @types/node from 24.9.0 to 24.9.1 in /website by @dependabot[bot] in #17612
• core: bump goauthentik.io/api/v3 from 3.2025100.25 to 3.2025120.1 by @dependabot[bot] in #17613
• web: bump @types/node from 24.9.0 to 24.9.1 in /packages/esbuild-plugin-live-reload by @dependabot[bot] in #17616
• web: bump hono from 4.9.12 to 4.10.2 in /web by @dependabot[bot] in #17653
• website: bump the eslint group in /website with 3 updates by @dependabot[bot] in #17601
• lifecycle/aws: bump aws-cdk from 2.1030.0 to 2.1031.0 in /lifecycle/aws by @dependabot[bot] in #17667
• web: bump chromedriver from 141.0.3 to 141.0.4 in /web by @dependabot[bot] in #17665
• web: bump the sentry group across 1 directory with 2 updates by @dependabot[bot] in #17663
• core: bump goauthentik.io/api/v3 from 3.2025120.1 to 3.2025120.2 by @dependabot[bot] in #17662
• web: Table row refinements by @GirlBossRush in #17659
• web: Abstract Wizard Lifecycle by @GirlBossRush in #17658
• website/docs: add note about invite link not bound by @tanberry in #17657
• web: Make action field search case insensitive in Event Matcher Policy Form by @melizeche in #17680
• web: bump @goauthentik/prettier-config from 1.0.5 to 3.1.0 in /web in the goauthentik group across 1 directory by @dependabot[bot] in #17684
• translate: add cs_CZ by @rissson in #17632
• root: Fix transifex link by @Gunsmithy in #17696
• web: Fix table row click handler. by @GirlBossRush in #17697
• website/docs: eap add info about custom validation by @tanberry in #17642
• website/integrations: sonarr: clarify reverse proxy setup by @AlexLArmstrong in #17485
• website/integrations: zot oci registry integration by @shcherbak in #17682
• website/docs: release notes: Add Zot integration by @dominic-r in #17700
• website/docs: blueprints: add a bit more info by @dominic-r in #17704
• web: bump hono from 4.10.2 to 4.10.3 in /web by @dependabot[bot] in #17698
• web: bump @types/node from 22.15.19 to 24.9.1 in /web by @dependabot[bot] in #17687
• web: bump @types/codemirror from 5.60.16 to 5.60.17 in /web by @dependabot[bot] in #17685
• website/integrations: grafana: replace deprecated redirect_uris usage by allowed_redirect_uris by @TarQ1 in #17710
• ci: bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #17719
• ci: bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #17720
• web: bump the storybook group across 1 directory with 5 updates by @dependabot[bot] in #17715
• ci: bump astral-sh/setup-uv from 7.1.1 to 7.1.2 in /.github/actions/setup by @dependabot[bot] in #17718
• providers/oauth2: move encryption key field by @BeryJu in #17722
• enterprise: handle cached naive timezone by @BeryJu in #17695
• lifecycle: set search_path in system migrations by @BeryJu in #17721
• website/docs: update flow context ref by @BeryJu in #17723
• website/docs: finalise 2025.10 release notes by @BeryJu in #17728
• website/docs: fix placeholder leftover by @BeryJu in #17737
• root: update security.md's supported versions by @dominic-r in #17736
• web/a11y: Prefers more field contrast by @GirlBossRush in #17279
• root: Add Dockerfile label org.opencontainers.image.source by @Erwan-loot in #17756
• web: bump the sentry group across 1 directory with 2 updates by @dependabot[bot] in #17743
• providers/proxy: add gorm logging by @BeryJu in #17758
• providers/proxy: fix missing JWT/claims header by @BeryJu in #17759
• sources/oauth: Make PKCE verifier 128 characters by @alex9smith in #17763
• providers/radius: fix panic when no cert is configured by @BeryJu in #17762
• packages/django-postgres-cache: use upsert instead of select/update in a transaction by @rissson in #17760
• web: bump validator from 13.15.15 to 13.15.20 in /packages/eslint-config by @dependabot[bot] in #17742
• web: bump eslint-plugin-react-hooks from 7.0.0 to 7.0.1 in /packages/eslint-config in the eslint group across 1 directory by @dependabot[bot] in #17714
• website: bump validator from 13.15.15 to 13.15.20 in /website by @dependabot[bot] in #17741
• web: bump vite from 7.1.11 to 7.1.12 in /web by @dependabot[bot] in #17689
• core, web: update translations by @authentik-automation[bot] in #17660
• website: bump the build group in /website with 6 updates by @dependabot[bot] in #17712
  ...

See https://docs.goauthentik.io/docs/releases/2025.8#fixed-in-202585

What's Changed

• website/docs: developer docs: adjust sentence for writing docs (cherry-pick #17137 to version-2025.8) by @authentik-automation[bot] in #17142
• build(deps): bump django from 5.1.12 to 5.1.13 (cherry-pick #17198 to version-2025.8) by @authentik-automation[bot] in #17199
• packages/django-dramatiq-postgres: broker: fix task expiration (cherry-pick #17178 to version-2025.8) by @authentik-automation[bot] in #17217
• packages/django-dramatiq-postgres: fix error when updating task with no changes (cherry-pick #16728 to version-2025.8) by @authentik-automation[bot] in #17238
• tasks/middlewares/messages: make sure exceptions are always logged (cherry-pick #17237 to version-2025.8) by @authentik-automation[bot] in #17248
• core: fix absolute and relative path file uploads (cherry-pick #17269 to version-2025.8) by @authentik-automation[bot] in #17272
• web: Fix behavior for modals configured with closeAfterSuccessfulSubmit (cherry-pick #17277 to version-2025.8) by @authentik-automation[bot] in #17299
• lib/sync/outgoing: revert reduce number of db queries made (revert #14177) (cherry-pick #17306 to version-2025.8) by @authentik-automation[bot] in #17330
• blueprints: ensure tasks retry on database errors (cherry-pick #17333 to version-2025.8) by @authentik-automation[bot] in #17334
• web/admin: fix incorrect placeholder for scim provider (cherry-pick #17308 to version-2025.8) by @authentik-automation[bot] in #17309
• website/docs: add entra id scim source (cherry-pick #17357 to version-2025.8) by @authentik-automation[bot] in #17362
• website/docs: add email config section (cherry-pick #16727 to version-2025.8) by @authentik-automation[bot] in #17364
• website: add powershell syntax highlighting and bump package (cherry-pick #16683) by @authentik-automation[bot] in #16721
• website/docs: update SAML provider docs (cherry-pick #15887 to version-2025.8) by @authentik-automation[bot] in #17583
• ci: rework internal repo (#17797) by @BeryJu in #17830
• ci: fix migrate-from-stable for old versions by @BeryJu in #18018
• core: bump Django from 5.1.13 to 5.1.14 for 2025.8 by @melizeche in #17968
• internal: Automated internal backport: 1498-oauth2-cc-user-active.sec.patch to authentik-2025.8 by @authentik-automation[bot] in #18262
• internal: Automated internal backport: 1487-invitation-expiry.sec.patch to authentik-2025.8 by @authentik-automation[bot] in #18261
• internal: Automated internal backport: 5000-sidebar.sec.patch to authentik-2025.8 by @authentik-automation[bot] in #18263
• website/docs: add 2025.8.5 and 2025.10.2 release notes (cherry-pick #18268 to version-2025.8) by @authentik-automation[bot] in #18269

Full Changelog: version/2025.8.4...version/2025.8.5

See https://docs.goauthentik.io/docs/releases/2025.10#fixed-in-2025102

What's Changed

• brands: add more matching tests (cherry-pick #16185 to version-2025.10) by @authentik-automation[bot] in #17924
• brands: sort matched brand by match length (cherry-pick #17920 to version-2025.10) by @authentik-automation[bot] in #17935
• tasks/schedules: fix rel obj not being associated or updated (cherry-pick #17934 to version-2025.10) by @authentik-automation[bot] in #17936
• website/docs: added Note about email_verified scope mapping is set to false by default (cherry-pick #17942 to version-2025.10) by @authentik-automation[bot] in #17961
• website/docs: remove broken info box and fix sentence (cherry-pick #17963 to version-2025.10) by @authentik-automation[bot] in #17965
• core: bump django from 5.2.7 to 5.2.8 (cherry-pick #17967 to version-2025.10) by @authentik-automation[bot] in #18003
• website/docs: updates img-src csp (cherry-pick #18010 to version-2025.10) by @authentik-automation[bot] in #18012
• ci: fix migrate-from-stable for old versions (#18019) by @BeryJu in #18024
• website/release notes: fix broken urls (cherry-pick #18041 to version-2025.10) by @authentik-automation[bot] in #18044
• website/docs: update discord social login script example (cherry-pick #18026 to version-2025.10) by @authentik-automation[bot] in #18057
• ci: attempt to fix integration tests using dind (cherry-pick #18066 to version-2025.10) by @authentik-automation[bot] in #18069
• ci: revert to upstream GHA for release (#18058) by @BeryJu in #18065
• events: fix timezone not set for log events (cherry-pick #18067 to version-2025.10) by @authentik-automation[bot] in #18071
• providers/scim: allow custom schema data (cherry-pick #18073 to version-2025.10) by @authentik-automation[bot] in #18075
• core: improve app launch URL formatting (cherry-pick #18076 to version-2025.10) by @authentik-automation[bot] in #18087
• cmd/server/healthcheck: remove worker HTTP healthcheck (cherry-pick #18090 to version-2025.10) by @authentik-automation[bot] in #18091
• web: Fix RAC modal visibility. (cherry-pick #17941 to version-2025.10) by @authentik-automation[bot] in #18097
• web: Fix tab activation, blank provider URLs (cherry-pick #18031 to version-2025.10) by @authentik-automation[bot] in #18101
• website/docs: fix wording in stages overview (cherry-pick #18061 to version-2025.10) by @authentik-automation[bot] in #18120
• packages/django-dramatiq-postgres: broker: ensure locking happens with the same connection (cherry-pick #18095 to version-2025.10) by @authentik-automation[bot] in #18119
• web/flows: improvements for hCaptcha (cherry-pick #16882 to version-2025.10) by @authentik-automation[bot] in #18128
• web/admin: link to user on invitation list page (cherry-pick #18132 to version-2025.10) by @authentik-automation[bot] in #18134
• packages/django-channels-postgres/layer: fix query when subscribed to multiple channels (cherry-pick #18152 to version-2025.10) by @authentik-automation[bot] in #18153
• web: Disable library <datalist> on Firefox. (cherry-pick #18103 to version-2025.10) by @authentik-automation[bot] in #18135
• web/sfe: downgrade bootstrap that was accidentally upgraded (cherry-pick #18157 to version-2025.10) by @authentik-automation[bot] in #18171
• website/docs: Add instructions for installing RC versions (cherry-pick #18099 to version-2025.10) by @authentik-automation[bot] in #18193
• website/docs: update application description (cherry-pick #18125 to version-2025.10) by @authentik-automation[bot] in #18127
• stages/prompt: fix choices with labels causing error on submit (cherry-pick #18183 to version-2025.10) by @authentik-automation[bot] in #18236
• internal: Automated internal backport: 1487-invitation-expiry.sec.patch to authentik-2025.10 by @authentik-automation[bot] in #18258
• internal: Automated internal backport: 1498-oauth2-cc-user-active.sec.patch to authentik-2025.10 by @authentik-automation[bot] in #18259
• internal: Automated internal backport: 5000-sidebar.sec.patch to authentik-2025.10 by @authentik-automation[bot] in #18260
• website/docs: add 2025.8.5 and 2025.10.2 release notes (cherry-pick #18268 to version-2025.10) by @authentik-automation[bot] in #18270

Full Changelog: version/2025.10.1...version/2025.10.2

See https://docs.goauthentik.io/docs/releases/2025.10#fixed-in-2025101

What's Changed

• website/docs: fix placeholder leftover (cherry-pick #17737 to version-2025.10) by @authentik-automation[bot] in #17738
• root: Add Dockerfile label org.opencontainers.image.source (cherry-pick #17756 to version-2025.10) by @authentik-automation[bot] in #17757
• providers/proxy: fix missing JWT/claims header (cherry-pick #17759 to version-2025.10) by @authentik-automation[bot] in #17764
• sources/oauth: Make PKCE verifier 128 characters (cherry-pick #17763 to version-2025.10) by @authentik-automation[bot] in #17765
• providers/radius: fix panic when no cert is configured (cherry-pick #17762 to version-2025.10) by @authentik-automation[bot] in #17766
• providers/oauth2: move encryption key field (cherry-pick #17722 to version-2025.10) by @authentik-automation[bot] in #17729
• packages/django-postgres-cache: use upsert instead of select/update in a transaction (cherry-pick #17760 to version-2025.10) by @authentik-automation[bot] in #17767
• tasks: delay startup signals (cherry-pick #17769 to version-2025.10) by @authentik-automation[bot] in #17775
• root: use hashes for dockerfile FROM (cherry-pick #17795 to version-2025.10) by @authentik-automation[bot] in #17798
• internal: fix go deprecation for +build (cherry-pick #17806 to version-2025.10) by @authentik-automation[bot] in #17824
• ci: rework internal repo (#17797) by @BeryJu in #17829
• internal/web/proxy: fix return status code during startup (cherry-pick #17827 to version-2025.10) by @authentik-automation[bot] in #17832
• web/admin: fix scim provider form (cherry-pick #17831 to version-2025.10) by @authentik-automation[bot] in #17834
• core: bump astral-sh/uv from 0.9.5 to 0.9.6 (cherry-pick #17820 to version-2025.10) by @authentik-automation[bot] in #17835
• tasks: sanitize log attributes (cherry-pick #17833 to version-2025.10) by @authentik-automation[bot] in #17842
• outposts: update permissions more eagerly (cherry-pick #17783 to version-2025.10) by @authentik-automation[bot] in #17841
• outpost: revert breaking signals change (cherry-pick #17847 to version-2025.10) by @authentik-automation[bot] in #17848
• internal: full openssl path (cherry-pick #17856 to version-2025.10) by @authentik-automation[bot] in #17860
• web: Consistent Tab Panel URL Parameters (cherry-pick #17804 to version-2025.10) by @authentik-automation[bot] in #17859
• web/a11y: User library -- fix issues surrounding element focus, ARIA labeling. (cherry-pick #17522 to version-2025.10) by @authentik-automation[bot] in #17828
• providers/radius: fix inverted message authenticator validation (cherry-pick #17855 to version-2025.10) by @authentik-automation[bot] in #17888
• providers/radius: revert fix inverted message authenticator validation (#17855) (cherry-pick #17915 to version-2025.10) by @authentik-automation[bot] in #17916
• providers/oauth2: fix kid always required for federation (cherry-pick #17914 to version-2025.10) by @authentik-automation[bot] in #17917
• website/docs: 2025.10.1 release notes (cherry-pick #17918 to version-2025.10) by @authentik-automation[bot] in #17919

Full Changelog: version/2025.10.0...version/2025.10.1

See https://docs.goauthentik.io/docs/releases/2025.10

What's Changed

• enterprise: add prometheus metrics for license usage and expiry (cherry-pick #17606 to version-2025.10) by @authentik-automation[bot] in #17637
• website/docs: rel notes 2025.10: add 3 more integration guides (cherry-pick #17641 to version-2025.10) by @authentik-automation[bot] in #17652
• providers/proxy: drop headers with underscores (cherry-pick #17650 to version-2025.10) by @authentik-automation[bot] in #17651
• website/docs: add note about invite link not bound (cherry-pick #17657 to version-2025.10) by @authentik-automation[bot] in #17672
• website/docs: eap add info about custom validation (cherry-pick #17642 to version-2025.10) by @authentik-automation[bot] in #17699
• website/docs: release notes: Add Zot integration (cherry-pick #17700 to version-2025.10) by @authentik-automation[bot] in #17701
• website/docs: add short-lived certificate recommendation (cherry-pick #17628 to version-2025.10) by @authentik-automation[bot] in #17633
• website/docs: blueprints: add a bit more info (cherry-pick #17704 to version-2025.10) by @authentik-automation[bot] in #17708
• enterprise: handle cached naive timezone (cherry-pick #17695 to version-2025.10) by @authentik-automation[bot] in #17730
• website/docs: update flow context ref (cherry-pick #17723 to version-2025.10) by @authentik-automation[bot] in #17732
• website/docs: finalise 2025.10 release notes (cherry-pick #17728 to version-2025.10) by @authentik-automation[bot] in #17733

Full Changelog: version/2025.10.0-rc3...version/2025.10.0

See https://docs.goauthentik.io/docs/releases/2025.10

What's Changed

• admin: system api: fix FIPS status schema by @rissson in #10110
• website/docs: Specify Synology DSM Account type to use by @jannickfahlbusch in #10111
• web: bump API Client version by @authentik-automation[bot] in #10113
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10109
• website/docs: add more info about multiple replicas by @tanberry in #10117
• policies/reputation: fix existing reputation update by @rissson in #10124
• stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs by @authentik-automation[bot] in #10119
• translate: Updates for file web/xliff/en.xlf in zh_CN by @transifex-integration[bot] in #10120
• translate: Updates for file web/xliff/en.xlf in zh-Hans by @transifex-integration[bot] in #10121
• core, web: update translations by @authentik-automation[bot] in #10118
• core: bump goauthentik.io/api/v3 from 3.2024042.11 to 3.2024042.13 by @dependabot[bot] in #10134
• core: bump ruff from 0.4.8 to 0.4.9 by @dependabot[bot] in #10128
• core, web: update translations by @authentik-automation[bot] in #10127
• core: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot[bot] in #10133
• web: bump chromedriver from 126.0.0 to 126.0.1 in /tests/wdio by @dependabot[bot] in #10136
• core: bump github.com/gorilla/sessions from 1.2.2 to 1.3.0 by @dependabot[bot] in #10135
• web: bump @patternfly/elements from 3.0.1 to 3.0.2 in /web by @dependabot[bot] in #10132
• website: bump react-tooltip from 5.26.4 to 5.27.0 in /website by @dependabot[bot] in #10129
• web: fix early modal stack depletion by @kensternberg-authentik in #10068
• website/integations/services: Slack integration docs by @tanberry in #9933
• core: include version in built JS files by @BeryJu in #9558
• web: fix needed because recent upgrade to task breaks spinner button by @kensternberg-authentik in #10142
• web: bump ws from 8.16.0 to 8.17.1 in /web by @dependabot[bot] in #10149
• web: bump the storybook group in /web with 7 updates by @dependabot[bot] in #10147
• ci: bump docker/build-push-action from 5 to 6 by @dependabot[bot] in #10144
• core: bump urllib3 from 2.2.1 to 2.2.2 by @dependabot[bot] in #10143
• root: use custom model serializer that saves m2m without bulk by @BeryJu in #10139
• root: makefile: add codespell to make website by @rissson in #10116
• web: fix docker build for non-release versions by @rissson in #10154
• website/integrations: gitlab: better service description by @dominic-r in #9923
• website/docs: Describe where to apply the auto setup env vars by @m1212e in #9863
• website/integrations: jellyfin: add OIDC configuration by @Redlonghead in #9538
• web: bump the wdio group in /tests/wdio with 4 updates by @dependabot[bot] in #10160
• web: bump chromedriver from 126.0.1 to 126.0.2 in /tests/wdio by @dependabot[bot] in #10161
• core: bump twilio from 9.1.1 to 9.2.0 by @dependabot[bot] in #10162
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10167
• website/docs: 2024.6 release notes: add note about group names by @rissson in #10170
• core: fix error when raising SkipObject in mapping by @BeryJu in #10153
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10174
• website/docs: update template reference by @emmanuel-ferdman in #10166
• web: bump @sentry/browser from 8.9.2 to 8.10.0 in /web in the sentry group by @dependabot[bot] in #10185
• core: bump google-api-python-client from 2.133.0 to 2.134.0 by @dependabot[bot] in #10183
• web: bump glob from 10.4.1 to 10.4.2 in /web by @dependabot[bot] in #10163
• core: rework base for SkipObject exception to better support control flow exceptions by @BeryJu in #10186
• website/docs: Remove hyphen in read replica in Release Notes by @tanberry in #10178
• website/docs: Fix nginx proxy_pass directive documentation by @fotinakis in #10181
• core: bump selenium from 4.21.0 to 4.22.0 by @dependabot[bot] in #10194
• core: bump ruff from 0.4.9 to 0.4.10 by @dependabot[bot] in #10193
• web: bump typescript from 5.4.5 to 5.5.2 in /tests/wdio by @dependabot[bot] in #10192
• web: bump typescript from 5.4.5 to 5.5.2 in /web by @dependabot[bot] in #10191
• website: bump typescript from 5.4.5 to 5.5.2 in /website by @dependabot[bot] in #10190
• web: bump @sentry/browser from 8.10.0 to 8.11.0 in /web in the sentry group by @dependabot[bot] in #10204
• web: bump chromedriver from 126.0.2 to 126.0.3 in /tests/wdio by @dependabot[bot] in #10203
• core: bump twilio from 9.2.0 to 9.2.1 by @dependabot[bot] in #10202
• core: bump coverage from 7.5.3 to 7.5.4 by @dependabot[bot] in #10201
• web/flows: update flow background by @BeryJu in #10206
• website/docs: fix #9552 openssl rand base64 line wrap by @jogerj in #10211
• website/integrations: fix typo in documentation for OIDC setup with Paperless-ngx by @rwh85 in #10218
• security: fix CVE-2024-38371 by @BeryJu in #10229
• security: fix CVE-2024-37905 by @BeryJu in #10230
• core: bump debugpy from 1.8.1 to 1.8.2 by @dependabot[bot] in #10225
• web: bump @sentry/browser from 8.11.0 to 8.12.0 in /web in the sentry group by @dependabot[bot] in #10226
• core: bump webauthn from 2.1.0 to 2.2.0 by @dependabot[bot] in #10224
• web: bump chromedriver from 126.0.3 to 126.0.4 in /tests/wdio by @dependabot[bot] in #10223
• core: bump pdoc from 14.5.0 to 14.5.1 by @dependabot[bot] in #10221
• website/docs: update 2024.6 release notes with latest changes by @rissson in #10228
• website/docs: update 2024.2 release notes with security fixes by @rissson in #10232
• website/docs: update 2024.4 release notes with latest changes by @rissson in #10231
• website/docs: update 2024.6 release notes with latest changes (cherry-pick #10228) by @gcp-cherry-pick-bot[bot] in #10243
• website/docs: remove RC disclaimer from 2024.6 release notes by @rissson in #10245
• website/docs: remove RC disclaimer from 2024.6 release notes (cherry-pick #10245) by @gcp-cherry-pick-bot[bot] in #10246
• security: update supported versions by @rissson in #10247
• security: update supported versions (cherry-pick #10247) by @gcp-cherry-pick-bot[bot] in #10248
• website/docs: update geoip and asn example to use the proper syntax by @rissson in #10249
• website/docs: update the Welcome page by @tanberry in #10222
• website/docs: update geoip and asn example to use the proper syntax (cherry-pick #10249) by @gcp-cherry-pick-bot[bot] in #10250
• web: bump API Client versi...

See https://docs.goauthentik.io/docs/releases/2025.8#fixed-in-202584

What's Changed

• webiste/docs: improve user ref doc (cherry-pick #16779) by @authentik-automation[bot] in #16839
• providers/scim: fix string formatting for SCIM user filter (cherry-pick #16465) by @authentik-automation[bot] in #16852
• website/docs: 2025.8: fix worker concurrency setting rename (cherry-pick #16946) by @authentik-automation[bot] in #16950
• website/docs: fix capitalization (cherry-pick #16944) by @authentik-automation[bot] in #16958
• website/docs: random typo fixes (cherry-pick #16956) by @authentik-automation[bot] in #16959
• website/docs: add docs for source switch expression policy (cherry-pick #16878) by @authentik-automation[bot] in #16972
• website/docs: update url to docker-compose.yml (cherry-pick #16901) by @authentik-automation[bot] in #16986
• website/developer docs: What domain for what doc version (cherry-pick #16987) by @authentik-automation[bot] in #16996
• providers/ldap: add include_children parameter to cached search mode (cherry-pick #16918) by @authentik-automation[bot] in #17000
• website/docs: oauth provider: Add device and introspect to reserved slugs (cherry-pick #16994) by @authentik-automation[bot] in #16998
• webiste/docs: add missing oauth endpoints (cherry-pick #16995) by @authentik-automation[bot] in #16999
• website/docs: improve discord policies when also bound to non-oauth sources (cherry-pick #17008) by @authentik-automation[bot] in #17012
• rbac: fix typo (cherry-pick #16476) by @authentik-automation[bot] in #17018
• core: add index on Group.is_superuser (cherry-pick #17011) by @authentik-automation[bot] in #17017
• lib: match exception_to_dict locals behaviour (cherry-pick #17006) by @authentik-automation[bot] in #17016
• website/docs: Update Github expression to handle non-OAuth sources gracefully (cherry-pick #17014) by @authentik-automation[bot] in #17029
• lib/config: fix listen settings (cherry-pick #17005) by @authentik-automation[bot] in #17023
• */bindings: order by pk (cherry-pick #17027) by @authentik-automation[bot] in #17053
• tasks: fix logger name (cherry-pick #17009 to version-2025.8) by @authentik-automation[bot] in #17060
• web/admin: fix federation sources automatically selected (cherry-pick #17069 to version-2025.8) by @authentik-automation[bot] in #17070
• rbac: optimize rbac assigned by users query (cherry-pick #17015 to version-2025.8) by @authentik-automation[bot] in #17092
• web: Fix layout class for row in LibraryPage (cherry-pick #16752 to version-2025.8) by @authentik-automation[bot] in #17091
• cmd/server/healthcheck: info log success instead of debug (cherry-pick #17093 to version-2025.8) by @authentik-automation[bot] in #17097
• outposts/ldap: add pwdChangeTime attribute (cherry-pick #17010 to version-2025.8) by @authentik-automation[bot] in #17101
• stages/identification: fix mismatched error messages (cherry-pick #17090 to version-2025.8) by @authentik-automation[bot] in #17104
• providers/oauth2: fix authentication error with identical app passwords (cherry-pick #17100 to version-2025.8) by @authentik-automation[bot] in #17103
• packages/django-dramatiq-postgres: broker: fix new messages not being picked up when too many messages are waiting (cherry-pick #17106 to version-2025.8) by @authentik-automation[bot] in #17108
• tasks: reduce default number of retries and max backoff (cherry-pick #17107 to version-2025.8) by @authentik-automation[bot] in #17109
• website/docs: 2025.8.4 release notes (cherry-pick #17119 to version-2025.8) by @authentik-automation[bot] in #17120

Full Changelog: version/2025.8.3...version/2025.8.4

See https://docs.goauthentik.io/docs/releases/2025.8#fixed-in-202583

What's Changed

• website/docs: fix docker tabs not rendering properly (cherry-pick #16799) by @authentik-automation[bot] in #16802
• lifecycle: fix permission error when running worker as root (cherry-pick #16735) by @authentik-automation[bot] in #16784
• website/docs: update create oauth provider page (cherry-pick #16617) by @authentik-automation[bot] in #16806
• stages/email_authenticator: Fix email mfa loop (cherry-pick #16579) by @authentik-automation[bot] in #16807
• website/docs: 2025.8.3 release notes (cherry-pick #16809) by @authentik-automation[bot] in #16810

Full Changelog: version/2025.8.2...version/2025.8.3

See https://docs.goauthentik.io/docs/releases/2025.8#fixed-in-202582

What's Changed

• website/docs: 2025.8.1 release notes (cherry-pick #16343) by @rissson in #16344
• providers/oauth2: avoid deadlock during session migration (cherry-pick #16361) by @rissson in #16364
• website: cherry-pick 2025.8/client side redirects by @GirlBossRush in #16372
• root: update security.md with github reporting link (cherry-pick #16332) by @authentik-automation[bot] in #16395
• lifecycle: fix PROMETHEUS_MULTIPROC_DIR missing suffix (cherry-pick #16401) by @authentik-automation[bot] in #16407
• tasks/schedules: fix api search fields (cherry-pick #16405) by @authentik-automation[bot] in #16410
• website/docs: adds details to certificates doc (cherry-pick #16335) by @authentik-automation[bot] in #16394
• root: fix security.md (cherry-pick #16345) by @authentik-automation[bot] in #16415
• providers/rac: fix AuthenticatedSession migration (cherry-pick #16400) by @authentik-automation[bot] in #16419
• website/docs: update internal vs external user information (cherry-pick #16359) by @authentik-automation[bot] in #16421
• lib/sync: fix missing f for string (cherry-pick #16423) by @authentik-automation[bot] in #16427
• website/docs: capitalized proper name of stages, removed old version references. (cherry-pick #16414) by @authentik-automation[bot] in #16450
• core: bump h2 from 4.2.0 to 4.3.0 (cherry-pick #16446) by @authentik-automation[bot] in #16449
• lib/sync/outgoing: fix single object sync timeout (cherry-pick #16447) by @authentik-automation[bot] in #16453
• core: fix client-side only validation allowing admin to set blank user password (cherry-pick #16467) by @authentik-automation[bot] in #16469
• website: Unify Netlify redirects with Docusaurus's client-side router. (backport of #16430) by @authentik-automation[bot] in #16472
• website: Page redirect guide, documentation (backport of #16466) by @authentik-automation[bot] in #16475
• policies: remove object pk from authentik_policies_execution_time to reduce cardinality (cherry-pick #16500) by @authentik-automation[bot] in #16501
• website/integrations: bitwarden: fix ent notice (cherry-pick #16502) by @authentik-automation[bot] in #16511
• website/docs: update how to rac and outpost landing page (cherry-pick #16442) by @authentik-automation[bot] in #16498
• website/docs: improve customize your instance page layout (cherry-pick #16367) by @authentik-automation[bot] in #16566
• website/docs: update external user information (cherry-pick #16493) by @authentik-automation[bot] in #16568
• website/docs: changes all -> arrows to > (cherry-pick #16569) by @authentik-automation[bot] in #16571
• website/docs: remove base providers redirect. (cherry-pick #16576) by @authentik-automation[bot] in #16580
• website: Add text copy of license (cherry-pick #16559) by @authentik-automation[bot] in #16574
• root: clean up README (cherry-pick #16286) by @authentik-automation[bot] in #16573
• sources/ldap: fix malformed filter error with special characters in group DN (cherry-pick #16243) by @authentik-automation[bot] in #16585
• core: bump django from 5.1.11 to v5.1.12 (cherry-pick #16584) by @authentik-automation[bot] in #16591
• website: Update license text to use "directory" (cherry-pick #16589) by @authentik-automation[bot] in #16592
• web/flows: only disable login button when interactive captcha is configured and not loaded (cherry-pick #16586) by @authentik-automation[bot] in #16590
• providers/oauth2: add missing exp claim for logout token (cherry-pick #16593) by @authentik-automation[bot] in #16598
• providers/scim: improve error message when object fails to sync (cherry-pick #16625) by @authentik-automation[bot] in #16643
• tasks: fix status and healthcheck breaking with connection issues (cherry-pick #16504) by @authentik-automation[bot] in #16673
• website/docs: fix typo (cherry-pick #16681) by @authentik-automation[bot] in #16682
• website/docs: add rate limiting info to Email stage docs (cherry-pick #16668) by @authentik-automation[bot] in #16691
• website: Redirect Azure to Entra. Add tags for search indexing. (cherry-pick #16474) by @authentik-automation[bot] in #16483
• website/docs: add missing notification rule example doc to sidebar (cherry-pick #16478) by @authentik-automation[bot] in #16479
• website/docs: clarify docker compose install (cherry-pick #16696) by @authentik-automation[bot] in #16699
• website/docs: moves display source notes (cherry-pick #16704) by @authentik-automation[bot] in #16718
• website/docs: fix typos (cherry-pick #16716) by @authentik-automation[bot] in #16719
• website/docs: dev-docs: Minimal landing + landing for dev env (cherry-pick #15246) by @authentik-automation[bot] in #16734
• web: Docker versioning compatibility (cherry-pick #16139) by @authentik-automation[bot] in #16732
• website/docs: re-fix sentence about Go (backport of #16736) by @authentik-automation[bot] in #16737
• website/docs: update ssh rac doc (cherry-pick #16695) by @authentik-automation[bot] in #16720
• lib/logging: only show locals when in debug mode (cherry-pick #16772) by @authentik-automation[bot] in #16774
• sources/oauth/entra_id: do not assume group_id comes from entra (cherry-pick #16456) by @authentik-automation[bot] in #16777
• website/docs: 2025.8.2 release notes (cherry-pick #16773) by @authentik-automation[bot] in #16778

Full Changelog: version/2025.8.1...version/2025.8.2