This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+3 more
Summary
AI summaryUpdates Bug fixes, Container image, and Server across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Bugfix | Medium |
Update tailscale fork to fix TSMP/ICMP callback leak (backport 2.32) Update tailscale fork to fix TSMP/ICMP callback leak (backport 2.32) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Bugfix | Medium |
Server detects concurrent refresh race to prevent cache poisoning Server detects concurrent refresh race to prevent cache poisoning Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Bugfix | Medium |
Server detects rate-limit 403 and narrows isFailedRefresh Server detects rate-limit 403 and narrows isFailedRefresh Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
Full changelog
Stable (since May 19, 2026)
Changelog
Bug fixes
- Update tailscale fork to fix TSMP/ICMP callback leak (backport 2.32) (#25473, 17aed0a3ef)
- Server: Detect concurrent refresh race to prevent cache poisoning (#24228, 26e1515899)
- Server: Detect rate-limit 403 and narrow isFailedRefresh (#24334, e4defea43c)
Compare: v2.32.3...v2.32.4
Container image
docker pull ghcr.io/coder/coder:2.32.4
Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]