Authelia Release Notes
Last updated: Apr 15, 2026
- Apr 12, 2026
- Date parsed from source:Apr 12, 2026
- First seen by Releasebot:Apr 15, 2026
v4.39.19
Authelia fixes OAuth2 error messages, issuer checks and healthcheck env timing in 4.39.19.
Bug Fixes
handlers: oauth2 inconsistent error messages (#11745) (dcae991)
middlewares: issuer domain suffix check (#11758) (c6c8c0c)
middlewares: misleading issuer error (#11749) (6ceeb2c)
server: healthcheck env written late (#11639) (d259426)
Docker Container
docker pull authelia/authelia:4.39.19
docker pull ghcr.io/authelia/authelia:4.39.19
Original source Report a problem - Apr 10, 2026
- Date parsed from source:Apr 10, 2026
- First seen by Releasebot:Apr 15, 2026
v4.39.18
Authelia fixes API success response checks and ships Docker images for 4.39.18.
Bug Fixes
duo: remove incorrect response code check for successful api calls (#11723) (310844b)
Docker Container
docker pull authelia/authelia:4.39.18
docker pull ghcr.io/authelia/authelia:4.39.18
Original source Report a problem All of your release notes in one feed
Join Releasebot and get updates from Authelia and hundreds of other software products.
- Apr 9, 2026
- Date parsed from source:Apr 9, 2026
- First seen by Releasebot:Apr 15, 2026
v4.39.17
Authelia fixes authentication and authorization bugs, tightens domain matching, and adds configurable OIDC rate limits.
Bug Fixes
authentication: cache miss in edge case (#11541) (2df41dd)
authentication: fix ldapv3 version check (#11454) (f24ef6b)
authorization: amr consistency (#11637) (4c92b2a)
handlers: recovered deref panic for otc (#11500) (1cc0d3d)
middlewares: stricter domain matching (#11685) (675d8b7)
ntp: use full precision latency calculation (#11644) (ed4c486)
oidc: configurable rate limits (#11696) (f66d3bb)Docker Container
docker pull authelia/authelia:4.39.17
docker pull ghcr.io/authelia/authelia:4.39.17
Original source Report a problem - Apr 4, 2026
- Date parsed from source:Apr 4, 2026
- First seen by Releasebot:Apr 15, 2026
v4.39.16
Authelia releases security fixes and bug fixes that tighten authentication, configuration, middleware, OIDC, server, and web behavior. It also improves Docker container availability for 4.39.16 images.
Security Fixes
This release fixes security issues. For more information please see GHSA-gmfg-3v4q-9qr4.
Bug Fixes
- authentication: discovery check too strict (#11350) (5c1633b), closes #10840
- authentication: excessive filter escape (#11285) (10f7603), closes #11284
- configuration: max retries default (#11173) (f29bb95)
- disable npm scripts for docker dev build (#11044) (4da3c53)
- ignore node modules for vite watchers (#11412) (c8070f2)
- improve root directory finding (#11029) (d4529e3)
- middlewares: strip path incorrect match criteria (#11402) (75a3b99)
- oidc: jwt profile claims policy hydration (#10663) (24ee120)
- server: sanitise language cookie (#11341) (ed66b2b)
- web: ui stuck state enrolling 2fa (#11367) (52f01f2), closes #10859
Docker Container
docker pull authelia/authelia:4.39.16
docker pull ghcr.io/authelia/authelia:4.39.16
Original source Report a problem - Nov 29, 2025
- Date parsed from source:Nov 29, 2025
- First seen by Releasebot:Apr 15, 2026
v4.39.15
Authelia fixes LDAP server health and server authz default handling in 4.39.15.
4.39.15 (2025-11-29)
Bug Fixes
authentication: error determining ldap server health (#10753) (b6e14c7)
configuration: defaults not applied to server authz (#10793) (73bee22)
Docker Container
Original source Report a problemdocker pull authelia/authelia:4.39.15 docker pull ghcr.io/authelia/authelia:4.39.15 - Nov 9, 2025
- Date parsed from source:Nov 9, 2025
- First seen by Releasebot:Apr 15, 2026
v4.39.14
Authelia fixes LDAP authentication deadlock and referral handling in 4.39.14.
4.39.14 (2025-11-09)
Bug Fixes
authentication: ldap pool deadlock (#10527) (279c1be), closes #9936 #10392
authentication: referrals not chased (#10608) (5ddb457), closes #10569
authentication: remove singleflight debug logging (#10628) (4c1c6ee)
expression: shallow value resolution (#10582) (bc0fb6c), closes #10558
Docker Container
docker pull authelia/authelia:4.39.14
docker pull ghcr.io/authelia/authelia:4.39.14
Original source Report a problem - Oct 12, 2025
- Date parsed from source:Oct 12, 2025
- First seen by Releasebot:Apr 15, 2026
v4.39.13
Authelia fixes basic auth cache multi-flight and a pool deadline logging bug in 4.39.13.
4.39.13 (2025-10-12)
Bug Fixes
- authentication: basic auth cache multi-flight (#10522) (e25b66c)
- regulation: pool deadline error incorrectly logged (#10521) (4b45d48)
Docker Container
Original source Report a problemdocker pull authelia/authelia:4.39.13 docker pull ghcr.io/authelia/authelia:4.39.13 - Oct 8, 2025
- Date parsed from source:Oct 8, 2025
- First seen by Releasebot:Apr 15, 2026
v4.39.12
Authelia fixes OAuth2 device code storage constraints in 4.39.12, improving reliability for container users.
4.39.12 (2025-10-08)
Bug Fixes
storage: oauth2 device code constraints (#10484) (26f3b89), closes #10404
Docker Container
docker pull authelia/authelia:4.39.12
docker pull ghcr.io/authelia/authelia:4.39.12
Original source Report a problem - Oct 1, 2025
- Date parsed from source:Oct 1, 2025
- First seen by Releasebot:Apr 15, 2026
v4.39.11
Authelia fixes WebAuthn, OIDC consent and consent UX issues in 4.39.11.
4.39.11 (2025-10-01)
Bug Fixes
- handlers: webauthn experimental 2fa default redirection (#10426) (8c76ea3)
- oidc: remember consent ignored (#10384) (5cd17eb)
- web: consent remember ux (#10347) (e9a4047)
Docker Container
Original source Report a problemdocker pull authelia/authelia:4.39.11 docker pull ghcr.io/authelia/authelia:4.39.11 - Sep 15, 2025
- Date parsed from source:Sep 15, 2025
- First seen by Releasebot:Apr 15, 2026
v4.39.10
Authelia fixes the web HTML lang tag in 4.39.10, improving language handling for the UI.
4.39.10 (2025-09-15)
Bug Fixes
web: dynamically set html lang tag (#10297) (a1f594d), closes #8729
Docker Container
docker pull authelia/authelia:4.39.10
docker pull ghcr.io/authelia/authelia:4.39.10
Original source Report a problem