Sourcegraph self-hosted 6.11.5639
This is a patch release for Sourcegraph self-hosted 6.11.
This is a patch release for Sourcegraph self-hosted 6.11.
This is a patch release for Sourcegraph self-hosted 6.11.
Fixed a potential issue where a buffer overflow can cause repository update processes to deadlock.
This is a patch release for Sourcegraph self-hosted 6.11.
Fixed git object expiration logic that was setting future dates instead of past dates, preventing potential repository corruption in concurrent operations.
This is a patch release for Sourcegraph self-hosted 6.11.
Sourcegraph now supports OAuth 2.0 Dynamic Client Registration (RFC 7591). This makes it easier to authenticate against Sourcegraph from an MCP client. As an administrator you must set auth.idpDynamicClientRegistrationEnabled to true in your site settings.
Sourcegraph can now communicate to code hosts using mTLS by providing a list of {"host", "clientCertificate", "clientKey"} configurations in the site config under mtlsConfigurations in tls.external.
Ensure that citations are enabled by default and rendered correctly even when the feature flag value is not set on the backend.
Fixed an issue where applying a new license key would not clear messages from the old, expired license key.
Deep Search now features thread starring, Markdown export features, and improved latency and @-mention performance. [...]
Clickable citations now link directly to the exact code snippets that informed the model's answer. [...]
Improved @-mention filtering with smarter caching for faster, more responsive filtering and reduced backend requests.
Deep Search conversations can now be exported as Markdown by appending ".md" to the URL.
Add ability to collapse results in reference panel.
Embedded organization batch-changes routes into the Svelte app, improving the integration between React and Svelte components for batch changes functionality.
Added batch changes pages in the personal user area for the creation flow.
Added batch-changes-gitlab-oauth feature flag to gate GitLab OAuth integration for Batch Changes.
Added a site-admin page for viewing batch changes specs.
Embedded site-admin batch changes pages into the Svelte app, improving consistency and maintainability of the admin interface.
Redact access tokens in model configuration displayed in the site-config UI.
Added external accounts page for site administrators.
Added auth providers page to site-admin interface
Added a new updates page in the site admin interface.
Frontend service restarts are no longer required when changing certain settings.
Embedded the site-admin init page into the Svelte app
Embedded the site-admin background jobs page into the Svelte app.
The out-of-band migrations page in site admin is now embedded in the Svelte app.
Site admins can now manage OAuth clients through dedicated pages in the admin interface.
Added a roles management page in the site admin interface
Embed OpenAPI documentation pages into the Svelte application at /api/openapi/public and /api/openapi/internal endpoints.
OAuth now supports multiple redirect URIs (space or comma separated)
Embedded the auth consent page into the Svelte app and added test coverage for invalid user codes on the auth device page.
Support for Opus 4.5 with extended thinking is now available. Opus 4.1 models have been deprecated in favor of the new version.
Claude Opus 4.5 is now available for selection
Added GraphQL API console support to the Svelte app using graphiql v4 with CodeMirror. Introduced a mechanism to undo CSS reset styles for embedded components using the data-css-unstyled attribute.
GitHub permissions syncing now uses gzip compression for caching organization and team membership data in Redis, significantly reducing memory usage for large organizations.
incident.io is now supported as an alert notifier in observability.alerts configuration
Added a site-admin page for viewing permissions sync jobs.
Organization pages now use React Router loaders for data fetching and improved navigation performance.
Fixed a runtime error on the All Sources tab that was caused by duplicate render keys.
Expanded file preview now has consistent horizontal padding with citations.
Markdown styles are now applied to Deep Search responses when citations are enabled.
The hovered separator is now always displayed on top of resizable panels.
Removed support for deprecated Atom and AppCode editors from the "Editor" action.
Fixed a database constraint issue that could cause errors when scheduling code intelligence indexing jobs after a job reset.
S3proxy multipart uploads no longer fail due to CRC32 checksum validation errors
Repository HEAD auto-indexing jobs are now deduplicated to prevent queue growth.
Fixed scroll functionality on the batch change spec page when embedded in full-screen mode
OAuth authentication errors (like "could not get verified email for GitHub user") are now displayed in the UI instead of causing users to get stuck in an infinite login loop.
Site admins now see a banner when viewing another user's settings pages, indicating they are viewing settings for a different user.
Fixed an issue where deep copying model configuration incorrectly handled nil values, preventing default models from being applied correctly.
Fixed corrupt model configuration states that could cause Cody to use incorrect license keys when communicating with Cody Gateway, previously requiring a frontend container restart to resolve.
MCP tools are no longer rejected by antigravity and VS Code versions older than 1.32.
Gitserver now automatically reclones repositories when a "fatal: bad tree object XXX" error is observed during a fetch.
Fixed React reset styles overwriting component styles, resolving incorrect list styling
Fixed double scroll issue on prompt pages caused by conflicting height rules between React shell UI and PageLayout.
Fuzzy finder is now always enabled and no longer requires experimental settings.
Removed unused in-app analytics APIs including instanceOwnershipStats, User.usageStatistics, Site.usageStatistics, and Site.analytics.
Removed the experimental opencodegraph feature that was previously behind a feature flag.
Sourcegraph reranker is now disabled by default and can be enabled via a feature flag.
This is a patch release for Sourcegraph self-hosted 6.10.
Added a predefined OAuth2 client for the Sourcegraph Raycast extension.
Anthropic's Claude Haiku 4.5 model is now available for Cody Enterprise users using v6.10. [...]
Errors in Deep Search are now displayed inline in the answer section with options to retry or start a new search, replacing the previous error banner.
Added the ability to star favorite threads with a new sidebar tab showing all starred threads in one place.
Upgraded Deep Search to use Claude Sonnet 4.5 as the main model and Claude Haiku 4.5 for summary generation, improving performance while maintaining quality.
Deep Search now displays only new steps for each follow-up question instead of showing all previous steps, reducing confusion in the UI.
GitHub account connections now use Proof Key for Code Exchange (PKCE)
Enterprise Portal now shows SLOs for Sourcegraph Cloud instances to track how the instance is performing.
Adds a warning on the GitHub App page in Sourcegraph to warn site admins that a GitHub App does not have the necessary permissions to enable groups caching.
Fixed pagination cursor to match id-descending ordering, preventing glitches during infinite scrolling.
Fixed incorrect base quota calculation for Deep Search metering when customers have complex license histories with expired licenses
Increased timeout from 1 minute to 4 minutes to reduce timeout errors.
Fixed rendering of the Search Jobs management page when search jobs exist for soft-deleted users.
Return WWW-Authenticate header on 401 responses to advertise OAuth schema to MCP clients.
Used constraints instead of exact match in database version validation
Fixed an issue where permissions sync jobs couldn't be paginated if they referenced a deleted user or repository.
Fix default GitHub and GitLab URLs being incorrectly applied when not explicitly configured in site config.
GitHub Apps now require the Repository administration: read permission for groups caching functionality.
Fixed groups caching validation for GitHub Apps by checking for members: read permission instead of OAuth scopes.
Fixed GitHub sign-in failing due to PKCE data retrieval issues
Decline sign-in attempts for NoSignIn auth providers while still allowing users to connect new auth providers when already logged in.
Removed the VSCode Code Search extension's ability to share authentication credentials with the Cody extension. Users must now authenticate directly with their own credentials or access token.
This is a patch release for Sourcegraph self-hosted 6.9.
We have updated the structured response of all MCP tools to conform to the advertised output schema.
This is a patch release for Sourcegraph self-hosted 6.9.
The kubernetes executor now idempotentally creates secrets (deleting and recreating it if it exists already) instead of failing the entire job.
This is a patch release for Sourcegraph self-hosted 6.9.
Added RBAC to Deep Search. By default, all users have full read and write access for Deep Search, but this can be restricted by changing the default role permissions or by creating new custom roles.
Migrated the batch changes creation page to SvelteKit, including all three UI variations: new template creation, classic form creation, and execution-disabled instruction page.
Batch Changes home page is now rendered within the SvelteKit application framework.
Added a pings page to the site admin interface.
Added global-settings page to site admin interface
Added site admin support to the Svelte app, including Overview, Feedback surveys, and Site configuration pages
Sign-in, sign-up, and post-sign-up pages are now embedded in the Svelte application.
Added a 'request access' page to the Svelte app, allowing users to request access when needed.
Allow 'all' value for requiredSsoOrgs parameter to require authorization to all SSO organizations
Added support for validating GitHub SSO authentication via X-GitHub-SSO headers. Admins can now configure required SSO organizations in the sign-in provider settings to ensure users properly authenticate with SSO-enabled orgs. Error messages for authentication issues are now displayed on the Account Security page.
User profile and settings pages are now rendered in the Svelte app, with improved UI for the profile page and enhanced sidebar navigation supporting menu groups.
Added site admin page for managing outgoing webhooks
Converts schemeless URLs generated by the LLM to absolute URLs to prevent broken links containing /deepsearch/ in the path.
Fixed changeset duplication for Gerrit during network instability by adding pre-retry verification to check if changes already exist before retrying failed operations.
Fixed runtime errors in batch changes changeset diff UI when rendered within SvelteKit
Fixed password validation to properly compare password and confirm password fields across component re-renders
Fixed a race condition where deleting an external account in the middle of a permissions sync could cause permissions for that account to stick around indefinitely.
Gerrit icon now properly adapts to light and dark themes.
Updated redis to 7.4.6-272, which patches CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, and CVE-2025-46819
Fixed an issue where a Perforce user's permissions would not be removed when the user was deleted on Perforce and p4broker was being used as a proxy.
Allow connecting GitHub accounts with no verified emails when already authenticated
Fixed password update form validation in user settings
Removed support for LSIF format.
The deprecated site-admin analytics pages have been removed. All Sourcegraph analytics are available at analytics.sourcegraph.com.
Removed support for the deprecated gemini-1.5-pro-002 model
This is a patch release for Sourcegraph self-hosted 6.8.
Connect AI agents and applications to your Sourcegraph instance via the new Model Context Protocol (MCP) Server. [...]
lineRanges array format instead of single lineRangeFile filter suggestions now consider existing file filters in the query, providing more relevant autocomplete results when multiple file filters are used.
Added a predefined OAuth client for Visual Studio.
Enables OAuth authentication for Sourcegraph Cody across all IDEs using device flow with authorization_code, refresh_token, and device_code grant types.
Added Claude Opus 4.1 model support to Cody
Users can now be allowed through the RBAC system to upload SCIP indexes for repositories they do not have write access to on code forge. This also applies to service accounts.
Sourcegraph now supports Bitbucket Server's official way to archive a repository. The workaround of applying an "archived" label is no longer supported.
Support for .git-blame-ignore-revs files in the root of repositories.
experimentalFeatures->tls.external is not experimental anymore. The old setting is still respected, but customers should move to the new top-level tls.external setting.
The certificate setting for Bitbucket server, GitHub, and GitLab has been marked as deprecated, the tls.external setting should be used instead and is the only correctly working setting.
Both will be removed in a future release.
Prompt pages now embedded in the Svelte app with improved accessibility and testing
Follow-up suggestion analytics events are now correctly recorded as DeepSearchEventRawLLM instead of DeepSearchEventFollowUp.
Improved query performance for retrieving user's most recently updated deep searches by adding a composite database index.
Deep Search now works on smaller screens and mobile devices. The sidebar has been converted to an overlay for better mobile navigation.
Fixed styling issues in the repositories search alert UI.
Fixed OAuth provider matching to correctly handle cases where multiple client IDs are configured for the same URL.
Fixed a bug where the number of repositories a user has access to could be greatly exaggerated on their Repo Permissions page.
Pagination on a user's Repo Permissions page now works correctly.
Fixed theme state synchronization between SvelteKit and React applications
Add redirect from /search/notebook to /notebooks
Fixed incorrect error handling in Git blame that caused unnecessary error logging for missing files.
Error messages now properly distinguish between user and organization name conflicts and are correctly formatted.
Cody API endpoints (anything under /.api/llm) are no longer available.
Mark the EOL Claude Sonnet 3.5 model (anthropic::2024-10-22::claude-3-5-sonnet-latest) as deprecated.
closes: CODY-6235
This is a patch release for Sourcegraph self-hosted 6.7.
Fixed model configuration to include reasoning parameter.
This is a patch release for Sourcegraph self-hosted 6.7.
Swift code should be now properly highlighted using tree-sitter.
Backport 61c45dfc1e2371fb4e6802f5d877cdcfbb139bce from #7113
This is a patch release for Sourcegraph self-hosted 6.7.
This is a patch release for Sourcegraph self-hosted 6.7.
Addressed pagination and performance issues with listing Bitbucket.org repositories in Enterprise Starter repository management.
Backport cd8120b70d93d9ab4021f7c284464bcd5b5246de from #7112
This is a patch release for Sourcegraph self-hosted 6.7.
Fixed OpenAI GPT-5 reasoning model to use correct temperature and top_p parameters. These models now default to 0 for both parameters, allowing OpenAI to use its optimized defaults for reasoning tasks.
Backport 59a57c27d8c27a665d596b4324f85177914758a3 from #7092
UseLegacyCompletions in the config conversion layer 422 Unprocessable Entity errors due to Cody client using /v1/chat/completions instead of the legacy /v1/completions.
The precise code navigation logic has been rewritten for better correctness and performance. [...]
Deep Search is moving out of free preview with new pricing, plus major updates including API support, branch compatibility, and enhanced UX. [...]
OpenAI's GPT-5 model is now available for Cody Enterprise users using v6.7. [...]
Syntax highlighting is now available for SQL files. [...]
Added v1 prefix to deepsearch APIs
Added API endpoints for creating and updating questions within a deep search thread
Fixed a bug where sources were not being recorded
Fixed incorrectly formatted tool calls in DeepSearch questions that contained invalid fields or missing data
Fixed symbols sidebar to correctly display deeply nested symbols for languages such as Go, Java, and Python that use . for nesting.
This is a patch release for Sourcegraph self-hosted 6.6.
Backport 15c66e519eb2b5ec9493f1c8372b93490a72ec32 from #6741
Backport d9fd3848772f74133b54bcb33516d2b114f20953 from #6700