chore(security): upgrade to Ory Kratos v26.2.0

azasypkin · azasypkin · commit 6d48a868fd18 · 2026-04-05T17:24:11.000+02:00
diff --git a/components/secutils-docs/docs/project/changelog/2026.md b/components/secutils-docs/docs/project/changelog/2026.md
@@ -84,6 +84,8 @@ Since `1.0.0-beta.1` the project has transitioned to a **mono-repo**. The Web UI
 * **platform:** add `updated_at` field for all user data types ([secutils@beb8ebe](https://github.com/secutils-dev/secutils/commit/beb8ebec49909e0a1e0d7c83d5fed48241457029))
 * **platform:** store global scope value as a user setting ([secutils@8f0b9f4](https://github.com/secutils-dev/secutils/commit/8f0b9f4e84459382b5447b31e7cf9ffb03143389))
 * **platform:** use dedicated "empty state" for the case when no items are visible due to filters ([secutils@2e3b608](https://github.com/secutils-dev/secutils/commit/2e3b60837557436e264f4a25a5c7d0978197be26))
+* **platform:** add support for user API keys ([secutils@64a261b](https://github.com/secutils-dev/secutils/commit/64a261b))
+* **platform:** make top-level sidebar groups collapsible ([secutils@0df267e](https://github.com/secutils-dev/secutils/commit/0df267e))
 
 #### Fixes
 
@@ -92,6 +94,8 @@ Since `1.0.0-beta.1` the project has transitioned to a **mono-repo**. The Web UI
 * **platform:** fix import for responders without history ([secutils@53de317](https://github.com/secutils-dev/secutils/commit/53de3176fe2319c8e89b2c3fea75d3145003d81f))
 * **platform:** fix a typo in the activation email template ([secutils@8b98cf5](https://github.com/secutils-dev/secutils/commit/8b98cf5b5a7bce332025648fff46eb17d333b973))
 * **platform:** disable bulk conflict resolution actions if there are no conflicts selected ([secutils@8c88a5b](https://github.com/secutils-dev/secutils/commit/8c88a5bd20620e1e11e0887ba4c1bd51a199a32a))
+* **platform:** properly strip responder sub-domain prefixes during import when necessary ([secutils@1afd567](https://github.com/secutils-dev/secutils/commit/1afd567))
+* **platform:** consistently handle expired session ([secutils@50b8ea1](https://github.com/secutils-dev/secutils/commit/50b8ea1))
 
 ### UI Improvements
 
@@ -106,6 +110,10 @@ Since `1.0.0-beta.1` the project has transitioned to a **mono-repo**. The Web UI
 * **ui:** add context menu item to copy entity ID ([secutils@788ccf0](https://github.com/secutils-dev/secutils/commit/788ccf035da890d48a35aeab983826d059594583))
 * **ui:** add support for example scripts in the script editor ([secutils@960b524](https://github.com/secutils-dev/secutils/commit/960b524f10c7bd05dc678a5509d7f7a31e73bb26))
 * **ui:** make home/welcome page more useful with recent items and summary ([secutils@5a01c23](https://github.com/secutils-dev/secutils/commit/5a01c239d765a5c7369d6c3f5c99b65051a5401f), [secutils@593ddec](https://github.com/secutils-dev/secutils/commit/593ddecdea00db660066588a93f98c17fc18176d))
+* **ui:** add support for default "system" color mode ([secutils@b3398db](https://github.com/secutils-dev/secutils/commit/b3398db))
+* **ui:** support Cmd/Ctrl-K to open workspace search ([secutils@fdeff0c](https://github.com/secutils-dev/secutils/commit/fdeff0c))
+* **ui:** add sidebar icons for utilities and flatten CSP utility group ([secutils@4775932](https://github.com/secutils-dev/secutils/commit/4775932))
+* **ui:** move tags, secrets and scripts management from settings to workspace ([secutils@97ed43d](https://github.com/secutils-dev/secutils/commit/97ed43d))
 
 #### Fixes
 
@@ -154,7 +162,9 @@ Since `1.0.0-beta.1` the project has transitioned to a **mono-repo**. The Web UI
 * **api:** switch to `tracing` crate for structured logging ([secutils@3b8655c](https://github.com/secutils-dev/secutils/commit/3b8655c28b454f61259de65d9b85b3d099170410))
 * **api:** migrate from unmaintained `trust_dns_resolver` to `hickory_resolver` ([secutils@2770170](https://github.com/secutils-dev/secutils/commit/277017036bbc75728add07d225e3c95e27268a0c))
 * **api:** switch to Debian distroless runtime image ([secutils@87f945e](https://github.com/secutils-dev/secutils/commit/87f945ed3aaea57aa9590e6ae82411a8d9632b21))
-* **security:** upgrade to Ory Kratos `1.2.0` ([secutils@1227b81](https://github.com/secutils-dev/secutils/commit/1227b8195ddbc8ae5eb99e70dc80d2b2d681af5f)), `1.3.0` ([secutils@17f70d4](https://github.com/secutils-dev/secutils/commit/17f70d4f8e4875fd069cb55bb44098bf431707ce)), and `v25.4.0` ([secutils@a239293](https://github.com/secutils-dev/secutils/commit/a2392935483f3793e066fdc7a463bd5fd6be2547))
+* **security:** upgrade to Ory Kratos `1.2.0` ([secutils@1227b81](https://github.com/secutils-dev/secutils/commit/1227b8195ddbc8ae5eb99e70dc80d2b2d681af5f)), `1.3.0` ([secutils@17f70d4](https://github.com/secutils-dev/secutils/commit/17f70d4f8e4875fd069cb55bb44098bf431707ce)), `v25.4.0` ([secutils@a239293](https://github.com/secutils-dev/secutils/commit/a2392935483f3793e066fdc7a463bd5fd6be2547)), and `v26.2.0`
+* **api:** switch to `jemalloc` memory allocator ([secutils@398a2fb](https://github.com/secutils-dev/secutils/commit/398a2fb))
+* **api:** improve DB connection reliability and include DB status in API status ([secutils@0586ac2](https://github.com/secutils-dev/secutils/commit/0586ac2))
 * **build:** introduce E2E test infrastructure with Playwright and Docker Compose ([secutils@663ad4c](https://github.com/secutils-dev/secutils/commit/663ad4ca0357c77efc8d88a4ad16b9522f8d358d))
 * **build:** add commands to deploy components to private Docker registry ([secutils@dd62fd0](https://github.com/secutils-dev/secutils/commit/dd62fd0ac534860f17da1d7b6073cbc548b43f99))
 * **build:** self-host Google fonts ([secutils@c6208be](https://github.com/secutils-dev/secutils/commit/c6208be721ba74c81c305665824c605727a740c4))
diff --git a/components/secutils-webui/package-lock.json b/components/secutils-webui/package-lock.json
diff --git a/components/secutils-webui/package.json b/components/secutils-webui/package.json
@@ -44,7 +44,7 @@
     "@emotion/css": "^11.13.5",
     "@emotion/react": "^11.14.0",
     "@monaco-editor/react": "^4.7.0",
-    "@ory/kratos-client-fetch": "^25.4.0",
+    "@ory/kratos-client-fetch": "^26.2.0",
     "@peculiar/x509": "^1.14.3",
     "moment": "^2.30.1",
     "monaco-editor": "^0.55.1",
diff --git a/dev/docker/docker-compose.yml b/dev/docker/docker-compose.yml
@@ -36,7 +36,7 @@ services:
       retries: 5
 
   kratos_migrate:
-    image: oryd/kratos:v25.4.0
+    image: oryd/kratos:v26.2.0
     depends_on:
       secutils_db:
         condition: service_healthy
@@ -50,7 +50,7 @@ services:
       - net
 
   kratos:
-    image: oryd/kratos:v25.4.0
+    image: oryd/kratos:v26.2.0
     environment:
       - SECRETS_COOKIE=${SECRETS_COOKIE:-some_very_very_secure_cookie_key}
       - SECRETS_CIPHER=${SECRETS_CIPHER:-some_very_very_secure_cipher_key}
diff --git a/dev/docker/kratos-e2e.toml b/dev/docker/kratos-e2e.toml
@@ -1,6 +1,6 @@
 # Kratos configuration for e2e testing (all services running inside Docker).
 # See the full config at https://www.ory.sh/docs/kratos/reference/configuration
-version = "v25.4.0"
+version = "v26.2.0"
 
 dsn = "postgres://postgres@secutils_db:5432/secutils?sslmode=disable&max_conns=20&max_idle_conns=4&search_path=kratos,public"
 
diff --git a/dev/docker/kratos.toml b/dev/docker/kratos.toml
@@ -1,5 +1,5 @@
 # See the full config at https://www.ory.sh/docs/kratos/reference/configuration
-version = "v25.4.0"
+version = "v26.2.0"
 
 dsn = "postgres://postgres@secutils_db:5432/secutils?sslmode=disable&max_conns=20&max_idle_conns=4&search_path=kratos,public"
 
