Skip to content

website/docs: add 2025.10 release notes #17296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+60 −0
Open

website/docs: add 2025.10 release notes #17296

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions website/docs/releases/2025/v2025.10.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
---
title: Release 2025.10
slug: "/releases/2025.10"
---

:::info
2025.10 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.

To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2025.10.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
:::

## Highlights

- **Removed redis dependency**
- **SCIM provider OAuth support** :ak-enterprise
- **RADIUS EAP-TLS Support** :ak-enterprise
- **SAML provider Single logout support**
- **Telegram source**

## Breaking changes

Redis removal, authentik will most likely use more postgres DB connections
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

    "redis.cache_timeout": "cache.timeout",
    "redis.cache_timeout_flows": "cache.timeout_flows",
    "redis.cache_timeout_policies": "cache.timeout_policies",

those settings aliases were removed


Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cca5771

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used to be true by default, but has potential security implications and we don't have a single explicit boolean for whether an email is verified or not, hence the default changed.

Might break certain applications that rely on this being true, such as OIDC in kubernetes

## New features and improvements

Copy link
Contributor

@tanberry tanberry Oct 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## New integration guides
An integration is how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.
- [Cloudflare](https://integrations.goauthentik.io/platforms/cloudflare/)
- [Termix](https://integrations.goauthentik.io/infrastructure/termix/)
- [Digital Ocean](https://integrations.goauthentik.io/cloud-providers/digitalocean/)
- [osTicket](https://integrations.goauthentik.io/infrastructure/osticket/)
- [AppFlowy](https://integrations.goauthentik.io/documentation/appflowy/) Thanks to contributor [rayanbzd](https://github.com/rayanbzd)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't we directly link with /integrations/thing/file.md now?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if it might be a good idea to add the Entra ID SCIM doc too. Although it's not an integration. It would be a good doc to raise awareness of.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea. was hesitating to mention it as well. i'd add it personally

## Upgrading

This release does not introduce any new requirements. You can follow the upgrade instructions below; for more detailed information about upgrading authentik, refer to our [Upgrade documentation](../install-config/upgrade.mdx).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mabye a note for those not using the exact compose file or helm chart thingy to remove redis env vars and container config?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's breaking changes section, but mabye just a note to be sure?


:::warning
When you upgrade, be aware that the version of the authentik instance and of any outposts must be the same. We recommended that you always upgrade any outposts at the same time you upgrade your authentik instance.
:::

### Docker Compose

To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:

```shell
wget -O docker-compose.yml https://goauthentik.io/version/2025.10/docker-compose.yml
docker compose up -d
```

The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.

### Kubernetes

Upgrade the Helm Chart to the new version, using the following commands:

```shell
helm repo update
helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.10
```

## Minor changes/fixes

<!-- _Insert the output of `make gen-changelog` here_ -->

## API Changes

<!-- _Insert output of `make gen-diff` here_ -->
Loading