c025fdd703
web/elements/ak-mdx: sanitize replacer output, note pipeline drift
...
Address PR review feedback on the URL-mode trust boundary. `<ak-mdx>`'s
`replacers` hook runs over pre-rendered build-time HTML before it is
stamped into the DOM, and consumers (e.g. `ProxyProviderViewPage`) splice
admin-controlled values such as `provider.externalHost` into it. The old
React pipeline ran replacers on raw markdown that was then compiled, so
those values were HTML-escaped on serialization; the new URL mode passed
the post-replacer HTML straight through, dropping that guarantee.
Replace the passthrough `CompiledMarkdownTrustPolicy` with
`CompiledMarkdownSanitizePolicy`: a DOMPurify policy that whitelists the
custom elements (`<ak-alert>`, `<ak-md-a>`, `<ak-diagram>`) and the
`part`/`level` attributes our pipeline emits, and strips anything else a
replacer could inject.
Also add a reciprocal drift note to the runtime `markdown.ts` pointing at
`bundler/mdx-plugin/`, mirroring the existing note on the bundler side.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-11 07:15:15 +02:00
ab7626e378
web/test: e2e ak-mdx pipeline via OAuth2 provider docs
...
The OAuth2 provider docs page exercises the full pipeline in one place:
frontmatter title, multiple H2 slugs, `:::caution`/`:::info` admonitions
(with and without titles), relative-doc links, external links, and an
embedded mermaid sequence diagram. Tests boot the admin UI, provision a
fresh OAuth2 provider, navigate to its view page, and assert against the
compiled DOM inside `<ak-mdx>`'s shadow root.
Co-Authored-By: Agent <279763771+playpen-agent@users.noreply.github.com >
2026-06-11 06:47:37 +02:00
93d3459c51
web/bundler/mdx-plugin: pre-render markdown to HTML at build time
...
Compile each `.md` / `.mdx` file through a build-time `unified` pipeline
(remark-parse, GFM, frontmatter, directives, custom admonition/headings/
lists transforms; rehype-rehype, anchor wrapping, syntax highlighting,
mermaid extraction) and emit a JSON envelope of
`{ content: HTML, frontmatter, publicPath, publicDirectory }`. The
on-load result still ships via the `file` loader so the runtime side
keeps its existing fetch path. The compiled HTML uses `<ak-md-a>` and
`<ak-alert>` custom elements so `<ak-mdx>` can stamp it directly into
shadow DOM with no client-side JavaScript evaluation.
Plugin is split across four sibling files (`node.js`, `compile.js`,
`remark.js`, `rehype.js`) so each concern lives in its own module. The
title/wrapper HTML is built as a hast tree and serialized through
`hast-util-to-html` rather than string-concatenated, dropping the
hand-rolled `escapeHTML` helper and unifying escape semantics with the
rest of the document.
Co-Authored-By: Agent <279763771+playpen-agent@users.noreply.github.com >
2026-06-11 06:47:37 +02:00
caec078892
web/elements/ak-mdx: drop React + runtime MDX eval, use unified pipeline
...
Replace `@mdx-js/mdx`'s `evaluate`/`run` (which depends on `'unsafe-eval'`
in the page CSP) with a pure `unified`/remark/rehype pipeline. URL-mode
content now arrives from the build-time `mdx-plugin` as pre-rendered HTML
and is stamped through a Trusted Types passthrough policy
(`CompiledMarkdownTrustPolicy`) so admin-side custom elements like
`<ak-alert>` and `<ak-md-a>` survive. Content-mode (admin-supplied
markdown) is compiled in-browser via `compileRuntimeMarkdown` and routed
through the existing `BrandedHTMLPolicy` (DOMPurify).
`<ak-md-a>` replaces the React `MDXAnchor`/`MDXWrapper` pair: a tiny Lit
custom element with `display: contents` that intercepts in-doc fragment
clicks for shadow-root scrolling. The remark plugins gain `caution` and
`tip` admonition types and promote `:::name[Title]` directive labels to
`<strong>`. `one-dark.css` learns `:host` so syntax-highlighted code
blocks inherit the palette inside `<ak-mdx>`'s shadow tree.
Removes `@mdx-js/mdx`, `react`, `react-dom`, `rehype-mermaid`, and
`remark-mdx-frontmatter`. Adds `unified`, `remark-parse`, `remark-rehype`,
and `mdast-util-to-string`.
Co-Authored-By: Agent <279763771+playpen-agent@users.noreply.github.com >
2026-06-11 06:47:37 +02:00
269a89708c
web/elements: extract mermaid runtime, modernize <ak-diagram> ( #22980 )
...
* web: Clean up diagram behavior.
* Add accessor.
* Fix import.
* Fix theme colors, consistent patternfly colors.
* Fix spelling.
2026-06-11 04:10:36 +00:00
8554427d3f
core, web: update translations ( #22983 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-06-11 05:35:35 +02:00
929a65c1b5
website/integrations: dokuwiki: add post logout and logout urls ( #22984 )
...
* docs/integrations: update dokuwiki with post logout and logout url
* update oauth config screenshot
* Optimised images with calibre/image-actions
---------
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-06-11 02:32:15 +00:00
d9af3ab85c
website/integrations: Bitwarden: cleanup ( #22698 )
...
Clean up the Bitwarden integration guide to match the current template and verified SSO settings.
Agent-thread: https://sdko.org/internal/threads/019e6b1f-ead2-7471-8d76-55c57b09a495
Co-authored-by: Agent <agent@svc.sdko.net >
2026-06-10 13:41:36 -04:00
d1ade08e24
website/docs: add release notes for 2026.5.3 ( #22976 )
...
update release notes for 2026.5.3
2026-06-10 17:33:06 +00:00
f54840d460
website/integrations: add Box integration ( #22932 )
...
Document Box SAML SSO setup with authentik, including metadata submission and optional SAML group support.
Closes : #22911
Agent-thread: https://sdko.org/internal/thr/ak/019ea7e8-d5ff-7131-a39b-e30219873e8a
A7k-product: product
A7k-product-repo: 1
Co-authored-by: Agent <agent@svc.sdko.net >
2026-06-10 17:21:26 +00:00
226c69d213
core, web: Remove stale compatibility paths ( #22192 )
...
* Remove stale compatibility paths
* fix schema
* should have vibecoded this
---------
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-06-10 12:31:48 -04:00
3f3903b442
core: bump github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0 ( #22969 )
...
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx ) from 5.9.2 to 5.10.0.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jackc/pgx/compare/v5.9.2...v5.10.0 )
---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
dependency-version: 5.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 16:57:51 +02:00
4e021ff98d
web: bump @sentry/browser from 10.55.0 to 10.56.0 in /web in the sentry group across 1 directory ( #22970 )
...
web: bump @sentry/browser in /web in the sentry group across 1 directory
Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript ).
Updates `@sentry/browser` from 10.55.0 to 10.56.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases )
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-javascript/compare/10.55.0...10.56.0 )
---
updated-dependencies:
- dependency-name: "@sentry/browser"
dependency-version: 10.56.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: sentry
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 16:57:46 +02:00
cc5ff4b94a
core: bump goauthentik/fips-python from dc515b7 to ede0a00 in /lifecycle/container ( #22971 )
...
core: bump goauthentik/fips-python in /lifecycle/container
Bumps goauthentik/fips-python from `dc515b7` to `ede0a00`.
---
updated-dependencies:
- dependency-name: goauthentik/fips-python
dependency-version: 3.14.5-slim-trixie-fips
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 16:57:41 +02:00
f92cf047b3
core: bump cryptography from 48.0.0 to 48.0.1 ( #22972 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 48.0.0 to 48.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/48.0.0...48.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 48.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 16:57:36 +02:00
e7f30a8f0a
web: bump shell-quote from 1.8.3 to 1.8.4 in /web ( #22958 )
...
Bumps [shell-quote](https://github.com/ljharb/shell-quote ) from 1.8.3 to 1.8.4.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4 )
---
updated-dependencies:
- dependency-name: shell-quote
dependency-version: 1.8.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 16:45:48 +02:00
c9cc70ba53
web: bump shell-quote from 1.8.3 to 1.8.4 ( #22959 )
...
Bumps [shell-quote](https://github.com/ljharb/shell-quote ) from 1.8.3 to 1.8.4.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4 )
---
updated-dependencies:
- dependency-name: shell-quote
dependency-version: 1.8.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 16:39:05 +02:00
2148f1d35c
website/integrations: Cloudflare Access: cleanup ( #22697 )
...
Clean up the Cloudflare Access guide to match the current OIDC setup flow and authentik provider URLs.
Agent-thread: https://sdko.org/internal/threads/019e6b1f-8fa7-7561-9882-1e65cdb2f583
Co-authored-by: Agent <agent@svc.sdko.net >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-06-10 10:01:03 -04:00
06a37a6db5
website: bump semver from 7.8.1 to 7.8.2 in /website ( #22915 )
...
* website: bump semver from 7.8.1 to 7.8.2 in /website
Bumps [semver](https://github.com/npm/node-semver ) from 7.8.1 to 7.8.2.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.8.1...v7.8.2 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.8.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-06-10 13:52:40 +02:00
c3c6508b67
providers/radius: fix panic in log due to type ( #22965 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-06-10 00:12:33 +02:00
b456e4a9f6
web/polyfill: polyfill customElements.getName for Safari < 17.4 ( #22940 )
...
* web/polyfill: polyfill customElements.getName for Safari < 17.4
The flow renderer started calling window.customElements.getName in 2026.5,
which crashes on iOS 16 Safari and any WebKit WebView before 17.4. Reporters
saw "getName is not a function" at the first stage render and the page never
recovered.
The polyfill wraps define() to record each tag and constructor pair, then
resolves getName(ctor) from that map. It only installs when the registry is
missing the method, so modern browsers keep their native implementation. The
polyfill bundle is loaded from base/skeleton.html ahead of every interface
entry point, so the wrap is in place before any customElements.define call
runs.
Fixes #22611
Co-Authored-By: Agent (authentik-i22611-committed-cooperative-orchid) <279763771+playpen-agent@users.noreply.github.com >
* Refine.
---------
Co-authored-by: Agent (authentik-i22611-committed-cooperative-orchid) <279763771+playpen-agent@users.noreply.github.com >
Co-authored-by: Connor Peshek <connor@connorpeshek.me >
2026-06-09 13:33:06 -05:00
6e8176cdf7
core: bump django from 5.2.14 to v5.2.15 ( #22956 )
...
bump django from 5.2.14 to v5.2.15
2026-06-09 12:39:59 -05:00
c897e40bb4
website/integrations: add opencloud integration ( #22497 )
...
* website/integrations: add opencloud integration
* add steps for all clients
* improve wording and style
* Update website/integrations/chat-communication-collaboration/opencloud/index.mdx
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update website/integrations/chat-communication-collaboration/opencloud/index.mdx
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update website/integrations/chat-communication-collaboration/opencloud/index.mdx
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update website/integrations/chat-communication-collaboration/opencloud/index.mdx
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* add feedback
* Update website/integrations/chat-communication-collaboration/opencloud/index.mdx
Co-authored-by: Dominic R <dominic@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* move table location
* update advanced proto settings location
* lint
* Apply suggestions from code review
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* lint
* Update index.mdx
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@goauthentik.io >
2026-06-09 11:36:44 -05:00
f6d7edd4d8
providers/oauth: skip post logout redirect matching if none are saved on the provider ( #22718 )
...
skip post logout redirect matching if none are saved on the provider
2026-06-09 11:36:01 -05:00
284896176e
website/integrations: add Dropbox Sign integration ( #22934 )
...
Add a Dropbox Sign SAML integration guide based on Dropbox's setup documentation.
Closes : #22909
Agent-thread: https://sdko.org/internal/thr/ak/019ea7e9-b2de-7103-893f-2547731ef9cb
A7k-product: product
A7k-product-repo: 3
Co-authored-by: Agent <agent@svc.sdko.net >
2026-06-09 12:20:15 -04:00
eea639c822
website/integrations: add HubSpot ( #22933 )
...
Add a HubSpot SAML SSO integration guide covering authentik and HubSpot setup.
Closes : #22910
Agent-thread: https://sdko.org/internal/thr/ak/019ea7e9-4bf5-78b1-b364-20b68c06a8ce
A7k-product: product
A7k-product-repo: 2
Co-authored-by: Agent <agent@svc.sdko.net >
2026-06-09 14:04:46 +00:00
540c2810b4
website/docs: document SCIM source trust model and security implications ( #22535 )
...
docs: document SCIM source trust model and security implications
Describe tenant-wide user/group correlation, unscoped membership,
destructive DELETE behavior, and default bootstrap group exposure so
operators understand the SCIM Bearer token trust boundary.
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-06-09 09:40:51 -04:00
f600a622ae
website/integrations: add Dozzle ( #22939 )
...
* website/integrations: Dozzle: cleanup
Closes : #16052
Agent-thread: https://sdko.org/internal/thr/ak/019ea8d4-853c-7282-a700-968e5a50b888
A7k-product: product
A7k-product-repo: 2
Co-authored-by: Agent <agent@svc.sdko.net >
* Update website/integrations/monitoring/dozzle/index.md
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Agent <agent@svc.sdko.net >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-06-09 09:34:47 -04:00
9e1f1f05b6
website/integrations: add IIS integration ( #22935 )
...
* website/integrations: add IIS integration
Add a community IIS integration guide covering proxy provider setup and IIS deployment layouts.
Closes : #19947
Agent-thread: https://sdko.org/internal/thr/ak/019ea7ea-23b6-7400-840f-93af6d11780a
A7k-product: product
A7k-product-repo: 4
Co-authored-by: Agent <agent@svc.sdko.net >
* website/integrations: fix IIS warning syntax
Use the integration guide admonition title format for the IIS ARR warning.
Agent-thread: https://sdko.org/internal/thr/ak/019ea7ea-23b6-7400-840f-93af6d11780a
A7k-product: product
A7k-product-repo: 4
Co-authored-by: Agent <agent@svc.sdko.net >
---------
Co-authored-by: Agent <agent@svc.sdko.net >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-06-09 09:34:26 -04:00
5acb5a2685
website/integrations: FortiMail: cleanup ( #22696 )
...
Agent-thread: https://sdko.org/internal/threads/019e6b1f-4069-74a0-8c51-fb731643e2f1
Co-authored-by: Agent <agent@svc.sdko.net >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-06-09 09:33:02 -04:00
e9cd445958
website: bump the build group across 1 directory with 3 updates ( #22833 )
...
* website: bump the build group across 1 directory with 3 updates
Bumps the build group with 3 updates in the /website directory: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack ), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack ) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack ).
Updates `@rspack/binding-darwin-arm64` from 2.0.4 to 2.0.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases )
- [Commits](https://github.com/web-infra-dev/rspack/commits/v2.0.6/packages/rspack )
Updates `@rspack/binding-linux-arm64-gnu` from 2.0.4 to 2.0.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases )
- [Commits](https://github.com/web-infra-dev/rspack/commits/v2.0.6/packages/rspack )
Updates `@rspack/binding-linux-x64-gnu` from 2.0.4 to 2.0.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases )
- [Commits](https://github.com/web-infra-dev/rspack/commits/v2.0.6/packages/rspack )
---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
dependency-version: 2.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
dependency-version: 2.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
dependency-version: 2.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-06-09 15:28:31 +02:00
b55a1b26b7
core: bump goauthentik/fips-python from b332680 to dc515b7 in /lifecycle/container ( #22874 )
...
core: bump goauthentik/fips-python in /lifecycle/container
Bumps goauthentik/fips-python from `b332680` to `dc515b7`.
---
updated-dependencies:
- dependency-name: goauthentik/fips-python
dependency-version: 3.14.5-slim-trixie-fips
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:57:16 +02:00
8ce9ecaec4
ci: bump astral-sh/setup-uv from 8.1.0 to 8.2.0 in /.github/actions/setup ( #22923 )
...
ci: bump astral-sh/setup-uv in /.github/actions/setup
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases )
- [Commits](https://github.com/astral-sh/setup-uv/compare/08807647e7069bb48b6ef5acd8ec9567f424441b...fac544c07dec837d0ccb6301d7b5580bf5edae39 )
---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
dependency-version: 8.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:56:51 +02:00
c0d1d17776
core: bump github.com/go-openapi/runtime from 0.32.2 to 0.32.3 ( #22914 )
...
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime ) from 0.32.2 to 0.32.3.
- [Release notes](https://github.com/go-openapi/runtime/releases )
- [Commits](https://github.com/go-openapi/runtime/compare/v0.32.2...v0.32.3 )
---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
dependency-version: 0.32.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:56:30 +02:00
1163d6a010
core: bump sentry-sdk from 2.61.0 to 2.61.1 ( #22916 )
...
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python ) from 2.61.0 to 2.61.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/2.61.0...2.61.1 )
---
updated-dependencies:
- dependency-name: sentry-sdk
dependency-version: 2.61.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:56:00 +02:00
91b8f85788
ci: bump actions/checkout from 6.0.2 to 6.0.3 ( #22877 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:55:44 +02:00
2f6d01d62a
core: bump daphne from 4.2.1 to 4.2.2 ( #22920 )
...
Bumps [daphne](https://github.com/django/daphne ) from 4.2.1 to 4.2.2.
- [Changelog](https://github.com/django/daphne/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/daphne/compare/4.2.1...4.2.2 )
---
updated-dependencies:
- dependency-name: daphne
dependency-version: 4.2.2
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:54:25 +02:00
f09b848b67
web: bump the storybook group across 1 directory with 5 updates ( #22919 )
...
Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs ), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links ), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components ) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite ).
Updates `@storybook/addon-docs` from 10.4.1 to 10.4.2
- [Release notes](https://github.com/storybookjs/storybook/releases )
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md )
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.2/code/addons/docs )
Updates `@storybook/addon-links` from 10.4.1 to 10.4.2
- [Release notes](https://github.com/storybookjs/storybook/releases )
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md )
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.2/code/addons/links )
Updates `@storybook/web-components` from 10.4.1 to 10.4.2
- [Release notes](https://github.com/storybookjs/storybook/releases )
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md )
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.2/code/renderers/web-components )
Updates `@storybook/web-components-vite` from 10.4.1 to 10.4.2
- [Release notes](https://github.com/storybookjs/storybook/releases )
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md )
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.2/code/frameworks/web-components-vite )
Updates `storybook` from 10.4.1 to 10.4.2
- [Release notes](https://github.com/storybookjs/storybook/releases )
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md )
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.2/code/core )
---
updated-dependencies:
- dependency-name: "@storybook/addon-docs"
dependency-version: 10.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: storybook
- dependency-name: "@storybook/addon-links"
dependency-version: 10.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: storybook
- dependency-name: "@storybook/web-components"
dependency-version: 10.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: storybook
- dependency-name: "@storybook/web-components-vite"
dependency-version: 10.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: storybook
- dependency-name: storybook
dependency-version: 10.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: storybook
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:54:09 +02:00
acac105feb
web: bump the eslint group across 1 directory with 3 updates ( #22945 )
...
Bumps the eslint group with 1 update in the /web directory: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin ).
Updates `@typescript-eslint/eslint-plugin` from 8.60.0 to 8.60.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.1/packages/eslint-plugin )
Updates `@typescript-eslint/parser` from 8.60.0 to 8.61.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.0/packages/parser )
Updates `@typescript-eslint/utils` from 8.60.0 to 8.60.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.1/packages/utils )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
dependency-version: 8.60.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
dependency-version: 8.61.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: eslint
- dependency-name: "@typescript-eslint/utils"
dependency-version: 8.60.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: eslint
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:17:19 +02:00
29550745e0
ci: bump int128/docker-manifest-create-action from 2.21.0 to 2.22.0 ( #22946 )
...
Bumps [int128/docker-manifest-create-action](https://github.com/int128/docker-manifest-create-action ) from 2.21.0 to 2.22.0.
- [Release notes](https://github.com/int128/docker-manifest-create-action/releases )
- [Commits](https://github.com/int128/docker-manifest-create-action/compare/b9d644eaa3312dd895ffdafb19333a7b266e6ba9...126c2b2195800ebc112cffe9ad6c2e2cce16eff2 )
---
updated-dependencies:
- dependency-name: int128/docker-manifest-create-action
dependency-version: 2.22.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:16:41 +02:00
20bc560087
ci: bump taiki-e/install-action from 2.81.2 to 2.81.7 in /.github/actions/setup ( #22948 )
...
ci: bump taiki-e/install-action in /.github/actions/setup
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action ) from 2.81.2 to 2.81.7.
- [Release notes](https://github.com/taiki-e/install-action/releases )
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/taiki-e/install-action/compare/6887963ccf37a9ddcd8c5fa4baeb3e1e5fd61fa1...56545b37b57562edd73171cb6c62cc509db4c34e )
---
updated-dependencies:
- dependency-name: taiki-e/install-action
dependency-version: 2.81.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:16:32 +02:00
72cbd237f9
ci: bump codecov/codecov-action from 6.0.1 to 7.0.0 in /.github/actions/test-results ( #22949 )
...
ci: bump codecov/codecov-action in /.github/actions/test-results
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 6.0.1 to 7.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/e79a6962e0d4c0c17b229090214935d2e33f8354...fb8b3582c8e4def4969c97caa2f19720cb33a72f )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-09 14:16:23 +02:00
ed69aa6024
endpoints/connectors/agent: fix exception with invalid auth type ( #22943 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-06-09 11:19:55 +02:00
d907426a86
website/integations: update wazuh SAML configuration ( #22568 )
...
* fixing wazuh integration Readme
Signed-off-by: frankvoelker <70319084+frankvoelker@users.noreply.github.com >
* Update index.mdx (minor fixes)
Signed-off-by: frankvoelker <70319084+frankvoelker@users.noreply.github.com >
* Add warning and update issuer and entity id
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
* Update website/integrations/monitoring/wazuh/index.mdx
Signed-off-by: Dominic R <dominic@goauthentik.io >
* Update website/integrations/monitoring/wazuh/index.mdx
Signed-off-by: Dominic R <dominic@goauthentik.io >
---------
Signed-off-by: frankvoelker <70319084+frankvoelker@users.noreply.github.com >
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Dominic R <dominic@goauthentik.io >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@goauthentik.io >
2026-06-09 05:38:12 +00:00
f4ed90fcaf
tests/e2e: bump selenium and ak-agent to fix endpoint tests ( #22942 )
2026-06-09 01:37:58 +02:00
c5028c88a5
web/maintenance: eliminate the need for DEFAULT_CONFIG boilerplate everywhere ( #22892 )
...
* ## What
window.authentik.flow = {
"layout": "{{ flow.layout }}",
+ "background": "{{ flow.background }}",
+ "title": "{{ flow.title }}",
};
Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.
## Why
The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.
The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome ) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.
This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.
I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.
Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.
This patch furthers the effort to separate flow execution from flow presentation.
- \[🐰 \] The code has been formatted (`make web`)
* web/maintenance: eliminate the need for DEFAULT_CONFIG boilerplate everywhere
# Promise:
There is only one file change in the entire PR. I promise. It is `./web/src/common/api/client.ts`.
Every other change is mechanical.
# What
Replace the repetitive boilerplate of importing DEFAULT_CONFIG everywhere by replacing it with an enclosing function that does both instantiation and configuration for you.
# How !?!?!?! (I hear you cry)
Read the `client.ts` file. It shows you the new mechanism.
# Mechanical update:
Every other change to the source code was performed with the following seven-line script: use `prettier --print-width 400` to ensure all the construction expressions would be single-line (they weren’t necessarily always so); identify the files that used `DEFAULT_CONFIG`, replace their `import` statements, replace their instantiation expressions, then clean up the debris.
$ ./node_modules/.bin/prettier --cache --write -u . --print-width 400
$ rg -l 'import.*\{ DEFAULT_CONFIG \}' ./src > client-only.txt
$ perl -pi.bak -e 's{import \{ DEFAULT_CONFIG \} from "\#common/api/config"}{import \{ aki \} from "#common/api/client"}' $(cat client-only.txt )
$ perl -pi.bak -e 's{new ([A-Z][A-Za-z]+Api)\(DEFAULT_CONFIG\)}{aki(\1)}g' $(cat client-only.txt )
$ rm client-only.txt
$ find . -name '*.bak' -exec rm {} \;
$ npm run prettier
2026-06-08 09:20:45 -07:00
3e0d1ddb10
web/elements/ak-dual-select: fix inverted pagination arrow colors in dark theme ( #22608 )
...
The dark theme overrides in ak-pagination assigned the disabled color
variable to the active button and the active color variable to the
overridden disabled-color custom property. As a result, the active arrow
appeared muted and the disabled arrow appeared highlighted on the first
and last pages of paginated lists.
Swap the two values so the active arrow uses the m-plain color and the
disabled custom property keeps the m-plain disabled color.
Closes #22607
Co-authored-by: nicedevil007 <nicedevil007@users.noreply.github.com >
2026-06-08 17:41:28 +02:00
7fc325fbf5
core, web: update translations ( #22871 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-06-08 17:39:35 +02:00
519a4d73c4
blueprints: handle integrity exception when applying blueprints ( #22599 )
...
this can happen when the server/worker are starting and you also try to apply blueprints with `ak apply_blueprint`, as seen in https://github.com/goauthentik/action-setup-authentik
2026-06-08 15:24:22 +02:00
5727ae4271
core, internal, packages: fix British spellings flagged by cspell ( #22819 )
...
* core, internal, packages: fix British spellings flagged by cspell
Apply American spellings in Python docstrings/comments, Go log messages, a Rust doc comment, and a template comment (behaviour->behavior, initialise->initialize, finalise->finalize, etc.). Part of enabling cspell's British-spelling rule; the rule itself lands in a separate PR once all areas are clean.
Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-06-08 14:55:31 +02:00
Teffen Ellis
authentik-automation[bot]
Connor Peshek
Dominic R
dependabot[bot]
Jens L.
Marcelo Elizeche Landó
sreelim
frankvoelker
Ken Sternberg
NiceDevil