coder

v2.32.5 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 4d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

agents dev-tools development-environment go ide jetbrains

+3 more

remote-development terraform vscode

Affected surfaces

deps

Summary

AI summary

Updates Bug fixes, Container image, and https://github.com/coder/coder/compare/v2.32.4...v2.32.5 across a mixed release.

Full changelog

Stable (since May 30, 2026)

Changelog

Bug fixes

Do not clobber dynamic parameters (backport #24645 to 2.32) (#25827, 9614d55400)
Upgrade golang.org/x/crypto to v0.52.0 (12 ssh CVEs) (#25780, ad37de53c4)
Bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#25776, 0610ae7a0c)
Upgrade golang.org/x/net to v0.55.0 (5 html CVEs) (#25772, 443bc1a338)

Documentation

Fix broken references and add users oidc-claims to manifest (#25706, 3fe6edd83f)

Compare: v2.32.4...v2.32.5

Container image

docker pull ghcr.io/coder/coder:2.32.5

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

Security Fixes

dep: golang.org/x/crypto v0.52.0 – fixes CVE-2026‑XXXXX, CVE-2026‑YYYYY (12 ssh vulnerabilities)
dep: golang.org/x/net v0.55.0 – fixes CVE-2026‑ZZZZZ, CVE-2026‑AAAAA (5 html vulnerabilities)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track coder

Get notified when new releases ship.

About coder

Secure environments for developers and their agents

All releases →