authentik version/2026.2.2 released on 07-04-2026
authentik version/2026.2.2 is out now. It delivers core dependency bumps and security hardening alongside multiple provider, sync and web UI fixes that matter to operators and administrators.
See the release notes on the official documentation or GitHub for the full changelog and upgrade guidance: https://docs.goauthentik.io/docs/releases/2026.2#fixed-in-202622
What’s in this release
- Core and security updates: bumps for Django (5.2.11→5.2.12), orjson (3.11.5→3.11.6), cbor2 (5.8.0→5.9.0) and pyasn1 (0.6.2→0.6.3), plus internal hardening (more robust expiring-model error handling, certificate fallback without SNI and an explicit security policy item).
- Providers and sync fixes: SCIM now correctly deletes out‑of‑scope users/groups and docs note skipping object syncing; OAuth2 decodes percent‑encoded basic auth; SAML SLO redirect fixed; LDAP and proxy/provider improvements (page size inheritance, better error responses for invalid sync options, safer concurrent header handling, and a default Traefik Middleware maxResponseBodySize).
- Web UI, flows and admin: continuous login support and related debugging, reset of stale authenticator selection between validate stages, improved inspector hide/show checks, Event Log crash prevention for non‑string UUIDs, RBAC duplicate‑permission disambiguation and WS‑Fed added to the app wizard.
Upgrade notes
- No explicit breaking changes are listed in the notes; test upgrades in staging before rolling out to production. A new flag to skip migrations is provided if you need to control migration application—see the docs for details.
- Rollback: the release notes do not include specific rollback procedures; ensure backups and your usual deployment rollback plan are in place before upgrading.
Share your experience or report issues on the project’s GitHub or community channels so others can benefit from what worked or failed during your upgrade.
