From 4a12a57c5f0ba8cc4763e1d5b51e698131937cf8 Mon Sep 17 00:00:00 2001
From: "Jens L." <jens@goauthentik.io>
Date: Fri, 28 Mar 2025 14:49:35 +0100
Subject: [PATCH] website/docs: update release notes for 2024.12 and 2025.2
 (#13702)

* website/docs: update release notes for 2025.2 and 2024.12

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update v2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 website/docs/releases/2024/v2024.12.md |  7 +++++++
 website/docs/releases/2025/v2025.2.md  | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/website/docs/releases/2024/v2024.12.md b/website/docs/releases/2024/v2024.12.md
index a5929c67e0..5ee375cc76 100644
--- a/website/docs/releases/2024/v2024.12.md
+++ b/website/docs/releases/2024/v2024.12.md
@@ -184,6 +184,13 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.12
 - sources: allow uuid or slug to be used for retrieving a source (#12772)
 - stages/redirect: fix query parameter when redirecting to flow (cherry-pick #12750) (#12752)
 
+## Fixed in 2024.12.4
+
+- core: fix generic sources not being fetchable by pk (#12896)
+- core: fix non-exploitable open redirect (#13696)
+- flows: fix inspector permission check (#12907)
+- security: fix CVE-2025-29928 (cherry-pick #13695) (#13701)
+
 ## API Changes
 
 #### What's New
diff --git a/website/docs/releases/2025/v2025.2.md b/website/docs/releases/2025/v2025.2.md
index 8168d0ed0e..c53974a858 100644
--- a/website/docs/releases/2025/v2025.2.md
+++ b/website/docs/releases/2025/v2025.2.md
@@ -185,6 +185,17 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.2
 - web/user: ensure modal container on user-settings page is min-height: 100% (cherry-pick #13402) (#13413)
 - web/user: show admin interface button on mobile (cherry-pick #13421) (#13518)
 
+## Fixed in 2025.2.3
+
+- admin: fix system API when using bearer token (cherry-pick #13651) (#13654)
+- core: fix core/user is_superuser filter (cherry-pick #13693) (#13694)
+- core: fix non-exploitable open redirect, reported by [@dominic-r](https://github.com/dominic-r) (cherry-pick #13696) (#13698)
+- outposts/ldap: fix paginator going into infinite loop (cherry-pick #13677) (#13679)
+- security: fix CVE-2025-29928 (cherry-pick #13695) (#13700)
+- stages/email: Clean newline characters in TemplateEmailMessage (cherry-pick #13666) (#13667)
+- stages/identification: refresh captcha on failure (cherry-pick #13697) (#13699)
+- web/admin: reworked sync status card (cherry-pick #13625) (#13692)
+
 ## API Changes
 
 #### What's New