chore(docs): update of OEL changelog

[ory-bot]

Update OEL changelog

Summary by CodeRabbit

• New Features

  • Admin endpoints now include metadata_admin in expanded identity responses
  • New oauth2.preserve_ext_claims configuration option for custom claims handling
  • Admin identity endpoints support importing credentials for all types

• Bug Fixes

  • Fixed unnecessary reauthentication when editing non-privileged identity traits

• Performance

  • Improved identity credential lookup with in-memory caching at startup

• Chores

  • Helm chart repository URL migrated from k8s.ory.sh to k8s.ory.com

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds changelog documentation for release v26.2.4 across five Ory projects (Keto, Kratos, Oathkeeper, OAuth2, and Polis), documenting a Helm chart repository URL migration from k8s.ory.sh to k8s.ory.com, along with project-specific feature updates and bug fixes.

Changes

Cohort / File(s)

Summary

Version v26.2.4 Changelog Entries docs/self-hosted/oel/keto/changelog/v26.2.4.md, docs/self-hosted/oel/kratos/changelog/v26.2.4.md, docs/self-hosted/oel/oathkeeper/changelog/v26.2.4.md, docs/self-hosted/oel/oauth2/changelog/v26.2.4.md, docs/self-hosted/oel/polis/changelog/v26.2.4.md

Added changelog entries documenting the Helm chart repository URL migration to k8s.ory.com with temporary redirects. Kratos includes additional fixes: reauthentication behavior for non-privileged trait edits, credential lookup performance caching, admin session metadata expansion, and credential import support across all types. OAuth2 introduces oauth2.preserve_ext_claims configuration option. Polis has no entries for this release.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change—updating OEL changelog files for version 26.2.4 across multiple products.
Description check	✅ Passed	The description is minimal but appropriate for a documentation-only PR. It matches the template structure and clearly states the purpose, though it omits non-critical sections like checklist items and further comments.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch oel-changelog-update

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/self-hosted/oel/kratos/changelog/v26.2.4.md`:
- Around line 18-19: Change the phrase "from a time where these UUIDs were
dynamic" to "from a time when these UUIDs were dynamic" in the changelog
sentence that mentions the `identity_credential_types` table and non-standard
UUIDs so the grammar reads correctly.
- Around line 28-30: The three example endpoints show inconsistent query
parameter casing: update the second endpoint `GET
/admin/sessions/{id}?expand=Identity` to use the same lowercase parameter as the
others (`expand=identity`) so all examples (`GET
/admin/sessions?expand=identity`, `GET /admin/sessions/{id}?expand=identity`,
`GET /admin/identities/{id}/sessions`) are consistent and copy/paste-safe.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 77cc614c-79b5-4811-a68b-56b6d30e44d3

📥 Commits

Reviewing files that changed from the base of the PR and between 86f766a and e51e325.

📒 Files selected for processing (5)

• docs/self-hosted/oel/keto/changelog/v26.2.4.md
• docs/self-hosted/oel/kratos/changelog/v26.2.4.md
• docs/self-hosted/oel/oathkeeper/changelog/v26.2.4.md
• docs/self-hosted/oel/oauth2/changelog/v26.2.4.md
• docs/self-hosted/oel/polis/changelog/v26.2.4.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Grammar tweak: use “when” instead of “where”.
“from a time where these UUIDs were dynamic” reads awkwardly in docs; “when” is the correct form.

Suggested patch

-This also works for self-hosted installations that have non-standard UUIDs in the `identity_credential_types` table, from a time
-where these UUIDs were dynamic (they now are constants).
+This also works for self-hosted installations that have non-standard UUIDs in the `identity_credential_types` table, from a time
+when these UUIDs were dynamic (they now are constants).

🧰 Tools

🪛 LanguageTool

[grammar] ~18-~18: Ensure spelling is correct
Context: ...ity_credential_types` table, from a time where these UUIDs were dynamic (they now are ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/self-hosted/oel/kratos/changelog/v26.2.4.md` around lines 18 - 19,
Change the phrase "from a time where these UUIDs were dynamic" to "from a time
when these UUIDs were dynamic" in the changelog sentence that mentions the
`identity_credential_types` table and non-standard UUIDs so the grammar reads
correctly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix query parameter casing for consistency (expand=Identity vs expand=identity).
Line 29 uses expand=Identity while Line 28 uses expand=identity; this likely confuses copy/paste usage and should be standardized.

Suggested patch

-- `GET /admin/sessions/{id}?expand=Identity`
+- `GET /admin/sessions/{id}?expand=identity`

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/self-hosted/oel/kratos/changelog/v26.2.4.md` around lines 28 - 30, The
three example endpoints show inconsistent query parameter casing: update the
second endpoint `GET /admin/sessions/{id}?expand=Identity` to use the same
lowercase parameter as the others (`expand=identity`) so all examples (`GET
/admin/sessions?expand=identity`, `GET /admin/sessions/{id}?expand=identity`,
`GET /admin/identities/{id}/sessions`) are consistent and copy/paste-safe.