Changelog

Bug fixes

• Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19218, 079328d)

  ⚠ Resolves CVE-2025-47907, details can be found here in golang/go. Additionally, see our blog about this vulnerability.

Compare: v2.25.0...v2.25.1

Container image

• docker pull ghcr.io/coder/coder:v2.25.1

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Stable (since August 07, 2025)

Changelog

Bug fixes

• Pin Nix version to 2.28.4 to avoid JSON type error (#19223, 9df4992)
• Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19219, 7f6cefd)

  ⚠ Resolves CVE-2025-47907, details can be found here in golang/go. Additionally, see our blog about this vulnerability.

• Use system context for querying workspaces when deleting users (#19211) (#19227, c219a9a)
• Backport coder desktop + corporate vpn fixes for 2.24 (#19177, bc502b5)

Chores

• Publish CLI binaries and detached signatures to releases.coder.com (#18901, 3e0645c)
• Database: Optimize AuditLogs queries (#19193, 5ff7496) (@kacpersaw)

Compare: v2.24.2...v2.24.3

Container image

• docker pull ghcr.io/coder/coder:v2.24.3

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Stable (since August 07, 2025)

Changelog

• Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19219, 7f6cefd)

  ⚠ Resolves CVE-2025-47907, details can be found here in golang/go. Additionally, see our blog about this vulnerability.

• Publish CLI binaries and detached signatures to releases.coder.com (#18901, 3e0645c)

Compare: v2.23.4...v2.23.5

Container image

• docker pull ghcr.io/coder/coder:v2.23.5

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

BREAKING CHANGES

• Route connection logs to Connection log instead of Audit log (#18340, 08e17a0) (@ethanndickson)

  Connections to workspaces (via SSH, workspace apps, or browser port-forwarding) will no longer create entries in the audit log. Those events will now be included in the 'Connection Log'.
  Please see the 'Connection Log' page in the dashboard, and the Connection Log documentation for details. Those with permission to view the Audit Log will also be able to view the Connection Log. The new Connection Log has the same licensing restrictions as the Audit Log, and requires a Premium Coder deployment.

• Delete old connection events from audit log (#18735, f42de9f) (@ethanndickson)

  With new connection events appearing in the Connection Log, connection events older than 90 days will now be deleted from the Audit Log. If you require this legacy data, we recommend querying it from the REST API or making a backup of the database/these events before upgrading your Coder deployment. Please see the PR for details on what exactly will be deleted.
  Note: There are currently no plans to delete connection events from the Connection Log.

• Add ability to cancel pending workspace build (#18713, 8202514) (@kacpersaw)

  CancelWorkspaceBuild method in codersdk now accepts an optional request parameter.

• Use devcontainer ID when rebuilding a devcontainer (#18604, f2d229e) (@DanielleMaywood)

  Minor breaking change for workspaces enabled by our devcontainer integration.
  Allows rebuilding a devcontainer without a valid devcontainer ID.

• CLI: Add CLI support for creating workspace with presets (#18912, b975d6d) (@ssncferreira)

  This breaking change impacts the coder create CLI command only for templates which contain presets.

  It introduces a --preset flag to the create command, which modifies the behavior when no preset is explicitly provided:

  • If the template includes presets and a default preset, the default will be automatically applied. The user will be notified, but not prompted.
  • If the template includes presets without a default, the user will be prompted to choose a preset.

  This breaks existing workflows for templates with presets that:

  • Expect the create command to proceed without applying a preset
  • Rely on non-interactive scripts or automated workflows, which will now fail or hang due to unexpected prompts

Features

• Dynamic Parameters is now generally available:

  

  • Remove beta labels for dynamic parameters (#18976, d7b1253) (@jaaydenh)
  • Allow new immutable parameters for existing workspaces (#18579, e396b06) (@Emyrk)
  • Allow masking workspace parameter inputs (#18595, 0b82f41) (@aslilac)
  • Support dynamic parameters on create template request (#18636, 4072d22) (@Emyrk)
  • Display descriptions in multi-select component (#18730, 61b6562) (@jaaydenh)
  • Add search to parameter dropdowns (#18729, 52c4b61) (@aslilac)
  • Include template variables in dynamic parameter rendering (#18819, aedc019) (@Emyrk)
  • Improve workspace upgrade flow when template parameters change (#18917, 19afeda) (@aslilac)
  • Make dynamic parameters opt-in by default for new templates (#19006, 1320b8d) (@jaaydenh)
• Coder may now be used as an OAuth2 provider (experimental):
  • Add authorization server metadata endpoint, PKCE support (#18548, 6f2834f) (@ThomasK33)
  • Add RFC 8707 resource indicators, audience validation (#18575, f0c9c4d) (@ThomasK33)
  • Add protected resource metadata endpoint for RFC 9728 (#18643, 33bbf18) (@ThomasK33)
  • Implement OAuth2 dynamic client registration (RFC 7591/7592) (#18645, 74e1d5c) (@ThomasK33)
  • Add experimental OAuth2 provider functionality (#18692, 1555154) (@ThomasK33)
  • Implement RFC 6750 Bearer token authentication (#18644, 09c5055) (@ThomasK33)
  • Add RFC 9728 OAuth2 resource metadata support (#18920, 071383b) (@ThomasK33)
• The external Coder MCP server is now available as an experiment:

  Use any agent to create coder workspaces.

  • Implement MCP HTTP server endpoint with authentication (#18670, 494dccc) (@ThomasK33)
  • Add MCP HTTP server experiment and improve experiment middleware (#18712, 7fbb3ce) (@ThomasK33)
  • Add workspace SSH execution tool for AI SDK (#18924, 326c024) (@ThomasK33)
  • SDK: Add MCP workspace bash background parameter (#19034, b666d52) (@hugodutka)
• Added new connection logs as a separate entity from audit logs

  

  • Dashboard: Add connection log page (#18708, b5260d5) (@ethanndickson)
  • Add connectionlogs API (#18628, 7a339a1) (@ethanndickson)
• Improvements to Coder Tasks:

  

  • Add task link in the workspace page when it is running a task (#18591, 2d44add) (@BrunoQuaresma)
  • Redirect to the task page after creation (#18626, 29ef3a8) (@BrunoQuaresma)
  • Make task panels resizable (#18590, 8eebb4f) (@BrunoQuaresma)
  • Add preset selector in TasksPage (#19012, 9a05a8a) (@johnstcn)
• Improvements to our Devcontainers integration:
  • Agent: Automaticall detect dev containers (#18950, f41275e) (@DanielleMaywood)
  • Agent: Allow auto start for discovered containers (#19040, 66cf90c) (@DanielleMaywood)
  • CLI: Improve devcontainer support for coder show (#18793, 5f50dcc) (@mafredri)
  • CLI: Replace open vscode container with devcontainer subagent (#18765, 6c4db7a) (@mafredri)
  • Install dotfiles if present (#18606, 872aef3) (@mafredri)
• Administrators can now track usage of agentic AI workspaces:

  Premium licensed customers have a default of 800 agentic workspaces per user. This limit will likely never be hit.

  • Add managed_agent_limit licensing feature (#18876, 183a6eb) (@deansheather)
  • Add managed ai usage consumption to license view (#18934, 36d2e01) (@ibetitsmike)
• Allow users to pause prebuilt workspace reconciliation (#18700, 01163ea) (@SasSwart)
• Use parameter preview engine to compute workspace tags from terraform (#18720, a099a8a) (@Emyrk)
• Add publishing of helm charts to ghcr registry (#18316, 10c1e36) (@a1994sc)
• Automatically reconnect the terminal (#18796, 5a8a19b) (@BrunoQuaresma)
• Publish CLI binaries and detached signatures to releases.coder.com (#18874, e4d3453) (@jdomeracki-coder)
• Add managed agent license limit checks (#18937, 9a6dd73) (@deansheather)
• Extend workspace build reasons to track connection types (#18827, 482463c) (@kacpersaw)
• Add View Source button for template administrators in workspace creation (#18951, 28789d7) (@app/blink-so)
• Add timeout support to workspace bash tool (#19035, 398e80f) (@ThomasK33)
• Support icon and description in preset (#18977, 0672bf5) (@ssncferreira)
• Support shift+enter in terminal (#19021, 558e25d) (@code-asher)
• CLI: Add CLI support for listing presets (#18910, 931b97c) (@ssncferreira)
• CLI: Support description in create and presets list CLI commands (#19079, 4e7331a) (@ssncferreira)
• Helm: Add pod-level securityContext support for certificate mounting (#19041, faac753) (@ausbru87)
• Dashboard: Support icon and description in preset (#19063, 71738f6) (@ssncferreira)

Bug fixes

• Hide the preset parameter visibility switch when it has no effect (#18574, 634144f) (@SasSwart)
• Pin Nix version to 2.28.4 to avoid JSON type error (#18612, 1b1d091) (@ThomasK33)
• Cap max X11 forwarding ports and evict old (#18561, 9e1cf16) (@spikecurtis)
• Use memmap file system for TestServer_X11 (#18562, 6bebfd0) (@spikecurtis)
• Use default preset when creating a workspace for task (#18623, 6d305df) (@BrunoQuaresma)
• Use only template version ID to create task workspace (#18642, 4095330) (@BrunoQuaresma)
• Display error message when delete workspace fails (#18654, ad67733) (@jaaydenh)
• Use client preferred URL for the default DERP (#18911, a1b87a6) (@deansheather)
• Prioritise human-initiated builds over prebuilds in provisioner queue (#18933, c4b69bb) (@johnstcn)
• Debounce parameter slider to avoid laggy behavior (#18980, dd2fb89) (@jaaydenh)
• Avoid duplicating logs on Coder Connect Windows (#19052, 2a430ab) (@deansheather)
• Sanitize app status summary to resolve confusing errors in coder tasks (#19075, 812d72c) (@johnstcn)
• Agent: Delay containerAPI init to ensure startup scripts run before (#18630, 7e99fb7) (@mafredri)
• Agent: Fix script filtering for devcontainers (#18635, 8ee2668) (@mafredri)
• Agent: Disable dev container integration inside sub agents (#18781, 0118e75) (@DanielleMaywood)
• Agent: Stop logging empty lines (#18605, 98c77fe) (@DanielleMaywood)
• Agent: Respect ignore files (#19016, 25d70ce) (@DanielleMaywood)
• CLI: Calculate coder ping max correctly (#18734, 7500aa4) (@ethanndickson)
• fix(.devcontainer): add home volume and fix code-server and filebrowser (#18648, d814fdf) (@mafredri)
• Dashboard: Update vscode.dev container button URLs (#18696, 8b6d70b) (@mafredri)
• Dashboard: Only attempt to watch containers when agent connected (#18873, 089f960) (@DanielleMaywood)
• Dashboard: Exclude workspace schedule settings for prebuilt workspaces (#18826, dad033e) (@ssncferreira)
• Dashboard: Only attempt to watch when dev containers enabled (#18892, bfb9aa4) (@DanielleMaywood)
• Dashboard: Speed up state syncs and valid...

Stable (since August 05, 2025)

Changelog

Bug fixes

• Exclude prebuilt workspaces from lifecycle executor to avoid overprovisioning prebuilds (#18858, 51e60b7) (@ssncferreira)
• Add RDP icon for modules and Desktop (#18737, d027a3f) (@matifali)
• Add Kiro icon for modules (#18885, 3c602b0) (@matifali)
• Add Kiro: protocol to external app whitelist for Kiro module (#18886, 33885af) (@app/blink-so)
• Sign coder binaries with the release key using GPG (#18774) (#18868, 5096582) (@jdomeracki-coder)
• Add image styles for kiro.svg (#18889, 0ead64f) (@matifali)

Compare: v2.24.1...v2.24.2

Container image

• docker pull ghcr.io/coder/coder:v2.24.2

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Stable (since July 15, 2025)

Changelog

Bug fixes

• CLI: Handle nil unwrap errors when formatting to fix error messages when offline (#18821, a7f0dba) (@ethanndickson)
• Add RDP icon for modules and Desktop (#18738, 63155d2) (@matifali)
• sign coder binaries with the release key using GPG (#18867, 1c8ba51) (@jdomeracki-coder)

Compare: v2.23.3...v2.23.4

Container image

• docker pull ghcr.io/coder/coder:v2.23.4

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Stable (since July 09, 2025)

Changelog

Bug fixes

• Handle paths with spaces when using coder config-ssh (#18778, 049feec) (@spikecurtis)

Compare: v2.23.2...v2.23.3

Container image

• docker pull ghcr.io/coder/coder:v2.23.3

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

Bug fixes

• Fix tasks becoming unusable when no workspace preset is defined in corresponding template (#18723, 5059c23) (@hugodutka)
• Fix task sidebar not displaying apps without health check (#18687, f97bd76) (@hugodutka)

Compare: v2.24.0...v2.24.1

Container image

• docker pull ghcr.io/coder/coder:v2.24.1

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

BREAKING CHANGES

• Change update build to stop workspaces before starting (#18425, 49fcffc) (@johnstcn)

  ⚠ Modifies the behavior when updating a workspace.
  Previously, a workspace update would triggger a start build, re-creating the agent and updating any existing compute resources in-place. This change has workspace updates explicitly trigger a stop build with a subsequent start build. This was implemented to fix pre-builds and improve consistency. Read more here.

  • CLI: Modifies coder update to stop the workspace if already running.
  • Dashboard: Modifies "update" button to always stop the workspace if already running.

• CLI: enforce selection for multiple agents rather than use randomness (#18427, bacdc28) (@mafredri)

  This only impacts the flow for our new devcontainer integration, and existing users will not see changes to behavior.

SECURITY CHANGES

• Both Coder v2.23 and Coder v2.24 now handle OIDC refresh tokens (#17878). If users are being logged out of OIDC after short intervals (e.g. 1 hour), ensure you have properly configured OIDC refresh tokens

Features

We'll be exploring the details of major features included in this release in our first product launch event next week. Subscribe using this link to learn more.

Coder tasks allow users to execute long-running jobs using templates in the Coder dashboard. This is often used to manage agentic tasks with tools like Claude Code. See more in our agentic AI documentation.

---

• Add optional Tasks page to the dashboard (#18076, bc3b8d5) (@BrunoQuaresma)
  • Add view workspace button in task page (#18105, d06eff2) (@BrunoQuaresma)
  • Add workspace build status to task page (#18520, 288ec77) (@code-asher)
  • Group external apps on task page (#18107, e0718a600) (@BrunoQuaresma)
  • Embed chat ui in the task sidebar (#18216, 13449b9) (@BrunoQuaresma)

Dynamic Parameters are now in Beta. Read more on the new capabilities and syntax in our documentation, or try them out in the Playground.

---

• Promote dynamic parameters to Beta (#18182, 246a829) (@Emyrk)
  • Add ephemeral parameter dialog for workspace start/restart (#18413, 4fe0a4b) (@app/blink-so)
  • Implement dynamic parameter validation (#18482, 82af2e0) (@Emyrk)
  • Create experimental template embed page for dynamic params (#17999, 6877142) (@jaaydenh)
  • Add functionality to export templates from the dashboard (#18214, cc89820) (@app/blink-so)

Our new Devcontainer integration is now generally available - this allows Coder users to leverage Devcontainers seamlessly inside workspaces with rich UI support. To get started, read our Devcontainers integration documentation.

---

• Graduate devcontainer integration to GA and unify backend (#18332, 97474bb) (@mafredri)
  • Agent: Disable devcontainers for sub agents (#18303, ae0c870) (@mafredri)
  • Agent: Enable devcontainers by default (#18533, 99d124e) (@mafredri)
  • Agent: Implement devcontainers sub agent injection (#18245, fca9917) (@mafredri)
  • Agent: Support displayApps from devcontainer config (#18342, dd15026) (@DanielleMaywood)
  • Agent: Support apps for dev container agents (#18346, 529fb50) (@DanielleMaywood)

Pre-builds has now graduated to general availability for faster workspace startup time. Read the prebuilt workspace documentation to get started with one of our most highly requested features of all time.

---

• Implement scheduling mechanism for prebuilds (#18126, 0f6ca55) (@evgeniy-scherbina)
  • Allow TemplateAdmin to delete prebuilds via auth layer (#18333, 72f7d70) (@ssncferreira)
  • Allow for default presets (#18445, 6cc4cfa) (@dannykopping)
  • Support prebuilt workspaces in non-default organizations (#18010, 5f7e5d7) (@SasSwart)

Other updates:

• Workspace apps may now be organized into groups using the group attribute on a coder_app (#18018, 232c72f) (@aslilac)
• Set default workspace proxy based on latency (#17812, 4597142) (@Emyrk)
• Add separate max token lifetime for administrators (#18267, f569d9c) (@ThomasK33)

  Adds --max-admin-token-lifetime so administrators may create tokens that exceed the lifetime maximum applied to users.

• Use proto streams to increase maximum module files payload (#18268, c1341cc) (@Emyrk)
• Add organization scope for shared ports (#18314, 5df70a6) (@aslilac)

  Users on Premium deployments can now share ports with all users in their organization.

• Add stop workspace button with confirmation dialog in workspace (#18372, 5e3a225) (@app/blink-so)
• CLI: Include license status in support bundle (#18472, 7c40f86) (@kacpersaw)
• Server: Support adding display apps to a sub agent (#18272, 8daa0aa) (@DanielleMaywood)

Bug fixes

• Optimize queue position sql query to improve performance (#17974, 110102a) (@evgeniy-scherbina)
• Reimplement reporting of preset-hard-limited metric to fix Prebuild metrics (#18055, b330c08) (@evgeniy-scherbina)
• Handle workspace.agent and agent.workspace.owner in coder ssh for backwards compatibility (#18093, da02375) (@ethanndickson)
• Rename build.workspace_owner_name to build.workspace_owner_username for consistency (#18078, 69c9006) (@BrunoQuaresma)
• Autofill with workspace build parameters from the latest build when using presets (#18091, 177bda3) (@jaaydenh)
• Remove duplicated envbuilder vars to fix example devcontainer template (#18144, b0d23ca) (@ericpaulsen)
• Handle paths with spaces in Match exec clause of SSH config to fix config-ssh on windows (#18266, d47a53d) (@spikecurtis)
• Avoid displaying 'everyone' group for IdP group sync to avoid mistakes (#18261, 44fff54) (@jaaydenh)
• Use tailscale that avoids small MTU paths to fix P2P connections in VSCode (#18323, af4a668) (@spikecurtis)
• Defensively handle nil maps and slices in marshaling (#18418, 44d4646) (@angrycub)
• Restrict database access from outside in docker compose installation (#18229, 725bc37) (@jabacrack)
• Complete job and mark workspace as deleted when no provisioners are available (#18465, 2f55e29) (@johnstcn)

  Resolves an issue preventing the deletion of workspaces with no matching provisioner

• Fix validation error during workspace creation without preset (#18494, 4f98fd4) (@SasSwart)
• Do not warn on valid known experiments (#18514, d892427) (@johnstcn)
• Allow dynamic parameters without requiring org membership (#18531, 341b54e) (@Emyrk)
• Stop tearing down non-TTY processes on SSH session end to improve VSCode connection (#18676, 7747924) (@spikecurtis)
• CLI: Allow specifying empty provisioner tag set with --provisioner-tag="-" (#18205, da9a313) (@johnstcn)
• Premium: Skip org membership check for prebuilds user on group patch (#18329, 0a12ec5) (@johnstcn)

Documentation

• Add error form_type for dynamic parameters (#18075, 3a2e362) (@Emyrk)
• Update the GitHub Auth documentation (#17769, 345001f) (@hugodutka)
• Separate Coder Desktop sections into install and use pages (#18068, e906ce2) (@EdwardAngert)
• Reorganize JetBrains docs into subfeatures such as Toolbox, Gateway (#17995, 25e2146) (@matifali)
• Add backend contributing guide (#18077, 1fba419) (@mtojek)
• Update SSH command format to use suffix for consistency (#18085, cba69f3) (@matifali)
• Improve JetBrains Toolbox connection docs (#18125, 4a2b243) (@matifali)
• Fix alert in JFrog Artifactory guide (#18235, 97ba7f1) (@matifali)
• Edit troubleshooting steps in Coder Desktop documentation (#18233, 60927c7) (@EdwardAngert)
• Reorganize the About section (#18236, f1cca03) (@EdwardAngert)
• Add winget installation step to Coder Desktop Windows (#18325, acf7d86) (@matifali)
• Add documentation for installing Coder on Azure with Kubernetes (#16216, 23067df) (@EdwardAngert)
• Warn about RDP over UDP with [Coder Desktop](https://coder.com/docs/user-g...

Stable (since July 1, 2025)

Changelog

Bug fixes

• Stop tearing down non-TTY processes on SSH session end (#18677, 75e7a93) (@spikecurtis)

  Resolves an issue with SSH connections via VSCode disconnecting after a short period.

• Dashboard: Remove trailing comment from cursor.svg (#18378, 8e8dd58) (@ethanndickson)

Chores

• Add windows icon (#18322, bc089f3) (@aslilac)

Compare: v2.23.1...v2.23.2

Container image

• docker pull ghcr.io/coder/coder:v2.23.2

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.