Changelog

BREAKING CHANGES

• Only trust x-forwarded-host from configured trusted proxies (#26204, 77896ddd9d) (@geokat) (GHSA-5g4w-3vw9-478w)
• fix(coderd)!: restrict OIDC email fallback to first-time account linking (#25712, ed7e9240fc) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: reject OIDC login when email_verified claim is non-bool or absent (#25713, 3db810caeb) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: validate HostnameSuffix and SSHConfigOptions' (#26154, 320e549fe8) (GHSA-mcqq-fqgf-rxwm)

Security patches

• Server: Verify workspace owner matches app username (#26085, e01d3f401d) (GHSA-5wg6-jmq2-53pw)
• Reject oversized and invalid zip uploads (#25877, 069f6cf5f6) (GHSA-2mg2-p7r7-g27f)
• Escape agent log HTML (#25808, a51dbcfc02) (GHSA-7qw2-f75v-62f7)
• Agent: Prevent command injection in shell execer (#26235, 4aa84f2e6a) (@zedkipp) (GHSA-359v-rvmf-m3g9)
• Server: Prevent user-admin from resetting owner password (#25709, 833eaf8a9d) (GHSA-29xf-69gq-m9jx)
• Validate FileSize in NewDataBuilder to prevent OOM DoS (#25710, 6f5ff1bb33) (GHSA-f962-qm93-mj4c)
• Validate agent-supplied AllowedIPs in coordinator (backport #26144) (#26295, 9181b84440) (GHSA-wrq8-fcv5-8hvp)
• Server: Prevent cross-tenant workspace app rebinding (#26103, c05b4d94e6) (@dylanhuff-at-coder) (GHSA-9rjw-3gwp-f59v)
• CLI: Prevent session token exfiltration via external app URLs (#26146, 2044599fff) (@zedkipp) (GHSA-v54h-cp2w-9x4g)
• Clamp template port sharing level in SubAgentAPI (#26061, c1889d0cbd) (GHSA-x9qq-2qh5-8rxf)
• Server: Use a random value for a simulated hash for built-in users (#26205, 0951f90b5e) (GHSA-8fxq-53rx-ph5f)
• Server: Require update permission to recreate devcontainers (#25812, 18ded827b1) (GHSA-jqj2-x4c5-jfxm)
• Dashboard: Escape appearance values in HTML output (#25804, 77253bfc55) (GHSA-h58c-xccx-75m3)

Compare: v2.29.16...v2.29.17

Container image

• docker pull ghcr.io/coder/coder:2.29.17

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

BREAKING CHANGES

• fix(coderd)!: restrict OIDC email fallback to first-time account linking (#25712, ffe764531a) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: validate HostnameSuffix and SSHConfigOptions' (#26154, fb52711371) (GHSA-mcqq-fqgf-rxwm)
• fix!: reject OIDC login when email_verified claim is non-bool or absent (#25713, 120b37a09d) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)

Security patches

• Escape agent log HTML (#25808, bf5a2205e9) (GHSA-7qw2-f75v-62f7)
• Escape appearance values in HTML output (#25804, aba08538bb) (GHSA-h58c-xccx-75m3)
• Clamp template port sharing level in SubAgentAPI (#26061, b78ec312ed) (GHSA-x9qq-2qh5-8rxf)
• Use a random value for a simulated hash for built-in users (#26205, 6879532f9d) (GHSA-8fxq-53rx-ph5f)
• Require update permission to recreate devcontainers (#25812, e822677bd2) (GHSA-jqj2-x4c5-jfxm)
• Server: Verify workspace owner matches app username (#26085, 3019613cd5) (GHSA-5wg6-jmq2-53pw)
• Always verify TLS on aibridgeproxyd upstream transport (#26131, 6293c89895) (GHSA-84rm-42xw-mx52)
• Check user user is active in aibridge auth (#26173, 943b04f663) (GHSA-wqxv-w64v-5wh6)
• Add max bytes request limit to aibridge (#26164, 9fc2550fe1) (GHSA-f5vp-w269-392g)
• Server: Prevent user-admin from resetting owner password (#25709, f15a934eec) (GHSA-29xf-69gq-m9jx)
• Validate FileSize in NewDataBuilder to prevent OOM DoS (#25710, 531ef5ecb3) (GHSA-f962-qm93-mj4c)
• Reject oversized and invalid zip uploads (#25877, 430ba84ada) (GHSA-2mg2-p7r7-g27f)
• Server: Prevent cross-tenant workspace app rebinding (#26103, e4a765754a) (GHSA-9rjw-3gwp-f59v)
• Agent: Prevent command injection in shell execer (#26235, b949480248) (GHSA-359v-rvmf-m3g9)
• Validate agent-supplied AllowedIPs in coordinator (#26144, c3e7e94a90) (GHSA-wrq8-fcv5-8hvp)
• Only trust x-forwarded-host from configured trusted proxies (#2… (#26296, 3c46473d53) (GHSA-5g4w-3vw9-478w)
• Prevent session token exfiltration via external app URLs (#26146, d7774e5c4c) (GHSA-v54h-cp2w-9x4g)

Features

• Cli: add support for supplying ephemeral parameters at workspac… (#26280, bd5666a46e)

Bug fixes

• Rename bundled rstudio.svg to rproject.svg, add real RStudio icon (#26216, f3839ebaa9)
• Server: Suppress AI Governance seat-count error for not-entitled licenses (#26276, 6419f535dd)
• Preserve gemini thought signatures (#25933, 9595e6cc73)
• Allow lifecycle code path to retry failed stop jobs (#26278, 05e50d10f4)

Chores

• Bump Go to 1.26.4 on release/2.34 (#26265, fad8efd4b0)

Compare: v2.34.1...v2.34.2

Container image

• docker pull ghcr.io/coder/coder:2.34.2

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Stable (since June 11, 2026)

Changelog

BREAKING CHANGES

• fix(coderd)!: restrict OIDC email fallback to first-time account linking (#25712, 36c011d7b6) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: reject OIDC login when email_verified claim is non-bool or absent (#25713, 335df24aeb) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: validate HostnameSuffix and SSHConfigOptions' (#26154, 6d0d4e0c1f) (GHSA-mcqq-fqgf-rxwm)
• fix!: only trust x-forwarded-host from configured trusted proxies (conflicts) (#26204, fa46906be6) (GHSA-5g4w-3vw9-478w)

Security patches

• Clamp template port sharing level in SubAgentAPI (#26061, 0ff82f1cab) (GHSA-x9qq-2qh5-8rxf)
• Require update permission to recreate devcontainers (#25812, 7fd2977acd) (GHSA-jqj2-x4c5-jfxm)
• Escape agent log HTML (#25808, bdfdf6c873) (GHSA-7qw2-f75v-62f7)
• Escape appearance values in HTML output (#25804, 345a88c78a) (GHSA-h58c-xccx-75m3)
• Always verify TLS on aibridgeproxyd upstream transport (#26131, d875dd1496) (GHSA-84rm-42xw-mx52)
• Agent: Prevent command injection in shell execer (#26235, 049f5b13cf) (GHSA-359v-rvmf-m3g9)
• Server: Prevent cross-tenant workspace app rebinding (#26103, 071f067b3e) (GHSA-9rjw-3gwp-f59v)
• Validate agent-supplied AllowedIPs in coordinator (#26144, fa9d7a3b77) (GHSA-wrq8-fcv5-8hvp)
• Server: Prevent user-admin from resetting owner password (#25709, fb9fe6389c) (GHSA-29xf-69gq-m9jx)
• Reject oversized and invalid zip uploads (#25877, 97f9e3d670) (GHSA-2mg2-p7r7-g27f)
• Validate FileSize in NewDataBuilder to prevent OOM DoS (#25710, 15ff74af2f) (GHSA-f962-qm93-mj4c)
• Use a random value for a simulated hash for built-in users (#26205, 53c25239f4) (GHSA-8fxq-53rx-ph5f)
• Server: Verify workspace owner matches app username (#26085, de927562e3) (GHSA-5wg6-jmq2-53pw)
• Prevent session token exfiltration via external app URLs (#26146, 91d18653f9) (GHSA-v54h-cp2w-9x4g)
• Add max bytes request limit to aibridge (#26164, 481857f23b) (GHSA-f5vp-w269-392g)
• Check user user is active in aibridge auth (#26173, f9486be96d) (GHSA-wqxv-w64v-5wh6)

Features

• Cli: add support for supplying ephemeral parameters at workspac… (#26279, 863eb7c852)

Bug fixes

• Allow lifecycle code path to retry failed stop jobs (#26277, 08471370a0)
• Rename bundled rstudio.svg to rproject.svg, add real RStudio icon (#26216, d654d6d073)

Compare: v2.33.7...v2.33.8

Container image

• docker pull ghcr.io/coder/coder:2.33.8

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

BREAKING CHANGES

• fix(coderd)!: restrict OIDC email fallback to first-time account linking (#25712, 670cd427c8) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: reject OIDC login when email_verified claim is non-bool or absent (#25713, 0fbee8f9a6) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
• fix!: validate HostnameSuffix and SSHConfigOptions' (#26154, 2dcde52462) (@johnstcn) (GHSA-mcqq-fqgf-rxwm)
• fix!: only trust x-forwarded-host from configured trusted proxies (conflicts) (#26204, a992c2c9d7) (@geokat) (GHSA-5g4w-3vw9-478w)

Security patches

• Clamp template port sharing level in SubAgentAPI (#26061, 5621b756e8) (GHSA-x9qq-2qh5-8rxf)
• Use a random value for a simulated hash for built-in users (#26205, 027cf9af16) (@sreya) (GHSA-8fxq-53rx-ph5f)
• Require update permission to recreate devcontainers (#25812, cc895f6f78) (GHSA-jqj2-x4c5-jfxm)
• Escape agent log HTML (#25808, d3e330c02b) (GHSA-7qw2-f75v-62f7)
• Escape appearance values in HTML output (#25804, 74f08d17e9) (GHSA-h58c-xccx-75m3)
• Server: Verify workspace owner matches app username (#26085, 4c968b6fb9) (@geokat) (GHSA-5wg6-jmq2-53pw)
• Server: Prevent cross-tenant workspace app rebinding (#26103, 8e0a083e56) (@dylanhuff-at-coder) (GHSA-9rjw-3gwp-f59v)
• Agent: Prevent command injection in shell execer (#26235, 94ee8fb4b4) (@zedkipp) (GHSA-359v-rvmf-m3g9)
• Validate agent-supplied AllowedIPs in coordinator (#26144, fa933af8f8) (@f0ssel) (GHSA-wrq8-fcv5-8hvp)
• Prevent session token exfiltration via external app URLs (#26146, 37332e6e7d) (@zedkipp) (GHSA-v54h-cp2w-9x4g)
• Server: Prevent user-admin from resetting owner password (#25709, 931d4fa53b) (GHSA-29xf-69gq-m9jx)
• Reject oversized and invalid zip uploads (#25877, 1f6ccf93e8) (GHSA-2mg2-p7r7-g27f)
• Validate FileSize in NewDataBuilder to prevent OOM DoS (#25710, 2cabbc3f3d) (GHSA-f962-qm93-mj4c)
• Check user user is active in aibridge auth (conflicts) (#26173, 5114fd4ff2) (@pawbana) (GHSA-wqxv-w64v-5wh6)
• Always verify TLS on aibridgeproxyd upstream transport (#26131, 0374b00b63) (@ssncferreira) (GHSA-84rm-42xw-mx52)

Bug fixes

• Rename bundled rstudio.svg to rproject.svg, add real RStudio icon (#26216, eb297f3e1a) (@nickvigilante)

Chores

• Backport release action (#26143, 7ef82012a3)

Compare: v2.32.6...v2.32.7

Container image

• docker pull ghcr.io/coder/coder:2.32.7

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

Features

• Dashboard: Show error details for generic errors (#25803, 65a4417)

Bug fixes

• Dashboard: Default agent logs tab to failed script, else All Logs (#25442, 328c649) (@jakehwll)
• Upgrade Go toolchain from 1.26.2 to 1.26.4 (#26066, 480dee1) (@Shelnutt2)
• Server: Preserve gateway model names (#26039, 32b328b) (@ibetitsmike)
• fix(aibridge): strip proxy headers from bridge requests to fix Bedrock SigV4 signing (#26019, a5f82d1) (@ssncferreira)
• Improve chat audit log descriptions and diff rendering (#25728, 2e8d80a)

Documentation

• Documentation: Recommend free container runtimes besides Docker Desktop (#26106, 9443ae0) (@nickvigilante)
• Documentation: Update VS Code to reflect 1.122 Custom Endpoint support (#26126, 06cb480) (@matifali)

Chores

• Update install docs for v2.34.0 release (#26058, e1d7ab0) (@f0ssel)
• chore(aibridge): add AWS PRM user-agent attribution for Bedrock calls (#25221, 1117e43)

Compare: v2.34.0...v2.34.1

Container image

• docker pull ghcr.io/coder/coder:2.34.1

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Stable (since June 08, 2026)

Changelog

Bug fixes

• Upgrade go-git to v5.19.1 (CVE-2026-45570, CVE-2026-45571) (#25773, 5e73950)
• Upgrade golang.org/x/net to v0.55.0 (5 CVEs) (backport 2.33) (#25774, 921d037)
• Upgrade Go to 1.25.11 (CVE-2026-27145, CVE-2026-42507) (#26065, 757e570)
• fix(aibridge): strip proxy headers from bridge requests to fix Bedrock SigV4 signing (#26019, 056a7e4) (@ssncferreira)
• Exclude service accounts from license seat count (#24401, ce8724e)

Documentation

• Update the architecture diagrams (#25816, 332c365)
• Fix broken references and add users oidc-claims to manifest (#25706, 54d2dca)

Compare: v2.33.6...v2.33.7

Container image

• docker pull ghcr.io/coder/coder:2.33.7

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

Bug fixes

• Exclude service accounts from license seat count (#24401, 96b9c61)
• Strip proxy headers from bridge requests to fix Bedrock SigV4 signing (coder#26019) (#26097, 3159068)

Documentation

• Update the architecture diagrams (#25816, fbdad5c)

Compare: v2.32.5...v2.32.6

Container image

• docker pull ghcr.io/coder/coder:2.32.6

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

BREAKING CHANGES

• Default CODER_AI_GATEWAY_ENABLED to true (#25575)

  The AI Gateway is now enabled by default on all deployments. Set CODER_AI_GATEWAY_ENABLED=false to restore the old behavior.

• Seed AI providers from env on server startup (#24895)

  AI provider configuration from environment variables is now automatically seeded into the database on startup, replacing runtime-only provider setup. Existing database-configured providers take precedence. See AI Gateway: provider configuration moved to the database below for migration details.

• patchTemplateMeta uses optional fields (#24984)

  The UpdateTemplateMeta request now uses pointer fields so that unset fields are left unchanged. Clients sending zero values will no longer accidentally clear template metadata.

• Persist structured chat errors (#24919)

  Chat error messages are now persisted as structured ChatMessagePart entries instead of plain text. Existing clients that parse error messages as strings may need to handle the new structured format.

DEPRECATIONS

AI Gateway: provider configuration moved to the database

AI Gateway providers are now managed in the database via the dashboard
(/ai/settings) or the
AI Providers API.

The environment variables and flags below are deprecated: on the first
startup after upgrading they seed the database once, then have no further
effect. Once this one-off seeding process completes, the database is the
authoritative source for AI Provider configurations.

Deprecated configuration

Indexed multi-provider config (env-only; the two prefixes are mutually
exclusive):

Single-provider convenience options:

Failure mode

To prevent operators from editing configuration that no longer takes
effect, coderd will fail to start if any of these variables drift from a
provider already seeded in the database (for example, a changed key or base
URL). The startup error contains the names of the conflicting provider(s).

Recovery

Either:

• Remove the deprecated variables and restart (recommended once seeding has
  completed), or
• Revert them to match the seeded configuration, then make further changes
  through the dashboard or API.

After upgrading, visit /ai/settings to confirm which providers were
seeded, then delete the deprecated variables. See
Provider Configuration.

Features

Coder Agents

Coder Agents is a chat
interface and API for delegating development work to coding agents inside
your Coder deployment. The agent loop runs in the control plane, meaning
LLM credentials never enter workspaces, the agent provisions compute on
demand, and identity and policy continue to govern execution.

v2.34 adds chat sharing, an advisor system, personal skills, a chat
search UI, and scale testing tooling.

Chat sharing

Share agent chats with teammates via ACL-based permissions.

• Chat sharing foundation, API, and database ACLs (#25041, #24968, #25080)
• Enable chat sharing (#24987)
• Warn when viewing another user's chat (#25652)

Advisor

An admin-configurable advisor model that agents can consult for planning guidance without tool access.

• Advisor runtime, tool wrapper, and admin config wiring (#24620, #24622)
• Admin-configurable advisor API, SDK, and queries (#24621)
• Advisor admin settings UI and chat tool renderer (#24624, #24623)
• Stream advisor tool output (#25032)

Personal skills

Users can define their own agent skills (reusable context and instructions) that persist across chats. See extending agents for details.

• Personal skill storage, API, SDK, and resolver (#25363, #25362)
• Support personal skills in chats (#25366)
• Personal skills settings UI and docs (#25066)
• Slash menu for inserting personal skills in chat (#25386)
• Discover skills from ~/.coder/skills on the agent (#25271)

Chat UX

• Modal chat search popup with pr, repo, pr_title, and diff filters (#25535, #25569, #25638)
• Agents sidebar filters (#25402)
• Collapsible agent sections in sidebar (#25469)
• Show agent turn summary in sidebar (#25597)
• Cycle prompt history with up/down arrows (#25656)
• Jump between user prompts via arrow buttons (#25537)
• Show MCP tool inputs in chat (#25568)
• Collapse sequential read file events (#25075)
• Parse and render execute tool commands in the chat UI (#25478)
• Render markdown attachments in preview popup (#25573)
• Show reasoning heading in thinking block (#25594)
• Show workspace quota failures in chats (#25538)
• Workspace quota in usage indicator and ports submenu in WorkspacePill (#25539, #25543)
• Resizable agents sidebar (#25472)
• Guide users when chat providers or models are missing (#25607)

Chats API & tools

• stop_workspace chatd tool with recovery classification (#25355)
• Computer-use provider selection for AI agents (#24772)
• Allow attach_file in root plan-mode chats (#25346)
• Exclusive tool execution policy (#25263)
• Personal chat model overrides (#25175)
• Admin-configurable chat title generation model ([#25267...

Stable (since May 30, 2026)

Changelog

Bug fixes

• Do not clobber dynamic parameters (backport #24645 to 2.32) (#25827, 9614d55)
• Upgrade golang.org/x/crypto to v0.52.0 (12 ssh CVEs) (#25780, ad37de5)
• Bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#25776, 0610ae7)
• Upgrade golang.org/x/net to v0.55.0 (5 html CVEs) (#25772, 443bc1a)

Documentation

• Fix broken references and add users oidc-claims to manifest (#25706, 3fe6edd)

Compare: v2.32.4...v2.32.5

Container image

• docker pull ghcr.io/coder/coder:2.32.5

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Changelog

Bug fixes

• Upgrade golang.org/x/crypto to v0.52.0 (release/2.29) (#25779, 0940955)
• Upgrade go-git to v5.19.1 (CVE-2026-45570, CVE-2026-45571) (#25777, 9292a3a)
• Do not clobber dynamic parameters (backport #24645 to 2.29) (#25828, de95683)
• Upgrade golang.org/x/net to v0.55.0 (release/2.29) (#25778, 3868714)

Compare: v2.29.15...v2.29.16

Container image

• docker pull ghcr.io/coder/coder:2.29.16

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.