Breaking changes ❗
- After upgrade to 1.40.0, workspaces must be rebuilt before they can be used.
- Added logout events to the audit log (previously, users would see deletion of APIKeys, but no explicit logout event).
- Added ability to disable OIDC account auto-creation.
- Organization memberships are shown on the Users page.
- CLI detects when it connects to a v2 Coder instance and warns the user to upgrade their CLI.
Bug fixes 🐛
- Fixed an issue where satellite deployments would proxy Dev URL requests to the main deployment instead of their own configured Dev URL domain.
- Fixed an issue where initial setup would hang when attempting to change the password for admin.
- Fixed an issue where user filter was not being applied and/or incorrectly reporting "no users found" after creating a new user.
- Fixed an issue where coder would unnecessarily create an application token for a user when they authenticated to a DevURL.
- Fixed an issue where the Dashboard would render twice.
- Fixed an issue where deleted users would show up when using a filter in the user list.
- Fixed an issue where "create" audit logs would be emitted when existing users log in over OIDC.
- Fixed an issue where images and tags from a deleted organization would incorrectly be retained in the database.
- Fixed an issue where some audit log diffs showed
[object Object]instead of the changes.
- Fixed an issue where Organization names were incorrectly required to be at least 3 characters.
- Fixed an issue where configuration changes to workspace providers were not being applied to all Coderd replicas.
Security updates 🔐
- Resetting the admin password via 'coderd reset-admin-password' now deletes all existing admin API keys.
- Fixed an issue where cached CVMs would fail to find the correct rootfs for a workspace.
- Added the ability to serve IDEs and Workspace applications from a domain separate from the Coder server. This prevents IDEs and applications from making authenticated requests to the Coder API. This is an administrative setting and enabling it may break existing user bookmarks directly to IDEs and applications, requiring them to re-bookmark.