C
Coder
INFRA · APIS
Velocity5.0
Self-hosted cloud development environments on your infrastructure.
Coder ships security backports across its 2.29 and 2.31 maintenance lines
developer-platformself-hostedsecurity-patchesnetworkingmaintenanceopen-source
◆Current state
Coder's recent releases are maintenance-only: CVE fixes in go-git plus crypto and net dependency upgrades (2.29.16), and a Tailscale-fork fix for a TSMP/ICMP callback leak backported across the 2.29 and 2.31 lines. No new product capability is visible in this window; the work is dependency hygiene and networking stability.
◆Where it's heading
The pattern is disciplined backporting of security and networking fixes across multiple supported release lines, typical of a self-hosted platform serving enterprise installs that pin versions. Feature direction is not observable from these entries.
◆Prediction
Expect continued patch releases with security upgrades and networking fixes backported across the supported 2.29 and 2.31 lines.
◆Recent moves
- 8d ago
v2.29.16: go-git CVE and crypto/net upgrades
Backports go-git CVE fixes and crypto/net dependency upgrades to the 2.29 line and avoids clobbering dynamic parameters, a security-hygiene patch for pinned enterprise installs.
View source ↗ - 19d ago
v2.31.14: fix Tailscale TSMP/ICMP callback leak
Updates the Tailscale fork to fix a TSMP/ICMP callback leak on the 2.31 line, a networking-stability fix for the platform's mesh connectivity.
View source ↗ - 19d ago
v2.29.15: Tailscale leak fix backport
The same Tailscale TSMP/ICMP callback-leak fix backported to the 2.29 line, mirroring the 2.31 patch as part of cross-line maintenance.
View source ↗