Coder - Browse /v2.29.17 at SourceForge.net

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
provisioner_helm_2.29.17.tgz	2026-06-12	15.6 kB	0
coder_helm_2.29.17.tgz	2026-06-12	12.3 kB	0
coder_2.29.17_windows_arm64.zip	2026-06-12	158.2 MB	0
coder_docs_2.29.17.tgz	2026-06-12	76.0 MB	0
coder_2.29.17_windows_amd64_installer.exe	2026-06-12	144.5 MB	0
coder_2.29.17_linux_armv7.tar.gz	2026-06-12	159.4 MB	0
coder_2.29.17_sbom.spdx.json	2026-06-12	1.5 MB	0
coder_2.29.17_windows_amd64.zip	2026-06-12	163.1 MB	0
coder_2.29.17_linux_armv7.deb	2026-06-12	160.5 MB	0
coder_2.29.17_linux_armv7.rpm	2026-06-12	164.0 MB	0
coder_2.29.17_linux_armv7.apk	2026-06-12	163.9 MB	0
coder_2.29.17_linux_arm64.tar.gz	2026-06-12	158.3 MB	0
coder_2.29.17_linux_arm64.deb	2026-06-12	159.3 MB	0
coder_2.29.17_linux_arm64.rpm	2026-06-12	162.6 MB	0
coder_2.29.17_linux_amd64.tar.gz	2026-06-12	162.6 MB	0
coder_2.29.17_linux_arm64.apk	2026-06-12	162.6 MB	0
coder_2.29.17_linux_amd64.deb	2026-06-12	163.3 MB	0
coder_2.29.17_linux_amd64.rpm	2026-06-12	167.1 MB	0
coder_2.29.17_checksums.txt	2026-06-12	2.0 kB	0
coder_2.29.17_checksums.txt.asc	2026-06-12	833 Bytes	0
coder_2.29.17_darwin_amd64.zip	2026-06-12	165.7 MB	0
coder_2.29.17_darwin_arm64.zip	2026-06-12	161.4 MB	0
coder_2.29.17_linux_amd64.apk	2026-06-12	167.1 MB	0
README.md	2026-06-12	5.8 kB	0
v2.29.17 [SECURITY] source code.tar.gz	2026-06-12	97.3 MB	0
v2.29.17 [SECURITY] source code.zip	2026-06-12	101.1 MB	0
Totals: 26 Items		3.0 GB	0

[!IMPORTANT] Security hardening release.
This patch addresses vulnerabilities responsibly disclosed to Coder by Anthropic's Project Glasswing under their coordinated vulnerability disclosure program.
We strongly recommend upgrading.
See the Security patches section below for the fixed issues and their advisories.

Changelog

BREAKING CHANGES

Only trust x-forwarded-host from configured trusted proxies (#26204, 77896ddd9d) (@geokat) (GHSA-5g4w-3vw9-478w)
fix(coderd)!: restrict OIDC email fallback to first-time account linking (#25712, ed7e9240fc) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
fix!: reject OIDC login when email_verified claim is non-bool or absent (#25713, 3db810caeb) (GHSA-9r87-mvcw-x35f, GHSA-75vm-6w67-gwvp)
fix!: validate HostnameSuffix and SSHConfigOptions' (#26154, 320e549fe8) (GHSA-mcqq-fqgf-rxwm)

Security patches

Server: Verify workspace owner matches app username (#26085, e01d3f401d) (GHSA-5wg6-jmq2-53pw)
Reject oversized and invalid zip uploads (#25877, 069f6cf5f6) (GHSA-2mg2-p7r7-g27f)
Escape agent log HTML (#25808, a51dbcfc02) (GHSA-7qw2-f75v-62f7)
Agent: Prevent command injection in shell execer (#26235, 4aa84f2e6a) (@zedkipp) (GHSA-359v-rvmf-m3g9)
Server: Prevent user-admin from resetting owner password (#25709, 833eaf8a9d) (GHSA-29xf-69gq-m9jx)
Validate FileSize in NewDataBuilder to prevent OOM DoS (#25710, 6f5ff1bb33) (GHSA-f962-qm93-mj4c)
Validate agent-supplied AllowedIPs in coordinator (backport #26144) (#26295, 9181b84440) (GHSA-wrq8-fcv5-8hvp)
Server: Prevent cross-tenant workspace app rebinding (#26103, c05b4d94e6) (@dylanhuff-at-coder) (GHSA-9rjw-3gwp-f59v)
CLI: Prevent session token exfiltration via external app URLs (#26146, 2044599fff) (@zedkipp) (GHSA-v54h-cp2w-9x4g)
Clamp template port sharing level in SubAgentAPI (#26061, c1889d0cbd) (GHSA-x9qq-2qh5-8rxf)
Server: Use a random value for a simulated hash for built-in users (#26205, 0951f90b5e) (GHSA-8fxq-53rx-ph5f)
Server: Require update permission to recreate devcontainers (#25812, 18ded827b1) (GHSA-jqj2-x4c5-jfxm)
Dashboard: Escape appearance values in HTML output (#25804, 77253bfc55) (GHSA-h58c-xccx-75m3)