Authelia Release Notes
11 release notes curated from 1 source by the Releasebot Team. Last updated: May 26, 2026
- May 26, 2026
- Date parsed from source:May 26, 2026
- First seen by Releasebot:May 26, 2026
- Modified by Releasebot:May 27, 2026
v4.39.20
Authelia releases important security fixes and bug fixes, tightening access control, canonicalization, authentication, authorization, storage, and session handling while also improving configuration, metrics, and middleware behavior.
Security Fixes
This release contains important security fixes. We encourage users to update as soon as practical.
The following advisories accompany this release:
- Edge Case Access Control Rule Domain Miss Due to Lack of Canonicalization reported by @j0hndo, fixed by @james-d-elliott, reviewed by @nightah and @Crowley723
- Missing Username Canonicalization in Basic Auth when using LDAP reported by @Nadav0077, fixed by @james-d-elliott, reviewed by @nightah and @Crowley723
Bug Fixes
- authentication: incorrect bind mode (#12094) (dc1d1d6) by @james-d-elliott
- authorization: case-insensitive domain matching [security] (#12169) (b6d1d60) by @james-d-elliott
- authorization: oauth2 client credentials considered anonymous (#12141) (54de0c9) by @james-d-elliott
- configuration: add default attributes to freeipa (#12155) (f8203be) by @kaysond
- configuration: include specific warning about ports (#12145) (033533e) by @james-d-elliott
- configuration: preserve dots in map key names during koanf remap (#11803) (211a4cd) by @nightah
- expression: add missing extensions (#11226) (4c7ffd3) by @james-d-elliott
- handlers: basic auth username canonicalization [security] (#12170) (b8985b5) by @james-d-elliott
- handlers: hoist issuer checks (#12160) (ab5dca7) by @james-d-elliott
- metrics: ensure unknown bans are measured (#11999) (3adae90), closes #11972 by @james-d-elliott
- metrics: go collectors not registered (#11894) (9cd8812) by @james-d-elliott
- middlewares: add rate limit exclusions (#12159) (17397cd) by @james-d-elliott
- session: add startup check for backend connectivity (#12157) (8149b6f) by @nightah
- storage: harden one-time code consumption (#12095) (9dc3eb6) by @james-d-elliott
- storage: incorrect query used for auth code by req id (#12139) (dc6365d) by @james-d-elliott
- web: quote peer dependency versions in pnpm-workspace (#12049) (1fb10aa), closes #12032 by @nightah
New Contributors
- @nicomem made their first contribution in #11885
- @TanguyBaudrin made their first contribution in #11750
- @turtleinarock made their first contribution in #11912
- @rpadovani made their first contribution in #11720
- @arylatt made their first contribution in #11899
- @dubwoc made their first contribution in #11933
Docker Container
Original sourcedocker pull authelia/authelia:4.39.20 docker pull ghcr.io/authelia/authelia:4.39.20 - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.19
Authelia fixes oauth2 error messages, issuer domain checks, and healthcheck env timing in 4.39.19.
Bug Fixes
- handlers: oauth2 inconsistent error messages (#11745) (dcae991) by @james-d-elliott
- middlewares: issuer domain suffix check (#11758) (c6c8c0c) by @james-d-elliott
- middlewares: misleading issuer error (#11749) (6ceeb2c) by @james-d-elliott
- server: healthcheck env written late (#11639) (d259426) by @james-d-elliott
New Contributors
- @Phur3ouZ made their first contribution in #11736
- @ishanjain28 made their first contribution in #11757
Docker Container
- docker pull authelia/authelia:4.39.19
- docker pull ghcr.io/authelia/authelia:4.39.19
All of your release notes in one feed
Join Releasebot and get updates from Authelia and hundreds of other software products.
- May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.18
Authelia fixes Duo API calls by removing an incorrect successful response code check.
Bug Fixes
duo: remove incorrect response code check for successful api calls (#11723) (310844b) by @Crowley723
Docker Container
docker pull authelia/authelia:4.39.18
docker pull ghcr.io/authelia/authelia:4.39.18
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.17
Authelia ships bug fixes and refinements across authentication, authorization, handlers, middlewares, NTP, and OIDC, including configurable OIDC rate limits, stricter domain matching, and improved LDAP and cache handling.
Bug Fixes
authentication: cache miss in edge case (#11541) (2df41dd) by @james-d-elliott
authentication: fix ldapv3 version check (#11454) (f24ef6b) by @atoerien
authorization: amr consistency (#11637) (4c92b2a) by @james-d-elliott
handlers: recovered deref panic for otc (#11500) (1cc0d3d) by @james-d-elliott
middlewares: stricter domain matching (#11685) (675d8b7) by @james-d-elliott
ntp: use full precision latency calculation (#11644) (ed4c486) by @james-d-elliott
oidc: configurable rate limits (#11696) (f66d3bb) by @james-d-elliottNew Contributors
@atoerien made their first contribution in #11454
@gardient made their first contribution in #11511
@yarikoptic made their first contribution in #11612
@CarrotManMatt made their first contribution in #11700Docker Container
docker pull authelia/authelia:4.39.17
Original source
docker pull ghcr.io/authelia/authelia:4.39.17 - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.16
Authelia ships a security-focused release with bug fixes across authentication, OIDC, server, middleware, and the web UI. It also improves configuration defaults, Docker dev builds, and path handling while addressing a 2FA enrollment stuck state.
Security Fixes
This release fixes security issues. For more information please see GHSA-gmfg-3v4q-9qr4.
Bug Fixes
- authentication: discovery check too strict (#11350) (5c1633b), closes #10840 by @james-d-elliott
- authentication: excessive filter escape (#11285) (10f7603), closes #11284 by @james-d-elliott
- configuration: max retries default (#11173) (f29bb95) by @james-d-elliott
- disable npm scripts for docker dev build (#11044) (4da3c53) by @Crowley723
- ignore node modules for vite watchers (#11412) (c8070f2) by @Crowley723
- improve root directory finding (#11029) (d4529e3) by @Crowley723
- middlewares: strip path incorrect match criteria (#11402) (75a3b99) by @james-d-elliott
- oidc: jwt profile claims policy hydration (#10663) (24ee120) by @james-d-elliott
- server: sanitise language cookie (#11341) (ed66b2b) by @nightah
- web: ui stuck state enrolling 2fa (#11367) (52f01f2), closes #10859 by @Br1an67
New Contributors
- @kapec94 made their first contribution in #10841
- @n0rad made their first contribution in #10854
- @fortellerq made their first contribution in #11001
- @caiocdcs made their first contribution in #11045
- @spomata made their first contribution in #10999
- @xaabi6 made their first contribution in #11081
- @TheSander562 made their first contribution in #10899
- @moedtm made their first contribution in #10896
- @AlexViridi made their first contribution in #11130
- @tonyaellie made their first contribution in #11187
- @kiaraly made their first contribution in #11176
- @louisonsarlinmagnus made their first contribution in #11210
- @x0k made their first contribution in #11227
- @tomaszduda23 made their first contribution in #11225
- @wischi-chr made their first contribution in #9867
- @FlorianObermayer made their first contribution in #11248
- @andreasbrett made their first contribution in #11257
- @Br1an67 made their first contribution in #11367
- @tkf144 made their first contribution in #11399
Docker Container
docker pull authelia/authelia:4.39.16
docker pull ghcr.io/authelia/authelia:4.39.16
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.15
Authelia fixes LDAP health checks and server authz defaults in 4.39.15.
4.39.15 (2025-11-29)
Bug Fixes
authentication: error determining ldap server health (#10753) (b6e14c7) by @james-d-elliott
configuration: defaults not applied to server authz (#10793) (73bee22) by @james-d-elliott
New Contributors
@rowanarts made their first contribution in #10652
@mayswind made their first contribution in #10723
Docker Container
docker pull authelia/authelia:4.39.15
docker pull ghcr.io/authelia/authelia:4.39.15
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.14
Authelia fixes authentication and expression handling in 4.39.14, resolving LDAP pool deadlocks, referral chasing issues, and shallow value resolution while cleaning up debug logging. The release also includes new contributor first-time contributions and updated Docker images.
4.39.14 (2025-11-09)
Bug Fixes
authentication: ldap pool deadlock (#10527) (279c1be), closes #9936 #10392 by @james-d-elliott
authentication: referrals not chased (#10608) (5ddb457), closes #10569 by @james-d-elliott
authentication: remove singleflight debug logging (#10628) (4c1c6ee) by @Crowley723
expression: shallow value resolution (#10582) (bc0fb6c), closes #10558 by @james-d-elliott
New Contributors
@Allexio made their first contribution in #10615
@sohnemann made their first contribution in #10629
@rachelf42 made their first contribution in #10534
@jagg2 made their first contribution in #10688
Docker Container
docker pull authelia/authelia:4.39.14
docker pull ghcr.io/authelia/authelia:4.39.14
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.13
Authelia fixes basic auth cache multi-flight and a pool deadline logging issue in 4.39.13.
4.39.13 (2025-10-12)
Bug Fixes
authentication: basic auth cache multi-flight (#10522) (e25b66c) by @james-d-elliott
regulation: pool deadline error incorrectly logged (#10521) (4b45d48) by @james-d-elliott
Docker Container
Original sourcedocker pull authelia/authelia:4.39.13 docker pull ghcr.io/authelia/authelia:4.39.13 - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.12
Authelia fixes OAuth2 device code storage constraints in 4.39.12.
4.39.12 (2025-10-08)
Bug Fixes
storage: oauth2 device code constraints (#10484) (26f3b89), closes #10404 by @james-d-elliott
Docker Container
docker pull authelia/authelia:4.39.12
docker pull ghcr.io/authelia/authelia:4.39.12
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.11
Authelia ships 4.39.11 with bug fixes for WebAuthn 2FA redirection, OIDC consent handling, and consent UX.
4.39.11 (2025-10-01)
Bug Fixes
handlers: webauthn experimental 2fa default redirection (#10426) (8c76ea3) by @nightah
oidc: remember consent ignored (#10384) (5cd17eb) by @james-d-elliott
web: consent remember ux (#10347) (e9a4047) by @james-d-elliott
New Contributors
@gene1wood made their first contribution in #10340
Docker Container
docker pull authelia/authelia:4.39.11
docker pull ghcr.io/authelia/authelia:4.39.11
Original source - May 11, 2026
- Date parsed from source:May 11, 2026
- First seen by Releasebot:Apr 15, 2026
- Modified by Releasebot:May 11, 2026
v4.39.10
Authelia fixes the web HTML lang tag in 4.39.10, with Docker images available.
4.39.10 (2025-09-15)
Bug Fixes
web: dynamically set html lang tag (#10297) (a1f594d), closes #8729 by @nightah
New Contributors
@lenzfilipski made their first contribution in #10312
Docker Container
docker pull authelia/authelia:4.39.10
docker pull ghcr.io/authelia/authelia:4.39.10
Original source
This is the end. You've seen all the release notes in this feed!
Curated by the Releasebot team
Releasebot is an aggregator of official release notes from hundreds of software vendors and thousands of sources.
Our editorial process involves the manual review and audit of release notes procured with the help of automated systems.
Similar to Authelia with recent updates:
- Smokeball release notes125 release notes · Latest May 13, 2026
- Cosmolex release notes20 release notes · Latest Jul 30, 2025
- PracticePanther release notes34 release notes · Latest Apr 8, 2026
- Salesforce release notes14 release notes · Latest May 1, 2026
- Microsoft release notes569 release notes · Latest May 28, 2026
- Zoom release notes145 release notes · Latest May 18, 2026