authentik | version/2026.2.3

authentik version/2026.2.3 released on 12-05-2026


authentik version/2026.2.3 is out now. It bundles security updates and dependency bumps, a set of OAuth2, device-auth and federation fixes, reliability improvements for background tasks and database interactions, UI and documentation updates, and a number of miscellaneous bug fixes.

See the project’s release notes and the full changelog on GitHub or the official documentation for complete details and upgrade instructions.

What’s in this release

  • Security and dependency updates: core Django bumped from 5.2.12 to 5.2.13 and root updated to 5.2.14, plus automated internal backports addressing several CVEs and GHSA advisories (including CVE-2026-42849, CVE-2026-41577, CVE-2026-41569, CVE-2026-40172, CVE-2026-40166 and CVE-2026-40165).
  • OAuth2, device auth and federation fixes: cross-provider token introspection allowed for federated providers; device authorization scopes clipped to the provider’s ScopeMapping; corrected refresh_token_threshold time logic; redirect_uri is no longer auto-set; documentation and social-login titles cleaned up.
  • Reliability, UI and misc fixes: endpoint task failures addressed; django-dramatiq-postgres now resets DB connections and broker decoding errors no longer stop task processing; expensive outgoing-sync page-count queries avoided; a single-page UI guide and documentation clarifications added; plus fixes such as RADIUS message authenticator validation, app-entitlement search, RBAC migration ordering and tenant flag presentation.

Upgrade notes

  • Note the RBAC migration ordering change: migration 0056 is ensured to run before the removal of a group field (check migration ordering if you maintain custom workflows).
  • No rollback-specific instructions are included in the release notes; consult the full changelog and the GitHub release notes before downgrading.

Share your experience after upgrading or report any issues on the project’s GitHub so others can benefit from your notes.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes