Stable (since September 04, 2025)

Changelog

Security Fixes

• Expire token for prebuilds user when regenerating session token (#19667) (#19668, ec66090) (@johnstcn)

  ⚠ Fixes an issue allowing previously authenticated users to claim prebuilt workspaces created from templates using the coder-login module. Read more in our GHSA for this vulnerability.

• Server: Add audit log on creating a new session key (#19672) (#19684, a79adb1) (@johnstcn)

  Adds an audit log entry when an API key is created via coder login.

Compare: v2.24.3...v2.24.4

Container image

• docker pull ghcr.io/coder/coder:v2.24.4

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.