Breaking changes ❗
There are no breaking changes in 1.20.0.
- web: Alpha. Added the ability to set a site-wide workspace template policy
at Manage > Admin > Templates > Template Policy. If not set, Coder uses
the provided default.
- web: Added the
annotations fields to
- other: Added a new JSON schema for writing Coder workspace as code templates
with code completion and syntax checking.
- web: Added a service banner that's displayed to all users of the system. The
message can be used with existing messages. It can be dismissed by each user
at any point and will not be shown again until there is a new message.
- web: Added text wrapping to system banners.
- infra: Added a
CODER_RUNTIME environment variable that indicates whether a
workspace is CVM-enabled or not.
- web: Updated UI to display decommissioned workspaces that are awaiting
- web: Added ability to filter the audit log by the auto-off action.
Bug fixes 🐛
- web: Fixed bug causing duplicate fetch requests on page load.
- web: Fixed issue causing private dev URLs to load as blank pages for
unauthorized users (users will now see an error page).
Security updates 🔐
- web: Require administrative permissions to view workspaces belonging to other
users; previously, users could view others' workspace metadata
- web: Added content security policy (CSP) to help protect against cross-site
- web: Added opt-in for HTTP Strict Transport Security. This setting can be
managed at Manage > Admin > Infrastructure > HTTP Strict Transport
- web: Added opt-in for secure cookies. This setting can be managed at
Manage > Admin > Infrastructure > Secure Cookie.
- web: Use strong cryptographic APIs to generate client-side tokens.
- infra: Upgraded control plane containers from Red Hat UBI 8.3 to 8.4, and
switch from ubi to ubi-minimal to reduce image contents.
- infra: Enable read-only root filesystem for control plane containers, by
default. You can override this with the Helm
- web: Resolved CVE-2021-23364 in browserslist.
- web: Resolved CVE-2021-23358 in underscore.
- web: Resolved CVE-2020-7753 in trim.