authentik version/2026.5.2 released on 28-05-2026

authentik version/2026.5.2 is out now. Operators and administrators receive automated security backports plus a range of provider, authentication, packaging and documentation fixes.
Visit the project documentation or the full changelog on GitHub for details: release notes and full changelog.
What’s in this release
- Automated internal backports of security patches (GHSA-c3m2-jqmq-pvp3, GHSA-wr38-7xg8-fqxr, GHSA-xp7f-xjjx-gwm8) and related security-version updates applied to the 2026.5 branch.
- Provider and authentication fixes: agent connector now allows federated auth via SSH hostkey lookup; OAuth2 session decoding fixed for upgrades from 2026.2; SCIM enterprise provider corrected last_updated handling for OAuth interactive flows; RADIUS provider EAP debug logging fixed.
- Website, packaging and stability fixes: release notes cards repaired, package-lock bumped and root security release versions updated; conn_max_age bug causing spinning resolved; certificate options now accept file paths; Event.log_deprecation now validates that cause is a string.
Upgrade notes
- No breaking changes are listed in the release notes — review the documentation and the full changelog on GitHub before upgrading: changelog.
- No rollback-specific notes are included in this release; if you need to revert, consult the GitHub changelog for the commits and backports included in version/2026.5.2.
Share your experience with the upgrade or report issues on the project’s trackers so others can benefit from any practical notes or workarounds.


