There are no breaking changes in 1.39.0.
- Added the ability to set the maximum age for an API key in the Admin panel.
- Added a toggle to the OIDC provider in the Admin panel to disable automatic user creation. When toggled on, users will have to be manually created by an administrator with an email that matches the value provided by the 'email' field in the OIDC payload. The login type of the user must be set to OIDC in order to successfully login.
- Added a logout action to the audit log to track user logouts.
- Removed the hard limit on total number of images in a deployment.
- Fixed an issue where users couldn't install the code-server PWA (Progressive Web App).
- Fixed various paths where API Keys were not being audited.
- Fixed an issue where deleted users were not shown in the audit log.
- Fixed various UI inconsistencies around images and image tags.
- Fixed an issue that could cause the dashboard to unnecessarily re-render multiple times.
- Fixed an issue where exporting audit logs could be vulnerable to a CSV injection.
- Websocket clients are now rejected if they supply an invalid 'sec-websocket-key' header value.