# What
1. Moves the notifications folder from elements to components: the API and Notifications drawers are API-aware. If we want to separate that out and do something unique, we can, but for now, let’s just get things where they should be.
2. Adjusts all the imports correctly.
3. (Minor): Mutating the array and then calling `requestUpdate()`, especially when the array is then sorted-and-reversed, doesn’t save anything over creating a new array with the new item shifted onto the head, sorted once, and then saved to the property, which triggers an update automatically.
* main: (47 commits)
core: bump python-kadmin-rs from 0.7.1 to 0.7.2 (#22234)
website: bump react-dom from 19.2.5 to 19.2.6 in /website (#22198)
web: bump the react group across 1 directory with 2 updates (#22208)
web: bump knip from 6.9.0 to 6.11.0 in /web (#22212)
web: bump @formatjs/intl-listformat from 8.3.4 to 8.3.5 in /web (#22211)
website: bump react from 19.2.5 to 19.2.6 in /website (#22199)
core: update psycopg[pool] requirement from <4,>=3 to >=3.3.4,<4 (#22201)
core: bump the uv group across 1 directory with 2 updates (#22237)
ci: fix make gen in release workflows (#22235)
ci: run make gen when tagging a new release (#22229)
ci: Improve branch-off action description (#22188)
web/admin: fix user wizard close button (#22222)
core: bump pydantic from 2.13.3 to 2.13.4 (#22207)
core: bump tokio from 1.52.1 to 1.52.2 (#22160)
core: bump library/node from `735dd68` to `4f2b45e` in /lifecycle/container (#22210)
core, web: update translations (#22140)
core: bump twilio from 9.10.5 to 9.10.9 (#22202)
core: bump python-kadmin-rs from 0.7.0 to 0.7.1 (#22205)
core: bump cachetools from 7.0.6 to 7.1.1 (#22204)
core: bump types-requests from 2.33.0.20260408 to 2.33.0.20260503 (#22206)
...
* main:
root: ensure uv sync does not update uv.lock (#22084)
core: bump dramatiq from 1.17.1 to 2.1.0 (#22076)
web: Fix Vendored Lex package. Add Unit Tests (#22083)
core, web: update translations (#22074)
website: bump the build group in /website with 6 updates (#22075)
web: bump ip-address from 10.1.0 to 10.2.0 in /web (#22082)
web: bump the swc group across 1 directory with 11 updates (#22078)
ci: bump taiki-e/install-action from 2.75.29 to 2.75.30 in /.github/actions/setup (#22077)
web: bump country-flag-icons from 1.6.16 to 1.6.17 in /web (#22079)
web: bump yaml from 2.8.3 to 2.8.4 in /web (#22080)
core: bump sentry from 0.47.0 to 0.48.0 (#22081)
packages/client-ts: Fix TypeScript config, ESBuild warnings (#21863)
web: fix identification stage OUIA attributes (#22049)
stages/invitation: Invitation wizard (#20399)
Web/release202604/nits 2 (#22040)
web: Gracefully handle missing element construction. (#21787)
* main: (24 commits)
root: update django to 5.2.14 (#22064)
tenants: add option to mark flag as deprecated (#22063)
web/stages: better wording for webauthn authenticator attachments options (#22062)
web: bump vite from 8.0.8 to 8.0.10 in /web (#21842)
api: set authenticated session user agent nullable properties (#22059)
web/admin: redirect stage: adds mention of static url (#22060)
web: bump axios from 1.15.0 to 1.16.0 in /web (#22058)
providers/oauth2: override RedirectURITypeEnum capitalization for generated API (#22037)
website/docs: document language settings (#21968)
website/docs: document supported PostgreSQL versions (#21967)
website: bump docusaurus-theme-openapi-docs from 5.0.1 to 5.0.2 in /website (#22052)
web: bump the storybook group across 1 directory with 5 updates (#22024)
revert: web: Consistent use of "User Dashboard" (#22038) (#22046)
core: bump metrics-exporter-prometheus from 0.18.1 to 0.18.3 (#22057)
core, web: update translations (#22047)
core: bump cryptography from 47.0.0 to 48.0.0 (#22053)
core: bump psycopg[c,pool] from 3.3.3 to 3.3.4 (#22054)
ci: bump taiki-e/install-action from 2.75.28 to 2.75.29 in /.github/actions/setup (#22056)
web: remove native fieldset borders from action groups (#21334)
website/docs: document blueprint import options (#21973)
...
* main:
web/admin: use bindings form for app entitlements (#22007)
website/integrations: Add guide to integrate Technitium DNS with authentik (#21826)
website/docs: clarify M2M scope requests (#21977)
website/docs: clarify LDAP TLS verification (#21974)
website/docs: clarify blueprint identifiers (#21976)
website/docs: document promoted sources (#21979)
lifecycle/aws: bump aws-cdk from 2.1118.4 to 2.1119.0 in /lifecycle/aws (#22001)
web: bump the swc group across 1 directory with 11 updates (#22004)
core: bump uvicorn[standard] from 0.45.0 to 0.46.0 (#22002)
web: bump @sentry/browser from 10.49.0 to 10.50.0 in /web in the sentry group across 1 directory (#22003)
ci: bump taiki-e/install-action from 2.75.23 to 2.75.25 in /.github/actions/setup (#22005)
core: bump reqwest from 0.13.2 to 0.13.3 (#22006)
stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#21999)
core, web: update translations (#21998)
enterprise: account lockdown (#18615)
enterprise/lifecycle: remove one review per object limitation (#21046)
* main:
web: bump knip from 6.6.0 to 6.6.3 in /web (#21981)
packages/ak-common/tracing: make log level lowercase (#21991)
root: only allow listen failure in dev (#21987)
flows: preserve signed background URLs in CSS (#21868)
core, web: update translations (#21966)
core: fix search for app entitlements failing (#21944)
ci: bump taiki-e/install-action from 2.75.22 to 2.75.23 in /.github/actions/setup (#21982)
website/integrations: Refactor and cleanup GitHub Enterprise (#21685)
web: Clear remember me before navigation. (#21647)
web: bump knip from 6.4.1 to 6.6.0 in /web (#21957)
core: bump github.com/getsentry/sentry-go from 0.45.1 to 0.46.0 (#21955)
core: bump uvicorn[standard] from 0.44.0 to 0.45.0 (#21956)
core: bump rustls from 0.23.39 to 0.23.40 (#21958)
core: support hashed password in users API + automated install (#18686)
core, web: update translations (#21952)
providers/saml: generate issuer url when provider is set on app (#18022)
* main: (269 commits)
root: fix rust build with uv-installed Python (#21858)
core: add support for hiding applications from the user dashboard (#21530)
core: bump ruff from 0.15.11 to 0.15.12 (#21871)
packages/ak-axum/router: add X-Powered-By to all responses (#21940)
core: bump microsoft-kiota-serialization-form from 1.9.8 to v1.10.1 (#21909)
core: bump pytest-randomly from 4.0.1 to 4.1.0 (#21873)
core: users/groups reduce number of database queries (#20431)
core: bump types-channels from 4.3.0.20260408 to 4.3.0.20260421 (#21872)
ci: bump taiki-e/install-action from 2.75.21 to 2.75.22 in /.github/actions/setup (#21877)
core, web: update translations (#21870)
sources/oauth: ensure user ID is returned as str (#21880)
translate: Updates for project authentik and language no_NO (#21862)
core: bump maxminddb from 3.0.0 to v3.1.1 (#21907)
core: bump prometheus-client from 0.24.0 to v0.25.0 (#21919)
core: bump azure-identity from 1.25.1 to v1.25.3 (#21886)
core: bump aiohttp from 3.13.4 to v3.13.5 (#21882)
core: bump anyio from 4.12.1 to v4.13.0 (#21883)
core: bump asgiref from 3.11.0 to v3.11.1 (#21884)
core: bump azure-core from 1.38.0 to v1.39.0 (#21885)
core: bump blessed from 1.25.0 to v1.38.0 (#21887)
...
* main: (36 commits)
web/e2e: accept options in NavigatorFixture.waitForPathname (#21507)
web/styles: switch to upstream RedHat variable fonts and brighten orange palette (#21509)
web/styles: add ak-c-loading-skeleton CSS component (#21510)
core, web: update translations (#21532)
core: bump lxml from 6.0.2 to 6.0.3 (#21523)
core: bump library/node from `45babd1` to `9707cd4` in /lifecycle/container (#21522)
tasks: better error message for Retry exceptions (#18235)
web/admin: fix user list avatar (#21531)
core: bump django from v5.2.12 to 5.2.13 (#21520)
core: add cooldown to dependabot (#21286)
web/admin: include avatar in user list page (#21518)
events: add index on Event.user.pk (#19576)
ci: always run apt update (#21516)
enterprise/search: move QL to open source] (#21484)
core: add logging when session decode fails (#21514)
website/docs: Refactor email configuration (#21130)
core: bump types-ldap3 from 2.9.13.20260402 to 2.9.13.20260408 (#21493)
packages/ak-common/db: init (#21357)
packages/ak-axum/extract/host: init (#21323)
web: bump knip from 6.3.0 to 6.3.1 in /web (#21505)
...
* main: (58 commits)
packages/ak-axum/error: init (#21315)
packages/ak-axum: init (#21313)
website: bump the build group across 1 directory with 9 updates (#21396)
core: bump jwcrypto from 1.5.6 to 1.5.7 (#21423)
web: bump fuse.js from 7.1.0 to 7.3.0 in /web (#21429)
web: bump the bundler group across 1 directory with 3 updates (#21425)
web: bump cspell from 9.7.0 to 10.0.0 (#21427)
web: bump knip from 6.1.0 to 6.3.0 in /web (#21428)
sources/ldap: Switch to new connection tracking, deprecated attribute-based connection (#21392)
packages/ak-common/mode: init (#21259)
packages/ak-common/tracing: init (#21263)
web/admin: Improve WS-Fed algo selection logic (#20881)
packages/ak-common/tls: init (#21262)
packages/ak-common/config: add set helper for tests (#21356)
tasks: allow retry for rejected tasks only (#21433)
core, web: update translations (#21394)
website/docs: clarify file upload troubleshooting (#21361)
ci: bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 (#21424)
core: bump uvicorn[standard] from 0.43.0 to 0.44.0 (#21422)
ci: bump taiki-e/install-action from 2.73.0 to 2.74.0 in /.github/actions/setup (#21426)
...
* main: (26 commits)
root: fix compose generation for patch releases release candidates (#21353)
web: bump @swc/cli from 0.8.0 to 0.8.1 in /web in the swc group across 1 directory (#21300)
providers/proxy: fix oidc client not using socket in embedded outpost (#21280)
packages/client-rust: fix portable sed usage (#21337)
packages/ak-common/tokio/proxy_procotol: init (#21311)
packages/ak-common/config: init (#21256)
core: bump beryju.io/ldap from 0.1.0 to 0.2.1 (#21235)
web: bump @sentry/browser from 10.46.0 to 10.47.0 in /web in the sentry group across 1 directory (#21297)
packages/ak-common/arbiter: init (#21253)
website/docs: fix full dev setup ordering (#21332)
core: bump types-docker from 7.1.0.20260328 to 7.1.0.20260402 (#21342)
packages/ak-common: rename from ak-lib (#21314)
root: fix rustfmt config (#21312)
core: bump types-ldap3 from 2.9.13.20260319 to 2.9.13.20260402 (#21343)
web: bump the bundler group across 1 directory with 4 updates (#21345)
core: bump aiohttp from 3.13.3 to 3.13.4 (#21333)
core, web: update translations (#21335)
lifecycle/aws: bump aws-cdk from 2.1115.1 to 2.1116.0 in /lifecycle/aws (#21338)
core: bump types-requests from 2.33.0.20260327 to 2.33.0.20260402 (#21339)
core: bump django-stubs[compatible-mypy] from 6.0.1 to 6.0.2 (#21340)
...
* main:
translate: Updates for project authentik and language fr_FR (#21285)
packages/django-postgres-cache: rework to use ORM (#17771)
providers/saml: Fix redirect for saml slo (#21258)
core: fix provider not nullable (#21275)
website/docs: ad source: add note about ldap signing (#21274)
website/api: update API clients doc (#21202)
ci: bump taiki-e/install-action from 2.70.2 to 2.70.3 in /.github/actions/setup (#21267)
lifecycle/aws: bump aws-cdk from 2.1114.1 to 2.1115.0 in /lifecycle/aws (#21265)
core, web: update translations (#21264)
packages/ak-lib: init (#21257)
website/docs: document group_uuid as a property for group object (#20865)
web/flow: extract lifecycle events peripheral to stage management into their own controllers (#20898)
core: bump pygments from 2.19.2 to 2.20.0 (#21260)
website/docs: add grafana dashboard (#21254)
* main: (52 commits)
stages/authenticator_webauthn: save attestation certificate when creating credential (#20095)
web/admin: fix missing icon on app view page (#21251)
web/elements: allow table per-column options (#21250)
ci: bump actions/setup-go from 6.3.0 to 6.4.0 (#21245)
web: bump knip from 6.0.6 to 6.1.0 in /web (#21241)
web: bump globby from 16.1.1 to 16.2.0 in /web (#21242)
core: bump types-requests from 2.32.4.20260324 to 2.33.0.20260327 (#21236)
core: bump types-docker from 7.1.0.20260322 to 7.1.0.20260328 (#21237)
core: bump aws-cdk-lib from 2.244.0 to 2.245.0 (#21238)
ci: bump int128/docker-manifest-create-action from 2.16.0 to 2.17.0 (#21244)
ci: bump astral-sh/setup-uv from 7.6.0 to 8.0.0 in /.github/actions/setup (#21246)
ci: bump taiki-e/install-action from 2.69.12 to 2.70.2 in /.github/actions/setup (#21247)
ci: bump actions/setup-go from 6.3.0 to 6.4.0 in /.github/actions/setup (#21248)
core, web: update translations (#21233)
translate: Updates for project authentik and language fr_FR (#21214)
web/admin: polish recent events, various button alignments and labels (#21232)
outposts: Create separate metrics service in Kubernetes (#21229)
events: fix exception in volume endpoint, adjust simple table size (#21230)
core: Application stats, device events & cleanup (#21225)
core: bump axllent/mailpit from v1.29.4 to v1.29.5 in /tests/e2e (#21226)
...
* main: (21 commits)
root: cleanup API generation (#21172)
packages/client-ts: init (#21120)
core, web: update translations (#21159)
website: bump @goauthentik/docusaurus-config from 2.5.1 to 2.6.0 in /website in the docusaurus group (#21161)
core: bump cryptography from 46.0.5 to 46.0.6 (#21162)
core: bump library/node from 25.8.1-trixie to 25.8.2-trixie in /website (#21163)
ci: bump taiki-e/install-action from 2.69.9 to 2.69.10 in /.github/actions/setup (#21164)
web: bump the goauthentik group across 1 directory with 3 updates (#21165)
web: bump typescript from 5.9.3 to 6.0.2 in /web (#21107)
web/flows: fix continuous flow leftovers (#21158)
web: bump picomatch from 4.0.3 to 4.0.4 (#21157)
web: bump yaml from 2.8.2 to 2.8.3 (#21156)
website: bump picomatch in /website (#21155)
web: bump smol-toml from 1.6.0 to 1.6.1 (#21154)
web: bump picomatch from 2.3.1 to 2.3.2 in /web (#21153)
web: bump smol-toml from 1.6.0 to 1.6.1 in /web (#21152)
root: optimise api client generation speed (#21141)
website/integrations: nextcloud add back-channel logout documentation (#21147)
core: bump requests from 2.32.5 to 2.33.0 (#21146)
web: bump chromedriver from 146.0.5 to 146.0.6 in /web (#21128)
...
* main: (26 commits)
endpoints/connectors: fix enabled flag not respected (#21144)
web: bump vite from 7.3.1 to 8.0.2 in /web (#21109)
website/docs: add a single page about our user interface, document Consent stage (#20533)
website: bump the build group across 1 directory with 9 updates (#21127)
web: bump knip from 5.88.1 to 6.0.5 in /web (#21129)
core: bump drf-spectacular from 0.28.0 to 0.29.0 (#19420)
packages/client-go: init (#21139)
providers/proxy: Add a default maxResponseBodySize to Traefik Middleware (#21111)
core: bump library/nginx from `dec7a90` to `7150b3a` in /website (#21137)
core: bump gunicorn from 25.1.0 to 25.2.0 (#21134)
core: bump github.com/getsentry/sentry-go from 0.43.0 to 0.44.1 (#21122)
core: bump astral-sh/uv from 0.11.0 to 0.11.1 in /lifecycle/container (#21135)
ci: bump taiki-e/install-action from 2.69.8 to 2.69.9 in /.github/actions/setup (#21136)
web/a11y: Modals, Command Palette (Merge branch) (#17812)
website/docs: document file picker values (#20994)
packages/client-rust: init (#21117)
core: bump sentry-sdk from 2.55.0 to 2.56.0 (#21124)
events: add helper to log deprecation configuration_warning message (#21115)
core: bump djangorestframework from 3.17.0 to 3.17.1 (#21126)
core: bump twilio from 9.10.3 to 9.10.4 (#21123)
...
* main:
core: remove filter_not_expired for QS (#18274)
tenants: fix default schema in initial migration (#21114)
core: bump django-stubs[compatible-mypy] from 5.2.9 to 6.0.1 (#21099)
core, web: update translations (#21097)
lifecycle/aws: bump aws-cdk from 2.1112.0 to 2.1113.0 in /lifecycle/aws (#21098)
core: bump types-requests from 2.32.4.20260107 to 2.32.4.20260324 (#21100)
core: bump constructs from 10.5.1 to 10.6.0 (#21101)
core: bump astral-sh/uv from 0.10.12 to 0.11.0 in /lifecycle/container (#21103)
ci: bump taiki-e/install-action from 2.69.6 to 2.69.7 in /.github/actions/setup (#21104)
web: bump flatted from 3.4.1 to 3.4.2 (#21076)
core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1774286095 (#21089)
core: bump cbor2 from 5.8.0 to 5.9.0 (#21094)
ci: fix cherry-pick action generating empty title (#21091)
web: bump the swc group across 1 directory with 11 updates (#21070)
web: bump yaml from 2.8.2 to 2.8.3 in /web (#21071)
core: add flag for future default behaviour of requiring a binding to access an application (#16247)
* main: (22 commits)
ci: rotate GH App private key (#21085)
internal/web: remove authentication for metrics (#21077)
lib/config: explicit some defaults (#21079)
internal: remove unix sockets on shutdown (#21081)
ci: fix escaping in cherry-pick action (#21082)
lib/config: support printing multiple values (#21080)
root: fix rust setup (#21078)
core: bump types-docker from 7.1.0.20260109 to 7.1.0.20260322 (#21062)
policies: remove BufferedPolicyAccessView leftovers (#21057)
core: bump axllent/mailpit from v1.29.3 to v1.29.4 in /tests/e2e (#21061)
core: bump types-channels from 4.3.0.20250822 to 4.3.0.20260321 (#21063)
core: bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1 (#21059)
translate: Updates for project authentik and language fr_FR (#21056)
ci: bump taiki-e/install-action from 2.69.2 to 2.69.6 in /.github/actions/setup (#21068)
web: bump the storybook group across 1 directory with 5 updates (#21031)
web: bump knip from 5.88.0 to 5.88.1 in /web (#21033)
web: bump type-fest from 5.4.4 to 5.5.0 in /web (#21032)
events: prevent exception when events contains incompatible unicode (#21048)
web/admin: handle non-string values in formatUUID to prevent Event Log crash (#20804)
events: avoid implicitly setting context from login_failed event (#21045)
...
* main: (36 commits)
website: fix typos (#20996)
internal/outpost/ak: fix ws URL on outpost restart (#21041)
sources/ldap: fix incorrect error response for invalid sync_users_password (#21016)
website/docs: add missing dependencies for linux dev environment (#21020)
core, web: update translations (#21021)
web: bump flatted from 3.4.1 to 3.4.2 in /web (#21037)
web: bump @sentry/browser from 10.44.0 to 10.45.0 in /web in the sentry group across 1 directory (#21022)
website: bump flatted from 3.4.1 to 3.4.2 in /website (#21038)
core: bump astral-sh/uv from 0.10.11 to 0.10.12 in /lifecycle/container (#21027)
ci: bump actions-rust-lang/setup-rust-toolchain from 1.15.3 to 1.15.4 in /.github/actions/setup (#21030)
ci: bump taiki-e/install-action from 2.68.26 to 2.69.2 in /.github/actions/setup (#21029)
core: bump goauthentik/fips-debian from `7baeeaa` to `7726387` in /lifecycle/container (#21028)
core: bump aws-cdk-lib from 2.243.0 to 2.244.0 (#21026)
core: bump types-ldap3 from 2.9.13.20251121 to 2.9.13.20260319 (#21024)
core: bump ruff from 0.15.6 to 0.15.7 (#21023)
core: bump goauthentik/fips-python from `859ad57` to `bf45eb7` in /lifecycle/container (#21025)
website/integrations: fix AWS SCIM with Identity Center (#21017)
root: allow listening on multiple IPs (#20930)
website: switch docs analytics to gtag (#20993)
web: link file picker to docs (#20995)
...
window.authentik.flow = {
"layout": "{{ flow.layout }}",
+ "background": "{{ flow.background }}",
+ "title": "{{ flow.title }}",
};
Amends the `flow.html` template and `GlobalAuthentik` parser to include new parameters, `background` and `title`, in the flow-specific part of the configuration written to the HTML `<head>` object, and to provide those parameters to client code.
## Why
The `layout` is start-up critical: it tells the Flow interface how the admin wants the Flow page to look, and allows the HTML and CSS to be pre-aligned to that condition. `layout` is determined on a per-Flow bases, not a per-Stage basis; Flows are derived from a tuple of `(Brand, Application?)`, where the opening policy *may* direct a user to a different flow if the user reached authentik via a redirect from a specific application, but will otherwise fall back to the default Flow for the Brand.
The `background` is a field that is required if the `Flow`’s layout is of type `frame_background`; in this case, the part of the viewport not dedicated to the FlowExecutor is reserved for an `<iframe>` that will be filled in with whatever the administrator specifies. Although this gives it the same priority as `layout` (whether it’s provided or undefined) for describing the [chrome](https://developer.mozilla.org/en-US/docs/Glossary/Chrome) around a challenge, it is currently not provided to the application in the start-up config; it is provided in the `challenge` and renders the IFrame as part of the initial challenge.
This patch fixes that; if `layout` is provided, `background` ought to be as well, even if it’s empty. The execution of a Challenge ought not have any influence over the look and feel of the Flow-defined appearance *around* that Challenge.
I have added `title` as well; with that, all of the current theme-and-appearance related configuration details are placed into `<head>` and can be removed from the FlowExecutor.
Server-side, `background` is currently specified: `background = FileField(blank=True, default="")` which is … interesting since we also appear to store URLs in it. I don’t see anything in the FlowSerializer that would change that from a client’s point of view.
This patch furthers the effort to separate flow execution from flow presentation.
- \[🐰\] The code has been formatted (`make web`)
2026-03-18 15:25:11 -07:00
10 changed files with 30 additions and 28 deletions
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
