Ory logo

Ory OSS v25.4.0 launch recap: The future of secure Identity & Access Management

Ory OSS 25.4.0 brings OAuth 2.0 device authorization flow, SMS login, token chain revocation and more — giving developers and IAM builders a solid foundation for IAM.

Secure Identity & Access_ Ory OSS v25.4 icons
Lani Leuthvilay headshot
Lani Leuthvilay

Head of Technical Product Marketing

Authentication
Ory Hydra
Software
Nov 14, 2025

This week, Ory marked a major milestone in open source Identity and Access management, releasing Ory Hydra, Kratos, Keto, and Oathkeeper v25.4.0.

These new releases advance open identity infrastructure, offering faster and smarter access capabilities to address modern protocols, including those required by AI.

Unified versioning for predictable upgrades

All Ory projects now follow our new calendar-based versioning scheme (YY.Q.B) by simplifying compatibility tracking and making upgrades more predictable.

Ory Hydra v25.4.0 brings agentic authentication for modern applications and devices

Authentication isn’t just for humans anymore. This release introduces Device Authorization Grant (RFC 8628) and OAuth 2.1 discovery support, bringing first-class authentication to AI agents, IoT devices, and headless clients.

What’s new:

  • Device Authorization Grant (Flow) for agentic and device flows
  • OAuth 2.1 discovery endpoint for smoother integrations
  • Token chain revocation for tighter and more secure access control
  • Security fixes (CVE-2025-27144) and performance enhancements

Download Ory Hydra v25.4.0 from GitHub or pull the official Docker image.

Ory Kratos v25.4.0 enhances Passwordless with SMS, Android WebAuthn, and performance

The release delivers updates in user identity with passwordless authentication via SMS, expanded passkey (WebAuthn) support, and enhanced OIDC integration.

What’s new:

  • Passwordless login, registration, and recovery via SMS
  • Expanded passkey support (including Android origins)
  • Improved OIDC stability and new extension points
  • Extended observability with event emission and tracing

Download Ory Kratos v25.4.0 from GitHub or pull the official Docker image.

Ory Keto v25.4 adds encrypted pagination tokens and stronger foundations

The release focuses on privacy, cryptographic integrity, and platform resilience. Keto now provides encrypted pagination tokens to protect stateful API interactions and improve data integrity at scale.

What’s new:

  • Encrypted pagination tokens for secure state handling
  • Go 1.24.4 upgrade with CVE-2025-4673 fix
  • Vendored dependencies for reproducible builds
  • Enhanced observability via OTLP tracing

Download Ory Keto v25.4.0 from GitHub or pull the official Docker image.

Ory Oathkeeper v25.4.0 brings observability and ecosystem consistency

This release brings improvements to configuration handling, observability, and repo management. It also aligns Oathkeeper with the rest of the Ory ecosystem.

What’s new:

  • Monorepo migration and ecosystem standardization
  • Vendored ory/x libraries for dependency consistency
  • Improved OTLP tracing and observability defaults
  • Modernized release tooling with goreleaser

Download Ory Oathkeeper v25.4.0 from GitHub or pull the official Docker image.

Ory Elements has gone global

Ory Elements, the frontend building blocks that power Account Experience, now speaks the world’s languages. We’re thrilled to announce that Ory Elements is now available in 83 languages (up from just 9 previously), making modern end user interfaces truly global and accessible by default.

Download the Ory Elements components library from GitHub.

Watch the OSS launch walkthrough webinar

Catch up on everything new in Ory v25.4 including demos, discussions, and live Q&A with the Ory team.

Watch the Ory OSS launch webinar on-demand.

Ory’s modern Identity & Access Management: Open source, open future

At Ory, we believe identity should be open, transparent, and community-driven. That’s why we continue to build in the open — with open standards, world-class engineering, and contributions from thousands of developers worldwide.

With these updates, Ory reaffirms its position as the most widely used open source Customer Identity and Access Management (CIAM) solution on the planet, powering over 1.2 billion identities with its open source ecosystem, and over 1 billion identities through Ory Enterprise License and the Ory Network.

Why Ory Enterprise License matters

Open source releases give you powerful identity infrastructure. However, mission-critical production environments often need continuous security patches, enterprise features that support compliance requirements, and updates that keep pace with your infrastructure demands.

Ory Enterprise License (OEL) provides continuous releases with the latest security patches and advanced enterprise features between open source releases.

For teams running identity infrastructure that needs to stay secure, compliant, and performant at scale, OEL delivers the update cadence and enterprise capabilities that production environments require. Evaluating Ory for web-scale production? Learn more about OEL.

Questions about the new versioning? Join us in Ory Community Slack or GitHub Discussions.

Further reading

3D abstract image
October 27, 2025

The China Hack and the New Front Line: Why Identity is the Only Perimeter Left

Justin Dolly
Justin Dolly

60 Minutes revealed China is targeting small utilities. Learn why stolen login credentials—not firewalls—are the true threat & why your security needs zero-trust identity.

3D abstract image
June 12, 2025

How a redirect broke login with Apple for a full day

Aeneas Rekkas
Aeneas Rekkas

How Apple broke "Sign in with Apple" with an unannounced and silent redirect

<- Back to Blog