Changelog
Bug fixes
- Bump golang.org/x/net to v0.53.0 (CVE-2026-33814) (#25213, 836ff8f)
- Bump otel SDK from v1.42.0 to v1.43.0 (CVE-2026-39883) (#25214, 59248df)
- fix(security): bump gomarkdown/markdown to fix OOB read (GHSA-77fj-vx54-gvh7) (#25218, 17b857e)
- Bump goldmark to v1.7.17 to fix XSS (CVE-2026-5160) (#25216, cd6eb46)
- Dashboard: Remove flaky pagination test from WorkspacesPage (#24165, e7030b1)
- Server: Harden Azure identity certificate fetch (cherry-pick v2.31) (#25278, eb46116)
- Verify PKCS7 signature on Azure instance identity tokens (backport 2.31) (#25304, 6ff657f)
- fix(scripts/ironbank): rebuild bundled Terraform from source with Go 1.25.9 (#25260, dfe986b)
Chores
- Bump aws-sdk-go-v2/service/s3 to v1.97.3 (GHSA-xmrv-pmrh-hhx2) (#25212, f34f673)
- Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (release/2.31) (#25236, 441a9ab)
- Bump Go from 1.25.9 to 1.25.10 (#25220, bddd73d)
Compare: v2.31.11...v2.31.12
Container image
docker pull ghcr.io/coder/coder:2.31.12
Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.