This week, Ory marked a major milestone in open source Identity and Access management, releasing Ory Hydra, Kratos, Keto, and Oathkeeper v25.4.0.
These new releases advance open identity infrastructure, offering faster and smarter access capabilities to address modern protocols, including those required by AI.
Unified versioning for predictable upgrades
All Ory projects now follow our new calendar-based versioning scheme (YY.Q.B) by simplifying compatibility tracking and making upgrades more predictable.
Ory Hydra v25.4.0 brings agentic authentication for modern applications and devices
Authentication isn’t just for humans anymore. This release introduces Device Authorization Grant (RFC 8628) and OAuth 2.1 discovery support, bringing first-class authentication to AI agents, IoT devices, and headless clients.
What’s new:
- Device Authorization Grant (Flow) for agentic and device flows
- OAuth 2.1 discovery endpoint for smoother integrations
- Token chain revocation for tighter and more secure access control
- Security fixes (CVE-2025-27144) and performance enhancements
Download Ory Hydra v25.4.0 from GitHub or pull the official Docker image.
Ory Kratos v25.4.0 enhances Passwordless with SMS, Android WebAuthn, and performance
The release delivers updates in user identity with passwordless authentication via SMS, expanded passkey (WebAuthn) support, and enhanced OIDC integration.
What’s new:
- Passwordless login, registration, and recovery via SMS
- Expanded passkey support (including Android origins)
- Improved OIDC stability and new extension points
- Extended observability with event emission and tracing
Download Ory Kratos v25.4.0 from GitHub or pull the official Docker image.
Ory Keto v25.4 adds encrypted pagination tokens and stronger foundations
The release focuses on privacy, cryptographic integrity, and platform resilience. Keto now provides encrypted pagination tokens to protect stateful API interactions and improve data integrity at scale.
What’s new:
- Encrypted pagination tokens for secure state handling
- Go 1.24.4 upgrade with CVE-2025-4673 fix
- Vendored dependencies for reproducible builds
- Enhanced observability via OTLP tracing
Download Ory Keto v25.4.0 from GitHub or pull the official Docker image.
Ory Oathkeeper v25.4.0 brings observability and ecosystem consistency
This release brings improvements to configuration handling, observability, and repo management. It also aligns Oathkeeper with the rest of the Ory ecosystem.
What’s new:
- Monorepo migration and ecosystem standardization
- Vendored
ory/x libraries for dependency consistency
- Improved OTLP tracing and observability defaults
- Modernized release tooling with
goreleaser
Download Ory Oathkeeper v25.4.0 from GitHub or pull the official Docker image.
Ory Elements has gone global
Ory Elements, the frontend building blocks that power Account Experience, now speaks the world’s languages. We’re thrilled to announce that Ory Elements is now available in 83 languages (up from just 9 previously), making modern end user interfaces truly global and accessible by default.
Download the Ory Elements components library from GitHub.
Watch the OSS launch walkthrough webinar
Catch up on everything new in Ory v25.4 including demos, discussions, and live Q&A with the Ory team.
Watch the Ory OSS launch webinar on-demand.
Ory’s modern Identity & Access Management: Open source, open future
At Ory, we believe identity should be open, transparent, and community-driven. That’s why we continue to build in the open — with open standards, world-class engineering, and contributions from thousands of developers worldwide.
With these updates, Ory reaffirms its position as the most widely used open source Customer Identity and Access Management (CIAM) solution on the planet, powering over 1.2 billion identities with its open source ecosystem, and over 1 billion identities through Ory Enterprise License and the Ory Network.
Why Ory Enterprise License matters
Open source releases give you powerful identity infrastructure. However, mission-critical production environments often need continuous security patches, enterprise features that support compliance requirements, and updates that keep pace with your infrastructure demands.
Ory Enterprise License (OEL) provides continuous releases with the latest security patches and advanced enterprise features between open source releases.
For teams running identity infrastructure that needs to stay secure, compliant, and performant at scale, OEL delivers the update cadence and enterprise capabilities that production environments require.
Evaluating Ory for web-scale production? Learn more about OEL.
Questions about the new versioning? Join us in Ory Community Slack or GitHub Discussions.
