Stable (since December 09, 2025)

Changelog

Security Update

• Update react to apply patch for CVE-2025-55182 (#21084) (#21175, df47153)

  Coder is not affected. This vulnerability specifically targets implementations using React Server Components. As Coder does not utilize Server Components, there is no exploitable attack surface. We are applying this patch proactively to limit security tooling noise and avoid unnecessary concerns.

Compare: v2.28.5...v2.28.6

Container image

• docker pull ghcr.io/coder/coder:v2.28.6

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.