Changelog
Note
This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Security Patch
-
Bump alpine to 3.23.3 in release/2.29 (#21879, 72afd36)
Updated the base image and dependencies to include patched version of OpenSSL. This addresses a critical stack-based buffer overflow in CMS message parsing that could lead to remote code execution or denial of service (CVE-2025-15467). There's no indication that this issue was exploitable in default Coder installations.
Compare: v2.29.4...v2.29.5
Container image
docker pull ghcr.io/coder/coder:v2.29.5
Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.