code-server
Advanced tools
Changelog
4.10.1 - 2023-03-04
Code v1.75.1
Added an origin check to web sockets to prevent cross-site hijacking attacks on users using older or niche browser that do not support SameSite cookies and attacks across sub-domains that share the same root domain.
The check requires the host header to be set so if you use a reverse proxy ensure it forwards that information otherwise web sockets will be blocked.
Changelog
4.9.1 - 2022-12-15
Code v1.73.1
npm
and yarn
consistently depending on the step.Changelog
4.9.0 - 2022-12-06
Code v1.73.1
/security.txt
added as a route with info on our security policy information thanks to @ghuntley--noconfirm
flag in install.sh
--cert
on Ubuntu 22.04: OpenSSL v3 is used which breaks pem
meaning the
--cert
feature will not work. ReferenceChangelog
4.8.2 - 2022-11-02
Code v1.72.1
coder/coder
. This is enabled by default but can be disabled by passing the CLI
flag --disable-getting-started-override
or setting
CS_DISABLE_GETTING_STARTED_OVERRIDE=1
or
CS_DISABLE_GETTING_STARTED_OVERRIDE=true
.