Coder
Self-hosted cloud development environments on your infrastructure.
Coder hardens its core and quietly builds aibridge into a governed AI-agent gateway.
◆Recent moves
- 3d ago
Enforce external auth on workspace create; add OIDC broker flag
A small hardening patch on the stable line: workspace creation now enforces required external auth, plus an opt-in (and explicitly INSECURE) OIDC email-fallback flag for IdP brokers. Continues the post-disclosure auth-tightening arc.
View source ↗ - 3d ago
Backport OIDC broker fallback flag to the 2.32 branch
Backports the INSECURE OIDC broker fallback flag and a workspaces-table dashboard fix to the 2.32 branch. Parallel-branch maintenance rather than new capability.
View source ↗ - 5d ago
Pin agent API client; skip flaky Azure identity test (2.29)
Bug-fix-only patch on the oldest supported branch: pins the workspace agent API client to its intended agent and skips a flaky Azure identity test. Routine stability upkeep.
View source ↗ - 5d ago
aibridge adds Bedrock Opus 4.8 adaptive thinking; bug fixes
A mixed bug-fix release whose notable item is aibridge gaining support for Bedrock Opus 4.8 adaptive thinking, alongside prebuild-claim and enterprise proxy-header fixes. Small but on-trend for the AI-gateway buildout.
View source ↗ - 15d ago
Backport OIDC repair; enforce CLI token lifetime (2.29)
Maintenance backport to 2.29: restores OIDC auth-link repair, honors fixed lifetimes for CLI API tokens, and checks user-active status in aibridge auth. Keeps the older branch aligned with mainline security fixes.
View source ↗ - 21d ago
Coordinated security hardening: 15+ advisories, breaking OIDC changes
⚡ SPARKThe anchor of this window: a coordinated security-hardening release fixing 15+ advisories with breaking OIDC and proxy-trust changes. It marks the point where Coder's security posture—aibridge's in particular—got a systematic overhaul.
View source ↗