Stable (since May 13, 2026)
Changelog
Bug fixes
- Bump golang.org/x/net to v0.53.0 (CVE-2026-33814) (#25224, 561e42d)
- fix(go.mod): bump gomarkdown to fix GHSA-77fj-vx54-gvh7 (v2.32) (#25225, a7e6c6e)
- Cherry-pick OTel SDK v1.43.0 for CVE-2026-39883 (v2.32.x) (#25227, be2cd7a)
- Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (#25240, bbe0286)
- Dashboard: Move pagination test from vitest to storybook story (#24165, da939aa)
- Upgrade Go toolchain from 1.25.9 to 1.25.10 (#25228, 315e800)
- fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25249, d944b92)
- Server: Harden Azure identity certificate fetch (cherry-pick v2.32) (#25277, 25219f3)
- Verify PKCS7 signature on Azure instance identity tokens (backport 2.32) (#25303, d6e9344)
- Server: Backport frame-ancestors CSP fixes to 2.32 (#24474, #24529) (#24806, 5f343bc)
Compare: v2.32.1...v2.32.2
Container image
docker pull ghcr.io/coder/coder:2.32.2
Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.