Stable (since October 28, 2024)

Changelog

Security fixes

• Dashboard: Sanitize login redirect (#15208) (#15220, f214d03)

  Resolves an issue which allows attackers to craft a Coder URL that when clicked by a logged in user, could redirect them to a website the attacker controls, e.g. google.com. For details on resolution see this advisory on Github.

Bug fixes

• Log provider stack traces on text file busy (#15249, e4964ae) (@spikecurtis)
• Fix error handling to prevent spam in proc prio management (#15071) (#15095, c9c90c4)

Compare: v2.15.3...v2.15.4

Container image

• docker pull ghcr.io/coder/coder:v2.15.4

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.