website/docs: add reference to setting in CVE (#13707)

* website/docs: add reference to setting in CVE Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reword Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 17:42:45 +01:00
parent 22fa3a7fba
commit 608f63e9a2
1 changed files with 2 additions and 0 deletions
--- a/website/docs/security/cves/CVE-2025-29928.md
+++ b/website/docs/security/cves/CVE-2025-29928.md
@ -8,6 +8,8 @@ When authentik was configured to use the database for session storage (which is

 This also affects automatic session deletion when a user is set to inactive or a user is deleted.

+The session backend is configured via [this](../../install-config/configuration/configuration.mdx#authentik_session_storage) setting; if this settings isn't set the sessions are stored in the cache (Redis), which is not affected by this.
+
 ### Patches

 authentik 2025.2.3 and 2024.12.4 fix this issue.