1.24.0

Beginning with Coder v1.24.0, the Coder CLI is closed-source. The open-source cdr/coder-cli repo on GitHub will continue to exist, though we will not be making any further changes to it. We will be publishing a new Go SDK as a replacement in the near future.

Breaking changes ❗

There are no breaking changes in 1.24.0.

Features ✨

  • web: added ability to pull images from private Amazon ECR repositories.
  • web: added alert to notify users when workspace disks are full.
  • web: added information regarding applications used to the audit log.
  • web: updated the in-product changelog to display information for multiple versions of Coder.
  • web: added ability to set the background color for all in-product banners with a color picker.
  • infra: added auto-injection of TLS certificates into workspaces to ensure secure communication with coderd.
  • infra: added ability to specify an affinity rule in the Helm chart for the coderd deployment.

Bug fixes 🐛

  • web: fixed rendering issues when using dark theme.
  • web: fixed issue with inability to update a registry name or URL.
  • web: fixed issue with Coder not displaying an error when there is an issue during OIDC login.
  • web: fixed issue where large outputs would sometimes cause web terminals to disconnect.
  • web: fixed issue with Intercom not loading for hosted beta users.
  • web: fixed issue with RStudio not launching.
  • web: fixed issue with password max length validation being too narrow for registries (password length limit for image registries has been updated to 32 KiB).
  • web: fixed issue with incorrect dev URL status indicators
  • web: fixed issue with dev URLs sometimes not opening.
  • web: fixed issue with the Save Preferences button being permanently disabled.
  • web: fixed issues with rendering icons in the user interface.
  • web: fixed issue with workspace templates sometimes not updating.
  • web: fixed issue with workspaces needing to be rebuilt twice after regenerating an SSH key.
  • infra: fixed issue with inability to set ulimit inside cached CVMs.
  • api: removed ability for site managers to create site admins through the API.

Security updates 🔐

  • infra: removed dependency on vulnerable jwt-go package.
  • infra: updated login functionality to always hash passwords on login, regardless of whether user exists or not, to mitigate timing attacks.
  • infra: applied the Content-Type-Options: nosniff header to envagent and satellite responses.
  • infra: added referrer-policy: no-referrer header to responses from Coder (including satellites) that include static content.
  • infra: added expiration date to dev URL cookies.

Known issues 🔧

  • web: the service banner (if enabled) reappears for all users, even if they've previously dismissed it.
  • web: using the web terminal in Coder can occasionally result in the connection being reset and needing to be restarted.
  • web: the Switch workspace drop-down menu shows a workspace's status as Building even though the build process is completed.
See an opportunity to improve our docs? Make an edit.