Improvements

• Executor Add option to skip TLS verify

  Added option to skip TLS verification for executors talking to Sourcegraph via EXECUTOR_FRONTEND_TLS_SKIP_VERIFY

• Administration Rename 'Site admin' to 'Administration'

  The site admin page is now simply titled "Administration".

• Deep Search Enable streaming by default

  Deep Search now streams results as they become available.

• Analytics Improve accuracy of site.User.lastActiveAt
• Deep Search Improve mermaid diagram theming and generation
• Observability Add alert for repository cleanups failing consistently

  Alert when repository cleanups fail consistently

• Deep Search Enable dynamic auto-resizing for prompt input

  The Deep Search input now dynamically grows as users type or paste content.

• Deep Search Add keyboard navigation to Deep Search history sidebar

  Deep Search history sidebar can now be navigated using arrow keys.

• Deep Search Enable Deep Search entitlements by default

  Site admins can now set per-user Deep Search usage limits through entitlements: classes of usage limits that can be assigned as a global default, or to specific users.

• Administration Update organizations page layout

  Site admin organizations page now uses the standard page container design.

• Permissions Display total user count on repository permissions page

  The repository permissions page now displays the total count of users who have access to the repository.

• Cody Add Gemini 3 Flash
• Code Intel Categorise indexes by "User uploads" and "Auto-indexing"
• Administration Add collapsible sidebars

  Navigation sidebars in site admin pages now support collapsible sections with localStorage persistence

• Administration Support GitHub App configuration via EXTSVC_CONFIG_FILE

  GitHub Apps can now be configured via the declarative config file with secure handling and storage of private keys

• Administration Introduce notifications widget and reworked dashboard

  Introduces a new notification widget that replaces the site-wide banners on Sourcegraph, as well as a new site-admin dashboard that shows notifications, as well as some suggestions on what admins can do to manage their instance.

• Deep Search Unify sources container with citations

  Deep Search backend sources are now rendered after citations in collapsible sections within a unified sources container.

• Deep Search Add sidebar to blob view

  Deep Search sidebar is now available in the blob view for enhanced code exploration.

• Deep Search Add thinking support for Gemini 3 Pro
• Deep Search Add Slack bot integration

  Added Slack bot integration for Deep Search. To get set up, go to Site Admin → Slack integration.

• Security Add audit logs for repository reclone and deleteFromDisk

Fixes

• Deep Search Fix default value for streaming
• Code Search Fix file search result content not updating in certain situations

  Fixed file search result content not updating when filtering results in certain situations where truncated content caused stale data to be displayed

• Code Search Render branded logos on search homepage and global navigation

  Fixed branded logos not appearing on the search homepage and in the global navigation when configured.

• Batch Changes Fix push authorization for credentials with SSH key
• Administration Display presentation error on user creation failure

  Improve error message clarity when user creation fails in site admin

• Deep Search Add stats to turns when streaming
• Batch Changes Reduce query complexity of github requests to save tokens

  Reduced the complexity of GitHub GraphQL queries for syncing changesets to reduce token consumption

• Deep Search Generate conversation title only once

  Fix history panel displaying the last question's title instead of the conversation title by generating conversation title only on the first question.

• VSCode Correctly extract remote branch name when it differs from local
• Observability Fix alerts documentation paths in alert notifications

  Fix broken links to alerts reference in alert notifications for customers on the latest release.

• Deep Search Link to answer instead of question

  Links now point to answers instead of questions. This resolves confusion where the link pointed to the question but the copy button was part of the answer card. Old links continue to work because the question anchor is preserved in the code.

• Database Fix AWS RDS connection panic when updating IAM credentials fail

  In 6.11 our experimental AWS RDS IAM Auth would panic if we failed to refresh the token. We now correctly treat this as an error to log and retry.

• Deep Search Fix tab title updates when switching between conversations

  The tab title is now correctly updated when switching between DeepSearch conversations and then navigating away and back to DeepSearch.

• Deep Search Return full commit hash in permalinks

  Permalinks now use full commit hashes instead of abbreviated ones.

• Deep Search Prevent star/unstar actions for conversation viewers

  The star button is no longer rendered for non-owners, eliminating the confusing behavior where changes appeared to work but were reverted on refresh.

• Authentication Fix GitHub App configuration content flickering and undefined error display
• Administration Remove duplicate Users subtitle in site admin overview
• UI Preserve input focus during URL navigation
• Permissions Fix permission sync scheduler edge case causing excessive job enqueueing

  Fixed an edge case where the permission sync scheduler would excessively enqueue jobs when old completed jobs existed in the database

• Deep Search Use correct icon color variable for submit button

  Fixed submit button icon visibility in Deep Search

• Code Insights Fix combobox UI in repositories field
• Deep Search Fix background color inconsistency in follow-up form
• Repositories Remove stale temporary files from repo directories

  Temporary files are now cleaned up from repository directories, reducing disk space usage.

• Deep Search Show errors when conversation creation fails

  Conversation creation failures now display error messages instead of hanging indefinitely in a loading state

• Code Insights Fix job mobile UI layout

  Code insights job UI now displays correctly on mobile devices.

• Deep Search Fix suggestion UI font styles and feedback modal spacing
  • Fixed Deep Search suggestions to display with correct font styles
  • Fixed Feedback modal to have proper spacing and close button styling
• Observability Fix alert doc URL fragment identifiers to preserve underscores
• Deep Search Increase input size for better visibility

  Increased the deep search input size from one line to multiple lines for improved usability.

• Administration Fix site admin navigation highlighting for batch specs

  Fixed incorrect navigation highlighting in site admin where 'Settings' was highlighted instead of 'Batch specs'.

• Deep Search Fix flaky redis broker tests
• Repositories Don't ping code host on every page load
• Repositories Fix Azure DevOps connection check for non-azure URLs
• Administration Only set additionalProperties to false where it isn't explicitly true
• Code Nav Implement tree-sitter based CSS/SCSS extraction

  Switch from plain ctags to tree-sitter for analyzing symbols in CSS and SCSS files. The result is more predictable parsing, no comment blocks leaking into the symbols sidebar, and css variables showing up as symbols.

• Deep Search Fix active question detection

  Fixed loading skeleton and sources to reflect the currently viewed question's state instead of a global "is anything searching" state

• Authentication Show clearer error when external account already in use

  Error messages are now clearer when attempting to connect an external account that is already in use by another Sourcegraph account

• Code Intel Fix race condition in SCIP upload processing
• Batch Changes Count READONLY changesets as CLOSED in stats

  READONLY changesets are now counted as CLOSED in batch change statistics, fixing a discrepancy between the burndown chart and summary stats.

• Service Accounts Decouple access token life-cycle from creator

  Fixed an issue where a service account's access tokens would be deleted when the site admin that created the access tokens for the service account got deleted.

• UI Avoid content shift on webhooks page
• Batch Changes Fix spacing on start page
• Code Insights Remove hardcoded repo fallback from getting started page
• Authentication Fix scrolling on device flow and auth consent pages

  Addresses an issue where the OAuth consent pages did not allow to scroll down to the action buttons.

• Security Limit HTML tags for error rendering
• Code Search Disable implicit repo name search when `repo: filter` is present

  Repository name matches are excluded from search results when a repo: filter is present without an explicit type: filter. Users can still search repository names by adding type:repo.

Removed

• Updates Remove autoupgrade toggle selector and readiness banner

  Removed autoupgrade toggle selector and readiness banner as part of autoupgrade deprecation

• Cody Remove Haiku and Sonnet 3.5

  Anthropic deprecated Sonnet 3.5 and Haiku 3.5. These models are no longer available in Cody. Make sure to upgrade to a recent Cody client release to ensure all features are still functional.

• API Remove 'x-requested-with' header requirement and format
• Code Intel Disallow creation of custom auto-indexing policies by default

  Custom indexing policies are now disabled by default. The codeIntelAutoIndexing.policyManagementEnabled configuration can be used to re-enable support.

• Administration Remove setup wizard

  Removed the repository setup wizard as it is no longer up to date with code hosts. Site admins are encouraged to add repositories via the "Code Host Connections" section of the site admin page.

• Inference Deprecate Sonnet 3.7 and Sonnet 4
• UI Remove Svelte/React app switching

Fixes

• Batch Changes Fix push authorization for credentials with SSH key

Fixes

• Repositories Fix potential buffer overflow

  Fixed a potential issue where a buffer overflow can cause repository update processes to deadlock.

Improvements

• Batch Changes Experimental GitLab OAuth support for Batch Changes

Fixes

• Repositories Correctly set expiry for git objects

  Fixed git object expiration logic that was setting future dates instead of past dates, preventing potential repository corruption in concurrent operations.

• Inference Block Cody requests when cody.enabled is false

Improvements

• Repositories mTLS support for code hosts

  Sourcegraph can now communicate to code hosts using mTLS by providing a list of {"host", "clientCertificate", "clientKey"} configurations in the site config under mtlsConfigurations in tls.external.

• Code Nav Add line-level highlighting for diff and patch files
• Authentication Add site setting auth.idpDynamicClientRegistrationEnabled

  Sourcegraph now supports OAuth 2.0 Dynamic Client Registration (RFC 7591). This makes it easier to authenticate against Sourcegraph from an MCP client. As an administrator you must set auth.idpDynamicClientRegistrationEnabled to true in your site settings.

Fixes

• Observability Fix alerts documentation URLs in observability alerts
• Licensing Clear license key errors when applying new license key

  Fixed an issue where applying a new license key would not clear messages from the old, expired license key.

• Deep Search Apply feature-flags initial value before the first render

  Ensure that citations are enabled by default and rendered correctly even when the feature flag value is not set on the backend.

Improvements

• Deep Search Deep Search Optimizations, UX Improvements, and Markdown Export
• Executor Add optional health server for monitoring
• Code Nav Add syntax highlighting for go.mod and go.sum files
• Authentication Add basic URI validation
• Deep Search Add thinking support to DS agentic loop
• Administration Add banners to admin UI about config from file

  When site-config or global settings files are loaded from the file system, the config editors in-app now reflect the read-only state.

• Deep Search Add star button to conversation header
• Cody Add Opus 4.5 with thinking and deprecate Opus 4.1 models

  Support for Opus 4.5 with extended thinking is now available. Opus 4.1 models have been deprecated in favor of the new version.

• Code Nav Add support for rendering Markdown frontmatter
• Code Nav Add ability to collapse individual references

  Add ability to collapse results in reference panel.

• Deep Search Add optimistic navigation to new conversation page

  Immediately navigate to the conversation view showing the submitted question with a loading indicator when creating a new Deep Search conversation, before the server responds.

• Administration Redact model config provider access tokens

  Redact access tokens in model configuration displayed in the site-config UI.

• Batch Changes Embed most organization batch-changes page into Svelte app

  Embedded organization batch-changes routes into the Svelte app, improving the integration between React and Svelte components for batch changes functionality.

• Deep Search Add Tab key selection in @ menu for Deep Search

  Users can now use the Tab key to select repository suggestions in the Deep Search @ mention menu, providing a more efficient keyboard-only workflow

• Deep Search Add smarter caching for @-mentions

  Improved @-mention filtering with smarter caching for faster, more responsive filtering and reduced backend requests.

• Deep Search Show conversation title in page title
• Cody Add claude-opus-4-5-20251101 to anthropic models

  Claude Opus 4.5 is now available for selection

• Batch Changes Add personal user area batch changes pages

  Added batch changes pages in the personal user area for the creation flow.

• MCP Add back deep search tool
• Observability Add incidentio alerts support

  incident.io is now supported as an alert notifier in observability.alerts configuration

• Cody Add Gemini 3 Pro and GPT-5.1
• Code Search Show file scope in search bar
• Batch Changes Embed organization batch-changes page into Svelte app
• GraphQL Add GraphQL API console to Svelte app

  Added GraphQL API console support to the Svelte app using graphiql v4 with CodeMirror. Introduced a mechanism to undo CSS reset styles for embedded components using the data-css-unstyled attribute.

• API Embed OpenAPI pages into Svelte app

  Embed OpenAPI documentation pages into the Svelte application at /api/openapi/public and /api/openapi/internal endpoints.

• Authentication Allow multiple redirect URIs

  OAuth now supports multiple redirect URIs (space or comma separated)

• Authentication Embed auth consent page into Svelte app

  Embedded the auth consent page into the Svelte app and added test coverage for invalid user codes on the auth device page.

• Authentication Add auth device page to Svelte app
• Deep Search Show percentage for quota consumption
• Administration Add site-admin external accounts page

  Added external accounts page for site administrators.

• Administration Add site-admin auth providers page

  Added auth providers page to site-admin interface

• Batch Changes Add batch-changes-gitlab-oauth feature flag

  Added batch-changes-gitlab-oauth feature flag to gate GitLab OAuth integration for Batch Changes.

• Organizations Embed organization pages

  Organization pages now use React Router loaders for data fetching and improved navigation performance.

• Batch Changes Add site-admin batch changes specs page

  Added a site-admin page for viewing batch changes specs.

• Administration Add site-admin updates page

  Added a new updates page in the site admin interface.

• Administration Add site-admin account requests page
• Batch Changes Embed site-admin batch changes page into Svelte app

  Embedded site-admin batch changes pages into the Svelte app, improving consistency and maintainability of the admin interface.

• Administration No longer require frontend restarts after changing some settings

  Frontend service restarts are no longer required when changing certain settings.

• GitHub Add gzip compression to group cache to reduce Redis memory usage

  GitHub permissions syncing now uses gzip compression for caching organization and team membership data in Redis, significantly reducing memory usage for large organizations.

• Administration Embed own signals page into Svelte app
• Administration Embed site-admin init page into Svelte app

  Embedded the site-admin init page into the Svelte app

• Administration Embed organizations page into Svelte app
• Code Insights Embed site-admin code insights jobs page into Svelte app
• Administration Embed slow requests page into Svelte app
• Administration Embed background jobs page into Svelte app

  Embedded the site-admin background jobs page into the Svelte app.

• Administration Embed outbound requests page into Svelte app
• Administration Embed executor secrets page into Svelte app
• Administration Embed out-of-band migrations page into Svelte app

  The out-of-band migrations page in site admin is now embedded in the Svelte app.

• Administration Embed executors page into Svelte app
• Administration Embed report bug page into Svelte app
• Authentication Add unlock account page to Svelte app
• Permissions Add site-admin permissions sync jobs page

  Added a site-admin page for viewing permissions sync jobs.

• Administration Add OAuth client management pages

  Site admins can now manage OAuth clients through dedicated pages in the admin interface.

• Administration Add site-admin roles page

  Added a roles management page in the site admin interface

• Deep Search Support markdown routes

  Deep Search conversations can now be exported as Markdown by appending ".md" to the URL.

Fixes

• Executor Address breaking change in prometheus/common library
• UI Fix low contrast issue for clone progress in dark mode
• Worker Correctly react to site config changes for job timeouts
• UI Fix React reset styles overwriting more specific component styles

  Fixed React reset styles overwriting component styles, resolving incorrect list styling

• MCP Omit schema for MCP tools to support older clients

  MCP tools are no longer rejected by antigravity and VS Code versions older than 1.32.

• Administration Show auth errors directly on sign-in page for unauthenticated users

  OAuth authentication errors (like "could not get verified email for GitHub user") are now displayed in the UI instead of causing users to get stuck in an infinite login loop.

• Code Nav Remove deprecated AppCode and Atom editors

  Removed support for deprecated Atom and AppCode editors from the "Editor" action.

• Prompts Fix double scroll issue on prompt pages

  Fixed double scroll issue on prompt pages caused by conflicting height rules between React shell UI and PageLayout.

• Batch Changes Fix scroll on embedded batch change spec page

  Fixed scroll functionality on the batch change spec page when embedded in full-screen mode

• Code Intel Add num_resets condition to queued_partial_ukey index

  Fixed a database constraint issue that could cause errors when scheduling code intelligence indexing jobs after a job reset.

• Deep Search Allow navigation to Deep Search home page from conversation view

  Fixed an issue where clicking the Deep Search link in the top nav from the conversation view did nothing - it now navigates to the Deep Search home page as expected.

• Deep Search Fix runtime error on All Sources tab caused by duplicate render keys

  Fixed a runtime error on the All Sources tab that was caused by duplicate render keys.

• Batch Changes Reduce error logspam from changeset syncer
• Code Intel Disable automatic CRC32 checksums for S3 requests

  S3proxy multipart uploads no longer fail due to CRC32 checksum validation errors

• Repositories Truncate very long commit messages
• Code Intel Do not deduplicate reset auto-indexing jobs
• Webhooks Ensure webhook events are properly logged
• Worker Fix potential source of deadlocking
• Contributors Fix SQL syntax error when all records in batch are skipped
• Blame Add validation to Blame API for invalid ranges
• Deep Search Ensure consistent horizontal padding in expanded file preview

  Expanded file preview now has consistent horizontal padding with citations.

• Deep Search Apply markdown styles to responses with enabled citations

  Markdown styles are now applied to Deep Search responses when citations are enabled.

• Deep Search Eliminate redundant top padding when the number of citations is low
• Deep Search Follow-up queries should not cover response results
• Deep Search Do not create new annotations for the same citations
• Deep Search Ensure hovered separator is always on top of resizable panels

  The hovered separator is now always displayed on top of resizable panels.

• Repositories Treat 'fatal: bad tree object' errors on fetch as repository corruption events

  Gitserver now automatically reclones repositories when a "fatal: bad tree object XXX" error is observed during a fetch.

• Code Intel Deduplicate some auto-indexing jobs automatically

  Repository HEAD auto-indexing jobs are now deduplicated to prevent queue growth.

• Authentication Add site-admin notice to user settings area

  Site admins now see a banner when viewing another user's settings pages, indicating they are viewing settings for a different user.

• Inference Fix incorrect "no suitable model found for Chat" error with deny list
• Inference Fix deep copy to preserve nil values for default model application

  Fixed an issue where deep copying model configuration incorrectly handled nil values, preventing default models from being applied correctly.

• Inference Fix corrupt model configuration states caused by variable aliasing bugs

  Fixed corrupt model configuration states that could cause Cody to use incorrect license keys when communicating with Cody Gateway, previously requiring a frontend container restart to resolve.

• Deep Search Make new button an href

Removed

• Ranking Disable Sourcegraph reranker by default

  Sourcegraph reranker is now disabled by default and can be enabled via a feature flag.

• Opencodegraph Remove opencodegraph experiment

  Removed the experimental opencodegraph feature that was previously behind a feature flag.

• Analytics Remove unused in-app analytics frontend components and APIs

  Removed unused in-app analytics APIs including instanceOwnershipStats, User.usageStatistics, Site.usageStatistics, and Site.analytics.

• Code Search Remove experimental settings for fuzzy finder

  Fuzzy finder is now always enabled and no longer requires experimental settings.

• Settings Remove product research page from user settings

Improvements

• Authentication Add predefined Raycast client

  Added a predefined OAuth2 client for the Sourcegraph Raycast extension.

Improvements

• Code Intel Enhanced Code Navigation Performance and Accuracy
• Cody Haiku 4.5 is now available in Cody Enterprise
• Source UI for GH App groups cache permissions

  Adds a warning on the GitHub App page in Sourcegraph to warn site admins that a GitHub App does not have the necessary permissions to enable groups caching.

• Deep Search Add undo and redo shortcuts
• Deep Search Display errors inline with remediation options

  Errors in Deep Search are now displayed inline in the answer section with options to retry or start a new search, replacing the previous error banner.

• Deep Search Add conversation stars

  Added the ability to star favorite threads with a new sidebar tab showing all starred threads in one place.

• Deep Search Switch DS to use Sonnet 4.5 as main model and Haiku 4.5 as summary model

  Upgraded Deep Search to use Claude Sonnet 4.5 as the main model and Claude Haiku 4.5 for summary generation, improving performance while maintaining quality.

• Repositories Add PKCE support for GitHub

  GitHub account connections now use Proof Key for Code Exchange (PKCE)

• Enterprise Portal Add Cloud instance SLO data

  Enterprise Portal now shows SLOs for Sourcegraph Cloud instances to track how the instance is performing.

• Deep Search Only show new steps per question and update step counter

  Deep Search now displays only new steps for each follow-up question instead of showing all previous steps, reducing confusion in the UI.

Fixes

• Code Search Search Jobs broken if soft-deleted users have search jobs

  Fixed rendering of the Search Jobs management page when search jobs exist for soft-deleted users.

• Deep Search Fix Safari-specific CodeMirror alignment issues in tool headers
• Deep Search Fix disabling of share button when token limit is hit
• Source Correctly set default Github and Gitlab URLs when unset in site config

  Fix default GitHub and GitLab URLs being incorrectly applied when not explicitly configured in site config.

• Permissions Fix PermissionsSyncJobs pagination

  Fixed an issue where permissions sync jobs couldn't be paginated if they referenced a deleted user or repository.

• Authentication Return WWW-Authenticate header on 401s

  Return WWW-Authenticate header on 401 responses to advertise OAuth schema to MCP clients.

• Source GitHub Apps now require administration: read

  GitHub Apps now require the Repository administration: read permission for groups caching functionality.

• Source Fix groups caching for GitHub Apps

  Fixed groups caching validation for GitHub Apps by checking for members: read permission instead of OAuth scopes.

• Deep Search Fix pagination cursor ordering

  Fixed pagination cursor to match id-descending ordering, preventing glitches during infinite scrolling.

• Source Fix PKCE GitHub signin

  Fixed GitHub sign-in failing due to PKCE data retrieval issues

• Deep Search Fix broken spinner for endless scrolling
• Deep Search Fix misaligned query chips
• Deep Search Fix base quota calculation error with complex license history

  Fixed incorrect base quota calculation for Deep Search metering when customers have complex license histories with expired licenses

• Deep Search Set timeout back to 4 minutes

  Increased timeout from 1 minute to 4 minutes to reduce timeout errors.

• Database Allow minor upgrades of Postgres for the latest Sourcegraph releases

  Used constraints instead of exact match in database version validation

• Source Decline sign-in for NoSignIn auth providers

  Decline sign-in attempts for NoSignIn auth providers while still allowing users to connect new auth providers when already logged in.

Removed

• VSCode Remove 'sourcegraph.loginWithCody' setting from VSCode Code Search plugin

  Removed the VSCode Code Search extension's ability to share authentication credentials with the Cody extension. Users must now authenticate directly with their own credentials or access token.

Improvements

• Deep Search Make MCP tool outputs conform to output schema

  We have updated the structured response of all MCP tools to conform to the advertised output schema.

Fixes

• Authentication Correctly advertise all scopes
• Authentication Do not let IdP tokens do IdP write operations

Fixes

• Executors Make k8s jobs secret creation idempotent

  The kubernetes executor now idempotentally creates secrets (deleting and recreating it if it exists already) instead of failing the entire job.

• Permissions Preserve permissions during temporary API errors

Improvements

• Cody Add Claude Haiku 4.5

Fixes

• Cody Fix prompt visibility toggle permission check
• Permissions Github: treat 500/502/503/504 and HTTP/2 stream cancellations as temporary errors

Improvements

• Deep Search Introducing Pricing Plans and Major Updates for Deep Search
• Deep Search Add retry button for failed questions

  Add retry button to resubmit questions when errors occur in Deep Search

• Source Allow 'all' value for requiredSsoOrgs

  Allow 'all' value for requiredSsoOrgs parameter to require authorization to all SSO organizations

• Source Handle X-GitHub-SSO headers for auth validation

  Added support for validating GitHub SSO authentication via X-GitHub-SSO headers. Admins can now configure required SSO organizations in the sign-in provider settings to ensure users properly authenticate with SSO-enabled orgs. Error messages for authentication issues are now displayed on the Account Security page.

• Cody Add Claude Sonnet 4.5
• Access Control Add 'request access' page to Svelte app

  Added a 'request access' page to the Svelte app, allowing users to request access when needed.

• Webhooks Add incoming webhooks site-admin pages
• Administration Add site admin pings page

  Added a pings page to the site admin interface.

• Administration Add site admin gitservers page
• Webhooks Add site admin outgoing webhooks page

  Added site admin page for managing outgoing webhooks

• Administration Add license site-admin page to Svelte app
• Administration Add feature flags page to Svelte app
• Deep Search Add RBAC

  Added RBAC to Deep Search. By default, all users have full read and write access for Deep Search, but this can be restricted by changing the default role permissions or by creating new custom roles.

• Administration Add global-settings page

  Added global-settings page to site admin interface

• Administration Add site admin support to Svelte app

  Added site admin support to the Svelte app, including Overview, Feedback surveys, and Site configuration pages

• Batch Changes Embed batch changes creation page in SvelteKit app

  Migrated the batch changes creation page to SvelteKit, including all three UI variations: new template creation, classic form creation, and execution-disabled instruction page.

• User Settings Embed user profile and settings into Svelte app

  User profile and settings pages are now rendered in the Svelte app, with improved UI for the profile page and enhanced sidebar navigation supporting menu groups.

• Source Have git fetch mark repositories as corrupt if "fatal: bad object xxx" occurs
• Deep Search Add quick link from repo navigation

  Added a new Explain with Deep Search button in repository navigation that opens a pre-filled Deep Search conversation with context about the current repository or file.

• Authentication Embed password reset page
• Authentication Embed sign-in, sign-up and post-sign-up pages

  Sign-in, sign-up, and post-sign-up pages are now embedded in the Svelte application.

• Batch Changes Embed home page in SvelteKit app

  Batch Changes home page is now rendered within the SvelteKit application framework.

• Deep Search Disallow deep-search for older Sourcegraph instances
• Code Graph Embed React repo code-graph pages
• Deep Search Revise quota management system in Enterprise Portal

Fixes

• RBAC Ensure that create role modal is fully visible
• Deep Search Emit telemetry events for external client API usage
• Batch Changes Add metadata identification for gitlab pushed-only changesets
• Deep Search Fix viewer polling API calls for shared threads
• Cody Make thread history button more discoverable
• Security Update redis to 7.4.6-272

  Updated redis to 7.4.6-272, which patches CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, and CVE-2025-46819

• Source Gitserver: change fs.DeleteRepo repository existence check to see if the folder exists, not HEAD file alone
• Permissions Always clean up permissions for non-existent accounts

  Fixed a race condition where deleting an external account in the middle of a permissions sync could cause permissions for that account to stick around indefinitely.

• Autocomplete Fix trailing whitespace in assistant messages for all API versions
• Source Gitserver: have fetch corruption detection logic also examine last megabyte of command output
• Deep Search Fix broken links in responses with deepsearch in URL

  Converts schemeless URLs generated by the LLM to absolute URLs to prevent broken links containing /deepsearch/ in the path.

• Perforce Don't error on empty p4broker data

  Fixed an issue where a Perforce user's permissions would not be removed when the user was deleted on Perforce and p4broker was being used as a proxy.

• Batch Changes Avoid changeset duplication for Gerrit

  Fixed changeset duplication for Gerrit during network instability by adding pre-retry verification to check if changes already exist before retrying failed operations.

• Deep Search Fix up/down arrow keys in text box
• Deep Search Fix code preview spacing
• Code Search Ignore deleted users when fetching saved searches
• Batch Changes Replace react-router imports with universal wildcard for changeset list UI

  Fixed runtime errors in batch changes changeset diff UI when rendered within SvelteKit

• Source Remove verified email requirement when connecting an external account

  Allow connecting GitHub accounts with no verified emails when already authenticated

• User Settings Fix password update form validation

  Fixed password update form validation in user settings

• Authentication Fix client-side password comparison and validation

  Fixed password validation to properly compare password and confirm password fields across component re-renders

• Repositories Fix Gerrit icon theme adaptation

  Gerrit icon now properly adapts to light and dark themes.

• Source Various external accounts modal tweaks
  • Fixed Gerrit account connection modal not reopening after being closed in external accounts settings
  • Fixed Gerrit icon visibility issues
  • Improved spacing consistency between React and Svelte external account modals

Removed

• Inference Remove support for gemini-1.5-pro-002

  Removed support for the deprecated gemini-1.5-pro-002 model

• Code Intel All code associated with LSIF support

  Removed support for LSIF format.

• Analytics Remove site-admin/analytics pages

  The deprecated site-admin analytics pages have been removed. All Sourcegraph analytics are available at analytics.sourcegraph.com.

Improvements

• Cody Update Cody Web to 0.36.0

Fixes

• Prompts Handle user soft delete errors in prompts resolver gracefully
• Code Insights Use median value for sorting insight series

Improvements

• Cody Add Claude Opus 4.1

  Added Claude Opus 4.1 model support to Cody

• Code Search Consider existing file: filters for suggestions

  File filter suggestions now consider existing file filters in the query, providing more relevant autocomplete results when multiple file filters are used.

• Deep Search Add MCP tool for running deep search queries
  • DeepSearch tool added to the MCP API, enabling codebase assistant integration to run deep search queries and return results with dashboard links
• Deep Search Add Model Context Protocol server endpoint
  • Added Model Context Protocol (MCP) support to Deepsearch API
  • Refactored tool response handling to use strongly typed responses
  • Moved error messages and notes to dedicated fields instead of embedding in content
  • Removed X-Requested-With middleware requirement for MCP endpoints
• Code Insights Embed insight dashboard edit pages
• Code Insights Embed standalone and edit pages in SvelteKit shell
• Repositories Support Bitbucket Server's archived repositories

  Sourcegraph now supports Bitbucket Server's official way to archive a repository. The workaround of applying an "archived" label is no longer supported.

• Authentication Add predefined OAuth client for Visual Studio

  Added a predefined OAuth client for Visual Studio.

• Deep Search Combine line ranges in identical files
  • File sources now support multiple line ranges within a single file, reducing visual clutter when different parts of the same file are referenced
  • File previews display up to 3 ranges with separators between them
  • Backend tools use a new lineRanges array format instead of single lineRange
• Repositories Support .git-blame-ignore-revs for Blame commands

  Support for .git-blame-ignore-revs files in the root of repositories.

• Deep Search Record analytics when a shared thread is viewed
  • Added tracking for when DeepSearch conversations are shared and viewed by others
• Authentication Add predefined OAuth client for Cody

  Enables OAuth authentication for Sourcegraph Cody across all IDEs using device flow with authorization_code, refresh_token, and device_code grant types.

• Code Insights Embed insights creation pages in SvelteKit shell
• Cody Fix critical Google Vertex regression and add Gemini support with Workload Identity auth
  • Added Workload Identity authentication support for Google Vertex as an alternative to access token authentication
  • Fixed issues preventing Gemini models from being used with Cody
  • Resolved critical regression that broke Google Vertex Anthropic support
  • Introduced authentication cache to optimize Workload Identity authorization performance
• Prompts Embed React prompts pages

  Prompt pages now embedded in the Svelte app with improved accessibility and testing

• Repositories Embed repository own pages in shell
• Code Search Display index type in index picker
• Tls Remove experimental status from tls.external setting and deprecate code-host certificate settings

  experimentalFeatures->tls.external is not experimental anymore. The old setting is still respected, but customers should move to the new top-level tls.external setting. The certificate setting for Bitbucket server, GitHub, and GitLab has been marked as deprecated, the tls.external setting should be used instead and is the only correctly working setting. Both will be removed in a future release.

• RBAC Add RBAC permission that allows uploading SCIP code index

  Users can now be allowed through the RBAC system to upload SCIP indexes for repositories they do not have write access to on code forge. This also applies to service accounts.

Fixes

• Deep Search Prevent input and follow up boxes from accepting pasted images
• Authentication Fix OAuth provider matching when multiple client IDs are present for the same URL

  Fixed OAuth provider matching to correctly handle cases where multiple client IDs are configured for the same URL.

• Cody Fix max output tokens for Claude Opus 4.1
• Docs Fix repository metadata documentation link
• UI Fix style issues with embedded React pages
• Deep Search Report suggested follow-ups as raw LLM call in analytics

  Follow-up suggestion analytics events are now correctly recorded as DeepSearchEventRawLLM instead of DeepSearchEventFollowUp.

• Permissions Deduplicate repository permissions on Repo Permissions page

  Fixed a bug where the number of repositories a user has access to could be greatly exaggerated on their Repo Permissions page.

• Source Git blame check for fs.PathError instead of NotFound error

  Fixed incorrect error handling in Git blame that caused unnecessary error logging for missing files.

• Permissions Fix repo permissions page pagination

  Pagination on a user's Repo Permissions page now works correctly.

• UI Fix SvelteKit theme state synchronization

  Fixed theme state synchronization between SvelteKit and React applications

• Source Show different errors for user and organisation name conflicts

  Error messages now properly distinguish between user and organization name conflicts and are correctly formatted.

• Deep Search Add composite index for user_id and updated_at

  Improved query performance for retrieving user's most recently updated deep searches by adding a composite database index.

• Deep Search Make Deep Search responsive on smaller screens

  Deep Search now works on smaller screens and mobile devices. The sidebar has been converted to an overlay for better mobile navigation.

• Code Search Fix repositories search alert UI styling

  Fixed styling issues in the repositories search alert UI.

• Code Search Add billingMetadata to search:execute event
• Source Decline sign-in for NoSignIn auth providers
• Notebooks Add redirect from /search/notebook to /notebooks in new web app

  Add redirect from /search/notebook to /notebooks

• Deep Search Only show follow-up suggestions for most recent QA pair

Removed

• Cody Cody API endpoints are no longer available

  Cody API endpoints (anything under /.api/llm) are no longer available.

• Cody Deprecate EOL claude sonnet 3.5 model

  Mark the EOL Claude Sonnet 3.5 model (anthropic::2024-10-22::claude-3-5-sonnet-latest) as deprecated.

  closes: CODY-6235

Other

• Cody Deprecate Claude Opus 4

Fixes

• Cody Add reasoning to GPT-5 models

  Fixed model configuration to include reasoning parameter.

Improvements

• Code Intel Add Tree-sitter support for Swift

  Swift code should be now properly highlighted using tree-sitter.
  Backport 61c45dfc1e2371fb4e6802f5d877cdcfbb139bce from #7113

Other

• Improve Bitbucket repo listing performance

  Addressed pagination and performance issues with listing Bitbucket.org repositories in Enterprise Starter repository management.
  Backport cd8120b70d93d9ab4021f7c284464bcd5b5246de from #7112

Fixes

• Cody Add reasoning to GPT-5 models

  Fixed OpenAI GPT-5 reasoning model to use correct temperature and top_p parameters. These models now default to 0 for both parameters, allowing OpenAI to use its optimized defaults for reasoning tasks.

  
  Backport 59a57c27d8c27a665d596b4324f85177914758a3 from #7092

• Cody Include `UseLegacyCompletions` in the config conversion layer
  • Addresses 422 Unprocessable Entity errors due to Cody client using /v1/chat/completions instead of the legacy /v1/completions.
    Backport 231d6ebe20ec8e327fc9695f4df5e6039bb8208e from #7054

Improvements

• Cody GPT-5 is now available in Cody Enterprise
• Code Intel Syntax highlighting for SQL now supported
• Deep Search Add share url to deepsearch

  DeepSearch conversations now include a shareable URL, making it easier to share conversations with others.
  Backport 08602f581464e9f8c1c766cf7542649159bacfc8 from #7078

• Cody Fix critical Google Vertex regression and add Gemini support with Workload Identity auth
  • Google Vertex now supports Workload Identity authentication as an alternative to access token authentication.
  • Gemini models can now be used with Google Vertex.
    Backport f80ec0d84a54336daf66fa6e9c8a43cea9ac1fc2 from #7075
• Deep Search Add v1 to deepsearch APIs prefix

  Added v1 prefix to deepsearch APIs

• Deep Search Add telemetry for quota check fail-open scenarios
  • Added licensing.canConsumeDeepSearchQuota and licensing.consumeDeepSearchQuota telemetry events to track quota check failures
  • Telemetry captures error codes, license key status, and error details for debugging fail-open scenarios
• Deep Search Migrate question data model to the server

  Added API endpoints for creating and updating questions within a deep search thread

Fixes

• Deep Search Sources from tool calls no longer lost

  Fixed a bug where sources were not being recorded

• Deep Search Migrate questions to fix tool calls

  Fixed incorrectly formatted tool calls in DeepSearch questions that contained invalid fields or missing data

• Symbols Match child symbols with their parent using full container path

  Fixed symbols sidebar to correctly display deeply nested symbols for languages such as Go, Java, and Python that use . for nesting.

• Deep Search Include thread history in follow-up questions
  • DeepSearch now maintains conversation context in follow-up questions
  • Added validation to prevent errors from unfinished tool calls in conversation history
• Prompts Gracefully handle deleted users for tags

  Gracefully handle deleted users for tags in prompts

Fixes

• Batch Changes Add constraint to remove duplicate template fields in batch spec library variables table

  
  Backport 15c66e519eb2b5ec9493f1c8372b93490a72ec32 from #6741

Other

• Add gemini 2.5 flash and gemini 2.5 pro

  
  Backport d9fd3848772f74133b54bcb33516d2b114f20953 from #6700