From 8c28a827209e6f3cd13a76a1d3a872ce76acdd47 Mon Sep 17 00:00:00 2001
From: adamwalach <8530211+adamwalach@users.noreply.github.com>
Date: Mon, 27 Apr 2026 07:12:27 +0000
Subject: [PATCH] chore(docs): update of OEL changelog

---
 .../self-hosted/oel/keto/changelog/v26.2.7.md |  1 +
 .../oel/kratos/changelog/v26.2.7.md           | 24 +++++++++++++++++++
 .../oel/oathkeeper/changelog/v26.2.7.md       |  1 +
 .../oel/oauth2/changelog/v26.2.7.md           |  1 +
 .../oel/polis/changelog/v26.2.7.md            |  1 +
 5 files changed, 28 insertions(+)
 create mode 100644 docs/self-hosted/oel/keto/changelog/v26.2.7.md
 create mode 100644 docs/self-hosted/oel/kratos/changelog/v26.2.7.md
 create mode 100644 docs/self-hosted/oel/oathkeeper/changelog/v26.2.7.md
 create mode 100644 docs/self-hosted/oel/oauth2/changelog/v26.2.7.md
 create mode 100644 docs/self-hosted/oel/polis/changelog/v26.2.7.md

diff --git a/docs/self-hosted/oel/keto/changelog/v26.2.7.md b/docs/self-hosted/oel/keto/changelog/v26.2.7.md
new file mode 100644
index 000000000..af4c0f7cd
--- /dev/null
+++ b/docs/self-hosted/oel/keto/changelog/v26.2.7.md
@@ -0,0 +1 @@
+No changelog entries found for keto/oel in versions v26.2.7
diff --git a/docs/self-hosted/oel/kratos/changelog/v26.2.7.md b/docs/self-hosted/oel/kratos/changelog/v26.2.7.md
new file mode 100644
index 000000000..510e00831
--- /dev/null
+++ b/docs/self-hosted/oel/kratos/changelog/v26.2.7.md
@@ -0,0 +1,24 @@
+## v26.2.7
+
+### Add `security.disallow_ref_in_identity_schemas` to lock down schema loading
+
+Introduces an opt-in config flag, `security.disallow_ref_in_identity_schemas` (default `false`), intended for multi-tenant
+deployments where identity-schema URLs come from untrusted operators.
+
+When enabled, `$ref` URLs inside identity schemas may no longer resolve to `file://`, `http://`, or `https://`. This blocks
+server-side file reads and request forgery attempts via malicious identity schemas. Internal JSON-pointer refs
+(`#/definitions/...`) and self-contained `base64://` refs remain allowed. Operator-configured top-level schema URLs are
+unaffected.
+
+Ory Network forces the flag on. Existing self-hosted deployments keep their current behavior unless they explicitly opt in.
+
+### Support for required traits during OIDC on native applications
+
+On native applications, Kratos now supports asking the user to supply additional traits during the registration flow, if the
+traits are required by the identity schema, but not supplied by the OIDC mapper.
+
+Additionally, you can use the
+[`updateRegistrationFlow`](https://www.ory.com/docs/reference/api#tag/frontend/operation/updateRegistrationFlow) to supply traits
+to be merged with the OIDC mapper data.
+
+This aligns the functionality with the browser version of the registration flow.
diff --git a/docs/self-hosted/oel/oathkeeper/changelog/v26.2.7.md b/docs/self-hosted/oel/oathkeeper/changelog/v26.2.7.md
new file mode 100644
index 000000000..ce3a00d97
--- /dev/null
+++ b/docs/self-hosted/oel/oathkeeper/changelog/v26.2.7.md
@@ -0,0 +1 @@
+No changelog entries found for oathkeeper/oel in versions v26.2.7
diff --git a/docs/self-hosted/oel/oauth2/changelog/v26.2.7.md b/docs/self-hosted/oel/oauth2/changelog/v26.2.7.md
new file mode 100644
index 000000000..a750d0d03
--- /dev/null
+++ b/docs/self-hosted/oel/oauth2/changelog/v26.2.7.md
@@ -0,0 +1 @@
+No changelog entries found for hydra/oel in versions v26.2.7
diff --git a/docs/self-hosted/oel/polis/changelog/v26.2.7.md b/docs/self-hosted/oel/polis/changelog/v26.2.7.md
new file mode 100644
index 000000000..16ab0256e
--- /dev/null
+++ b/docs/self-hosted/oel/polis/changelog/v26.2.7.md
@@ -0,0 +1 @@
+No changelog entries found for polis/oel in versions v26.2.7