See https://docs.goauthentik.io/docs/releases/2025.12#fixed-in-2025122
What's Changed
website/docs: release notes: Update release notes for version 2025.12.1 (cherry-pick #19502 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19503
sources/kerberos: update to new python-kadmin-rs (cherry-pick #19491 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19523
tests/e2e: Add delay and serialized rollback to saml e2e test (cherry-pick #18840 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19532
website/docs: endpoint devices: update device code flow instructions (cherry-pick #19528 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19534
admin/files: fix manageable check blocking file creation on fresh installs (cherry-pick #19547 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19553
admin/files: fix duplicate bucket name in presigned URLs with custom domain (cherry-pick #19537 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19575
core: Update supported versions in SECURITY.md (cherry-pick #19385 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19578
website/docs: add s3 perms (cherry-pick #19579 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19581
web: update @goauthentik/api (cherry-pick #19542 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19589
web/forms: fix invalid date error for empty datetime-local inputs (cherry-pick #19561 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19582
endpoints: fix endpoints stage marked as enterprise (cherry-pick #19607 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19610
policies: fix Providers authentication_flow not used when set (cherry-pick #19609 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19615
providers/saml: fix structure of encrypted saml assertion (cherry-pick #19592 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19613
providers/saml: allow encryption certificates without private keys (cherry-pick #19526 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19612
sources/saml: Fix signature verification order to accommodate encrypted assertions (cherry-pick #19593 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19614
tests: improve e2e/integration test reliability (cherry-pick #19540 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19611
lib/sync/outgoing: handle deletions even if object does not exist in database (cherry-pick #18968 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19617
website/docs: endpoints devices: typo fix (cherry-pick #19621 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19622
web/user: fix Firefox for Android infinite render loop in user library (cherry-pick #19379 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19626
web/maintenance: fix missing custom web component imports (cherry-pick #18942 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19636
website/docs: Update saml google workspace guide (cherry-pick #19624 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19642
website/docs: update endpoint agent windows log location (cherry-pick #19645 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19646
web/a11y: Locale selector select styles, contrast. (cherry-pick #19634 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19651
website/docs: update LDAP search permission instructions (cherry-pick #19676 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19678
web/maintenance: no unknown tag names (cherry-pick #18944 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19637
providers/oauth2: add logout+jwt token type for oidc logout token. (cherry-pick #19554 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19675
web/maintenance: no missing element type definitions (cherry-pick #18950 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19638
web/maintenance/no unknown attributes (part 1) (cherry-pick #18970 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19639
sources/saml: Set AuthnRequest ProtocolBinding to HTTP-POST instead of HTTP-Redirect (cherry-pick #17378 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19649
web/forms: fix forms not resetting state when modal closes (cherry-pick #19562 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19635
web/admin: fix brand form sending "undefined" string for blank default application (cherry-pick #19658 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19682
internal: fix incorrect metric calculation (cherry-pick #19701 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19703
sources/oauth: add fallback for id_token when profile URL is not available (cherry-pick #19311 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19704
core: return bad request when user is authenticated and not active (cherry-pick #19706 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19710
web/admin: fix impersonation form requesting data without being opened (cherry-pick #19673 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19712
web/sfe: downgrade bootstrap, add access denied test (cherry-pick #19763 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19765
root: update client-go generation (cherry-pick #19762 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19791
web/elements: reduce spacing between collapsible form groups (cherry-pick #19627 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19640
web/elements: stabilize dual-select status height (cherry-pick #19734 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19776
website/docs: fix Transifex link in translation guide (cherry-pick #19735 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19771
website/docs: endpoint devices: fix local device login (cherry-pick #19698 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19790
website/docs: Fix authenticator sms docs (cherry-pick #19797 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19816
providers/scim: fix email validation mismatch (cherry-pick #19848 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19853
sources/saml: properly catch InvalidSignature exception (cherry-pick #19641 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19650
sources/oauth: Fix an issue where wechat may crash duing login. (cherry-pick #18973 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19854
website/docs: add more info to entra id scim doc (cherry-pick #19849 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19855
website/docs: add tip for recovering from accidental main branch work (cherry-pick #19865 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19866
admin/files: add centralized theme variable support for file URLs (cherry-pick #19657 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19793
web/table: align row action icons and tooltip color (cherry-pick #19736 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19773
web/admin: fix file upload not preserving extension for custom names with dots (cherry-pick #19548 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19685
web/admin: fix captcha stage provider selector not showing saved value (cherry-pick #19555 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19656
web: Session UI Config Lifecycle (cherry-pick #19788 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19821
website/docs: endpoint devices: add version command (cherry-pick #19767 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19877
web: Enforce challenge nullish types. (cherry-pick #19768 to version-2025.12) by @authentik-automation[bot] in https://github.com/goauthentik/authentik/pull/19777
Full Changelog: https://github.com/goauthentik/authentik/compare/version/2025.12.1...version/2025.12.2