Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.20.0
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
BREAKING CHANGES
- Enforce agent names be case-insensitive-unique per-workspace (#16614, 3fddfef87) (
@ethanndickson)- Enforce regex for agent names (#16641, 9469b7829) (
@deansheather)Underscores and trailing, leading and double hyphens are now blocked in agent names.
Features
Organizations have reached general availability and Workspace Presets are available in beta. Read more about how to get started with these features in our monthly changelog.
- Orgs IDP sync - add combobox to select claim field value when sync field is set (#16335, 7f44189ed) (
@jaaydenh)Improves UX of entering IDP sync claims via the dashboard.
- Show warning on unrecognized idp org mapping claims (#16478, bcfeb726d) (
@aslilac)- Show warning on unrecognized idp group and role mapping claims (#16485, 323559ba8) (
@aslilac)
- Add combobox for selecting claim field value for group/role idp sync (#16459, 7076c4e4a) (
@jaaydenh)Automatically detects IDP claims once a provider is configured for entry in the dashboard.
- Improve resources_monitoring for OOM & OOD monitoring (#16241, 7cbd77fd9) (
@defelmnq)- Integrate agentAPI with resources monitoring logic (#16438, bc609d005) (
@defelmnq)Adds "resource alerts" as a native notification. Set thresholds on memory, disk to alert users when their workspaces are running low on resources.
- Add agentapi endpoint to report connections for audit (#16507, b07b33ec9) (
@mafredri)- Add workspace agent connect and app open audit types (#16493, b5329ae1c) (
@mafredri)Administrators and Auditors may now see agent connections and app opens in the audit log.
- Add notifications troubleshooting tab (#16650, e8a7b7e8c) (
@mtojek)- Add CLI tool to send a test notification (#16611, d2419c89a) (
@DanielleMaywood)
- Support the OAuth2 device flow with GitHub for signing in (#16585, 8c5e7007c) (
@hugodutka)- Show dialog with a redirect if permissions are required (#16661, 39f42bc11) (
@brettkolodny)- Enable soft delete for organizations (#16584, 546a549dc) (
@jaaydenh)Previously, administrators could not delete organizations, even if all contained resources were removed or deleted. This resolves that issue and allows administrators to clean up organizations.
- Implement sign up with GitHub for the first user (#16629, 67d89bb10) (
@hugodutka)- Enable GitHub OAuth2 login by default on new deployments (#16662, d3a56ae3e) (
@hugodutka)Users may now sign up with Github on a fresh deployment of Coder.
- Extend
OverrideVSCodeConfigsto support additional VS Code IDEs (#16654, 763921bc6) (@matifali)- Add provisioner tags field on template creation (#16656, 38ad8d1f3) (
@BrunoQuaresma)- Include winres metadata in Windows binaries (#16742, 36186bbb7)
- Implement WorkspaceCreationBan organization role (#16786, 4633658d5) (
@Emyrk)Allows administrators to assign the native "Workspace creation ban" to users and prevent them from creating workspaces.
- Agent: Add container list handler (#16346, 31b1ff7d3) (
@johnstcn)This PR adds an API endpoint to coderd
/api/v2/workspaceagents/:id/containersthat allows listing containers visible to the agent. Optional filtering by labels is supported.- Agent: Add
CODER_AGENT_DEVCONTAINERS_ENABLEoption (#16525, 35901028d) (@johnstcn)
... (truncated)
Commits
03b5012feat: update default audit log avatar (cherry-pick #16774) (#16805)a5eb06efix: add org role read perm to site template admins and auditors (cherry-pick...8aec4f2chore: create collapsible summary component (cherry-pick #16705) (#16794)e54e31echore: add an unassign action for roles (cherry-pick #16728) (#16791)32dc903fix: allow viewOrgRoles for custom roles page (cherry-pick #16722) (#16789)7381f9achore: warn user without permissions to view org members (cherry-pick #16721)...4633658feat: implement WorkspaceCreationBan org role (cherry-pick #16686) (#16786)6da3c9dfix: allow orgs with default github provider (cherry-pick #16755) (#16784)99a5d72docs: suggest disabling the default GitHub OAuth2 provider on k8s (cherry-pic...fc0db40docs: document default GitHub OAuth2 configuration and device flow (2.20) (#1...- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-go's releases.
v5.4.0
What's Changed
Dependency updates :
- Upgrade semver from 7.6.0 to 7.6.3 by
@dependabotin actions/setup-go#535- Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by
@dependabotin actions/setup-go#536- Upgrade
@action/cachefrom 4.0.0 to 4.0.2 by@aparnajyothi-yin actions/setup-go#568- Upgrade undici from 5.28.4 to 5.28.5 by
@dependabotin actions/setup-go#541New Contributors
@aparnajyothi-ymade their first contribution in actions/setup-go#568Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.4.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.20.2
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Hide deleted users from org members query (#16830, 3569e56cf) (
@aslilac)- Fix deployment settings navigation issues (#16780, 8a3ebaca0) (
@aslilac)Compare:
v2.20.1...v2.20.2Container image
docker pull ghcr.io/coder/coder:v2.20.2Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.20.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Remove provisioners from deployment sidebar (#16927, bdd7794e8)
- Prevent audit log search from crashing with regular use (#16944, dba881fc7)
Compare:
v2.20.0...v2.20.1Container image
docker pull ghcr.io/coder/coder:v2.20.1Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Commits
8a3ebacfix: fix deployment settings navigation issues (cherry-pick #16780) (#16790)3569e56fix: hide deleted users from org members query (cherry-pick #16830) (#16832)dba881ffix: fix audit log search (cherry-pick #16944) (#16945)b615a35chore: use org-scoped roles for organization user e2e tests (cherry-pick #166...bdd7794fix: remove provisioners from deployment sidebar (cherry-pick #16717) (#16927)- See full diff in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-testing's releases.
v1.12.0
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#454)
FEATURES:
- knownvalue: added function checks for custom validation of resource attribute or output values. (#412)
ENHANCEMENTS:
- knownvalue: Updated the
ObjectExacterror message to report extra/missing attributes from the actual object. (#451)- plancheck: Improved the unknown value plan check error messages to include a known value if one exists. (#450)
BUG FIXES:
- plancheck: Fixed bug with all unknown value plan checks where a valid path would return a "path not found" error. (#450)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-testing's changelog.
1.12.0 (March 18, 2025)
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#454)
FEATURES:
- knownvalue: added function checks for custom validation of resource attribute or output values. (#412)
ENHANCEMENTS:
- knownvalue: Updated the
ObjectExacterror message to report extra/missing attributes from the actual object. (#451)- plancheck: Improved the unknown value plan check error messages to include a known value if one exists. (#450)
BUG FIXES:
- plancheck: Fixed bug with all unknown value plan checks where a valid path would return a "path not found" error. (#450)
Commits
1ffb3e0Update changelogb0b505eplancheck: Include known value in error message when asserting an unknown val...41b2d19Add the missing/extra attribute names to the error message for `knownvalue.Ob...b505110build(deps): Bump github.com/hashicorp/go-cty from 1.4.1 to 1.5.0 (#457)b940385chore: Update minimum Go version in module (#454)96ff574knownvalue: Introduce function checks for primitive types (#412)5f414d2Result of tsccr-helper -log-level=info gha update -latest .github/ (#447)2113550chore: FIx golangci linters (#446)13c4fb0build(deps): Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#437)9a146e5build(deps): Bump github.com/hashicorp/terraform-plugin-sdk/v2 (#433)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.0.4
28.0.4
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix a regression causing
docker pull/pushto fail when interacting with a private repository. docker/cli#5964v28.0.3
28.0.3
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix
docker runtruncating theSTDOUT/STDERRprematurely when the container exits before the data is consumed. docker/cli#5957Packaging updates
- Update BuildKit to v0.20.2. moby/moby#49698
- Update
runcto v1.2.6 (static packages only). moby/moby#49682- Update containerd to v1.7.26. docker/containerd-packaging#409
v28.0.2
28.0.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix CLI-specific attributes (
docker.cli.*) being unintentionally passed to downstream OTel services. docker/cli#5842- Fix an issue where user-specified
OTEL_RESOURCE_ATTRIBUTESwere being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. docker/cli#5842- Fix daemon failing to start on Windows when a container created before v28.0.0 was present. moby/moby#49626
- Fix possible error on
docker buildx prunewith the--min-free-space. moby/moby#49623- Fix spurious
io: read/write on closed pipeerror in the daemon log when closing container. moby/moby#49590- Fix the Docker daemon failing too early if the containerd socket isn't immediately available. moby/moby#49603
- Mask Linux thermal interrupt info in a container's
/procand/sysby default. moby/moby#49560- Update
contrib/check-config.shto check for more kernel modules related to iptables. moby/moby#49622- containerd image store: Fix integer overflow in User ID handling passed via
--user. moby/moby#49652- containerd image store: Fix spurious
reference for unknown type: application/vnd.in-toto+jsonwarning being logged to the daemon's log. moby/moby#49652
... (truncated)
Commits
6430e49Merge pull request #49700 from vvoland/missing-buildtagscc90726Add missing go1.22 build constraints330857aMerge pull request #49698 from jsternberg/buildkit-0.20.22fce935vendor: github.com/moby/buildkit v0.20.2ecb03c4Merge pull request #49691 from thaJeztah/bump_selinuxaccda31Merge pull request #49562 from thaJeztah/switch_cgroups6a0f71cMerge pull request #49686 from thaJeztah/attach_nitse2011afMerge pull request #49692 from thaJeztah/rm_aliases3e957c6remove some redundant import-aliases4db84b1switch to github.com/opencontainers/cgroups- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from crazy-max/ghaction-import-gpg's releases.
v6.3.0
- Bump openpgp from 5.11.2 to 6.1.0 in crazy-max/ghaction-import-gpg#215
- Bump cross-spawn from 7.0.3 to 7.0.6 in crazy-max/ghaction-import-gpg#212
Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.2.0...v6.3.0
Commits
e89d409Merge pull request #215 from crazy-max/dependabot/npm_and_yarn/openpgp-6.1.09239589fix README177db9dchore: update generated content78b11f3build(deps): bump openpgp from 5.11.2 to 6.1.0bc96911Merge pull request #218 from crazy-max/bake-v6b70aa9bci: update bake-action to v6d690cc9Merge pull request #212 from crazy-max/dependabot/npm_and_yarn/cross-spawn-7.0.69e887f4Merge pull request #211 from crazy-max/dependabot/github_actions/codecov/code...442980bci: fix deprecated codecov inputa0098b6Merge pull request #217 from crazy-max/gha-perms- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from goreleaser/goreleaser-action's releases.
v6.3.0
- Bump undici from 5.28.3 to 5.28.5 in goreleaser/goreleaser-action#488
Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Commits
e1fcd82html: properly handle trailing solidus in unquoted attribute value in foreign...ebed060internal/http3: fix build of tests with GOEXPERIMENT=nosynctest1f1fa29publicsuffix: regenerate table1215081http2: improve error when server sends HTTP/1312450ehtml: ensure <search> tag closes <p> and update tests09731f9http2: improve handling of lost PING in Server55989e2http2/h2c: use ResponseController for hijacking connections2914f46websocket: re-recommend gorilla/websocket- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.1.1
28.1.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix
dockerd-rootless-setuptool.shincorrectly reporting missingiptables. moby/moby#49833- containerd image store: Fix a potential daemon crash when using
docker loadwith archives containing zero-size tar headers. moby/moby#49837Packaging updates
- Update Buildx to v0.23.0. docker/docker-ce-packaging#1185
- Update Compose to v2.35.1. docker/docker-ce-packaging#1188
Networking
- Add a warning to a container's
/etc/resolv.confwhen no upstream DNS servers were found. moby/moby#49827v28.1.0
28.1.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.1.0 milestone
- moby/moby, 28.1.0 milestone
- Changes to the Engine API, see API version history.
New
- Add
docker bakesub-command as alias fordocker buildx bake. docker/cli#5947- Experimental: add a new
--use-api-socketflag ondocker runanddocker createto enable access to Docker socket from inside a container and to share credentials from the host with the container. docker/cli#5858docker image inspectnow supports a--platformflag to inspect a specific platform of a multi-platform image. docker/cli#5934Bug fixes and enhancements
- Add CLI shell-completion for context names. docker/cli#6016
- Fix
docker images --treenot including non-container images content size in the total image content size. docker/cli#6000- Fix
docker loadnot preserving replaced images. moby/moby#49650- Fix
docker loginhints when logging in to a custom registry. docker/cli#6015- Fix
docker statsnot working properly on machines with high CPU core count. moby/moby#49734- Fix a regression causing
docker pull/pushto fail when interacting with a private repository. docker/cli#5964- Fix an issue preventing rootless Docker setup on a host with no
ip_tableskernel module. moby/moby#49727- Fix an issue that could lead to unwanted iptables rules being restored and never deleted following a firewalld reload. moby/moby#49728
- Improve CLI completion of
docker service scale. docker/cli#5968docker images --treenow hides both untagged and dangling images by default. docker/cli#5924docker system infowill provide an exit code if a connection cannot be established to the Docker daemon. docker/cli#5918
... (truncated)
Commits
01f442bMerge pull request #49588 from thaJeztah/bump_go_build_tagse03c0f0Merge pull request #49834 from thaJeztah/cleanup_ignore8dde918Merge pull request #49837 from thaJeztah/bump_containerd_2.0.5e70ce7aMerge pull request #49833 from vvoland/rootless-iptables-checkfc8361cvendor: github.com/containerd/containerd v2.0.562f51e4vendor: golang.org/x/oauth2 v0.29.0bbbb003cleanup ignore filesead379acontrib/rootless-setuptool: Fix iptables detection7c52c4dupdate go:build tags to go1.23 to align with vendor.mod6573a13Merge pull request #49827 from robmry/warn_no_ext_nameservers- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show