diff --git a/admin/appearance.md b/admin/appearance.md
index 4a1793637..4880d7d2e 100644
--- a/admin/appearance.md
+++ b/admin/appearance.md
@@ -33,7 +33,7 @@ message).
 1. Set the **Message**.
 1. Click **Save Preferences**.
 
-![Service banner](../assets/service-banners.png)
+![Service banner](../assets/admin/service-banners.png)
 
 ## Terms of service
 
diff --git a/admin/organizations/manage.md b/admin/organizations/manage.md
index c052da54a..b33c7102e 100644
--- a/admin/organizations/manage.md
+++ b/admin/organizations/manage.md
@@ -24,6 +24,9 @@ organization. You can set the:
   node, though it will also lead to greater CPU contention
 - **Workspace Shutdown Behavior**: The number of hours a workspace may be idle
   before Coder stops it automatically to help free up resources
+- **User-controlled workspace shutdown behavior**: Whether end-users can set the
+  desired workspace shutdown behavior. If disabled, Coder uses the
+  organization's default setting.
 
 Finally, you can set **Resource Quotas**. These are limits on the number of
 **CPUs** and **GPUs**, as well as the amount of **memory** and **disk space**,
diff --git a/admin/registries/ecr.md b/admin/registries/ecr.md
new file mode 100644
index 000000000..c59fccb9f
--- /dev/null
+++ b/admin/registries/ecr.md
@@ -0,0 +1,58 @@
+---
+title: "Amazon Elastic Container Registry"
+description: Add a private Amazon ECR to Coder.
+---
+
+This article will show you how to add your private ECR to Coder. If you're using
+a public ECR registry, you do not need to follow the steps below.
+
+Amazon requires users to [request temporary login credentials to access a
+private Elastic Container Registry (ECR)
+registry](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html).
+When interacting with ECR, Coder will request temporary credentials from the
+registry using the AWS credentials linked to the registry.
+
+## Step 1: Setting up your AWS credentials
+
+To access a private ECR registry, Coder needs AWS credentials (specifically your
+**access key ID** and **secret access key**) with authorization to access the
+provided registry. You can either use AWS credentials tied to your own AWS
+account *or* credentials tied to an IAM user specifically for Coder (we
+recommend the latter option).
+
+Note that you are not limited to providing one single set of AWS credentials.
+For example, you can use a set of credentials with access to all of your ECR
+repositories, or you can use individual sets of credentials, each with access to
+a single repository.
+
+To provision AWS credentials for Coder:
+
+1. **Optional:** [Create an IAM user for
+   Coder](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html)
+   to access ECR. You can either attach the AWS-managed policy
+   `AmazonEC2ContainerRegistryReadOnly` to the user, or you can [create your
+   own](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html).
+
+1. [Create an access
+   key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+   for the IAM user to be used with Coder (if one does not already exist).
+
+## Step 2: Add your private ECR registry to Coder
+
+You can add your private ECR registry at the same time that you [add your
+images](../../images/index.md). To import an image:
+
+1. In Coder, go to **Images** and click on **Import Image** in the upper-right.
+
+1. In the dialog that opens, you'll be prompted to pick a registry. However, to
+   _add_ a registry, click **Add a new registry** located immediately below the
+   registry selector.
+
+1. Provide a **registry name** and the **registry**.
+
+1. Set the **registry kind** to **ECR** and provide your **Access Key ID** and
+   **Secret Access Key**.
+
+1. Continue with the process of [adding your image](../../images/index.md).
+
+1. When done, click **Import**.
diff --git a/admin/registries/gcr.md b/admin/registries/gcr.md
index 6facf1d12..59ff2cdfc 100644
--- a/admin/registries/gcr.md
+++ b/admin/registries/gcr.md
@@ -3,9 +3,9 @@ title: "Google Container Registry"
 description: Add the Google Container Registry to Coder.
 ---
 
-Google Container Registry (GCR) uses different authorization methods, unlike
-the generic `registry:2` image that requires a username and password. This
-article will show you how to add GCR to Coder using a `_json_key` file.
+Google Container Registry (GCR) uses different authorization methods, unlike the
+generic `registry:2` image that requires a username and password. This article
+will show you how to add GCR to Coder using a `_json_key` file.
 
 ## Adding a private GCR registry
 
@@ -14,17 +14,18 @@ Create a `_json_key` file with your authorization information:
 1. In the [Google Cloud Console](https://console.cloud.google.com/), configure a
    service account for access to the GCR registry holding your images for use
    with Coder.
-1. Create a [JSON key
-   file](https://cloud.google.com/container-registry/docs/advanced-authentication#json-key).
+1. Create a
+   [JSON key file](https://cloud.google.com/container-registry/docs/advanced-authentication#json-key).
 
-Add your private GCR registry during the process of [adding
-images](../../images/index.md). To import an image:
+Add your private GCR registry during the process of
+[adding images](../../images/index.md). To import an image:
 
 1. Go to **Images** > **Import Image** in the upper-right.
 1. In the dialog that opens, you'll be prompted to pick a registry by default.
    However, to _add_ a registry, click **Add a new registry**, which is the
    option located immediately below the registry selector.
-1. You'll be asked to provide a **registry name** and the **registry**.
+1. You'll be asked to provide a **registry name** and the **registry**. You can
+   leave the **registry kind** as the default **Generic** value.
 1. Since your registry is a **private registry**, provide the `_json_key` string
    for the **username** and the file's contents for **password**.
 1. Continue with the process of [adding your image](../../images/index.md).
diff --git a/admin/registries/index.md b/admin/registries/index.md
index 7fa4ee2a2..05bfafed5 100644
--- a/admin/registries/index.md
+++ b/admin/registries/index.md
@@ -24,7 +24,8 @@ To import an image:
 1. **Optional.** If your registry is a **private registry** or you want to avoid
    hitting [rate limits](https://www.docker.com/increase-rate-limits), provide
    the **username** and **password** combination required to access the
-   registry.
+   registry. If your registry is a private **Amazon ECR Registry**, follow the
+   steps specific to [AWS ECR](./ecr.md).
 1. Continue with the process of [adding your image](../../images/index.md).
 1. When done, click **Import**.
 
@@ -43,5 +44,4 @@ To delete a registry:
 
 Coder does not support the following registries at this time:
 
-- Amazon ECR
 - GitHub Packages
diff --git a/assets/admin/create-an-org.png b/assets/admin/create-an-org.png
index 7533c6fba..8825d2975 100644
Binary files a/assets/admin/create-an-org.png and b/assets/admin/create-an-org.png differ
diff --git a/assets/admin/edit-an-org.png b/assets/admin/edit-an-org.png
index 05866bd70..fb74559af 100644
Binary files a/assets/admin/edit-an-org.png and b/assets/admin/edit-an-org.png differ
diff --git a/assets/admin/service-banners.png b/assets/admin/service-banners.png
new file mode 100644
index 000000000..38e32fff6
Binary files /dev/null and b/assets/admin/service-banners.png differ
diff --git a/assets/admin/system-banners.png b/assets/admin/system-banners.png
index 66517e2b6..9d7189a0e 100644
Binary files a/assets/admin/system-banners.png and b/assets/admin/system-banners.png differ
diff --git a/assets/service-banners.png b/assets/service-banners.png
deleted file mode 100644
index befd99248..000000000
Binary files a/assets/service-banners.png and /dev/null differ
diff --git a/changelog/1.24.0.md b/changelog/1.24.0.md
new file mode 100644
index 000000000..43caee838
--- /dev/null
+++ b/changelog/1.24.0.md
@@ -0,0 +1,66 @@
+---
+title: "1.24.0"
+description: "Released on 10/20/2021"
+---
+
+### Breaking changes ❗
+
+There are no breaking changes in 1.24.0.
+
+### Features ✨
+
+- web: added ability to pull images from private Amazon ECR repositories.
+- web: added alert to notify users when workspace disks are full.
+- web: added ability for end-users to set auto-off behavior for their
+  workspaces.
+- web: added information regarding applications used to the audit log.
+- web: updated the in-product changelog to display information for multiple
+  versions of Coder.
+- web: added ability to set the background color for all in-product banners with
+  a color picker.
+- infra: added auto-injection of TLS certificates into workspaces to ensure
+  secure communication with `coderd`.
+
+### Bug fixes 🐛
+
+- web: fixed rendering issues when using dark theme.
+- web: fixed issue with inability to update a registry name or URL.
+- web: fixed issue with Coder not displaying an error when there is an issue
+  during OIDC login.
+- web: fixed issue where large outputs would sometimes cause web terminals to
+  disconnect.
+- web: fixed issue with Intercom not loading for hosted beta users.
+- web: fixed issue with RStudio not launching.
+- web: fixed issue with password max length validation being too narrow for
+  registries (password length limit for image registries has been updated to 32
+  KiB).
+- web: fixed issue with incorrect dev URL status indicators
+- web: fixed issue with dev URLs sometimes not opening.
+- web: fixed issue with the **Save Preferences** button being permanently
+  disabled.
+- web: fixed issues with rendering icons in the user interface.
+- web: fixed issue with workspace templates sometimes not updating.
+- web: fixed issue with workspaces needing to be rebuilt twice after
+  regenerating an SSH key.
+- infra: fixed issue with inability to set `ulimit` inside cached CVMs.
+- api: removed ability for site managers to create site admins through the API.
+
+### Security updates 🔐
+
+- infra: removed dependency on vulnerable `jwt-go` package.
+- infra: updated login functionality to always hash passwords on login,
+  regardless of whether user exists or not, to mitigate timing attacks.
+- infra: applied the `Content-Type-Options: nosniff` header to `envagent` and
+  satellite responses.
+- infra: added `referrer-policy: no-referrer` header to responses from Coder
+  (including satellites) that include static content.
+- infra: added expiration date to dev URL cookies.
+
+### Known issues 🔧
+
+- web: the service banner (if enabled) reappears for all users, even if they've
+  previously dismissed it.
+- web: using the web terminal in Coder can
+  occasionally result in the connection being reset and needing to be restarted.
+- web: the **Switch workspace** drop-down menu shows a workspace's status as
+  **Building** even though the build process is completed.
diff --git a/manifest.json b/manifest.json
index 973fdfbf5..70af1cdb0 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,5 +1,14 @@
 {
-  "versions": ["v1.23", "v1.22", "v1.21", "v1.20", "v1.19", "v1.18", "v1.17"],
+  "versions": [
+    "v1.24",
+    "v1.23",
+    "v1.22",
+    "v1.21",
+    "v1.20",
+    "v1.19",
+    "v1.18",
+    "v1.17"
+  ],
   "routes": [
     {
       "path": "./index.md",
@@ -207,6 +216,9 @@
             {
               "path": "./admin/registries/default-registry.md"
             },
+            {
+              "path": "./admin/registries/ecr.md"
+            },
             {
               "path": "./admin/registries/gcr.md"
             }
@@ -428,6 +440,9 @@
     {
       "path": "./changelog/index.md",
       "children": [
+        {
+          "path": "./changelog/1.24.0.md"
+        },
         {
           "path": "./changelog/1.23.1.md",
           "children": [