Update to upstream release 2026.2.0#18
Draft
tacerus wants to merge 828 commits intoSUSE:suse-mainfrom
Draft
Conversation
* clean up roles and permissions This was purposefully not included in `2025.12` to split the changes up. The main content of this patch is in the migrations. Everything else follows more or less automatically. * add breaking change warning to release notes * add `ak_groups` --> `groups` deprecated proxy * fixup! add `ak_groups` --> `groups` deprecated proxy * fixup! add `ak_groups` --> `groups` deprecated proxy * fixup! add `ak_groups` --> `groups` deprecated proxy * add configuration warning to default notifications blueprint * add rudimentary tests for User.ak_groups * remove no longer used permissions * clarify deprecation Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> * remove integration changes These will be included in a separate PR once this is released. --------- Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
…goauthentik#19865) Overview: Add a tip to the contributing guide explaining how to recover if you accidentally started making changes on `main` instead of a feature branch. Testing: n/a Motivation: Closes: goauthentik#18740
web: Fix development theme overrides.
assign cherry-pick PRs to original author
* Move inline styles into separate file. * Fix preferred order of captcha vendor discovery. * Clean up mutation and resize observer lifecycle. * Flesh out controllers. * Tidy refresh. * Fix incompatibilities with Storybook. * Flesh out captcha stories. * Bump package. * Flesh out stories. * Move inline styles into separate file. * Fix preferred order of captcha vendor discovery. * Clean up mutation and resize observer lifecycle. * Flesh out controllers. * Tidy refresh. * Remove unused. * Bump package.
…9874) Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 144.0.1 to 145.0.0. - [Commits](giggio/node-chromedriver@144.0.1...145.0.0) --- updated-dependencies: - dependency-name: chromedriver dependency-version: 145.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.2 to 5.0.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@8b402f5...cdf6c1f) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [debugpy](https://github.com/microsoft/debugpy) from 1.8.19 to 1.8.20. - [Release notes](https://github.com/microsoft/debugpy/releases) - [Commits](microsoft/debugpy@v1.8.19...v1.8.20) --- updated-dependencies: - dependency-name: debugpy dependency-version: 1.8.20 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ry group across 1 directory (goauthentik#19871) web: bump @sentry/browser in /web in the sentry group across 1 directory Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript). Updates `@sentry/browser` from 10.37.0 to 10.38.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@10.37.0...10.38.0) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 10.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: sentry ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Add version command * Add version command to install docs
* Adds signing algorithm * Fixed name * Update to comment * Update index.md Signed-off-by: Dewi Roberts <dewi@goauthentik.io> --------- Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
…#16259) * website: Flesh out keyboard interactions docs, examples. * Update doc * Fix links and apply suggestions --------- Co-authored-by: dewi-tik <dewi@goauthentik.io>
Remove outdated version.
…hentik#19892) * web: fix Brand CSS not applied to nested Shadow DOM components After PR goauthentik#17444, Brand CSS was only applied when ThemeChangeEvent fired. Components created after the initial event never received the custom styles. This fix immediately applies Brand CSS when a style root is set, ensuring all nested Shadow DOM components (like flow stages) receive brand styling regardless of when they are created. * Update web/src/elements/Base.ts Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> * Clarify. --------- Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
goauthentik#19897) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 6.33.4 to 6.33.5. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) --- updated-dependencies: - dependency-name: protobuf dependency-version: 6.33.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* Flesh out. * Flesh out. * Remove outdated version.
…etup (goauthentik#19929) ci: bump astral-sh/setup-uv in /.github/actions/setup Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@61cb8a9...803947b) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [globals](https://github.com/sindresorhus/globals) from 17.2.0 to 17.3.0. - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.2.0...v17.3.0) --- updated-dependencies: - dependency-name: globals dependency-version: 17.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [type-fest](https://github.com/sindresorhus/type-fest) from 5.4.2 to 5.4.3. - [Release notes](https://github.com/sindresorhus/type-fest/releases) - [Commits](sindresorhus/type-fest@v5.4.2...v5.4.3) --- updated-dependencies: - dependency-name: type-fest dependency-version: 5.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [playwright](https://github.com/microsoft/playwright) from 1.58.0 to 1.58.1. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.58.0...v1.58.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.58.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….0 in /tests/e2e (goauthentik#19917) core: bump goauthentik/selenium in /tests/e2e Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.9 to 144.0-ak-0.40.0. - [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases) - [Commits](https://github.com/SeleniumHQ/docker-selenium/commits) --- updated-dependencies: - dependency-name: goauthentik/selenium dependency-version: 144.0-ak-0.40.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…uthentik#19918) Bumps axllent/mailpit from v1.28.4 to v1.29.0. --- updated-dependencies: - dependency-name: axllent/mailpit dependency-version: v1.29.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…thentik#19921) Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite). Updates `@storybook/addon-docs` from 10.2.1 to 10.2.3 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.2.3/code/addons/docs) Updates `@storybook/addon-links` from 10.2.1 to 10.2.3 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.2.3/code/addons/links) Updates `@storybook/web-components` from 10.2.1 to 10.2.3 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.2.3/code/renderers/web-components) Updates `@storybook/web-components-vite` from 10.2.1 to 10.2.3 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.2.3/code/frameworks/web-components-vite) Updates `storybook` from 10.2.1 to 10.2.3 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.2.3/code/core) --- updated-dependencies: - dependency-name: "@storybook/addon-docs" dependency-version: 10.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: "@storybook/addon-links" dependency-version: 10.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: "@storybook/web-components" dependency-version: 10.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: "@storybook/web-components-vite" dependency-version: 10.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook - dependency-name: storybook dependency-version: 10.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: storybook ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…thentik#19924) Bumps [@formatjs/intl-listformat](https://github.com/formatjs/formatjs) from 8.2.0 to 8.2.1. - [Release notes](https://github.com/formatjs/formatjs/releases) - [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-listformat@8.2.0...@formatjs/intl-listformat@8.2.1) --- updated-dependencies: - dependency-name: "@formatjs/intl-listformat" dependency-version: 8.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cachetools](https://github.com/tkem/cachetools) from 6.2.6 to 7.0.0. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](tkem/cachetools@v6.2.6...v7.0.0) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…oauthentik#20391 to version-2026.2) (goauthentik#20395) enterprise/providers/microsoft_entra: fix dangling comma (goauthentik#20391) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
…-pick goauthentik#20441 to version-2026.2) (goauthentik#20442) enterprise/providers/microsoft_entra: only check upn when set (goauthentik#20441) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
…herry-pick goauthentik#20094 to version-2026.2) (goauthentik#20453)
…oauthentik#20402 to version-2026.2) (goauthentik#20474) enterprise: monkey patch pyjwt to accept mismatching key (goauthentik#20402) * monkey patch pyjwt to accept mismatching key * restore `_validate_curve` after monkeypatch * add explanatory comment * next year is 2027, dummy Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
…cles (cherry-pick goauthentik#20283 to version-2026.2) (goauthentik#20473) enterprise/lifecycle: use datetime instead of date to track review cycles (goauthentik#20283) * enterprise/lifecycle: use datetime instead of date to track review cycles (fix for goauthentik#20265) * Update authentik/enterprise/lifecycle/api/iterations.py * enterprise/lifecycle: replace extend_schema_field with type annotations --------- Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> Co-authored-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> Co-authored-by: Jens L. <jens@beryju.org>
…k#20477 to version-2026.2) (goauthentik#20481) policies: measure policy process from manager (goauthentik#20477) * policies: measure policy process from manager * fix constructor --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
…erry-pick goauthentik#20476 to version-2026.2) (goauthentik#20482) providers/proxy: preserve URL-encoded path characters in redirect (goauthentik#20476) Use r.URL.EscapedPath() instead of r.URL.Path when building the redirect URL in redirectToStart(). The decoded Path field converts %2F to /, which url.JoinPath then collapses via path.Clean, stripping encoded slashes from the URL. EscapedPath() preserves the original encoding, fixing 301 redirects that break apps like RabbitMQ which use %2F in their API paths. Co-authored-by: Brolywood <44068132+Brolywood@users.noreply.github.com>
…026.2) (goauthentik#20425) web: Center footer links. (goauthentik#20345) * web: Center footer links. * Refine track resizing behavior. * Fix odd scenario. * Tidy padding. Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
goauthentik#20447 to version-2026.2) (goauthentik#20486) website/docs: add info about make install and recovery key (goauthentik#20447) * add info about make install and recovery key * fix formatting on troubleshooting tip * Apply suggestion from @dominic-r * tweak to bump * tweak * tweaked words abouot make install per jens * build --------- Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Dominic R <dominic@sdko.org> Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
…pick goauthentik#20457 to version-2026.2) (goauthentik#20503) providers/oauth2: device code flow client id via auth header (goauthentik#20457) * Use `extract_client_auth` which can get client id from either HTTP Authorization header or POST body * Update documentation to reflect allow sending client id via header * Add tests for using HTTP Basic Auth to pass in client id Co-authored-by: Michael Beigelmacher <brooklynbagel@gmail.com>
…oauthentik#20507 to version-2026.2) (goauthentik#20510) enterprise: add `ES384` to enterprise license algorithms (goauthentik#20507) add `ES384` to enterprise license algorithms Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
…eForm not working (cherry-pick goauthentik#20429 to version-2026.2) (goauthentik#20512) * Cherry-pick goauthentik#20429 to version-2026.2 (with conflicts) This cherry-pick has conflicts that need manual resolution. Original PR: goauthentik#20429 Original commit: ab981de * revert miscellaneous changes These don't need to be in 2026.2 --------- Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com> Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
…k#20511 to version-2026.2) (goauthentik#20515) web: fix Edit Policy button on Flow view page (goauthentik#20511) fix Edit Policy button on Flow view page Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
… (cherry-pick goauthentik#20485 to version-2026.2) (goauthentik#20514) endpoints: fix infinite recursion in stage with unsupported connector (goauthentik#20485) * stages: fix infinite recursion * respect mode * add tests --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
…version-2026.2) (goauthentik#20517) website/docs: fix linux setup docs (goauthentik#20508) * docs: add auth config steps * tweak * Changed wording * Fix broken link --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io> Co-authored-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
…rry-pick goauthentik#20489 to version-2026.2) (goauthentik#20505) * Cherry-pick goauthentik#20489 to version-2026.2 (with conflicts) This cherry-pick has conflicts that need manual resolution. Original PR: goauthentik#20489 Original commit: 9da1014 * Update index.mdx Signed-off-by: Dewi Roberts <dewi@goauthentik.io> --------- Signed-off-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Dominic R <dominic@sdko.org> Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
…cherry-pick goauthentik#20430 to version-2026.2) (goauthentik#20524) policies: fix PolicyEngineMode ALL with static binding optimization (goauthentik#20430) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
…entik#20518 to version-2026.2) (goauthentik#20526) providers/oauth2: deactivate locale after testing (goauthentik#20518) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
…sion-2026.2) (goauthentik#20528) providers/oauth2: add jti claim (goauthentik#20484) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
… to version-2026.2) (goauthentik#20531) * Cherry-pick goauthentik#20527 to version-2026.2 (with conflicts) This cherry-pick has conflicts that need manual resolution. Original PR: goauthentik#20527 Original commit: 884e662 * fix conflicts --------- Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
This reverts commit 7d51b36. Will be re-integrated as part of version/2026.2.0.
…ntik#14785)" This reverts commit ec255a7. Will be re-integrated as part of version/2026.2.0.
tacerus
force-pushed
the
suse/sync/2026.2.0
branch
from
f6758a7 to
79ac9ab
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.