All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
4.10.1 - 2023-03-04
Code v1.75.1
Added an origin check to web sockets to prevent cross-site hijacking attacks on users using older or niche browser that do not support SameSite cookies and attacks across sub-domains that share the same root domain.
The check requires the host header to be set so if you use a reverse proxy ensure it forwards that information otherwise web sockets will be blocked.
4.10.0 - 2023-02-15
Code v1.75.1
- Updated to Code 1.75.1
- Removed
--link
(was deprecated over thirteen months ago in 4.0.1).
4.9.1 - 2022-12-15
Code v1.73.1
- Updated a couple steps in the build and release process to ensure we're using
npm
andyarn
consistently depending on the step.
- Fixed an issue with code-server version not displaying in the Help > About window.
- Fixed terminal not loading on macOS clients.
4.9.0 - 2022-12-06
Code v1.73.1
- Upgraded to Code 1.73.1
/security.txt
added as a route with info on our security policy information thanks to @ghuntley
- Installing on majaro images should now work thanks to @MrPeacockNLB for
adding the
--noconfirm
flag ininstall.sh
--cert
on Ubuntu 22.04: OpenSSL v3 is used which breakspem
meaning the--cert
feature will not work. Reference
4.8.3 - 2022-11-07
Code v1.72.1
- install script now supports arch-like (i.e. manjaro, endeavourous, etc.) architectures
- Updated text in the Getting Started page.
4.8.2 - 2022-11-02
Code v1.72.1
- New text in the Getting Started page with info about
coder/coder
. This is enabled by default but can be disabled by passing the CLI flag--disable-getting-started-override
or settingCS_DISABLE_GETTING_STARTED_OVERRIDE=1
orCS_DISABLE_GETTING_STARTED_OVERRIDE=true
.
4.8.1 - 2022-10-28
Code v1.72.1
- Fixed CSP error introduced in 4.8.0 that caused issues with webviews and most extensions.
4.8.0 - 2022-10-24
Code v1.72.1
- Support for the Ports panel which leverages code-server's built-in proxy. It
also uses
VSCODE_PROXY_URI
where{{port}}
is replace when forwarding a port. Example:VSCODE_PROXY_URI=https://{{port}}.kyle.dev
would forward an application running on localhost:3000 to https://3000.kyle.dev - Support for
--disable-workspace-trust
CLI flag - Support for
--goto
flag to open file @ line:column - Added Ubuntu-based images for Docker releases. If you run into issues with
PATH
being overwritten in Docker please try the Ubuntu image as this is a problem in the Debian base image.
- Updated Code to 1.72.1
- Enabled
BROWSER
environment variable - Patched
asExternalUri
to work so now extensions run inside code-server can use it
4.7.1 - 2022-09-30
Code v1.71.2
- Updated Code to 1.71.2
- Fixed install script not upgrading code-server when already installed on RPM-based machines
- Fixed install script failing to gain root permissions on FreeBSD
4.7.0 - 2022-09-09
Code v1.71.0
- Updated Code to 1.71.0
- Dropped heartbeat patch because it was implemented upstream
- Add flags --unsafe-perm --legacy-peer-deps in
npm-postinstsall.sh
which ensures installing with npm works correctly
4.6.1 - 2022-09-31
Code v1.70.2
- Updated Code to 1.70.2
- Updated
argon2
to 0.29.0 which should fix issues on FreeBSD - Updated docs to suggest using
npm
instead ofyarn
- Dropped database migration patch affected to 4.0.2 versions and earlier.
- Fixed preservation of
process.execArgv
which means you can pass--prof
to profile code-server
4.6.0 - 2022-08-17
Code v1.70.1
- Updated Code to 1.70.1.
- Added a heartbeat to sockets. This should prevent them from getting closed by reverse proxy timeouts when idle like NGINX's default 60-second timeout.
- Fixed logout option appearing even when authentication is disabled.
4.5.2 - 2022-08-15
Code v1.68.1
-
Fixed the proxy route not performing authentication. For example if you were to run a development HTTP server using
python -m http.server 8000
then it would be accessible atmy.domain/proxy/8000/
without any authentication.If all of the following apply to you please update as soon as possible:
- You run code-server with the built-in password authentication.
- You run unprotected HTTP services on ports accessible by code-server.
- Invoking
code-server
in the integrated terminal will now use the script that comes with upstream Code. This means flags like--wait
will be automatically supported now. However the upstream script only has the ability to interact with the running code-server and cannot spawn new instances. If you need to spawn a new code-server from the integrated terminal please specify the full path to code-server's usual script (for example/usr/bin/code-server
).
- Invoking
code-server
in the integrated terminal will now work instead of erroring about not finding Node.
4.5.1 - 2022-07-18
Code v1.68.1
- We now use
release/v<0.0.0>
for the release branch name so it doesn't conflict with the tag name - Added
.prettierignore
to ignore formatting files inlib/vscode
- Allow more comprehensive affinity config in Helm chart
- Added custom message in Homebrew PR to make sure code-server maintainers are tagged
- Allow setting
priorityClassName
via Helm chart - Added troubleshooting docs to
CONTRIBUTING.md
- Removed default memory limit which was set via
NODE_OPTIONS
- Changed output in pipe to make it easier to debug code-server when doing live edits
- Fixed display-language patch to use correct path which broke in 4.5.0
- Fixed multiple code-server windows opening when using the code-server CLI in the Integrated Terminal
- Fixed Integrated Terminal not working when web base was not the root path
- Updated
glob-parent
version in dependencies
4.5.0 - 2022-06-29
Code v1.68.1
- Updated codecov to use codecov uploader
- Moved integration tests to Jest
- Fixed docker release to only download .deb
- Upgraded to Code 1.68.1
- Install
nfpm
from GitHub - Upgraded to TypeScript 4.6
- Added tests for
open
,isWsl
,handlePasswordValidation
- Provided alternate image registry to dockerhub
- Allowed users to have scripts run on container with
ENTRYPOINTD
environment variable
- Fixed open CLI command to work on macOS
4.4.0 - 2022-05-06
Code v1.66.2
- Refactored methods in
Heart
class and madeHeart.beat()
async to make testing easier. - Upgraded to Code 1.66.2.
- Added back telemetry patch which was removed in the Code reachitecture.
- Added support to use
true
forCS_DISABLE_FILE_DOWNLOADS
environment variable. This means you can disable file downloads by settingCS_DISABLE_FILE_DOWNLOADS
totrue
or1
. - Added tests for
Heart
class.
- Fixed installation issue in AUR after LICENSE rename.
- Fixed issue with listening on IPv6 addresses.
- Fixed issue with Docker publish action not being able to find artifacts. Now it downloads the release assets from the release.
4.3.0 - 2022-04-14
Code v1.65.2
- Excluded .deb files from release Docker image which drops the compressed and uncompressed size by 58% and 34%.
- Upgraded to Code 1.65.2.
- Added a new CLI flag called
--disable-file-downloads
which allows you to disable the "Download..." option that shows in the UI when right-clicking on a file. This can also set by runningCS_DISABLE_FILE_DOWNLOADS=1
. - Aligned the dependencies for binary and npm release artifacts.
- Fixed the code-server version from not displaying in the Help > About dialog.
- Fixed issues with the TypeScript and JavaScript Language Features Extension failing to activate.
- Fixed missing files in ipynb extension.
- Fixed the homebrew release workflow.
- Fixed the Docker release workflow from not always publishing version tags.
4.2.0 - 2022-03-22
Code v1.64.2
- Added tests for
handleArgsSocketCatchError
,setDefaults
andoptionDescriptions
.
- We switched from using the fork
coder/vscode
to a submodule ofmicrosoft/vscode
+ patches managed byquilt
for how Code sits inside the code-server codebase. - Upgraded to Code 1.64.2.
- Update popup notification through
--disable-update-check
is now fixed. - Fixed PWA icons not loading on iPad
- Fixed the homebrew release process. Our
cdrci
bot should now automatically update the version as part of the release pipeline. - Fixed titleBar color setting being ignored in PWA.
- Updated to
minimist-list
. - Updated
cloud-agent
tov0.2.4
which usesnhooyr.io/webscoket
v1.8.7
.
4.1.0 - 2022-03-03
Code v1.63.0
- Support for injecting GitHub token into Code so extensions can make use of it.
This can be done with the
GITHUB_TOKEN
environment variable orgithub-auth
in the config file. - New flag
--socket-mode
allows setting the mode (file permissions) of the socket created when using--socket
. - The version of Code bundled with code-server now appears when using the
--version
flag. For example:4.0.2 5cdfe74686aa73e023f8354a9a6014eb30caa7dd with Code 1.63.0
. If you have been parsing this flag for the version you might want to use--version --json
instead as doing that will be more stable.
- The workspace or folder passed on the CLI will now use the same redirect
method that the last opened workspace or folder uses. This means if you use
something like
code-server /path/to/dir
you will now get a query parameter added (like so:my-domain.tld?folder=/path/to/dir
), making it easier to edit by hand and making it consistent with the last opened and menu open behaviors. - The folder/workspace query parameter no longer has encoded slashes, making them more readable and editable by hand. This was only affecting the last opened behavior, not opens from the menu.
- Fix web sockets not connecting when using
--cert
. - Prevent workspace state collisions when opening a workspace that shares the same file path with another workspace on a different machine that shares the same domain. This was causing files opened in one workspace to be "re-"opened in the other workspace when the other workspace is opened.
- Pin the Express version which should make installing from npm work again.
- Propagate signals to code-server in the Docker image which means it should stop more quickly and gracefully.
- Fix missing argon binaries in the standalone releases on arm machines.
4.0.2 - 2022-01-27
Code v1.63.0
- Unset the
BROWSER
environment variable. This fixes applications that hard exit when trying to spawn the helper scriptBROWSER
points to because the file is missing. While we do include the script now we are leaving the variable omitted because the script does not work yet.
4.0.1 - 2022-01-04
Code v1.63.0
code-server has been rebased on upstream's newly open-sourced server implementation (#4414).
- Web socket compression has been made the default (when supported). This means
the
--enable
flag will no longer takepermessage-deflate
as an option. - The static endpoint can no longer reach outside code-server. However the vscode-remote-resource endpoint still can.
- OpenVSX has been made the default marketplace.
- The last opened folder/workspace is no longer stored separately in the settings file (we rely on the already-existing query object instead).
- The marketplace override environment variables
SERVICE_URL
andITEM_URL
have been replaced with a singleEXTENSIONS_GALLERY
variable that corresponds toextensionsGallery
in Code'sproduct.json
.
VSCODE_PROXY_URI
env var for use in the terminal and extensions.
- Extra extension directories have been removed. The
--extra-extensions-dir
and--extra-builtin-extensions-dir
flags will no longer be accepted. - The
--install-source
flag has been removed.
--link
is now deprecated (#4562).
- We fixed a XSS vulnerability by escaping HTML from messages in the error page (#4430).
3.12.0 - 2021-09-15
Code v1.60.0
- Upgrade Code to 1.60.0.
- Fix logout when using a base path (#3608).
3.11.1 - 2021-08-06
Undocumented (see releases page).
3.11.0 - 2021-06-14
Undocumented (see releases page).
3.10.2 - 2021-05-21
Code v1.56.1
- Support
extraInitContainers
in helm chart values (#3393).
- Change
extraContainers
to support templating in helm chart (#3393).
- Fix "Open Folder" on welcome page (#3437).
3.10.1 - 2021-05-17
Code v1.56.1
- Check the logged user instead of $USER (#3330).
- Fix broken node_modules.asar symlink in npm package (#3355).
- Update cloud agent to fix version issue (#3342).
- Use xdgBasedir.runtime instead of tmp (#3304).
3.10.0 - 2021-05-10
Code v1.56.0
- Update to Code 1.56.0 (#3269).
- Minor connections refactor (#3178). Improves connection stability.
- Use ptyHostService (#3308). This brings us closer to upstream Code.
- Add flag for toggling permessage-deflate (#3286). The default is off so compression will no longer be used by default. Use the --enable flag to toggle it back on.
- Make rate limiter not count against successful logins (#3141).
- Refactor logout (#3277). This fixes logging out in some scenarios.
- Make sure directories exist (#3309). This fixes some errors on startup.
- Update dependencies with CVEs (#3223).
This was added with 3.10.0
, which means any previous versions are not
documented in the changelog.
To see those, please visit the Releases page.