diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index c00de9016..ef4c55843 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2021.4.5
+current_version = 2021.5.1-rc4
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e6cffffd1..966bbd646 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,13 @@
 version: 2
 updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 10
+  assignees:
+  - BeryJu
 - package-ecosystem: gomod
   directory: "/outpost"
   schedule:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bb922e2dd..923edf71a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,36 +3,43 @@ name: authentik-on-release
 on:
   release:
     types: [published, created]
+  push:
+    branches:
+      - version-*
 
 jobs:
   # Build
   build-server:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v1.1.0
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
       - name: Docker Login Registry
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKER_PASSWORD }}
-          password: ${{ secrets.DOCKER_USERNAME }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: prepare ts api client
+        run: |
+          docker run --rm -v $(pwd):/local openapitools/openapi-generator-cli generate -i /local/swagger.yaml -g typescript-fetch -o /local/web/api --additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=authentik-api,npmVersion=1.0.0
       - name: Building Docker Image
         uses: docker/build-push-action@v2
         with:
-          push: true
+          push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik:2021.4.5,
+            beryju/authentik:2021.5.1-rc4,
             beryju/authentik:latest,
-            ghcr.io/goauthentik/server:2021.4.5,
+            ghcr.io/goauthentik/server:2021.5.1-rc4,
             ghcr.io/goauthentik/server:latest
-          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
+          platforms: linux/amd64,linux/arm64,linux/arm/v8
+          context: .
   build-proxy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
           go-version: "^1.15"
@@ -41,32 +48,32 @@ jobs:
           cd outpost
           go get -u github.com/go-swagger/go-swagger/cmd/swagger
           swagger generate client -f ../swagger.yaml -A authentik -t pkg/
-          go build -v .
+          go build -v ./cmd/proxy/server.go
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v1.1.0
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
       - name: Docker Login Registry
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKER_PASSWORD }}
-          password: ${{ secrets.DOCKER_USERNAME }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Building Docker Image
         uses: docker/build-push-action@v2
         with:
-          push: true
+          push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik-proxy:2021.4.5,
+            beryju/authentik-proxy:2021.5.1-rc4,
             beryju/authentik-proxy:latest,
-            ghcr.io/goauthentik/proxy:2021.4.5,
+            ghcr.io/goauthentik/proxy:2021.5.1-rc4,
             ghcr.io/goauthentik/proxy:latest
           context: outpost/
           file: outpost/proxy.Dockerfile
-          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
+          platforms: linux/amd64,linux/arm64,linux/arm/v8
   build-ldap:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
           go-version: "^1.15"
@@ -75,36 +82,37 @@ jobs:
           cd outpost
           go get -u github.com/go-swagger/go-swagger/cmd/swagger
           swagger generate client -f ../swagger.yaml -A authentik -t pkg/
-          go build -v .
+          go build -v ./cmd/ldap/server.go
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v1.1.0
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
       - name: Docker Login Registry
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKER_PASSWORD }}
-          password: ${{ secrets.DOCKER_USERNAME }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Building Docker Image
         uses: docker/build-push-action@v2
         with:
-          push: true
+          push: ${{ github.event_name == 'release' }}
           tags: |
-            beryju/authentik-ldap:2021.4.5,
+            beryju/authentik-ldap:2021.5.1-rc4,
             beryju/authentik-ldap:latest,
-            ghcr.io/goauthentik/ldap:2021.4.5,
+            ghcr.io/goauthentik/ldap:2021.5.1-rc4,
             ghcr.io/goauthentik/ldap:latest
           context: outpost/
           file: outpost/ldap.Dockerfile
-          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
+          platforms: linux/amd64,linux/arm64,linux/arm/v8
   test-release:
+    if: ${{ github.event_name == 'release' }}
     needs:
       - build-server
       - build-proxy
       - build-ldap
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: Run test suite in final docker images
         run: |
           sudo apt-get install -y pwgen
@@ -115,11 +123,12 @@ jobs:
           docker-compose start postgresql redis
           docker-compose run -u root --entrypoint /bin/bash server -c "pip install --no-cache -r requirements-dev.txt && ./manage.py test authentik"
   sentry-release:
+    if: ${{ github.event_name == 'release' }}
     needs:
       - test-release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
       - name: Create a Sentry.io release
         uses: getsentry/action-release@v1
         env:
@@ -128,5 +137,5 @@ jobs:
           SENTRY_PROJECT: authentik
           SENTRY_URL: https://sentry.beryju.org
         with:
-          version: authentik@2021.4.5
+          version: authentik@2021.5.1-rc4
           environment: beryjuorg-prod
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
index 293289567..97e7e9c8c 100644
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@@ -10,7 +10,10 @@ jobs:
     name: Create Release from Tag
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v2
+      - name: prepare ts api client
+        run: |
+          docker run --rm -v $(pwd):/local openapitools/openapi-generator-cli generate -i /local/swagger.yaml -g typescript-fetch -o /local/web/api --additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=authentik-api,npmVersion=1.0.0
       - name: Pre-release test
         run: |
           sudo apt-get install -y pwgen
diff --git a/authentik/__init__.py b/authentik/__init__.py
index e89c3acb0..1346e0231 100644
--- a/authentik/__init__.py
+++ b/authentik/__init__.py
@@ -1,3 +1,3 @@
 """authentik"""
-__version__ = "2021.4.5"
+__version__ = "2021.5.1-rc4"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py
index 13db82c1e..b2813af1f 100644
--- a/authentik/sources/oauth/api/source.py
+++ b/authentik/sources/oauth/api/source.py
@@ -75,6 +75,7 @@ class OAuthSourceSerializer(SourceSerializer):
             "callback_url",
             "type",
         ]
+        extra_kwargs = {"consumer_secret": {"write_only": True}}
 
 
 class OAuthSourceViewSet(ModelViewSet):
diff --git a/authentik/sources/oauth/types/google.py b/authentik/sources/oauth/types/google.py
index ee6bdf63f..28735b635 100644
--- a/authentik/sources/oauth/types/google.py
+++ b/authentik/sources/oauth/types/google.py
@@ -23,7 +23,6 @@ class GoogleOAuth2Callback(OAuthCallback):
         info: dict[str, Any],
     ) -> dict[str, Any]:
         return {
-            "username": info.get("email"),
             "email": info.get("email"),
             "name": info.get("name"),
         }
diff --git a/docker-compose.yml b/docker-compose.yml
index dcabafb97..b0002ad61 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,7 +21,7 @@ services:
     networks:
       - internal
   server:
-    image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.5}
+    image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.5.1-rc4}
     restart: unless-stopped
     command: server
     environment:
@@ -52,7 +52,7 @@ services:
       - "0.0.0.0:9000:9000"
       - "0.0.0.0:9443:9443"
   worker:
-    image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.4.5}
+    image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.5.1-rc4}
     restart: unless-stopped
     command: worker
     networks:
diff --git a/internal/constants/constants.go b/internal/constants/constants.go
index cae501e05..b2cde3bce 100644
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@@ -1,3 +1,3 @@
 package constants
 
-const VERSION = "2021.4.5"
+const VERSION = "2021.5.1-rc4"
diff --git a/outpost/pkg/version.go b/outpost/pkg/version.go
index 3745556ef..83b3293fa 100644
--- a/outpost/pkg/version.go
+++ b/outpost/pkg/version.go
@@ -1,3 +1,3 @@
 package pkg
 
-const VERSION = "2021.4.5"
+const VERSION = "2021.5.1-rc4"
diff --git a/web/nginx.conf b/web/nginx.conf
index 13085576e..ba19b2fdd 100644
--- a/web/nginx.conf
+++ b/web/nginx.conf
@@ -81,7 +81,7 @@ http {
         location /static/ {
             expires 31d;
             add_header Cache-Control "public, no-transform";
-            add_header X-authentik-version "2021.4.5";
+            add_header X-authentik-version "2021.5.1-rc4";
             add_header Vary X-authentik-version;
         }
 
diff --git a/web/src/constants.ts b/web/src/constants.ts
index 601bd2231..e99ecaa83 100644
--- a/web/src/constants.ts
+++ b/web/src/constants.ts
@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2021.4.5";
+export const VERSION = "2021.5.1-rc4";
 export const PAGE_SIZE = 20;
 export const EVENT_REFRESH = "ak-refresh";
 export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle";
diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md
index b08d66766..b975260d1 100644
--- a/website/docs/installation/docker-compose.md
+++ b/website/docs/installation/docker-compose.md
@@ -16,7 +16,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte
 
 To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`
 
-To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.4.5 >> .env`
+To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.5.1-rc4 >> .env`
 
 If this is a fresh authentik install run the following commands to generate a password:
 
diff --git a/website/docs/outposts/manual-deploy-docker-compose.md b/website/docs/outposts/manual-deploy-docker-compose.md
index e46401882..b827b8357 100644
--- a/website/docs/outposts/manual-deploy-docker-compose.md
+++ b/website/docs/outposts/manual-deploy-docker-compose.md
@@ -11,7 +11,7 @@ version: "3.5"
 
 services:
   authentik_proxy:
-    image: beryju/authentik-proxy:2021.4.5
+    image: beryju/authentik-proxy:2021.5.1-rc4
     ports:
       - 4180:4180
       - 4443:4443
diff --git a/website/docs/outposts/manual-deploy-kubernetes.md b/website/docs/outposts/manual-deploy-kubernetes.md
index f265db3b3..3e790ad5f 100644
--- a/website/docs/outposts/manual-deploy-kubernetes.md
+++ b/website/docs/outposts/manual-deploy-kubernetes.md
@@ -14,7 +14,7 @@ metadata:
     app.kubernetes.io/instance: __OUTPOST_NAME__
     app.kubernetes.io/managed-by: goauthentik.io
     app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.4.5
+    app.kubernetes.io/version: 2021.5.1-rc4
   name: authentik-outpost-api
 stringData:
   authentik_host: "__AUTHENTIK_URL__"
@@ -29,7 +29,7 @@ metadata:
     app.kubernetes.io/instance: __OUTPOST_NAME__
     app.kubernetes.io/managed-by: goauthentik.io
     app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.4.5
+    app.kubernetes.io/version: 2021.5.1-rc4
   name: authentik-outpost
 spec:
   ports:
@@ -54,7 +54,7 @@ metadata:
     app.kubernetes.io/instance: __OUTPOST_NAME__
     app.kubernetes.io/managed-by: goauthentik.io
     app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.4.5
+    app.kubernetes.io/version: 2021.5.1-rc4
   name: authentik-outpost
 spec:
   selector:
@@ -62,14 +62,14 @@ spec:
       app.kubernetes.io/instance: __OUTPOST_NAME__
       app.kubernetes.io/managed-by: goauthentik.io
       app.kubernetes.io/name: authentik-proxy
-      app.kubernetes.io/version: 2021.4.5
+      app.kubernetes.io/version: 2021.5.1-rc4
   template:
     metadata:
       labels:
         app.kubernetes.io/instance: __OUTPOST_NAME__
         app.kubernetes.io/managed-by: goauthentik.io
         app.kubernetes.io/name: authentik-proxy
-        app.kubernetes.io/version: 2021.4.5
+        app.kubernetes.io/version: 2021.5.1-rc4
     spec:
       containers:
         - env:
@@ -88,7 +88,7 @@ spec:
               secretKeyRef:
                 key: authentik_host_insecure
                 name: authentik-outpost-api
-        image: beryju/authentik-proxy:2021.4.5
+        image: beryju/authentik-proxy:2021.5.1-rc4
         name: proxy
         ports:
           - containerPort: 4180
@@ -110,7 +110,7 @@ metadata:
     app.kubernetes.io/instance: __OUTPOST_NAME__
     app.kubernetes.io/managed-by: goauthentik.io
     app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.4.5
+    app.kubernetes.io/version: 2021.5.1-rc4
   name: authentik-outpost
 spec:
   rules: