v4.39.2
4.39.2 (2025-05-10)
Important Note: The v4.39.2 release inadvertently removed the legacy OpenID Connect 1.0 endpoints which have not been documented in the last 3 years either at the discovery document or on the website. While these changes were technically unintentional right at this moment they were going to be hard removed at some point before we graduated OpenID Connect 1.0 out of a experimental/beta state, as such we're going to leave them as is. Users should refer to our documentation as well as their instances discovery endpoints to obtain the correct URLs.
Bug Fixes
- commands: incorrect flag mapping (#9292) (6b358ef)
- configuration: missing oidc alg validations (#9267) (694cf9e)
- configuration: yescrypt not configurable (#9241) (0f6c1dc)
- oidc: consent semantics not enforced (#9331) (04c27fe)
- oidc: consent subject binding too early (#9302) (3ebed86)
- oidc: device authorization flow (#9429) (f6001ff)
- oidc: ensure stateful userinfo token use (#9385) (9b2de99), closes #9382
- oidc: include missing id token claims in implicit flow (#9238) (1313776)
- oidc: missing device code handlers (#9265) (b0cf8c5)
- oidc: missing grant handlers (#9272) (25f79d0)
- webauthn: metadata errors too vague (#9012) (1eaf858)
- webauthn: passkey compliance workaround (#9278) (0a3e633), closes #9094
- web: differing password ux (#9243) (aef2966)
- web: display name is mislabeled as username (#9108) (b05026c)
- web: unified peek button for password fields (#9311) (ec34a3f)
Performance Improvements
Docker Container
docker pull authelia/authelia:4.39.2
docker pull ghcr.io/authelia/authelia:4.39.2