authentik version/2026.2.2 released on 07-04-2026
authentik version/2026.2.2 is out now. It focuses on security and stability: several dependency bumps and policy clarifications plus a range of bug fixes across SCIM, LDAP, OAuth2, SAML and the web UI that reduce operational risk for deployments.
See the release notes on the project documentation and the full changelog on GitHub for complete details and upgrade guidance: documentation, full changelog.
What’s in this release
- Security and dependency updates: Django 5.2.11 → 5.2.12, orjson 3.11.5 → 3.11.6, cbor2 5.8.0 → 5.9.0, pyasn1 0.6.2 → 0.6.3, plus an updated security policy and rotated GH App private key.
- SCIM, LDAP and provider fixes: SCIM now correctly deletes out-of-scope users/groups and fixes page_size UI; LDAP fixes for sync_users_password errors, debug endpoint crash, page size inheritance and safer concurrent header writes; OAuth2, SAML SLO and proxy provider tweaks.
- Web UI, flows and RBAC improvements: fixes for policy test result width and referrerPolicy, Event Log crash prevention, duplicate permission name disambiguation, WS-Fed in the application wizard and several flow/debug fixes.
Upgrade notes
- No breaking or deprecated behaviour is listed for this patch; review the dependency bumps and test in staging before rolling to production. Refer to the documentation link above for any configuration flags such as the migrate lifecycle skip flag.
- If you need to roll back, deploy the previous tag (version/2026.2.1) and follow your normal rollback procedures; consult the changelog for anything that might affect stateful migrations or runtime behaviour.
Try the release and share any issues or feedback on the project’s GitHub (open an issue against the repo) so maintainers can follow up on operational impact and fixes.
