authentik | version/2026.2.2

authentik version/2026.2.2 released on 07-04-2026


authentik version/2026.2.2 is out now. It focuses on security and stability: several dependency bumps and policy clarifications plus a range of bug fixes across SCIM, LDAP, OAuth2, SAML and the web UI that reduce operational risk for deployments.

See the release notes on the project documentation and the full changelog on GitHub for complete details and upgrade guidance: documentation, full changelog.

What’s in this release

  • Security and dependency updates: Django 5.2.11 → 5.2.12, orjson 3.11.5 → 3.11.6, cbor2 5.8.0 → 5.9.0, pyasn1 0.6.2 → 0.6.3, plus an updated security policy and rotated GH App private key.
  • SCIM, LDAP and provider fixes: SCIM now correctly deletes out-of-scope users/groups and fixes page_size UI; LDAP fixes for sync_users_password errors, debug endpoint crash, page size inheritance and safer concurrent header writes; OAuth2, SAML SLO and proxy provider tweaks.
  • Web UI, flows and RBAC improvements: fixes for policy test result width and referrerPolicy, Event Log crash prevention, duplicate permission name disambiguation, WS-Fed in the application wizard and several flow/debug fixes.

Upgrade notes

  • No breaking or deprecated behaviour is listed for this patch; review the dependency bumps and test in staging before rolling to production. Refer to the documentation link above for any configuration flags such as the migrate lifecycle skip flag.
  • If you need to roll back, deploy the previous tag (version/2026.2.1) and follow your normal rollback procedures; consult the changelog for anything that might affect stateful migrations or runtime behaviour.

Try the release and share any issues or feedback on the project’s GitHub (open an issue against the repo) so maintainers can follow up on operational impact and fixes.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes