cd75fe235d
providers/proxy: preserve URL-encoded path characters in redirect (cherry-pick #20476 to version-2026.2) ( #20482 )
...
providers/proxy: preserve URL-encoded path characters in redirect (#20476 )
Use r.URL.EscapedPath() instead of r.URL.Path when building the
redirect URL in redirectToStart(). The decoded Path field converts
%2F to /, which url.JoinPath then collapses via path.Clean, stripping
encoded slashes from the URL. EscapedPath() preserves the original
encoding, fixing 301 redirects that break apps like RabbitMQ which
use %2F in their API paths.
Co-authored-by: Brolywood <44068132+Brolywood@users.noreply.github.com >
2026-02-23 18:10:04 +01:00
e6e62e9de1
policies: measure policy process from manager (cherry-pick #20477 to version-2026.2) ( #20481 )
...
policies: measure policy process from manager (#20477 )
* policies: measure policy process from manager
* fix constructor
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-02-23 18:09:10 +01:00
ac7a4f8a22
enterprise/lifecycle: use datetime instead of date to track review cycles (cherry-pick #20283 to version-2026.2) ( #20473 )
...
enterprise/lifecycle: use datetime instead of date to track review cycles (#20283 )
* enterprise/lifecycle: use datetime instead of date to track review cycles (fix for #20265 )
* Update authentik/enterprise/lifecycle/api/iterations.py
* enterprise/lifecycle: replace extend_schema_field with type annotations
---------
Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Co-authored-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Jens L. <jens@beryju.org >
2026-02-23 17:04:30 +01:00
0290ed3342
enterprise: monkey patch pyjwt to accept mismatching key (cherry-pick #20402 to version-2026.2) ( #20474 )
...
enterprise: monkey patch pyjwt to accept mismatching key (#20402 )
* monkey patch pyjwt to accept mismatching key
* restore `_validate_curve` after monkeypatch
* add explanatory comment
* next year is 2027, dummy
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-02-23 16:06:09 +01:00
e367525794
stages/user_login: log correct user when session binding is broken (cherry-pick #20094 to version-2026.2) ( #20453 )
2026-02-21 18:48:42 +00:00
93c319baee
enterprise/providers/microsoft_entra: only check upn when set (cherry-pick #20441 to version-2026.2) ( #20442 )
...
enterprise/providers/microsoft_entra: only check upn when set (#20441 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-02-21 18:36:44 +01:00
1d02ee7d74
ci: pull latest changes before tagging new version (cherry-pick #20413 to version-2026.2) ( #20414 )
2026-02-19 14:32:15 +01:00
93439b5742
enterprise/providers/microsoft_entra: fix dangling comma (cherry-pick #20391 to version-2026.2) ( #20395 )
...
enterprise/providers/microsoft_entra: fix dangling comma (#20391 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-02-19 13:35:14 +01:00
6682a6664e
web/admin: bug: stage update forms not rendering, several modal form buttons missing (cherry-pick #20373 to version-2026.2) ( #20394 )
...
* web/admin: bug: stage update forms not rendering, several modal form buttons missing (#20373 )
## What
Names being passed to the browser were being incorrectly rendered. This commit updates the code in `StrictUnsafe` so that after the correct-use assertion is passed, the elementProperties are checked to see if the attribute has been named differently from the typed attribute field, and if so, retrieves the attribute name and passes it, rather than the field name, to the browser.
## Why
Since we have a lot of components with similar interfaces, it makes sense to try and check that they’re being used correctly and that the types associated with them are correct. Plus Lit, unlike React, doesn’t have a self-erasing syntax: every Lit element *is* an element, whereas JSX is an esoteric function call syntax that happens to look like XML. JavaScript templates aren’t as pretty as JSX, but they get the job done just as readily.
But in this case, cleverness bit us: we want to use the component’s JavaScript field names and types to validate that we’re using it correctly and passing the right types, but in the end we’re constructing a tag that will trigger the browser to construct the component and use it– and the field names don’t always correspond to the attribute name. Lit has a syntax for mapping the one to the other and stores it in the `elementProperties` field.
This code checks that, after we’ve determined the correct prefix for an property field that has been passed into the component, that we’ve also checked and extracted the correct *attribute name* for that property field. Most of the time it will be the same as the property field, but it muts always be checked.
* web: Fix element property names with custom attributes.
---------
Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-02-19 02:38:15 +01:00
0b5bac74e9
website/docs: correct reference to overriden S3 variable (cherry-pick #20156 to version-2026.2) ( #20378 )
...
website/docs: correct reference to overriden S3 variable (#20156 )
docs: correct reference to overriden S3 variable
Fixes: c30d1a478d#17535 )")
Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com >
Co-authored-by: Georg <georg@lysergic.dev >
2026-02-18 11:47:13 +00:00
062823f1b2
core: add cause to ak_groups deprecation event and logs (cherry-pick #20361 to version-2026.2) ( #20368 )
...
core: add cause to `ak_groups` deprecation event and logs (#20361 )
add cause to `ak_groups` deprecation event and logs
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-02-17 22:32:50 +01:00
a17fe58971
website/docs: Fix broken link to flow executor (cherry-pick #20364 to version-2026.2) ( #20370 )
...
website/docs: Fix broken link to flow executor (#20364 )
Fix broken link
I obviously can't test this, but it looks like the redirects should work.
Signed-off-by: nsw42 <nsw42@users.noreply.github.com >
Co-authored-by: nsw42 <nsw42@users.noreply.github.com >
2026-02-17 19:48:15 +00:00
422ea893b1
enterprise/providers/ws_federation: fix incorrect metadata download URL (cherry-pick #20173 to version-2026.2) ( #20365 )
...
enterprise/providers/ws_federation: fix incorrect metadata download URL (#20173 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@goauthentik.io >
2026-02-17 19:07:48 +01:00
15c9f93851
web: Flow Executor layout fixes (cherry-pick #20134 to version-2026.2) ( #20331 )
...
web: Flow Executor layout fixes (#20134 )
* Fix footer alignment.
* Fix loading position in compatibility mode.
* Apply min height only when placeholder content is present.
* Fix alignment in compatibility mode.
* Add compatibility mode host selectors.
* Fix nullish challenge height. Clarify selector behavior.
* Add type defintion
* Fix padding.
* Fix misapplication of pf-* class to container.
* Fix huge base64 encoded attribute.
* Clean up layering issues, order of styles.
* Disable dev override.
* Document parts.
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-02-17 18:03:07 +00:00
e2202d498b
rbac: fix object permission request (cherry-pick #20304 to version-2026.2) ( #20366 )
...
rbac: fix object permission request (#20304 )
fix object permission request
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-02-17 18:34:07 +01:00
9ea9a86ad3
release: 2026.2.0-rc4
2026-02-17 13:14:27 +00:00
4bac1edd61
web: revert package-lock.json by tag workflow ( #20349 )
...
revert changes to `package-lock.json` by tag workflow
Specifically by a01c0575db
2026-02-17 13:31:06 +01:00
24726be3c9
ci: fix setup altering package-lock (cherry-pick #20348 to version-2026.2) ( #20356 )
...
ci: fix setup altering package-lock (#20348 )
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-02-17 13:14:14 +01:00
411f06756f
website/docs, integrations: fix language (cherry-pick #20338 to version-2026.2) ( #20347 )
...
* Cherry-pick #20338 to version-2026.2 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #20338
Original commit: e056dbdadddominic@sdko.org >
Co-authored-by: dewi-tik <dewi@goauthentik.io >
2026-02-17 12:11:46 +00:00
4bdcab48c3
website/docs: rac: update rac provider docs (cherry-pick #20225 to version-2026.2) ( #20337 )
...
website/docs: rac: update rac provider docs (#20225 )
* WIP
* Sentence
* Delete image
* WIP
* adjust wording
---------
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
2026-02-16 21:49:07 -05:00
00dbd377a7
website/docs: add okta source doc (cherry-pick #20296 to version-2026.2) ( #20335 )
...
website/docs: add okta source doc (#20296 )
* Begin
* Add steps
* Apply suggestions
* Update website/docs/users-sources/sources/social-logins/okta/index.md
* Apply suggestion from @dominic-r
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
2026-02-17 01:07:43 +00:00
a01c0575db
release: 2026.2.0-rc3
2026-02-16 11:22:42 +00:00
6e51d044bb
root: do not rely on npm cli for version bump (cherry-pick #20276 to version-2026.2) ( #20321 )
...
root: do not rely on npm cli for version bump (#20276 )
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2026-02-16 11:41:36 +01:00
6d1b168dc4
website/docs: add affine to release notes (cherry-pick #20299 to version-2026.2) ( #20308 )
...
website/docs: add affine to release notes (#20299 )
* add affine to release notes
* use built-in github linking
* add missing credits to Arcane integration
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-02-15 18:00:41 +00:00
43675c2b22
web: fix italic formatting in lifecycle rule help text (cherry-pick #20263 to version-2026.2) ( #20267 )
...
web: fix italic formatting in lifecycle rule help text (#20263 )
* web: fix italic formatting in lifecycle rule help text
* r
Co-authored-by: Dominic R <dominic@sdko.org >
2026-02-14 21:22:43 +00:00
8645273eaf
stage/identification: recovery: make wording more generic (cherry-pick #20209 to version-2026.2) ( #20293 )
...
stage/identification: recovery: make wording more generic (#20209 )
Make wording more generic
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-02-14 05:47:47 +00:00
eb6f4712fe
website/docs: Custom CSS (cherry-pick #19991 to version-2026.2) ( #20287 )
...
website/docs: Custom CSS (#19991 )
* website/docs: Custom CSS
* Revise.
* Fix paths.
* Update links.
* Update header capitalization
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-02-13 21:56:29 +00:00
7b9505242e
web: add pretty names for lifecycle review events in event logs (cherry-pick #20264 to version-2026.2) ( #20268 )
...
web: add pretty names for lifecycle review events in event logs (#20264 )
Co-authored-by: Dominic R <dominic@sdko.org >
2026-02-13 18:30:37 +01:00
3dda20ebc7
enterprise/lifecycle: fix multiple reviews showing up in "Reviews" when the user is a member of multiple reviewer groups (cherry-pick #20266 to version-2026.2) ( #20278 )
...
Co-authored-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com >
fix multiple reviews showing up in "Reviews" when the user is a member of multiple reviewer groups (#20266 )
2026-02-13 13:43:19 +01:00
dfd2bc5c3c
ci: fix binary outpost build on release (cherry-pick #20248 to version-2026.2) ( #20279 )
...
fix binary outpost build on release (#20248 )
2026-02-13 13:38:31 +01:00
06a270913c
website/docs: draft of new WS-Fed provider docs (cherry-pick #20091 to version-2026.2) ( #20262 )
...
website/docs: draft of new WS-Fed provider docs (#20091 )
* first draft
* add table of parms
* tweak
* add section about certs
* a little more content
* more info on wa
* new procedurla file and edit sidebar
* tweaks
* dewi and jens edits
* tweak to remove bullet
* add docs link to the Rel Notes
* dewi edits thx
* ooops missed that last edit
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2026-02-13 09:51:42 +00:00
430507fc72
web: re-update package-lock.json to include missing tree-sitter references
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2026-02-12 17:45:50 +01:00
847af7f9ea
website/docs: 2025.8.6 release notes (cherry-pick #20243 to version-2026.2) ( #20257 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2026-02-12 16:57:14 +01:00
8f1cb636e8
website/docs: 2025.12.4 release notes (cherry-pick #20226 to version-2026.2) ( #20253 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2026-02-12 16:56:31 +01:00
e61c876002
website/docs: 2025.10.4 release notes (cherry-pick #20242 to version-2026.2) ( #20251 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2026-02-12 16:55:02 +01:00
33c0d3df0a
release: 2026.2.0-rc2
2026-02-12 15:48:24 +00:00
3a03e1ebfd
web: updated package-lock.json to include missing tree-sitter references (cherry-pick #20244 to version-2026.2) ( #20246 )
...
Co-authored-by: Ken Sternberg <ken@goauthentik.io >
2026-02-12 16:00:39 +01:00
1e41b77761
website/docs: fix lint
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2026-02-12 15:37:57 +01:00
6c1662f99f
security: CVE-2026-25227 ( #20236 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-02-12 15:27:42 +01:00
bb5bc5c8da
security: CVE-2026-25748 ( #20237 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-02-12 15:27:30 +01:00
30670c9070
security: CVE-2026-25922 ( #20238 )
...
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-02-12 15:27:04 +01:00
fdbf9ffedc
ci: fix release testing (cherry-pick #20207 to version-2026.2) ( #20224 )
...
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
fix release testing (#20207 )
2026-02-12 13:44:55 +01:00
2ec433d724
website/docs: ssf: update SSF documentation (cherry-pick #20195 to version-2026.2) ( #20211 )
...
website/docs: ssf: update SSF documentation (#20195 )
* Update SSF documentation
* Fix tags
* Update website/docs/add-secure-apps/providers/ssf/create-ssf-provider.md
* Update website/docs/add-secure-apps/providers/ssf/index.md
* Apply suggestions from code review
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2026-02-11 20:14:02 +00:00
55297b9e6a
website/docs: add email verification scope doc (cherry-pick #20141 to version-2026.2) ( #20206 )
...
website/docs: add email verification scope doc (#20141 )
* WIP
* Add link to 2025.10 release notes
* Apply suggestions from code review
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Co-authored-by: Dominic R <dominic@sdko.org >
2026-02-11 16:49:00 +00:00
f9dda6582c
website/docs: rac: fixes the property mapping formatting (cherry-pick #20200 to version-2026.2) ( #20203 )
...
website/docs: rac: fixes the property mapping formatting (#20200 )
Fixes the property mapping formatting
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-02-11 15:44:50 +00:00
3394c17bfd
release: 2026.2.0-rc1
2026-02-11 14:37:37 +00:00
a37d101b10
api: fix test_build_schema (cherry-pick #20196 to version-2026.2) ( #20199 )
...
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
fix `test_build_schema` (#20196 )
2026-02-11 15:00:00 +01:00
4774b4db87
core: bump cryptography from 46.0.4 to 46.0.5 (cherry-pick #20171 to version-2026.2) ( #20193 )
2026-02-11 11:45:35 +01:00
fdb52c9394
core: fix test_docker.sh (cherry-pick #20179 to version-2026.2) ( #20192 )
...
core: fix `test_docker.sh` (#20179 )
Broken by 646a0d369228359278+gergosimonyi@users.noreply.github.com >
2026-02-11 10:46:47 +01:00
9bcf9cd7d4
core, web: update translations ( #20172 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-02-10 22:40:33 +00:00
authentik-automation[bot]
Marc 'risson' Schmitt
Simonyi Gergő