diff --git a/changelog/1.38.0.md b/changelog/1.38.0.md
new file mode 100644
index 000000000..43becbc48
--- /dev/null
+++ b/changelog/1.38.0.md
@@ -0,0 +1,51 @@
+---
+title: "1.38.0"
+description: "Released on 01/04/2023"
+---
+
+### Breaking changes ❗
+
+There are no breaking changes in 1.38.0.
+
+### Features ✨
+
+- Individual image tags can now be decommissioned. Existing workspaces using a
+  decommissioned tag will be migrated to use the default tag upon rebuild. Adds
+  new organization-level roles: Organization Super Manager, Organization Image
+  Manager, and Organization Importer. These roles allow finer-grained access
+  control around image and registry management. For more information, see
+  [Organization Roles](https://coder.com/docs/coder/latest/admin/access-control/organizations).
+  > ℹ️ ️Migration: existing users with the Organization Manager role will be
+  > migrated to Organization Super Manager, and users with the Organization
+  > Member role will be migrated to Importer. Both of these changes will result
+  > in no effective permission changes for existing users.
+- Improves web terminal reconnection by leveraging
+  [GNU Screen](https://www.gnu.org/software/screen/) if available inside the
+  workspace. Workspaces without screen installed will no longer support
+  reconnection.
+
+### Bug fixes 🐛
+
+- Fixed an issue where CVMs would fail to build when their home volume is
+  completely full.
+- Fixed an issue where users accessing a DevURL could encounter a redirect loop
+  under certain circumstances.
+- Fixed an issue where users accessing Coder through an HTTP proxy were unable
+  to access workspaces or view build logs in some cases.
+- Fixed an issue where satellites would need to be manually restarted to pick up
+  changes in certificates.
+- Fixed an issue where users were able to reduce the size of their home volume,
+  which is not supported in Kubernetes.
+- Fixed some rendering issues with the web terminal and SSH, for example when
+  using Emacs or GNU Screen.
+
+### Security updates 🔐
+
+- Fixed an issue where an attacker could craft a malicious DevURL redirect link
+  to exfiltrate a token that allows accessing that user's devURLs.
+- Fixed an issue where organization members could read information about other
+  users' workspaces.
+- Fixed an issue where users could create DevURLs to ports reserved by the Coder
+  agent.
+- Fixed an issue where Content Security Policy violations were reported from
+  Coder's own UI.
diff --git a/manifest.json b/manifest.json
index 6434d313f..f2573601c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,5 +1,6 @@
 {
   "versions": [
+    "v1.38",
     "v1.37",
     "v1.36",
     "v1.35",
@@ -602,6 +603,10 @@
       "path": "./changelog/index.md",
       "icon_path": "./assets/images/icons/paper.svg",
       "children": [
+        {
+          "path": "./changelog/1.38.0.md",
+          "children": []
+        },
         {
           "path": "./changelog/1.37.0.md",
           "children": [