Dec 12, 2023 · Dec 11, 2023 · Dec 11, 2023 · Dec 11, 2023 · Dec 11, 2023 · Dec 11, 2023
diff --git a/docs/admin/auth.md b/docs/admin/auth.md
 [azure-gids]:
  https://github.com/MicrosoftDocs/azure-docs/issues/59766#issuecomment-664387195

 ### Group allowlist

 You can limit which groups from your identity provider can log in to Coder with
 [CODER_OIDC_ALLOWED_GROUPS](https://coder.com/docs/v2/latest/cli/server#--oidc-allowed-groups).
 Users who are not in a matching group will see the following error:

 ![Unauthorized group error](../images/admin/group-allowlist.png)

 ### Troubleshooting

 Some common issues when enabling group sync.
diff --git a/docs/changelogs/README.md b/docs/changelogs/README.md
 export CODER_IGNORE_MISSING_COMMIT_METADATA=1
 export BRANCH=main
 ./scripts/release/generate_release_notes.sh \
  --old-version=v2.4.0 \
  --new-version=v2.4.1 \
  --old-version=v2.5.0 \
  --new-version=v2.5.1 \
  --ref=$(git rev-parse --short "${ref:-origin/$BRANCH}") \
  > ./docs/changelogs/v2.4.1.md
  > ./docs/changelogs/v2.5.0.md
 ```
diff --git a/docs/changelogs/v2.5.0.md b/docs/changelogs/v2.5.0.md
 ## Changelog

 ### Features

 - Templates can now be deprecated in "template settings" to warn new users and prevent new workspaces from being created (#10745) (@Emyrk)
  ![Deprecated template](https://gist.github.com/assets/22407953/5883ff54-11a6-4af0-afd3-ad77be1c4dc2)
  > This is an [Enterprise feature](https://coder.com/docs/v2/latest/enterprise).
 - Add user/settings page for managing external auth (#10945) (@Emyrk)
  ![External auth settings](https://gist.github.com/assets/22407953/99252719-7255-426e-ba88-55d08dd04586)
 - Allow auditors to read template insights (#10860) (@johnstcn)
 - Add support for custom permissions in Helm chart `rbac.yaml` file (#10590) (@lbi22)
 - Add `workspace_id`, `owner_name` to agent manifest (#10199) (@szab100)
 - Allow identity provider to return single string for roles/groups claim (#10993) (@Emyrk)
 - Add endpoints to list all auth-ed external apps (#10944) (@Emyrk)
 - Support v2 Tailnet API in AGPL coordinator (#11010) (@spikecurtis)
 - Dormant workspaces now appear in the default workspaces list (#11053) (@sreya)
 - Include server agent API version in buildinfo (#11057) (@spikecurtis)
 - Restart stopped workspaces on `coder ssh` command (#11050) (@Emyrk)
 - You can now specify an [allowlist for OIDC Groups](https://coder.com/docs/v2/latest/admin/auth#group-allowlist) (#11070) (@Emyrk)
 - Display 'Deprecated' warning for agents using old API version (#11058) (@spikecurtis)
 - Add support for `coder_env` resource to set environment variables within a workspace (#11102) (@mafredri)
 - Handle session signals (#10842) (@mafredri)
 - Allow specifying names of provisioner daemons (#11077) (@johnstcn)
 - Preserve old agent logs (#10776) (@ammario)
 - Store workspace proxy version in the database (#10790) (@johnstcn)
 - Add `last_seen_at` and version to provisioner_daemons table (#11033) (@johnstcn)
 - New layout for web-based template editor (#10912) (@BrunoQuaresma)
  ![Template editor layout](https://gist.github.com/assets/22407953/0351f0bd-6872-4186-a704-a403048e5758)
 - Add `arm64` and `amd64` portable binaries to `winget` (#11030) (@matifali)
 - Add claims to oauth link in db for debug (#10827) (@Emyrk)
 - Change login screen layout (#10768) (@BrunoQuaresma)

 ### Bug fixes

 - Automatically purge inactive provisioner daemons after 7 days (#10949) (@mtojek)
 - All migrations run in a transaction to avoid broken migrations (#10966) (@coadler)
 - Set `ignore_changes` on EC2 example templates (#10773) (@ericpaulsen)
 - Stop redirecting DERP and replicasync http requests (#10752) (@spikecurtis)
 - Prevent alt text from appearing if OIDC icon fail to load (#10792) (@Parkreiner)
 - Fix insights metrics comparison (#10800) (@mtojek)
 - Clarify language in orphan section of delete modal (#10764) (@Kira-Pilot)
 - Prevent change in defaults if user unsets in template edit (#10793) (@Emyrk)
 - Only update last_used_at when connection count > 0 (#10808) (@sreya)
 - Update workspace cleanup flag names for template cmds (#10805) (@sreya)
 - Give SSH stdio sessions a chance to close before closing netstack (#10815) (@spikecurtis)
 - Preserve order of node reports in healthcheck (#10835) (@mtojek)
 - Enable FeatureHighAvailability if it is licensed (#10834) (@spikecurtis)
 - Skip autostart for suspended/dormant users (#10771) (@coadler)
 - Display explicit 'retry' button(s) when a workspace fails (#10720) (@Parkreiner)
 - Improve exit codes for agent/agentssh and cli/ssh (#10850) (@mafredri)
 - Detect and retry reverse port forward on used port (#10844) (@spikecurtis)
 - Document workspace filter query param correctly (#10894) (@Kira-Pilot)
 - Hide groups in account page if not enabled (#10898) (@Parkreiner)
 - Add spacing for yes/no prompts (#10907) (@f0ssel)
 - Numerical validation grammar (#10924) (@ericpaulsen)
 - Insert replica when removed by cleanup (#10917) (@f0ssel)
 - Update autostart context to include querying users (#10929) (@sreya)
 - Clear workspace name validation on field dirty (#10927) (@Kira-Pilot)
 - Redirect to new url after template name update (#10926) (@Kira-Pilot)
 - Do not allow selection of unsuccessful versions (#10941) (@f0ssel)
 - Parse username/workspace correctly on `coder state pull --build` (#10973) (#10974) (@spikecurtis)
 - Handle 404 on unknown top level routes (#10964) (@f0ssel)
 - FIX `UpdateWorkspaceDormantDeletingAt` interval out of range (#11000) (@coadler)
 - Create centralized PaginationContainer component (#10967) (@Parkreiner)
 - Use database for user creation to prevent flake (#10992) (@f0ssel)
 - Pass in time parameter to prevent flakes (#11023) (@f0ssel)
 - Respect header flags in wsproxy server (#10985) (@deansheather)
 - Update tailscale to include fix to prevent race (#11032) (@spikecurtis)
 - Disable prefetches for audits table (#11040) (@Parkreiner)
 - Increase default staleTime for paginated data (#11041) (@Parkreiner)
 - Display app templates correctly in build preview (#10994) (@Kira-Pilot)
 - Redirect unauthorized git users to login screen (#10995) (@Kira-Pilot)
 - Use unique workspace owners over unique users (#11044) (@f0ssel)
 - Avoid updating agent stats from deleted workspaces (#11026) (@f0ssel)
 - Track JetBrains connections (#10968) (@code-asher)
 - Handle no memory limit in `coder stat mem` (#11107) (@f0ssel)
 - Provide helpful error when no login url specified (#11110) (@f0ssel)
 - Return 403 when rebuilding workspace with require_active_version (#11114) (@sreya)
 - Use provisionerd context when failing job on canceled acquire (#11118) (@spikecurtis)
 - Ensure we are talking to coder on first user check (#11130) (@f0ssel)
 - Prevent logging error for query cancellation in `watchWorkspaceAgentMetadata` (#10843) (@mafredri)
 - Disable CODER_DERP_SERVER_STUN_ADDRESSES correctly (#10840) (@strike)
 - Remove anchor links from headings in admin/healthcheck.md (#10975) (@johnstcn)
 - Use mtime instead of atime (#10893) (#10892) (@johnstcn)
 - Correctly interpret timezone based on offset in `formatOffset` (#10797) (@mafredri)
 - Use correct default insights time for day interval (#10837) (@mafredri)
 - Fix filter font size (#11028) (@BrunoQuaresma)
 - Fix padding for loader (#11046) (@BrunoQuaresma)
 - Fix template editor route (#11063) (@BrunoQuaresma)
 - Use correct permission when determining orphan deletion privileges (#11143) (@sreya)

 ### Documentation

 - Align CODER_HTTP_ADDRESS with document (#10779) (@JounQin)
 - Migrate all deprecated `CODER_ADDRESS `to `CODER_HTTP_ADDRESS` (#10780) (@JounQin)
 - Add documentation for template update policies (experimental) (#10804) (@sreya)
 - Fix typo in additional-clusters.md (#10868) (@bpmct)
 - Update FE guide (#10942) (@BrunoQuaresma)
 - Add warning about Sysbox before installation (#10619) (@bartonip)
 - Add license and template insights prometheus metrics (#11109) (@ericpaulsen)
 - Add documentation for template update policies (#11145) (@sreya)

 ### Other changes

 - Document suspended users not consuming seat (#11045) (@ericpaulsen)
 - Fix small typo in docs/admin/configure (#11135) (@stirby)

 Compare: [`v2.4.0...v2.5.0`](https://github.com/coder/coder/compare/v2.4.0...v2.5.0)

 ## Container image

 - `docker pull ghcr.io/coder/coder:v2.5.0`

 ## Install/upgrade

 Refer to our docs to [install](https://coder.com/docs/v2/latest/install) or [upgrade](https://coder.com/docs/v2/latest/admin/upgrade) Coder, or use a release asset below.
diff --git a/docs/images/admin/group-allowlist.png b/docs/images/admin/group-allowlist.png
Original file line number	Diff line number	Diff line change
Expand Up		@@ -315,6 +315,14 @@ OIDC provider will be added to the `myCoderGroupName` group in Coder.
		[azure-gids]:
		https://github.com/MicrosoftDocs/azure-docs/issues/59766#issuecomment-664387195

		### Group allowlist

		You can limit which groups from your identity provider can log in to Coder with
		[CODER_OIDC_ALLOWED_GROUPS](https://coder.com/docs/v2/latest/cli/server#--oidc-allowed-groups).
		Users who are not in a matching group will see the following error:

		![Unauthorized group error](../images/admin/group-allowlist.png)

		### Troubleshooting

		Some common issues when enabling group sync.
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -13,8 +13,8 @@ git checkout main; git pull; git fetch --all
		export CODER_IGNORE_MISSING_COMMIT_METADATA=1
		export BRANCH=main
		./scripts/release/generate_release_notes.sh \
		--old-version=v2.4.0 \
		--new-version=v2.4.1 \
		--old-version=v2.5.0 \
		--new-version=v2.5.1 \
		--ref=$(git rev-parse --short "${ref:-origin/$BRANCH}") \
		> ./docs/changelogs/v2.4.1.md
		> ./docs/changelogs/v2.5.0.md
		```
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,116 @@
		## Changelog

		### Features

		- Templates can now be deprecated in "template settings" to warn new users and prevent new workspaces from being created (#10745) (@Emyrk)
		![Deprecated template](https://gist.github.com/assets/22407953/5883ff54-11a6-4af0-afd3-ad77be1c4dc2)
		> This is an [Enterprise feature](https://coder.com/docs/v2/latest/enterprise).
		- Add user/settings page for managing external auth (#10945) (@Emyrk)
		![External auth settings](https://gist.github.com/assets/22407953/99252719-7255-426e-ba88-55d08dd04586)
		- Allow auditors to read template insights (#10860) (@johnstcn)
		- Add support for custom permissions in Helm chart `rbac.yaml` file (#10590) (@lbi22)
		- Add `workspace_id`, `owner_name` to agent manifest (#10199) (@szab100)
		- Allow identity provider to return single string for roles/groups claim (#10993) (@Emyrk)
		- Add endpoints to list all auth-ed external apps (#10944) (@Emyrk)
		- Support v2 Tailnet API in AGPL coordinator (#11010) (@spikecurtis)
		- Dormant workspaces now appear in the default workspaces list (#11053) (@sreya)
		- Include server agent API version in buildinfo (#11057) (@spikecurtis)
		- Restart stopped workspaces on `coder ssh` command (#11050) (@Emyrk)
		- You can now specify an [allowlist for OIDC Groups](https://coder.com/docs/v2/latest/admin/auth#group-allowlist) (#11070) (@Emyrk)
		- Display 'Deprecated' warning for agents using old API version (#11058) (@spikecurtis)
		- Add support for `coder_env` resource to set environment variables within a workspace (#11102) (@mafredri)
		- Handle session signals (#10842) (@mafredri)
		- Allow specifying names of provisioner daemons (#11077) (@johnstcn)
		- Preserve old agent logs (#10776) (@ammario)
		- Store workspace proxy version in the database (#10790) (@johnstcn)
		- Add `last_seen_at` and version to provisioner_daemons table (#11033) (@johnstcn)
		- New layout for web-based template editor (#10912) (@BrunoQuaresma)
bpmct marked this conversation as resolved. Show resolvedHide resolved
		![Template editor layout](https://gist.github.com/assets/22407953/0351f0bd-6872-4186-a704-a403048e5758)
		- Add `arm64` and `amd64` portable binaries to `winget` (#11030) (@matifali)
		- Add claims to oauth link in db for debug (#10827) (@Emyrk)
		- Change login screen layout (#10768) (@BrunoQuaresma)

		### Bug fixes

		- Automatically purge inactive provisioner daemons after 7 days (#10949) (@mtojek)
		- All migrations run in a transaction to avoid broken migrations (#10966) (@coadler)
		- Set `ignore_changes` on EC2 example templates (#10773) (@ericpaulsen)
		- Stop redirecting DERP and replicasync http requests (#10752) (@spikecurtis)
		- Prevent alt text from appearing if OIDC icon fail to load (#10792) (@Parkreiner)
		- Fix insights metrics comparison (#10800) (@mtojek)
		- Clarify language in orphan section of delete modal (#10764) (@Kira-Pilot)
		- Prevent change in defaults if user unsets in template edit (#10793) (@Emyrk)
		- Only update last_used_at when connection count > 0 (#10808) (@sreya)
		- Update workspace cleanup flag names for template cmds (#10805) (@sreya)
		- Give SSH stdio sessions a chance to close before closing netstack (#10815) (@spikecurtis)
		- Preserve order of node reports in healthcheck (#10835) (@mtojek)
		- Enable FeatureHighAvailability if it is licensed (#10834) (@spikecurtis)
		- Skip autostart for suspended/dormant users (#10771) (@coadler)
		- Display explicit 'retry' button(s) when a workspace fails (#10720) (@Parkreiner)
		- Improve exit codes for agent/agentssh and cli/ssh (#10850) (@mafredri)
		- Detect and retry reverse port forward on used port (#10844) (@spikecurtis)
		- Document workspace filter query param correctly (#10894) (@Kira-Pilot)
		- Hide groups in account page if not enabled (#10898) (@Parkreiner)
		- Add spacing for yes/no prompts (#10907) (@f0ssel)
		- Numerical validation grammar (#10924) (@ericpaulsen)
		- Insert replica when removed by cleanup (#10917) (@f0ssel)
		- Update autostart context to include querying users (#10929) (@sreya)
		- Clear workspace name validation on field dirty (#10927) (@Kira-Pilot)
		- Redirect to new url after template name update (#10926) (@Kira-Pilot)
		- Do not allow selection of unsuccessful versions (#10941) (@f0ssel)
		- Parse username/workspace correctly on `coder state pull --build` (#10973) (#10974) (@spikecurtis)
		- Handle 404 on unknown top level routes (#10964) (@f0ssel)
		- FIX `UpdateWorkspaceDormantDeletingAt` interval out of range (#11000) (@coadler)
		- Create centralized PaginationContainer component (#10967) (@Parkreiner)
		- Use database for user creation to prevent flake (#10992) (@f0ssel)
		- Pass in time parameter to prevent flakes (#11023) (@f0ssel)
		- Respect header flags in wsproxy server (#10985) (@deansheather)
		- Update tailscale to include fix to prevent race (#11032) (@spikecurtis)
		- Disable prefetches for audits table (#11040) (@Parkreiner)
		- Increase default staleTime for paginated data (#11041) (@Parkreiner)
		- Display app templates correctly in build preview (#10994) (@Kira-Pilot)
		- Redirect unauthorized git users to login screen (#10995) (@Kira-Pilot)
		- Use unique workspace owners over unique users (#11044) (@f0ssel)
		- Avoid updating agent stats from deleted workspaces (#11026) (@f0ssel)
		- Track JetBrains connections (#10968) (@code-asher)
bpmct marked this conversation as resolved. Show resolvedHide resolved
		- Handle no memory limit in `coder stat mem` (#11107) (@f0ssel)
		- Provide helpful error when no login url specified (#11110) (@f0ssel)
		- Return 403 when rebuilding workspace with require_active_version (#11114) (@sreya)
		- Use provisionerd context when failing job on canceled acquire (#11118) (@spikecurtis)
		- Ensure we are talking to coder on first user check (#11130) (@f0ssel)
		- Prevent logging error for query cancellation in `watchWorkspaceAgentMetadata` (#10843) (@mafredri)
		- Disable CODER_DERP_SERVER_STUN_ADDRESSES correctly (#10840) (@strike)
		- Remove anchor links from headings in admin/healthcheck.md (#10975) (@johnstcn)
		- Use mtime instead of atime (#10893) (#10892) (@johnstcn)
		- Correctly interpret timezone based on offset in `formatOffset` (#10797) (@mafredri)
		- Use correct default insights time for day interval (#10837) (@mafredri)
		- Fix filter font size (#11028) (@BrunoQuaresma)
		- Fix padding for loader (#11046) (@BrunoQuaresma)
		- Fix template editor route (#11063) (@BrunoQuaresma)
		- Use correct permission when determining orphan deletion privileges (#11143) (@sreya)

		### Documentation

		- Align CODER_HTTP_ADDRESS with document (#10779) (@JounQin)
		- Migrate all deprecated `CODER_ADDRESS `to `CODER_HTTP_ADDRESS` (#10780) (@JounQin)
		- Add documentation for template update policies (experimental) (#10804) (@sreya)
		- Fix typo in additional-clusters.md (#10868) (@bpmct)
		- Update FE guide (#10942) (@BrunoQuaresma)
		- Add warning about Sysbox before installation (#10619) (@bartonip)
		- Add license and template insights prometheus metrics (#11109) (@ericpaulsen)
		- Add documentation for template update policies (#11145) (@sreya)

		### Other changes

		- Document suspended users not consuming seat (#11045) (@ericpaulsen)
		- Fix small typo in docs/admin/configure (#11135) (@stirby)

		Compare: [`v2.4.0...v2.5.0`](https://github.com/coder/coder/compare/v2.4.0...v2.5.0)

		## Container image

		- `docker pull ghcr.io/coder/coder:v2.5.0`

		## Install/upgrade

		Refer to our docs to [install](https://coder.com/docs/v2/latest/install) or [upgrade](https://coder.com/docs/v2/latest/admin/upgrade) Coder, or use a release asset below.