Beginning with Coder v1.24.0, the Coder CLI is closed-source. The open-source
cdr/coder-cli repo on GitHub will continue to exist, though we will not be
making any further changes to it. We will be publishing a new Go SDK as a
replacement in the near future.
Breaking changes ❗
There are no breaking changes in 1.24.0.
- web: added ability to pull images from private Amazon ECR repositories.
- web: added alert to notify users when workspace disks are full.
- web: added information regarding applications used to the audit log.
- web: updated the in-product changelog to display information for multiple
versions of Coder.
- web: added ability to set the background color for all in-product banners with
a color picker.
- infra: added auto-injection of TLS certificates into workspaces to ensure
secure communication with
- infra: added ability to
specify an affinity rule in the Helm chart
Bug fixes 🐛
- web: fixed rendering issues when using dark theme.
- web: fixed issue with inability to update a registry name or URL.
- web: fixed issue with Coder not displaying an error when there is an issue
during OIDC login.
- web: fixed issue where large outputs would sometimes cause web terminals to
- web: fixed issue with Intercom not loading for hosted beta users.
- web: fixed issue with RStudio not launching.
- web: fixed issue with password max length validation being too narrow for
registries (password length limit for image registries has been updated to 32
- web: fixed issue with incorrect dev URL status indicators
- web: fixed issue with dev URLs sometimes not opening.
- web: fixed issue with the Save Preferences button being permanently
- web: fixed issues with rendering icons in the user interface.
- web: fixed issue with workspace templates sometimes not updating.
- web: fixed issue with workspaces needing to be rebuilt twice after
regenerating an SSH key.
- infra: fixed issue with inability to set
ulimit inside cached CVMs.
- api: removed ability for site managers to create site admins through the API.
Security updates 🔐
- infra: removed dependency on vulnerable
- infra: updated login functionality to always hash passwords on login,
regardless of whether user exists or not, to mitigate timing attacks.
- infra: applied the
Content-Type-Options: nosniff header to
- infra: added
referrer-policy: no-referrer header to responses from Coder
(including satellites) that include static content.
- infra: added expiration date to dev URL cookies.
Known issues 🔧
- web: the service banner (if enabled) reappears for all users, even if they've
previously dismissed it.
- web: using the web terminal in Coder can occasionally result in the connection
being reset and needing to be restarted.
- web: the Switch workspace drop-down menu shows a workspace's status as
Building even though the build process is completed.