authentik | version/2026.2.3

authentik version/2026.2.3 released on 12-05-2026


authentik version/2026.2.3 is out now. It applies important security fixes and dependency updates — including Django bumps and multiple automated backports — to address several CVEs and GHSA advisories and harden the platform.

See the release notes on the authentik documentation site or the full changelog on GitHub for details and upgrade guidance: https://docs.goauthentik.io/docs/releases/2026.2#fixed-in-202623 and https://github.com/goauthentik/authentik/compare/version/2026.2.3-rc1…version/2026.2.3

What’s in this release

  • Security and dependency updates: core Django bumped from 5.2.12 to 5.2.13, root update to 5.2.14, plus multiple automated internal backports and security patches addressing CVEs and GHSA advisories.
  • OAuth2 and provider fixes: corrected refresh_token_threshold time logic; allowed cross‑provider token introspection for federated providers; disabled automatic setting of redirect_uri; device authorization scopes are now clipped against the provider’s ScopeMapping.
  • Reliability and backend fixes: endpoints tasks failures addressed; django-dramatiq-postgres now resets DB connections on connection errors and avoids stopping task processing on decode errors; expensive sync outgoing query optimised and RBAC migration ordering corrected to prevent breakage.

Upgrade notes

  • Migration ordering: the RBAC migration ordering was corrected so migration 0056 must run before 0010 removes the group field — ensure database migrations are applied as described in the release notes.
  • If a rollback is required, consult the full changelog and release notes on GitHub and the documentation for migration-related details before attempting a downgrade.

Share your experience after upgrading or report any issues via the project’s GitHub so maintainers and the community can follow up.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes