diff --git a/website/docs/releases/2025/v2025.12.md b/website/docs/releases/2025/v2025.12.md index 37a9bfc4ea..ac2618fe46 100644 --- a/website/docs/releases/2025/v2025.12.md +++ b/website/docs/releases/2025/v2025.12.md @@ -177,9 +177,6 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.12 ## Minor changes/fixes -- brands: sort matched brand by match length (#17920) -- brands: sort matched brand by match length (cherry-pick #17920 to version-2025.10) (#17935) -- \*: Auto compress images (#18673) - \*: convert slugfields to textfields (#17411) - admin/files: add check for /media existence (#18636) - admin/files: cache expensive generated URLs (#18784) @@ -190,530 +187,112 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.12 - api: test action decorator (#18583) - blueprints: remove pk from recovery example (#18712) - brands: add more matching tests (#16185) -- brands: add more matching tests (cherry-pick #16185 to version-2025.10) (#17924) -- build(deps): bump django from 5.2.8 to 5.2.9 (#18566) -- build(deps): bump js-yaml from 4.1.0 to 4.1.1 (#18169) -- ci: attempt to fix integration tests using dind (#18066) -- ci: attempt to fix integration tests using dind (cherry-pick #18066 to version-2025.10) (#18069) -- ci: bump actions/cache from 4.3.0 to 5.0.0 (#18779) -- ci: bump actions/checkout from 5.0.0 to 5.0.1 (#18222) -- ci: bump actions/checkout from 5.0.1 to 6.0.0 (#18313) -- ci: bump actions/checkout from 6.0.0 to 6.0.1 (#18554) -- ci: bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#18338) -- ci: bump actions/create-github-app-token from 2.2.0 to 2.2.1 (#18664) -- ci: bump actions/download-artifact from 5.0.0 to 6.0.0 (#17719) -- ci: bump actions/setup-go from 6.0.0 to 6.1.0 (#18282) -- ci: bump actions/setup-go from 6.0.0 to 6.1.0 in /.github/actions/setup (#18284) -- ci: bump actions/setup-node from 6.0.0 to 6.1.0 (#18552) -- ci: bump actions/setup-node from 6.0.0 to 6.1.0 in /.github/actions/setup (#18559) -- ci: bump actions/setup-python from 6.0.0 to 6.1.0 in /.github/actions/setup (#18360) -- ci: bump actions/stale from 10.1.0 to 10.1.1 (#18556) -- ci: bump actions/upload-artifact from 4.6.2 to 5.0.0 (#17720) -- ci: bump astral-sh/setup-uv from 7.1.1 to 7.1.2 in /.github/actions/setup (#17718) -- ci: bump astral-sh/setup-uv from 7.1.2 to 7.1.3 in /.github/actions/setup (#18053) -- ci: bump astral-sh/setup-uv from 7.1.3 to 7.1.4 in /.github/actions/setup (#18339) -- ci: bump astral-sh/setup-uv from 7.1.4 to 7.1.5 in /.github/actions/setup (#18667) -- ci: bump aws-actions/configure-aws-credentials from 5.1.0 to 5.1.1 (#18359) -- ci: bump calibreapp/image-actions from 05b1cf44e88c3b041b841452482df9497f046ef7 to 420075c115b26f8785e293c5bd5bef0911c506e5 (#17953) -- ci: bump codecov/codecov-action from 5.5.1 to 5.5.2 in /.github/actions/test-results (#18722) -- ci: bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#17999) -- ci: bump getsentry/action-release from 3.3.0 to 3.4.0 (#17931) -- ci: bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#18036) -- ci: bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#18336) -- ci: bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 (#18557) -- ci: bump helm/kind-action from 1.12.0 to 1.13.0 (#17930) -- ci: bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#18721) -- ci: bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (#18337) -- ci: bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (#18666) -- ci: bump softprops/action-gh-release from 2.4.2 to 2.5.0 (#18512) -- ci: bump svenstaro/upload-release-action from 2.11.2 to 2.11.3 (#18311) -- ci: bump tj-actions/changed-files from 47.0.0 to 47.0.1 (#18780) -- ci: fix checkout stable (#18303) -- ci: fix migrate-from-stable for old versions (#18019) -- ci: fix migrate-from-stable for old versions (#18019) (#18024) -- ci: generate typescript api client for release too (#18761) -- ci: link to next. for pre-release docs (#17634) -- ci: remove translation-rename (#18444) -- ci: remove unused local env (#18410) -- ci: revert to upstream GHA for release (#18058) -- ci: revert to upstream GHA for release (#18058) (#18065) -- ci: rework internal repo (#17797) -- ci: rework internal repo (#17797) (#17829) -- ci: use forked release action to deal with large release notes (#17625) -- ci: use forked release action to deal with large release notes (cherry-pick #17625 to version-2025.10) (#17626) -- ci: use hashes for actions everywhere (#17803) +- brands: sort matched brand by match length (#17920) - cmd/server/healthcheck: remove worker HTTP healthcheck (#18090) -- cmd/server/healthcheck: remove worker HTTP healthcheck (cherry-pick #18090 to version-2025.10) (#18091) -- contributing: don't use main branch (#18688) - core, web: unified locales (#18502) -- core, web: update translations (#17605) -- core, web: update translations (#17643) -- core, web: update translations (#17660) -- core, web: update translations (#17782) -- core, web: update translations (#17807) -- core, web: update translations (#17943) -- core, web: update translations (#18046) -- core, web: update translations (#18241) -- core, web: update translations (#18304) -- core, web: update translations (#18380) -- core, web: update translations (#18510) -- core, web: update translations (#18587) -- core, web: update translations (#18620) -- core, web: update translations (#18640) -- core, web: update translations (#18713) -- core, web: update translations (#18730) -- core, web: update translations (#18766) -- core, web: update translations (cherry-pick #17605 to version-2025.10) (#17627) -- core: add digraph group hierarchy (#17050) +- core/sessions: remove django groups prefetch (#18704) - core: Add example invitation blueprint (#17661) -- core: bump aiohttp from 3.13.0 to v3.13.2 (#17969) -- core: bump asgiref from 3.10.0 to v3.11.0 (#18568) -- core: bump astral-sh/uv from 0.9.10 to 0.9.11 (#18312) -- core: bump astral-sh/uv from 0.9.11 to 0.9.12 (#18383) -- core: bump astral-sh/uv from 0.9.12 to 0.9.13 (#18402) -- core: bump astral-sh/uv from 0.9.13 to 0.9.14 (#18514) -- core: bump astral-sh/uv from 0.9.14 to 0.9.15 (#18555) -- core: bump astral-sh/uv from 0.9.15 to 0.9.16 (#18668) -- core: bump astral-sh/uv from 0.9.16 to 0.9.17 (#18723) -- core: bump astral-sh/uv from 0.9.4 to 0.9.5 (#17645) -- core: bump astral-sh/uv from 0.9.5 to 0.9.6 (#17820) -- core: bump astral-sh/uv from 0.9.5 to 0.9.6 (cherry-pick #17820 to version-2025.10) (#17835) -- core: bump astral-sh/uv from 0.9.6 to 0.9.7 (#17851) -- core: bump astral-sh/uv from 0.9.7 to 0.9.8 (#18037) -- core: bump astral-sh/uv from 0.9.8 to 0.9.9 (#18148) -- core: bump astral-sh/uv from 0.9.9 to 0.9.10 (#18224) -- core: bump autobahn from 24.4.2 to v25.10.2 (#17970) -- core: bump autobahn from 25.10.2 to v25.11.1 (#18569) -- core: bump axllent/mailpit from v1.27.10 to v1.27.11 in /tests/e2e (#18035) -- core: bump axllent/mailpit from v1.27.11 to v1.28.0 in /tests/e2e (#18401) -- core: bump azure-core from 1.35.1 to v1.36.0 (#17971) -- core: bump blessed from 1.22.0 to v1.23.0 (#17972) -- core: bump blessed from 1.24.0 to v1.25.0 (#18570) -- core: bump boto3 from 1.40.51 to v1.40.66 (#17973) -- core: bump boto3 from 1.40.66 to v1.40.75 (#18194) -- core: bump boto3 from 1.40.75 to v1.42.1 (#18571) -- core: bump cachetools from 6.2.1 to v6.2.2 (#18195) -- core: bump cattrs from 25.2.0 to v25.3.0 (#18196) -- core: bump cbor2 from 5.7.0 to v5.7.1 (#17974) -- core: bump certifi from 2025.10.5 to v2025.11.12 (#18197) -- core: bump click from 8.3.0 to v8.3.1 (#18198) -- core: bump cron-converter from 1.2.2 to v1.3.1 (#18572) -- core: bump cwcwidth from 0.1.10 to v0.1.12 (#17975) -- core: bump django from 5.2.7 to 5.2.8 (#17967) -- core: bump django from 5.2.7 to 5.2.8 (cherry-pick #17967 to version-2025.10) (#18003) -- core: bump django from v5.2.8 to 5.2.9 (#18582) -- core: bump django-pgactivity from 1.7.1 to v1.8.0 (#18573) -- core: bump django-stubs-ext from 5.2.7 to v5.2.8 (#18574) -- core: bump djangorestframework from 3.16.0 (our fork) to v3.16.1 (official package) (#16594) -- core: bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#18306) -- core: bump github.com/getsentry/sentry-go from 0.36.0 to 0.36.1 (#17646) -- core: bump github.com/getsentry/sentry-go from 0.36.1 to 0.36.2 (#17785) -- core: bump github.com/getsentry/sentry-go from 0.36.2 to 0.37.0 (#18140) -- core: bump github.com/getsentry/sentry-go from 0.37.0 to 0.38.0 (#18212) -- core: bump github.com/getsentry/sentry-go from 0.38.0 to 0.39.0 (#18353) -- core: bump github.com/getsentry/sentry-go from 0.39.0 to 0.40.0 (#18416) -- core: bump github.com/go-openapi/runtime from 0.29.0 to 0.29.2 (#18048) -- core: bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#18592) -- core: bump goauthentik.io/api/v3 from 3.2025100.25 to 3.2025120.1 (#17613) -- core: bump goauthentik.io/api/v3 from 3.2025120.1 to 3.2025120.2 (#17662) -- core: bump goauthentik.io/api/v3 from 3.2025120.11 to 3.2025120.15 (#18551) -- core: bump goauthentik.io/api/v3 from 3.2025120.15 to 3.2025120.16 (#18591) -- core: bump goauthentik.io/api/v3 from 3.2025120.16 to 3.2025120.18 (#18661) -- core: bump goauthentik.io/api/v3 from 3.2025120.18 to 3.2025120.19 (#18689) -- core: bump goauthentik.io/api/v3 from 3.2025120.19 to 3.2025120.21 (#18714) -- core: bump goauthentik.io/api/v3 from 3.2025120.2 to 3.2025120.3 (#17945) -- core: bump goauthentik.io/api/v3 from 3.2025120.21 to 3.2025120.25 (#18732) -- core: bump goauthentik.io/api/v3 from 3.2025120.25 to 3.2025120.26 (#18770) -- core: bump goauthentik.io/api/v3 from 3.2025120.3 to 3.2025120.4 (#18307) -- core: bump goauthentik.io/api/v3 from 3.2025120.4 to 3.2025120.5 (#18354) -- core: bump goauthentik.io/api/v3 from 3.2025120.5 to 3.2025120.7 (#18381) -- core: bump goauthentik.io/api/v3 from 3.2025120.7 to 3.2025120.11 (#18461) -- core: bump goauthentik/fips-debian from `10c8086` to `cb2d1f8` (#18696) -- core: bump goauthentik/fips-debian from `40a1f32` to `65a9f1f` (#18223) -- core: bump goauthentik/fips-debian from `5017d65` to `40a1f32` (#18149) -- core: bump goauthentik/fips-debian from `55c1514` to `8b7e8d0` (#18283) -- core: bump goauthentik/fips-debian from `65a9f1f` to `55c1514` (#18251) -- core: bump goauthentik/fips-debian from `8b7e8d0` to `8c4ec98` (#18361) -- core: bump goauthentik/fips-debian from `8c4ec98` to `ac4c80b` (#18403) -- core: bump goauthentik/fips-debian from `9b4cedf` to `f3228f8` (#17819) -- core: bump goauthentik/fips-debian from `a80dbbd` to `10c8086` (#18665) -- core: bump goauthentik/fips-debian from `ac4c80b` to `de70579` (#18419) -- core: bump goauthentik/fips-debian from `c718f60` to `cf233be` (#18553) -- core: bump goauthentik/fips-debian from `cb2d1f8` to `e72277d` (#18720) -- core: bump goauthentik/fips-debian from `cf233be` to `a80dbbd` (#18594) -- core: bump goauthentik/fips-debian from `de70579` to `c718f60` (#18515) -- core: bump goauthentik/fips-debian from `dea09c4` to `07f41ce` (#18778) -- core: bump goauthentik/fips-debian from `e72277d` to `dea09c4` (#18736) -- core: bump goauthentik/fips-debian from `f3228f8` to `5017d65` (#18084) -- core: bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#18275) -- core: bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#18034) -- core: bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 (#18691) -- core: bump golang.org/x/sync from 0.17.0 to 0.18.0 (#18033) -- core: bump golang.org/x/sync from 0.18.0 to 0.19.0 (#18690) -- core: bump google-api-core from 2.26.0 to v2.28.1 (#17976) -- core: bump google-auth from 2.41.1 to v2.42.1 (#17977) -- core: bump google-auth from 2.42.1 to v2.43.0 (#18199) -- core: bump google-auth-httplib2 from 0.2.0 to v0.2.1 (#17978) -- core: bump googleapis-common-protos from 1.70.0 to v1.71.0 (#17979) -- core: bump googleapis-common-protos from 1.71.0 to v1.72.0 (#18200) -- core: bump gorm.io/gorm from 1.31.0 to 1.31.1 (#17907) -- core: bump incremental from 24.7.2 to v24.11.0 (#18575) -- core: bump iniconfig from 2.1.0 to v2.3.0 (#17980) -- core: bump jsii from 1.116.0 to v1.118.0 (#17981) -- core: bump jsii from 1.118.0 to v1.119.0 (#18201) -- core: bump jsii from 1.119.0 to v1.120.0 (#18576) -- core: bump library/golang from `27e1c92` to `728cbef` (#18252) -- core: bump library/golang from `4f9d98e` to `b669435` (#18697) -- core: bump library/golang from `728cbef` to `a02d35e` (#18340) -- core: bump library/golang from `a13297b` to `27e1c92` (#18038) -- core: bump library/golang from `b669435` to `5d35fb8` (#18718) -- core: bump library/golang from 1.25.3-trixie to 1.25.4-trixie (#18000) -- core: bump library/golang from 1.25.4-trixie to 1.25.5-trixie (#18558) -- core: bump library/nginx from `1beed3c` to `b5b9e01` in /website (#18225) -- core: bump library/nginx from `325b00a` to `fb01117` in /website (#18737) -- core: bump library/nginx from `553f64a` to `e21f8d0` in /website (#18698) -- core: bump library/nginx from `b5b9e01` to `553f64a` in /website (#18253) -- core: bump library/nginx from `b619c34` to `f547e3d` in /website (#17821) -- core: bump library/nginx from `e21f8d0` to `325b00a` in /website (#18724) -- core: bump library/nginx from `f547e3d` to `1beed3c` in /website (#17955) -- core: bump library/node from `7942b33` to `ccfd9da` in /website (#18725) -- core: bump openapitools/openapi-diff from 2.1.4 to 2.1.5 in /scripts/api (#17929) -- core: bump openapitools/openapi-diff from 2.1.5 to 2.1.6 in /scripts/api (#18400) -- core: bump opentelemetry-api from 1.37.0 to v1.38.0 (#17982) -- core: bump opentelemetry-api from 1.38.0 to v1.39.0 (#18577) -- core: bump orjson from 3.11.3 to v3.11.4 (#17983) -- core: bump protobuf from 6.32.1 to v6.33.0 (#17984) -- core: bump protobuf from 6.33.0 to v6.33.1 (#18202) -- core: bump psycopg-pool from 3.2.6 to v3.2.7 (#17985) -- core: bump psycopg-pool from 3.2.7 to v3.3.0 (#18578) -- core: bump pynacl from 1.6.0 to v1.6.1 (#18203) -- core: bump python-dotenv from 1.1.1 to v1.2.1 (#17986) -- core: bump rpds-py from 0.27.1 to v0.28.0 (#17987) -- core: bump rpds-py from 0.28.0 to v0.29.0 (#18204) -- core: bump rpds-py from 0.29.0 to v0.30.0 (#18579) -- core: bump selenium/standalone-chromium from 141.0 to 142.0 in /tests/e2e (#17910) -- core: bump selenium/standalone-chromium from 142.0 to 143.0 in /tests/e2e (#18772) -- core: bump sqlparse from 0.5.3 to v0.5.4 (#18580) -- core: bump std-uritemplate from 2.0.6 to v2.0.8 (#17988) -- core: bump stevedore from 5.5.0 to v5.6.0 (#18581) -- core: bump trio from 0.31.0 to v0.32.0 (#17989) -- core: bump uvloop from 0.21.0 to v0.22.1 (#17990) -- core: bump zope-event from 6.0 to v6.1 (#18205) -- core: bump zope-interface from 8.0.1 to v8.1.1 (#18206) +- core: add digraph group hierarchy (#17050) - core: custom avatar url improvements (#10525) - core: deduplicate user attribute constant definitions (#18138) - core: improve app launch URL formatting (#18076) -- core: improve app launch URL formatting (cherry-pick #18076 to version-2025.10) (#18087) - core: optimize list applications (#18330) - core: propagate `ModuleNotFoundError` in `import_relative` (#18683) -- core/sessions: remove django groups prefetch (#18704) - crypto: only generate managed keypair if non-existent (#18457) - crypto: separate permissions for certificate and private keydownload (#18588) - crypto: update certificate api and component (#17921) - crypto: update certificates on fs event (#18129) -- docs/integrations: add salesforce oauth source and SCIM steps (#18627) +- endpoints/stage: v2, better error handling, more settings (#18545) +- endpoints/stage: v2.1, fix asymmetric token exchange and missing form input (#18547) - endpoints: AuthN and AuthZ (#18350) -- endpoints: fix device access group missing from blueprint (#18703) - endpoints: fix UI bugs, add user binding, etc (#18609) +- endpoints: fix device access group missing from blueprint (#18703) - endpoints: implement endpoint stage (#18468) - endpoints: include device ID in agent config (#18414) - endpoints: initial data structure + agent (#11499) - endpoints: rework perms (#18422) -- endpoints/stage: v2, better error handling, more settings (#18545) -- endpoints/stage: v2.1, fix asymmetric token exchange and missing form input (#18547) -- enterprise: add prometheus metrics for license usage and expiry (#17606) -- enterprise: add prometheus metrics for license usage and expiry (cherry-pick #17606 to version-2025.10) (#17637) -- enterprise: Apple Platform SSO (#15318) -- enterprise: handle cached naive timezone (#17695) -- enterprise: handle cached naive timezone (cherry-pick #17695 to version-2025.10) (#17730) - enterprise/endpoints/connectors/agent: fix Apple JWE encryption when FIPS is enabled (#18464) - enterprise/providers/scim: fix OAuth (#18358) - enterprise/reports: add users and events export (#18088) - enterprise/stages/mtls: fix traefik certificate parsing (#18607) +- enterprise: Apple Platform SSO (#15318) +- enterprise: add prometheus metrics for license usage and expiry (#17606) +- enterprise: handle cached naive timezone (#17695) - events: fix timezone not set for log events (#18067) -- events: fix timezone not set for log events (cherry-pick #18067 to version-2025.10) (#18071) - files: rework (#17535) - flows: keep ?next url when using cancel (#18619) - flows: refresh unauthenticated tabs (#18621) - flows: remove SESSION_KEY_APPLICATION_PRE (#18388) -- github: convert issue templates to forms (#18117) -- github: converts issue templates to forms (#18133) -- integrations/slack: Add SCIM tutorial (#18508) -- internal: add default go http server timeouts (#17858) +- internal/web/proxy: fix return status code during startup (#17827) - internal: Automated internal backport: 1487-invitation-expiry.sec.patch to authentik-2025.10 (#18258) - internal: Automated internal backport: 1487-invitation-expiry.sec.patch to authentik-main (#18264) - internal: Automated internal backport: 1498-oauth2-cc-user-active.sec.patch to authentik-2025.10 (#18259) - internal: Automated internal backport: 1498-oauth2-cc-user-active.sec.patch to authentik-main (#18265) - internal: Automated internal backport: 5000-sidebar.sec.patch to authentik-2025.10 (#18260) - internal: Automated internal backport: 5000-sidebar.sec.patch to authentik-main (#18266) +- internal: add default go http server timeouts (#17858) - internal: fix go deprecation for +build (#17806) -- internal: fix go deprecation for +build (cherry-pick #17806 to version-2025.10) (#17824) - internal: full openssl path (#17856) -- internal: full openssl path (cherry-pick #17856 to version-2025.10) (#17860) -- internal/web/proxy: fix return status code during startup (#17827) -- internal/web/proxy: fix return status code during startup (cherry-pick #17827 to version-2025.10) (#17832) -- lib: add ak_create_jwt_raw (#18676) -- lib: do not strip and re-add curly braces from raw JSON config (#13769) - lib/sync/outgoing: check if there is a provider before creating tasks (#18394) - lib/sync/outgoing: store sync settings in database (#17630) -- lifecycle: set search_path in system migrations (#17721) -- lifecycle/aws: bump aws-cdk from 2.1030.0 to 2.1031.0 in /lifecycle/aws (#17667) -- lifecycle/aws: bump aws-cdk from 2.1031.0 to 2.1031.1 in /lifecycle/aws (#17850) -- lifecycle/aws: bump aws-cdk from 2.1031.1 to 2.1031.2 in /lifecycle/aws (#18014) -- lifecycle/aws: bump aws-cdk from 2.1031.2 to 2.1032.0 in /lifecycle/aws (#18218) -- lifecycle/aws: bump aws-cdk from 2.1032.0 to 2.1033.0 in /lifecycle/aws (#18278) +- lib: add ak_create_jwt_raw (#18676) +- lib: do not strip and re-add curly braces from raw JSON config (#13769) - lifecycle/migrate: remove tenant_files migration (#18729) -- Makefile: Fix kerberos tests for brew users (#17223) -- outpost: revert breaking signals change (#17847) -- outpost: revert breaking signals change (cherry-pick #17847 to version-2025.10) (#17848) +- lifecycle: set search_path in system migrations (#17721) - outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart (#18211) +- outpost: revert breaking signals change (#17847) - outposts: set container healthcheck inline (#18298) - outposts: update permissions more eagerly (#17783) -- outposts: update permissions more eagerly (cherry-pick #17783 to version-2025.10) (#17841) -- packages/ak-guardian: bump python requirement to 3.14 (#18711) -- packages/django-channels-postgres: fix notify size check (#18347) - packages/django-channels-postgres/layer: fix query when subscribed to multiple channels (#18152) -- packages/django-channels-postgres/layer: fix query when subscribed to multiple channels (cherry-pick #18152 to version-2025.10) (#18153) +- packages/django-channels-postgres: fix notify size check (#18347) - packages/django-dramatiq-postgres: broker: ensure locking happens with the same connection (#18095) -- packages/django-dramatiq-postgres: broker: ensure locking happens with the same connection (cherry-pick #18095 to version-2025.10) (#18119) - packages/django-postgres-cache: use upsert instead of select/update in a transaction (#17760) -- packages/django-postgres-cache: use upsert instead of select/update in a transaction (cherry-pick #17760 to version-2025.10) (#17767) - policies: use flow planner directly in PolicyAccessView to directly set flow context (#18372) - provider/saml: make signing kp singleton (#17703) - providers/oauth2: fix kid always required for federation (#17914) -- providers/oauth2: fix kid always required for federation (cherry-pick #17914 to version-2025.10) (#17917) - providers/oauth2: move encryption key field (#17722) -- providers/oauth2: move encryption key field (cherry-pick #17722 to version-2025.10) (#17729) - providers/oauth2: optimize JWKS endpoint queries (#18405) - providers/proxy: add gorm logging (#17758) - providers/proxy: drop headers with underscores (#17650) -- providers/proxy: drop headers with underscores (cherry-pick #17650 to version-2025.10) (#17651) - providers/proxy: fix missing JWT/claims header (#17759) -- providers/proxy: fix missing JWT/claims header (cherry-pick #17759 to version-2025.10) (#17764) - providers/radius: fix inverted message authenticator validation (#17855) -- providers/radius: fix inverted message authenticator validation (cherry-pick #17855 to version-2025.10) (#17888) - providers/radius: fix panic when no cert is configured (#17762) -- providers/radius: fix panic when no cert is configured (cherry-pick #17762 to version-2025.10) (#17766) - providers/radius: revert fix inverted message authenticator validation (#17855) (#17915) -- providers/radius: revert fix inverted message authenticator validation (#17855) (cherry-pick #17915 to version-2025.10) (#17916) - providers/saml: fix front-end saml binding defaults (#18189) - providers/saml: move sp binding location and default value (#17609) - providers/scim: allow custom schema data (#18073) -- providers/scim: allow custom schema data (cherry-pick #18073 to version-2025.10) (#18075) - providers/scim: cache ServiceProviderConfig (#18047) - providers/scim: compare users/groups before sending update request (#18456) - providers/scim: fix PATCH for AWS (#18230) -- release: 2025.10.0 -- release: 2025.10.0-rc1 -- release: 2025.10.0-rc2 -- release: 2025.10.0-rc3 -- release: 2025.10.1 -- release: 2025.10.2 -- revert: github: convert issue templates to forms (#18121) - root: Add Dockerfile label org.opencontainers.image.source (#17756) -- root: Add Dockerfile label org.opencontainers.image.source (cherry-pick #17756 to version-2025.10) (#17757) -- root: bump version to 2025.12.0-rc1 (#17603) -- root: do not require backend approval for npm workspace dependencies (#18738) - root: fix missing authentik_device cookie causing error (#18642) -- root: Fix transifex link (#17696) -- root: improve testing helpers (#18379) -- root: regen schema (#18327) -- root: settings.py: fix comment (#18006) - root: skip current tab when refreshing others (#18674) -- root: update security.md's supported versions (#17736) - root: use hashes for dockerfile FROM (#17795) -- root: use hashes for dockerfile FROM (cherry-pick #17795 to version-2025.10) (#17798) - sources/ldap: make server info optional (#18648) -- sources/oauth: add WeChat type (#18086) - sources/oauth: Make PKCE verifier 128 characters (#17763) -- sources/oauth: Make PKCE verifier 128 characters (cherry-pick #17763 to version-2025.10) (#17765) +- sources/oauth: add WeChat type (#18086) - sources/oauth: save returned oauth refresh tokens and add slack provider (#18501) - sources/sync: configuration for outgoing sync trigger mode (#17669) - sources/telegram: implement connecting existing user to a Telegram account (#18517) -- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#17871) -- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#18166) -- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#18458) -- stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#18793) -- stages/captcha: allow dynamic public/private key (#18346) - stages/captcha: Make stage more managed with provider-specific defaults (#16129) +- stages/captcha: allow dynamic public/private key (#18346) - stages/identification: Add WebAuthn conditional UI (passkey autofill) support (#18377) - stages/mtls: always include cert in flow plan (#18657) - stages/prompt: fix choices with labels causing error on submit (#18183) -- stages/prompt: fix choices with labels causing error on submit (cherry-pick #18183 to version-2025.10) (#18236) - stages/prompt: set allow_blank for \_read_only fields (#18297) - stages/user_write: Fix user attributes are not sanitized under certains conditions (#17890) -- tasks: delay startup signals (#17769) -- tasks: delay startup signals (cherry-pick #17769 to version-2025.10) (#17775) -- tasks: sanitize log attributes (#17833) -- tasks: sanitize log attributes (cherry-pick #17833 to version-2025.10) (#17842) - tasks/schedules: fix rel obj not being associated or updated (#17934) -- tasks/schedules: fix rel obj not being associated or updated (cherry-pick #17934 to version-2025.10) (#17936) +- tasks: delay startup signals (#17769) +- tasks: sanitize log attributes (#17833) - tenants: remove extra query for each request (#18705) - translate: add cs_CZ (#17632) -- translate: fix config (#18504) -- translate: fix source locale not matching transifex (#18503) -- translate: Updates for file locale/en/LC_MESSAGES/django.po in fi (#18056) -- translate: Updates for file locale/en/LC_MESSAGES/django.po in fi (#18060) -- translate: Updates for file locale/en/LC_MESSAGES/django.po in fi (#18105) -- translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_BR (#17622) -- translate: Updates for file web/xliff/en.xlf in pt_BR (#17639) -- translate: Updates for project authentik and language cs_CZ (#18443) -- translate: Updates for project authentik and language cs_CZ (#18753) -- translate: Updates for project authentik and language de (#18435) -- translate: Updates for project authentik and language de (#18487) -- translate: Updates for project authentik and language de_DE (#18749) -- translate: Updates for project authentik and language es (#18433) -- translate: Updates for project authentik and language es (#18485) -- translate: Updates for project authentik and language es_ES (#18748) -- translate: Updates for project authentik and language fi (#18429) -- translate: Updates for project authentik and language fi (#18490) -- translate: Updates for project authentik and language fi_FI (#18759) -- translate: Updates for project authentik and language fr (#18431) -- translate: Updates for project authentik and language fr (#18496) -- translate: Updates for project authentik and language fr_FR (#18747) -- translate: Updates for project authentik and language fr_FR (#18788) -- translate: Updates for project authentik and language it_IT (#18750) -- translate: Updates for project authentik and language ja_JP (#18755) -- translate: Updates for project authentik and language ko (#18488) -- translate: Updates for project authentik and language ko_KR (#18760) -- translate: Updates for project authentik and language nl (#18434) -- translate: Updates for project authentik and language nl (#18497) -- translate: Updates for project authentik and language nl_NL (#18751) -- translate: Updates for project authentik and language pl (#18430) -- translate: Updates for project authentik and language pl_PL (#18754) -- translate: Updates for project authentik and language pt (#18437) -- translate: Updates for project authentik and language pt (#18498) -- translate: Updates for project authentik and language pt_BR (#18436) -- translate: Updates for project authentik and language pt_BR (#18746) -- translate: Updates for project authentik and language ru (#18442) -- translate: Updates for project authentik and language ru (#18500) -- translate: Updates for project authentik and language ru_RU (#18745) -- translate: Updates for project authentik and language tr (#18438) -- translate: Updates for project authentik and language tr_TR (#18758) -- translate: Updates for project authentik and language zh_CN (#18441) -- translate: Updates for project authentik and language zh_TW (#18499) -- translate: Updates for project authentik and language zh-Hans (#18439) -- translate: Updates for project authentik and language zh-Hans (#18756) -- web: Abstract Wizard Lifecycle (#17658) -- web: ESLint Typing Fixes (#18362) -- web: Fixes for Docusaurus & ESlint Upgrade (#18452) -- web: 2025.12 UI tidy (#18650) -- web: Adjust colors (#18427) -- web: bump @goauthentik/prettier-config from 1.0.5 to 3.1.0 in /web in the goauthentik group across 1 directory (#17684) -- web: bump @rollup/plugin-commonjs from 28.0.8 to 28.0.9 in /web in the rollup group across 1 directory (#17788) -- web: bump @sentry/browser from 10.24.0 to 10.25.0 in /web in the sentry group across 1 directory (#18079) -- web: bump @sentry/browser from 10.28.0 to 10.29.0 in /web in the sentry group across 1 directory (#18623) -- web: bump @trivago/prettier-plugin-sort-imports from 5.2.2 to 6.0.0 in /web (#18146) -- web: bump @types/codemirror from 5.60.16 to 5.60.17 in /web (#17685) -- web: bump @types/guacamole-common-js from 1.5.4 to 1.5.5 in /web (#18717) -- web: bump @types/node from 22.15.19 to 24.10.0 in /web (#17950) -- web: bump @types/node from 22.15.19 to 24.10.1 in /web (#18113) -- web: bump @types/node from 22.15.19 to 24.9.1 in /web (#17618) -- web: bump @types/node from 22.15.19 to 24.9.1 in /web (#17687) -- web: bump @types/node from 24.10.0 to 24.10.1 in /packages/esbuild-plugin-live-reload (#18111) -- web: bump @types/node from 24.10.0 to 24.10.1 in /packages/prettier-config (#18112) -- web: bump @types/node from 24.9.0 to 24.9.1 in /packages/esbuild-plugin-live-reload (#17616) -- web: bump @types/node from 24.9.0 to 24.9.1 in /packages/prettier-config (#17617) -- web: bump @types/node from 24.9.1 to 24.10.0 in /packages/esbuild-plugin-live-reload (#17948) -- web: bump @types/node from 24.9.1 to 24.10.0 in /packages/prettier-config (#17949) -- web: bump base package (#18509) -- web: bump chromedriver from 141.0.3 to 141.0.4 in /web (#17665) -- web: bump country-flag-icons from 1.5.21 to 1.6.1 in /web (#18280) -- web: bump dompurify from 3.3.0 to 3.3.1 in /web (#18694) -- web: bump eslint-plugin-react-hooks from 7.0.0 to 7.0.1 in /packages/eslint-config in the eslint group across 1 directory (#17714) -- web: bump express from 4.21.2 to 4.22.1 in /packages/docusaurus-config (#18520) -- web: bump globals from 16.4.0 to 16.5.0 in /web (#18145) -- web: bump hono from 4.10.2 to 4.10.3 in /web (#17698) -- web: bump hono from 4.9.12 to 4.10.2 in /web (#17653) -- web: bump js-yaml from 3.14.1 to 3.14.2 in /packages/docusaurus-config (#18239) -- web: bump js-yaml from 4.1.0 to 4.1.1 in /packages/esbuild-plugin-live-reload (#18237) -- web: bump js-yaml from 4.1.0 to 4.1.1 in /packages/eslint-config (#18301) -- web: bump js-yaml from 4.1.0 to 4.1.1 in /packages/prettier-config (#18185) -- web: bump js-yaml from 4.1.0 to 4.1.1 in /web (#18170) -- web: bump knip from 5.66.1 to 5.66.2 in /web (#17619) -- web: bump knip from 5.66.2 to 5.70.0 in /web (#18245) -- web: bump knip from 5.70.0 to 5.70.1 in /web (#18310) -- web: bump knip from 5.71.0 to 5.72.0 in /web (#18695) -- web: bump knip from 5.72.0 to 5.73.1 in /web (#18734) -- web: bump mermaid from 11.12.1 to 11.12.2 in /web (#18602) -- web: bump node-forge from 1.3.1 to 1.3.2 in /packages/docusaurus-config (#18398) -- web: bump packages in /web (#18604) -- web: Bump packages. (#18371) -- web: bump style-mod from 4.1.2 to 4.1.3 in /web (#17647) -- web: bump the eslint group across 2 directories with 3 updates (#18216) -- web: bump the eslint group across 2 directories with 5 updates (#18049) -- web: bump the react group across 2 directories with 1 update (#18083) -- web: bump the react group across 2 directories with 1 update (#18244) -- web: bump the react group across 2 directories with 2 updates (#18110) -- web: bump the rollup group across 1 directory with 4 updates (#18082) -- web: bump the rollup group across 1 directory with 4 updates (#18277) -- web: bump the sentry group across 1 directory with 2 updates (#17663) -- web: bump the sentry group across 1 directory with 2 updates (#17743) -- web: bump the sentry group across 1 directory with 2 updates (#17997) -- web: bump the storybook group across 1 directory with 5 updates (#17715) -- web: bump the storybook group across 1 directory with 5 updates (#17787) -- web: bump the storybook group across 1 directory with 5 updates (#18050) -- web: bump the storybook group across 1 directory with 5 updates (#18080) -- web: bump the storybook group across 1 directory with 5 updates (#18217) -- web: bump the storybook group across 1 directory with 5 updates (#18715) -- web: bump the swc group across 1 directory with 11 updates (#18219) -- web: bump the swc group across 1 directory with 11 updates (#18309) -- web: bump the swc group across 1 directory with 12 updates (#17998) -- web: bump ts-pattern from 5.8.0 to 5.9.0 in /web (#18247) -- web: bump type-fest from 5.1.0 to 5.2.0 in /web (#18144) -- web: bump type-fest from 5.3.0 to 5.3.1 in /web (#18663) -- web: bump types (merge branch) (#18735) -- web: Bump types, fix ESLint errors (#17546) -- web: bump validator from 13.15.15 to 13.15.20 in /packages/docusaurus-config (#17866) -- web: bump validator from 13.15.15 to 13.15.20 in /packages/eslint-config (#17742) -- web: bump validator from 13.15.15 to 13.15.20 in /packages/prettier-config (#17776) -- web: bump vite from 7.1.10 to 7.1.11 in /web (#17604) -- web: bump vite from 7.1.11 to 7.1.12 in /web (#17689) -- web: bump vite from 7.1.12 to 7.2.2 in /web (#18143) -- web: bump vite from 7.2.6 to 7.2.7 in /web (#18662) -- web: Bump Vitest, TypeScript config (#18238) -- web: bump yaml from 2.8.1 to 2.8.2 in /web (#18605) -- web: Codemirror fixes (#18610) -- web: Consistent Tab Panel URL Parameters (#17804) -- web: Consistent Tab Panel URL Parameters (cherry-pick #17804 to version-2025.10) (#17859) -- web: Disable library `` on Firefox. (#18103) -- web: Disable library `` on Firefox. (cherry-pick #18103 to version-2025.10) (#18135) -- web: Fix application of global styles in style roots. (#17444) -- web: Fix background refreshing too frequently. (#18764) -- web: Fix ESBuild hanging process (#18162) -- web: fix outpost build (#18190) -- web: fix package-lock.json (#17809) -- web: Fix RAC modal visibility. (#17941) -- web: Fix RAC modal visibility. (cherry-pick #17941 to version-2025.10) (#18097) -- web: Fix row expansion on modal trigger buttons. (#18412) -- web: Fix stale table rows (#17940) -- web: Fix switch labels (#18741) -- web: Fix tab activation, blank provider URLs (#18031) -- web: Fix tab activation, blank provider URLs (cherry-pick #18031 to version-2025.10) (#18101) -- web: Fix table row click handler. (#17697) -- web: Hide avatars when set to "none" (#17911) -- web: Hide device picker when challenges are not present. (#18611) -- web: Improve user display in modals by falling back to username (#18243) -- web: Improved table selection behavior (#18622) -- web: Improved Timestamps (#18300) -- web: Lit Session Context (#17903) -- web: Locale selector (#18560) -- web: Make action field search case insensitive in Event Matcher Policy Form (#17680) -- web: Make Spotlight optional. (#17904) -- web: Patternfly 5 Prep: Part 2 (#18085) -- web: Prettier Config 3.2 (#18305) -- web: re-add en.xlf locale (#18469) -- web: Render Markdown in Blueprints descriptions (#17746) -- web: sync web/package-lock.json (#17611) -- web: Table row refinements (#17659) -- web: Update Deprecated NPM Packages (#18335) - web/a11y: Isolated Outpost Error Page (#17683) - web/a11y: Prefers more field contrast (#17279) - web/a11y: Update wizard form labels, placeholders. (#17811) - web/a11y: User library -- fix issues surrounding element focus, ARIA labeling. (#17522) -- web/a11y: User library -- fix issues surrounding element focus, ARIA labeling. (cherry-pick #17522 to version-2025.10) (#17828) -- web/admin: add entitlement search (#18291) - web/admin: Add SAML metadata form to wizard (#17690) +- web/admin: add entitlement search (#18291) +- web/admin: change s to S in "Stage" (#18632) - web/admin: fix brands default switch label (#18518) - web/admin: fix event volume chart not updating with query (#18649) - web/admin: fix scim provider form (#17831) @@ -739,127 +318,36 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.12 - web/sfe: downgrade bootstrap that was accidentally upgraded (#18157) - web/sfe: downgrade bootstrap that was accidentally upgraded (cherry-pick #18157 to version-2025.10) (#18171) - web/sources: Add promoted source (#18334) -- website/docs: remove broken info box and fix sentence (#17963) -- website: bump @types/node from 24.10.0 to 24.10.1 in /website (#18078) -- website: bump @types/node from 24.9.0 to 24.9.1 in /website (#17612) -- website: bump @types/node from 24.9.1 to 24.9.2 in /website (#17786) -- website: bump @types/node from 24.9.2 to 24.10.0 in /website (#17909) -- website: bump @types/react from 19.2.2 to 19.2.3 in /website (#18077) -- website: bump @types/react from 19.2.3 to 19.2.4 in /website (#18108) -- website: bump @types/react from 19.2.4 to 19.2.6 in /website (#18215) -- website: bump @types/react from 19.2.6 to 19.2.7 in /website (#18357) -- website: bump @types/react-dom from 19.2.2 to 19.2.3 in /website (#18107) -- website: bump prettier-plugin-packagejson from 2.5.19 to 2.5.20 in /website (#18460) -- website: bump the build group across 1 directory with 9 updates (#17849) -- website: bump the build group across 1 directory with 9 updates (#17995) -- website: bump the build group across 1 directory with 9 updates (#18231) -- website: bump the build group in /website with 3 updates (#18106) -- website: bump the build group in /website with 3 updates (#18141) -- website: bump the build group in /website with 3 updates (#18382) -- website: bump the build group in /website with 6 updates (#17712) -- website: bump the build group in /website with 6 updates (#18308) -- website: bump the eslint group across 1 directory with 5 updates (#17928) -- website: bump the eslint group in /website with 3 updates (#17601) -- website: bump the eslint group in /website with 3 updates (#18214) -- website: bump the eslint group in /website with 3 updates (#18356) -- website: bump the goauthentik group across 1 directory with 4 updates (#18378) -- website: bump the goauthentik group in /website with 2 updates (#18513) -- website: bump validator from 13.15.15 to 13.15.20 in /website (#17741) -- website: Docusaurus 3.9.2 (#18506) -- website: fix active menu link background overlap (#17607) -- website: fix active menu link background overlap (cherry-pick #17607 to version-2025.10) (#17620) -- website: Glossary (#16007) -- website: Unlisted & Draft Release Notes (#18210) -- website/docs: 2025.10.1 release notes (#17918) -- website/docs: 2025.10.1 release notes (cherry-pick #17918 to version-2025.10) (#17919) -- website/docs: add 2025.8.5 and 2025.10.2 release notes (#18268) -- website/docs: add 2025.8.5 and 2025.10.2 release notes (cherry-pick #18268 to version-2025.10) (#18270) -- website/docs: add high availability doc (#18182) -- website/docs: Add instructions for installing RC versions (#18099) -- website/docs: Add instructions for installing RC versions (cherry-pick #18099 to version-2025.10) (#18193) -- website/docs: add missing API sidebar entry (#18586) -- website/docs: add note about invite link not bound (#17657) -- website/docs: add note about invite link not bound (cherry-pick #17657 to version-2025.10) (#17672) -- website/docs: add short-lived certificate recommendation (#17628) -- website/docs: add short-lived certificate recommendation (cherry-pick #17628 to version-2025.10) (#17633) -- website/docs: add some more info and tweak the full dev Docs (#18374) -- website/docs: added missed edits on Blueprints docs (#18321) -- website/docs: added Note about email_verified scope mapping is set to false by default (#17942) -- website/docs: added Note about email_verified scope mapping is set to false by default (cherry-pick #17942 to version-2025.10) (#17961) -- website/docs: adds note about ak_create_jwt function (#18614) -- website/docs: background tasks: add more detail about "next run" (#18660) -- website/docs: blueprints: add a bit more info (#17704) -- website/docs: blueprints: add a bit more info (cherry-pick #17704 to version-2025.10) (#17708) -- website/docs: eap add info about custom validation (#17642) -- website/docs: eap add info about custom validation (cherry-pick #17642 to version-2025.10) (#17699) -- website/docs: enhance blueprint docs (#15984) -- website/docs: expressions: fix markdown (#18613) -- website/docs: finalise 2025.10 release notes (#17728) -- website/docs: finalise 2025.10 release notes (cherry-pick #17728 to version-2025.10) (#17733) -- website/docs: fix broken link in source switching doc (#18317) -- website/docs: fix incorrect menu reference in data exports doc (#18752) -- website/docs: fix placeholder leftover (#17737) -- website/docs: fix placeholder leftover (cherry-pick #17737 to version-2025.10) (#17738) -- website/docs: fix wording in stages overview (#18061) -- website/docs: fix wording in stages overview (cherry-pick #18061 to version-2025.10) (#18120) -- website/docs: further improvements to source switch doc (#18320) -- website/docs: improve creds recovery docs (#18385) -- website/docs: install-config: fix dump_config command (#18659) -- website/docs: rel notes 2025.10: add 3 more integration guides (#17641) -- website/docs: rel notes 2025.10: add 3 more integration guides (cherry-pick #17641 to version-2025.10) (#17652) -- website/docs: release notes: Add Zot integration (#17700) -- website/docs: release notes: Add Zot integration (cherry-pick #17700 to version-2025.10) (#17701) -- website/docs: remove broken info box and fix sentence (cherry-pick #17963 to version-2025.10) (#17965) -- website/docs: update application description (#18125) -- website/docs: update application description (cherry-pick #18125 to version-2025.10) (#18127) -- website/docs: update certificate doc (#18295) -- website/docs: update discord social login script example (#18026) -- website/docs: update discord social login script example (cherry-pick #18026 to version-2025.10) (#18057) -- website/docs: update flow context ref (#17723) -- website/docs: update flow context ref (cherry-pick #17723 to version-2025.10) (#17732) -- website/docs: Update Homarr instructions to v1.43.1. (#17992) -- website/docs: update info about docker socket mount (#18344) -- website/docs: updates img-src csp (#18010) -- website/docs: updates img-src csp (cherry-pick #18010 to version-2025.10) (#18012) -- website/integrations: Add ezBookkeeping integration (#18040) -- website/integrations: add GLPI (#17937) -- website/integrations: add hoop.dev (#17868) -- website/integrations: Add Joplin (#18042) -- website/integrations: Add Keycloak integration (#17813) -- website/integrations: add KitchenOwl (#18687) -- website/integrations: add local browser setting to seafile (#18428) -- website/integrations: add Placetel (#18399) -- website/integrations: add salesforce (#18516) -- website/integrations: add SeaTable (#18115) -- website/integrations: add terraform cloud (#17610) -- website/integrations: add zendesk (#17541) -- website/integrations: Amazon Business (#17894) -- website/integrations: ChatGPT (#17893) -- website/integrations: fixed paperless-ngx yml syntax issue and added additional info (#17739) -- website/integrations: FortiMail (#17900) -- website/integrations: Frappe: update instructions (#18029) -- website/integrations: grafana: replace deprecated redirect_uris usage by allowed_redirect_uris (#17710) -- website/integrations: harbor: fix slashes in URLs and group claim name (#18332) -- website/integrations: homarr: fix capitalization of redirect uri (#18679) -- website/integrations: KnowBe4 (#17899) -- website/integrations: m365: fix string match (#18731) -- website/integrations: macmon NAC (#17898) -- website/integrations: Microsoft365 Federation (#17891) -- website/integrations: miniflux: existing users must link accounts manually first (#17822) -- website/integrations: oracle cloud: cleanup (#17808) -- website/integrations: random fixes (#17631) -- website/integrations: small fixes (#18423) -- website/integrations: sonarr: clarify reverse proxy setup (#17485) -- website/integrations: stripe: fix markdown (#18126) -- website/integrations: ubuntu landscape: remove appendix (#18188) -- website/integrations: update kimai doc (#18629) -- website/integrations: wazuh: Change exchange key generation to 64 bytes (#18769) -- website/integrations: wordpress: fix redirect uri (#18658) -- website/integrations: Zoom: Fix punctuation in description (#17608) -- website/integrations: zot oci registry integration (#17682) -- website/release notes: fix broken urls (#18041) -- website/release notes: fix broken urls (cherry-pick #18041 to version-2025.10) (#18044) -- wed/admin: change s to S in "Stage" (#18632) +- web: 2025.12 UI tidy (#18650) +- web: Abstract Wizard Lifecycle (#17658) +- web: Adjust colors (#18427) +- web: Codemirror fixes (#18610) +- web: Consistent Tab Panel URL Parameters (#17804) +- web: Disable library `` on Firefox. (#18103) +- web: Fix RAC modal visibility. (#17941) +- web: Fix application of global styles in style roots. (#17444) +- web: Fix background refreshing too frequently. (#18764) +- web: Fix row expansion on modal trigger buttons. (#18412) +- web: Fix stale table rows (#17940) +- web: Fix switch labels (#18741) +- web: Fix tab activation, blank provider URLs (#18031) +- web: Fix table row click handler. (#17697) +- web: Hide avatars when set to "none" (#17911) +- web: Hide device picker when challenges are not present. (#18611) +- web: Improve user display in modals by falling back to username (#18243) +- web: Improved Timestamps (#18300) +- web: Improved table selection behavior (#18622) +- web: Lit Session Context (#17903) +- web: Locale selector (#18560) +- web: Make Spotlight optional. (#17904) +- web: Make action field search case insensitive in Event Matcher Policy Form (#17680) +- web: Patternfly 5 Prep: Part 2 (#18085) +- web: Prettier Config 3.2 (#18305) +- web: Render Markdown in Blueprints descriptions (#17746) +- web: Table row refinements (#17659) +- web: Update Deprecated NPM Packages (#18335) +- web: re-add en.xlf locale (#18469) +- web: sync web/package-lock.json (#17611) ## API Changes