These notes cover changes specific to PhotoPrism® Portal, the central server that authenticates users and manages multiple PhotoPrism instances as a cluster. Portal images are published as photoprism/portal; pull a specific build with its 1.YYMM.DD tag or use latest.
Build 1.2607.02 (July 2, 2026)
This release improves cluster account administration: session records now display the creation date in the admin interface, Portal admins can disable two-factor authentication for instance accounts, and the built-in super-admin controls are locked against accidental changes. It also updates the default database to MariaDB 12.3 (LTS).
What’s new?
- Auth: Fixed session timestamps so the admin UI shows the session creation date and empty login times are stored as
NULLunder strict SQL modes - Cluster: Added the option for Portal admins to disable two-factor authentication (2FA) for instance accounts
- Security: Hardened the built-in super-admin controls in the account edit dialog and strengthened form gating when adding accounts
- Database: Upgraded the default database to MariaDB 12.3 (LTS) instead of 11.8
Build 1.2606.27 (June 27, 2026)
This release lets you control how the Portal re-authenticates users against an upstream identity provider, so a rejected user or someone switching accounts can pick a different account instead of being silently signed back in. Authentication messages now also follow the interface language.
What’s new?
- Auth: Added a configurable OpenID Connect authorization prompt for re-authentication and account selection
- Auth: Improved login, session, and OIDC error messages to appear in the current interface language
The new PHOTOPRISM_OIDC_PROMPT option is set on the Portal (the Relying Party to your identity provider). Use select_account together with single sign-out so a user is shown the account chooser instead of being re-admitted with the previous session.
Build 1.2606.26 (June 26, 2026)
This release hardens cluster sign-in and account management.
What’s new?
- Auth: Hardened OpenID Connect sign-in by sending and validating a nonce on authorization requests
- Users: Added a safeguard that prevents a non-super-admin administrator from locking out the super admin
- Reliability: Fixed a frontend production-bundle regression that could break option lists
Build 1.2606.24 (June 24, 2026)
This release adds RP-initiated single sign-out, so signing out of the cluster also ends the upstream provider session instead of leaving it active for silent re-admission.
What’s new?
- Auth: Added RP-initiated OpenID Connect logout via
PHOTOPRISM_OIDC_LOGOUT - Auth: Hardened cluster sign-out to delegate to the Portal end-session endpoint so the chain reaches the upstream provider
- ACL: Improved CLI role and auth-provider help by generating it from the cluster role tables
Enabling single sign-out requires registering the post-logout redirect URI(s) on your identity-provider client, otherwise the provider rejects the logout. See the Config Options reference for details.