From f9fd1f9a5f7bb4874dd1e569fb90902d4c7f67a8 Mon Sep 17 00:00:00 2001
From: notplants <notplants@commoninternet.net>
Date: Thu, 5 Mar 2026 15:36:50 +0000
Subject: [PATCH 1/2] chore: publish 10.1.5+2025.12.4 release

Intermediate step for upgrading to 2026.2.x.
Bump authentik to 2025.12.4, postgres to 15.17.
---
 compose.outposts.ldap.yml | 2 +-
 compose.yml               | 8 ++++----
 release/10.1.5+2025.12.4  | 2 ++
 3 files changed, 7 insertions(+), 5 deletions(-)
 create mode 100644 release/10.1.5+2025.12.4

diff --git a/compose.outposts.ldap.yml b/compose.outposts.ldap.yml
index a41f072..3eaa8ed 100644
--- a/compose.outposts.ldap.yml
+++ b/compose.outposts.ldap.yml
@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   authentik_ldap:
-      image: ghcr.io/goauthentik/ldap:2025.10.2
+      image: ghcr.io/goauthentik/ldap:2025.12.4
       # Optionally specify which networks the container should be
       # might be needed to reach the core authentik server
       networks:
diff --git a/compose.yml b/compose.yml
index 736dee8..9630c19 100644
--- a/compose.yml
+++ b/compose.yml
@@ -34,7 +34,7 @@ x-env: &env
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2025.10.2
+    image: ghcr.io/goauthentik/server:2025.12.4
     command: server
     depends_on:
       - db
@@ -69,14 +69,14 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=10.1.4+2025.10.2"
+        - "coop-cloud.${STACK_NAME}.version=10.1.5+2025.12.4"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
 
   worker:
-    image: ghcr.io/goauthentik/server:2025.10.2
+    image: ghcr.io/goauthentik/server:2025.12.4
     command: worker
     depends_on:
       - db
@@ -116,7 +116,7 @@ services:
       start_period: 5m
 
   db:
-    image: postgres:15.15
+    image: postgres:15.17
     secrets:
       - db_password
     configs:
diff --git a/release/10.1.5+2025.12.4 b/release/10.1.5+2025.12.4
new file mode 100644
index 0000000..c402348
--- /dev/null
+++ b/release/10.1.5+2025.12.4
@@ -0,0 +1,2 @@
+Intermediate release required before upgrading to 2026.x.
+See: https://docs.goauthentik.io/install-config/upgrade
-- 
2.49.0


From 9d621ed1de4bd57324dce5d8066bcd5be984f1e3 Mon Sep 17 00:00:00 2001
From: notplants <notplants@commoninternet.net>
Date: Thu, 5 Mar 2026 15:37:06 +0000
Subject: [PATCH 2/2] chore: publish 10.2.0+2026.2.1 release

---
 abra.sh                   | 37 ++++++++++++++++++++++++++++++-------
 compose.outposts.ldap.yml |  2 +-
 compose.yml               |  9 ++++++---
 release/10.1.5+2025.12.4  |  3 +--
 release/10.2.0+2026.2.1   |  3 +++
 5 files changed, 41 insertions(+), 13 deletions(-)
 create mode 100644 release/10.2.0+2026.2.1

diff --git a/abra.sh b/abra.sh
index 6a4dedb..9a5e880 100644
--- a/abra.sh
+++ b/abra.sh
@@ -313,14 +313,37 @@ import os
 my_token = '$TOKEN'
 application = '$1'
 icon_path = '$2'
-url = f'https://$DOMAIN/api/v3/core/applications/{application}/set_icon/'
-headers = {'Authorization':f'Bearer {my_token}'}
+base_url = f'https://$DOMAIN/api/v3'
+headers = {'Authorization': f'Bearer {my_token}'}
+
+name_img = os.path.basename(icon_path)
+
+# Upload file via the file management API
 with open(icon_path, 'rb') as img:
-  name_img = os.path.basename(icon_path)
-  files= {'file': (name_img,img,'image/png') }
-  with requests.Session() as s:
-    r = s.post(url,files=files,headers=headers)
-    print(r.status_code)
+  r = requests.post(
+    f'{base_url}/admin/file/',
+    files={'file': (name_img, img, 'image/png')},
+    data={'name': name_img},
+    headers=headers,
+  )
+  if r.status_code == 400 and 'already exists' in r.text:
+    print(f'{name_img} already uploaded')
+  elif r.status_code != 200:
+    print(f'Upload failed: {r.status_code} {r.text}')
+    exit(1)
+  else:
+    print(f'Uploaded {name_img}')
+
+# Set the icon on the application
+r = requests.patch(
+  f'{base_url}/core/applications/{application}/',
+  json={'meta_icon': name_img},
+  headers=headers,
+)
+if r.status_code == 200:
+  print(f'Set icon for {application}')
+else:
+  print(f'Failed to set icon: {r.status_code} {r.text}')
 """
 
 }
diff --git a/compose.outposts.ldap.yml b/compose.outposts.ldap.yml
index 3eaa8ed..b1f61d4 100644
--- a/compose.outposts.ldap.yml
+++ b/compose.outposts.ldap.yml
@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   authentik_ldap:
-      image: ghcr.io/goauthentik/ldap:2025.12.4
+      image: ghcr.io/goauthentik/ldap:2026.2.1
       # Optionally specify which networks the container should be
       # might be needed to reach the core authentik server
       networks:
diff --git a/compose.yml b/compose.yml
index 9630c19..59afc1b 100644
--- a/compose.yml
+++ b/compose.yml
@@ -34,7 +34,7 @@ x-env: &env
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2025.12.4
+    image: ghcr.io/goauthentik/server:2026.2.1
     command: server
     depends_on:
       - db
@@ -45,6 +45,7 @@ services:
       - secret_key
       - email_pass
     volumes:
+      - data:/data
       - media:/media
       - assets:/web/dist/assets
       - templates:/templates
@@ -69,14 +70,14 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions,${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=10.1.5+2025.12.4"
+        - "coop-cloud.${STACK_NAME}.version=10.2.0+2026.2.1"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
 
   worker:
-    image: ghcr.io/goauthentik/server:2025.12.4
+    image: ghcr.io/goauthentik/server:2026.2.1
     command: worker
     depends_on:
       - db
@@ -90,6 +91,7 @@ services:
       - internal
       - proxy
     volumes:
+      - data:/data
       - media:/media
       - /dev/null:/blueprints/default/flow-oobe.yaml
       - templates:/templates
@@ -173,6 +175,7 @@ networks:
   internal:
 
 volumes:
+  data:
   media:
   certs:
   templates:
diff --git a/release/10.1.5+2025.12.4 b/release/10.1.5+2025.12.4
index c402348..c990b4a 100644
--- a/release/10.1.5+2025.12.4
+++ b/release/10.1.5+2025.12.4
@@ -1,2 +1 @@
-Intermediate release required before upgrading to 2026.x.
-See: https://docs.goauthentik.io/install-config/upgrade
+This is an intermediate release (required for migrations) before upgrading to 2026.x.
diff --git a/release/10.2.0+2026.2.1 b/release/10.2.0+2026.2.1
new file mode 100644
index 0000000..0c07073
--- /dev/null
+++ b/release/10.2.0+2026.2.1
@@ -0,0 +1,3 @@
+You must deploy 10.1.5+2025.12.4 first, before deploying this version, if upgrading from 2025.10 or earlier.
+Skipping the intermediate version will cause a migration error (although rolled back safely, no data loss).
+
-- 
2.49.0