From edfbbea5140db13d2d210e67374b0ad537be418e Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Wed, 4 Jan 2023 18:19:06 +0000
Subject: [PATCH 1/3] chore: add 1.38.0 changelog

---
 changelog/1.38.0.md | 51 +++++++++++++++++++++++++++++++++++++++++++++
 manifest.json       |  5 +++++
 2 files changed, 56 insertions(+)
 create mode 100644 changelog/1.38.0.md

diff --git a/changelog/1.38.0.md b/changelog/1.38.0.md
new file mode 100644
index 000000000..2ec65b759
--- /dev/null
+++ b/changelog/1.38.0.md
@@ -0,0 +1,51 @@
+---
+title: "1.38.0"
+description: "Released on 01/04/2023"
+---
+
+### Breaking changes ❗
+
+There are no breaking changes in 1.38.0.
+
+### Features ✨
+
+- Individual image tags can now be decommissioned. Existing workspaces using a
+  decommissioned tag will be migrated to use the default tag upon rebuild. Adds
+  new organization-level roles: Organization Super Manager, Organization Image
+  Manager, and Organization Importer. These roles allow finer-grained access
+  control around image and registry management. For more information, see
+  Organization Roles.
+  > ℹ️ ️Migration: existing users with the Organization Manager role will be
+  > migrated to Organization Super Manager, and users with the Organization
+  > Member role will be migrated to Importer. Both of these changes will result
+  > in no effective permission changes for existing users.
+- Improves web terminal reconnection by leveraging GNU Screen if available
+  inside the workspace. Workspaces without screen installed will no longer
+  support reconnection.
+
+### Bug fixes 🐛
+
+- Fixed an issue where operations on API keys were not audit-logged.
+- Fixed an issue where CVMs would fail to build when their home volume is
+  completely full.
+- Fixed an issue where users accessing a DevURL could encounter a redirect loop
+  under certain circumstances.
+- Fixed an issue where users accessing Coder through a HTTP proxy were unable to
+  access workspaces or view build logs in some cases.
+- Fixed an issue where satellites would need to be manually restarted to pick up
+  changes in certificates.
+- Fixed an issue where users were able to reduce the size of their home volume,
+  which is not supported in Kubernetes.
+- Fixed some rendering issues with the web terminal and SSH, for example when
+  using Emacs or GNU Screen.
+
+### Security updates 🔐
+
+- Fixed an issue where an attacker could craft a malicious DevURL redirect link
+  to exfiltrate a token that allows accessing that user's devURLs.
+- Fixed an issue where organization members could read information about other
+  users' workspaces.
+- Fixed an issue where users could create DevURLs to ports reserved by the Coder
+  agent.
+- Fixed an issue where Content Security Policy violations were reported from
+  Coder's own UI.
diff --git a/manifest.json b/manifest.json
index 6434d313f..f2573601c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,5 +1,6 @@
 {
   "versions": [
+    "v1.38",
     "v1.37",
     "v1.36",
     "v1.35",
@@ -602,6 +603,10 @@
       "path": "./changelog/index.md",
       "icon_path": "./assets/images/icons/paper.svg",
       "children": [
+        {
+          "path": "./changelog/1.38.0.md",
+          "children": []
+        },
         {
           "path": "./changelog/1.37.0.md",
           "children": [

From f2aac5515993b419a55e7aeb95736fc0d9b91071 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Wed, 4 Jan 2023 19:58:49 +0000
Subject: [PATCH 2/3] Apply suggestions from code review

Co-authored-by: Asher <ash@coder.com>
Co-authored-by: Jon Ayers <jon@coder.com>
---
 changelog/1.38.0.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/changelog/1.38.0.md b/changelog/1.38.0.md
index 2ec65b759..853a0ba52 100644
--- a/changelog/1.38.0.md
+++ b/changelog/1.38.0.md
@@ -14,12 +14,12 @@ There are no breaking changes in 1.38.0.
   new organization-level roles: Organization Super Manager, Organization Image
   Manager, and Organization Importer. These roles allow finer-grained access
   control around image and registry management. For more information, see
-  Organization Roles.
+  [Organization Roles](https://coder.com/docs/coder/latest/admin/access-control/organizations).
   > ℹ️ ️Migration: existing users with the Organization Manager role will be
   > migrated to Organization Super Manager, and users with the Organization
   > Member role will be migrated to Importer. Both of these changes will result
   > in no effective permission changes for existing users.
-- Improves web terminal reconnection by leveraging GNU Screen if available
+- Improves web terminal reconnection by leveraging [GNU Screen](https://www.gnu.org/software/screen/) if available
   inside the workspace. Workspaces without screen installed will no longer
   support reconnection.
 
@@ -30,7 +30,7 @@ There are no breaking changes in 1.38.0.
   completely full.
 - Fixed an issue where users accessing a DevURL could encounter a redirect loop
   under certain circumstances.
-- Fixed an issue where users accessing Coder through a HTTP proxy were unable to
+- Fixed an issue where users accessing Coder through an HTTP proxy were unable to
   access workspaces or view build logs in some cases.
 - Fixed an issue where satellites would need to be manually restarted to pick up
   changes in certificates.

From 3ecd8ec3b909c9d6fe7b787a669eef3033e92e4c Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Wed, 4 Jan 2023 19:59:39 +0000
Subject: [PATCH 3/3] fixup! Apply suggestions from code review

---
 changelog/1.38.0.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/changelog/1.38.0.md b/changelog/1.38.0.md
index 853a0ba52..43becbc48 100644
--- a/changelog/1.38.0.md
+++ b/changelog/1.38.0.md
@@ -19,19 +19,19 @@ There are no breaking changes in 1.38.0.
   > migrated to Organization Super Manager, and users with the Organization
   > Member role will be migrated to Importer. Both of these changes will result
   > in no effective permission changes for existing users.
-- Improves web terminal reconnection by leveraging [GNU Screen](https://www.gnu.org/software/screen/) if available
-  inside the workspace. Workspaces without screen installed will no longer
-  support reconnection.
+- Improves web terminal reconnection by leveraging
+  [GNU Screen](https://www.gnu.org/software/screen/) if available inside the
+  workspace. Workspaces without screen installed will no longer support
+  reconnection.
 
 ### Bug fixes 🐛
 
-- Fixed an issue where operations on API keys were not audit-logged.
 - Fixed an issue where CVMs would fail to build when their home volume is
   completely full.
 - Fixed an issue where users accessing a DevURL could encounter a redirect loop
   under certain circumstances.
-- Fixed an issue where users accessing Coder through an HTTP proxy were unable to
-  access workspaces or view build logs in some cases.
+- Fixed an issue where users accessing Coder through an HTTP proxy were unable
+  to access workspaces or view build logs in some cases.
 - Fixed an issue where satellites would need to be manually restarted to pick up
   changes in certificates.
 - Fixed an issue where users were able to reduce the size of their home volume,