1.19.0

Breaking changes ❗

  • infra: Workspace assets created by Coder that were previously located at /opt/coder, such as code-server and coder-cli, have been moved to /var/tmp/coder
  • infra: Workspace templates have been updated from version 0.1 to 0.2. Existing workspaces using version 0.1 templates can be rebuilt, but no new workspaces can be created using the old format.
  • web: The workspace templates Open in Coder embeddable button flow no longer includes a clone step; buttons created from prior versions will still work, but Coder will not clone the project. To automate project cloning, use workspace.configure.start
  • web: The embedded form for workspace templates located at Manage > Admin > Templates no longer uses the following fields: Project Repository URL and Project Git Service

Features ✨

  • web: Introduced resource quotas to organizations. Resource quotas define the maximum resource utilization allowable for each member within an organization for which such quotas are enabled. Modify them at Manage > Organizations > Edit Organization
  • web: Added a reactivation step for returning users that had been marked as dormant. The reactivation step requires the user to agree to use a license seat
  • web: Added an admin setting controlling the maximum dev URL access level across all workspaces within the deployment. Modify the maximum dev URL access level at Manage > Admin > Infrastructure in the card titled Dev URL Access Permissions
  • web: The CVM option will be selected by default when creating a custom environment (if CVMs are enabled at the site level)
  • web: Improved display and support for errors returned by an Identity Provider (IdP) during sign-in
  • infra: Changed permissions of /home/coder/ and subdirectories to 755 in control plane containers to support OpenShift anyuid
  • infra: Workspace builds are now properly validated when setting policy templates
  • code-server: Upgraded code-server to 3.10.1

Bug fixes 🐛

  • web: Fixed issue where the Edit Workspace dialog showed the resource selectors as disabled while still allowing modifications
  • web: Fixed issue where the Edit Workspace dialog displayed resource allocation incorrectly if the workspace was initially built using a template
  • web: Updated validation logic so that workspaces with invalid names can no longer be created
  • web: Fixed issue causing web-based terminals to show two scrollbars and overflowing content when system banners are present
  • infra: Fixed issue causing workspace autostart to stop or fail intermittently
  • web: Fixed issue in the Audit Logs preventing users from clearing the filters
  • web: Added a .csv extension to exported audit logs

Security updates 🔐

  • web: Upgraded version of next to 10.2.0.
  • web: Upgraded and addressed CVE-2021-21306 in marked.
  • web: Upgraded and addressed Fix CVE-2021-23368 in postcss.
  • web: Client secret is now omitted from GET requests to OAuth configurations.
  • web: When authenticating with the CLI, a new API key is always generated.
  • web: Fixed authentication for the watch-update workspace endpoint. This was previously open to any authenticated user
  • web: Fixed issue where audit logs for workspace auto-off was always attributed to the site admin; the audit log has been corrected to display the user owning the workspace.
  • infra: Increased the minimum requirement for inbound and outbound connections to TLS 1.2
  • infra: Added debug logs to show TLS certificates
See an opportunity to improve our docs? Make an edit.