The kubernetes executor now idempotentally creates secrets (deleting and recreating it if it exists already) instead of failing the entire job.

Add retry button to resubmit questions when errors occur in Deep Search

Added RBAC to Deep Search. By default, all users have full read and write access for Deep Search, but this can be restricted by changing the default role permissions or by creating new custom roles.

Added a new Explain with Deep Search button in repository navigation that opens a pre-filled Deep Search conversation with context about the current repository or file.

Migrated the batch changes creation page to SvelteKit, including all three UI variations: new template creation, classic form creation, and execution-disabled instruction page.

Batch Changes home page is now rendered within the SvelteKit application framework.

Added a pings page to the site admin interface.

Added global-settings page to site admin interface

Added site admin support to the Svelte app, including Overview, Feedback surveys, and Site configuration pages

Sign-in, sign-up, and post-sign-up pages are now embedded in the Svelte application.

Added a 'request access' page to the Svelte app, allowing users to request access when needed.

Allow 'all' value for requiredSsoOrgs parameter to require authorization to all SSO organizations

Added support for validating GitHub SSO authentication via X-GitHub-SSO headers. Admins can now configure required SSO organizations in the sign-in provider settings to ensure users properly authenticate with SSO-enabled orgs. Error messages for authentication issues are now displayed on the Account Security page.

User profile and settings pages are now rendered in the Svelte app, with improved UI for the profile page and enhanced sidebar navigation supporting menu groups.

Added site admin page for managing outgoing webhooks

Converts schemeless URLs generated by the LLM to absolute URLs to prevent broken links containing /deepsearch/ in the path.

Fixed changeset duplication for Gerrit during network instability by adding pre-retry verification to check if changes already exist before retrying failed operations.

Fixed runtime errors in batch changes changeset diff UI when rendered within SvelteKit

Fixed password validation to properly compare password and confirm password fields across component re-renders

Fixed a race condition where deleting an external account in the middle of a permissions sync could cause permissions for that account to stick around indefinitely.

Gerrit icon now properly adapts to light and dark themes.

Updated redis to 7.4.6-272, which patches CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, and CVE-2025-46819

Fixed an issue where a Perforce user's permissions would not be removed when the user was deleted on Perforce and p4broker was being used as a proxy.

Allow connecting GitHub accounts with no verified emails when already authenticated

• Fixed Gerrit account connection modal not reopening after being closed in external accounts settings
• Fixed Gerrit icon visibility issues
• Improved spacing consistency between React and Svelte external account modals

Fixed password update form validation in user settings

Removed support for LSIF format.

The deprecated site-admin analytics pages have been removed. All Sourcegraph analytics are available at analytics.sourcegraph.com.

Removed support for the deprecated gemini-1.5-pro-002 model

• DeepSearch tool added to the MCP API, enabling codebase assistant integration to run deep search queries and return results with dashboard links

• Added Model Context Protocol (MCP) support to Deepsearch API
• Refactored tool response handling to use strongly typed responses
• Moved error messages and notes to dedicated fields instead of embedding in content
• Removed X-Requested-With middleware requirement for MCP endpoints

• File sources now support multiple line ranges within a single file, reducing visual clutter when different parts of the same file are referenced
• File previews display up to 3 ranges with separators between them
• Backend tools use a new lineRanges array format instead of single lineRange

• Added tracking for when DeepSearch conversations are shared and viewed by others

File filter suggestions now consider existing file filters in the query, providing more relevant autocomplete results when multiple file filters are used.

Added a predefined OAuth client for Visual Studio.

Enables OAuth authentication for Sourcegraph Cody across all IDEs using device flow with authorization_code, refresh_token, and device_code grant types.

Added Claude Opus 4.1 model support to Cody

• Added Workload Identity authentication support for Google Vertex as an alternative to access token authentication
• Fixed issues preventing Gemini models from being used with Cody
• Resolved critical regression that broke Google Vertex Anthropic support
• Introduced authentication cache to optimize Workload Identity authorization performance

Users can now be allowed through the RBAC system to upload SCIP indexes for repositories they do not have write access to on code forge. This also applies to service accounts.

Sourcegraph now supports Bitbucket Server's official way to archive a repository. The workaround of applying an "archived" label is no longer supported.

Support for .git-blame-ignore-revs files in the root of repositories.

experimentalFeatures->tls.external is not experimental anymore. The old setting is still respected, but customers should move to the new top-level tls.external setting. The certificate setting for Bitbucket server, GitHub, and GitLab has been marked as deprecated, the tls.external setting should be used instead and is the only correctly working setting. Both will be removed in a future release.

Prompt pages now embedded in the Svelte app with improved accessibility and testing

Follow-up suggestion analytics events are now correctly recorded as DeepSearchEventRawLLM instead of DeepSearchEventFollowUp.

Improved query performance for retrieving user's most recently updated deep searches by adding a composite database index.

Deep Search now works on smaller screens and mobile devices. The sidebar has been converted to an overlay for better mobile navigation.

Fixed styling issues in the repositories search alert UI.

Fixed OAuth provider matching to correctly handle cases where multiple client IDs are configured for the same URL.

Fixed a bug where the number of repositories a user has access to could be greatly exaggerated on their Repo Permissions page.

Pagination on a user's Repo Permissions page now works correctly.

Fixed theme state synchronization between SvelteKit and React applications

Add redirect from /search/notebook to /notebooks

Fixed incorrect error handling in Git blame that caused unnecessary error logging for missing files.

Error messages now properly distinguish between user and organization name conflicts and are correctly formatted.

Cody API endpoints (anything under /.api/llm) are no longer available.

Mark the EOL Claude Sonnet 3.5 model (anthropic::2024-10-22::claude-3-5-sonnet-latest) as deprecated.

closes: CODY-6235

Fixed model configuration to include reasoning parameter.

Swift code should be now properly highlighted using tree-sitter.
Backport 61c45dfc1e2371fb4e6802f5d877cdcfbb139bce from #7113

Addressed pagination and performance issues with listing Bitbucket.org repositories in Enterprise Starter repository management.
Backport cd8120b70d93d9ab4021f7c284464bcd5b5246de from #7112

Fixed OpenAI GPT-5 reasoning model to use correct temperature and top_p parameters. These models now default to 0 for both parameters, allowing OpenAI to use its optimized defaults for reasoning tasks.

Backport 59a57c27d8c27a665d596b4324f85177914758a3 from #7092

• Addresses 422 Unprocessable Entity errors due to Cody client using /v1/chat/completions instead of the legacy /v1/completions.
  Backport 231d6ebe20ec8e327fc9695f4df5e6039bb8208e from #7054

DeepSearch conversations now include a shareable URL, making it easier to share conversations with others.
Backport 08602f581464e9f8c1c766cf7542649159bacfc8 from #7078

Added v1 prefix to deepsearch APIs

• Added licensing.canConsumeDeepSearchQuota and licensing.consumeDeepSearchQuota telemetry events to track quota check failures
• Telemetry captures error codes, license key status, and error details for debugging fail-open scenarios

Added API endpoints for creating and updating questions within a deep search thread

• Google Vertex now supports Workload Identity authentication as an alternative to access token authentication.
• Gemini models can now be used with Google Vertex.
  Backport f80ec0d84a54336daf66fa6e9c8a43cea9ac1fc2 from #7075

Fixed a bug where sources were not being recorded

Fixed incorrectly formatted tool calls in DeepSearch questions that contained invalid fields or missing data

• DeepSearch now maintains conversation context in follow-up questions
• Added validation to prevent errors from unfinished tool calls in conversation history

Gracefully handle deleted users for tags in prompts

Fixed symbols sidebar to correctly display deeply nested symbols for languages such as Go, Java, and Python that use . for nesting.

Backport 15c66e519eb2b5ec9493f1c8372b93490a72ec32 from #6741

Backport d9fd3848772f74133b54bcb33516d2b114f20953 from #6700

Backport d9fd384 from #6700

Backport f90029b038f82815a3a234213737d11f04059938 from #6684

Implemented deep search quota enforcement for dotcom users:

• CanConsumeDeepSearchQuota: Check if user has available quota
• ConsumeDeepSearchQuota: Decrement quota when user performs deep search
• GetDeepSearchUsage: Return current quota usage and reset time

Deep search URLs are now directly shareable

• Enable forked repos flow for pushed-only changesets [gitlab only]

• Enable forked repos flow for pushed-only changesets [github only]

feat(batches): new batch changes experience with templates

Backport 9e232e27c2c1a19b69b01cea12ae0194fb7d4422 from #6656

fix(batches): update schema link to public artifacts repo

Backport a278c9287fd779ca9f26d10b2146e7c6cadfbcb3 from #6651

Replaced turn limits in deep search with a token limit

• Remove unnecessary comments

• Add more backend telemetry for pushed-only changesets

• refactor to use AbbreviateRef instead of TrimPrefix for pushed-only changesets

Backport c201fd4027ba118b2c8a0cd089003638f13db429 from #6593

• Added QuotaUsage information to HandleRetrieveDeepSearchs

• Added store layer for tracking deep search queries

DINF-1196 has all details

https://sourcegraph.slack.com/archives/C04MYFW01NV/p1750800014304569

0s Run src code-intel upload -github-token='***' -no-progress -repo=github.com/sourcegraph/sourcegraph 💡 Inferred arguments repo: github.com/sourcegraph/sourcegraph commit: 552dc9[1](https://github.com/sourcegraph/sourcegraph/actions/runs/15861555759/job/44720169430?pr=6219#step:9:1)055580be3a0c021e40aacf0977710f1e1 root: dev/ci/images file: index.scip indexer: scip-go indexerVersion: 0.1.24 unexpected status code: 404 (failed to authorize request: repo not found: name="github.com/sourcegraph/sourcegraph") Error: Process completed with exit code 1.

Cody will be deprecated on July 23rd 2025.

fix(insights): skip empty repos for inventory insights
Backport beee9d2241a4d3e854ac06ef8b5d8d000bd84a69 from #6250

• fix(migrator): remove private repo links in migrator drift output

Backport 4ae3c3a6b6d60bb99421293df830a9e63a53ae01 from #6463

• Combines features of the Language usage and Detect and track patterns insights to track code inventory metrics over time:
  • lines of code
  • size of code
  • file counts
• Can group those metrics by repository, by language, or not at all
• Can collect the metrics for a list of repositories, or a repo search query

• New GraphQL endpoints
  • query:
    • inventoryStatsPreview
  • mutation:
    • createInventoryStatsInsight
    • updateInventoryStatsInsight

• The Inventory environment variables have been moved into site config settings (in the "inventory" section):
  • USE_ENHANCED_LANGUAGE_DETECTION: "disableEnhancedLanguageDetection" (defaults to false)
  • GET_INVENTORY_GIT_SERVER_CONCURRENCY: "gitServerConcurrency" (defaults to 4)
  • GET_INVENTORY_REDIS_CONCURRENCY: "redisConcurrency" (defaults to 20)
  • GET_INVENTORY_MAX_INV_IN_MEMORY: "maxInventoryInMemory" (defaults to 1000)
  • GET_INVENTORY_TIMEOUT: "timeoutInMinutes" (defaults to 5)

• Add experimental icon + GitLab/GitHub only specification for pushed-only changesets in batch changes UI

Backport 04be437 from #6180

• Add 'push only' bulk operation for Github

• feat(telemetry): add canonical PG version check for detecting external db usage

[telemetry] add granular database telemetry.

• releaseplatform: add rpc endpoint for VerifyExecutorsWorkflow

• Correct handler init for gcp and aws clients in releaseplatform, add testing

• releaseplatform: added secret injection to aws and gcp clients

• add aws verification to VerifyExecutorsRelease temporal workflow

• GIN index to efficiently search workspace by changesetSpec
• resolver endpoint to get workspace from changesetSpec
• UI warning in preview step

Adds a tooltip to the retry button on the batch changes preview page.

fix(batches): GitLab webhooks for merge requests not associated with batch changes now return HTTP 204 instead of HTTP 500 errors
Backport b5e926187d14784ea9a51fefca626379a25bda3e from #6052

fix(batches): fixed an issue where Batch Changes would attempt to sync changesets from deleted namespaces resulting in delays and timeouts for active changesets

fix(batches): fixed an issue where GitLab merge request events would fail to handle labels

green ci

• make google cred pre commit hook more precise

Fixed an issue where Sourcegraph would mark executor jobs as failed when briefly losing connection to a pod, even though the pod was still running.

fix(batches): fixed an issue where Batch Changes would attempt to sync changesets from deleted namespaces resulting in delays and timeouts for active changesets

@sourcegraph/release

Fixed an issue where Sourcegraph was not handling rate limit responses from GitHub correctly.
Backport bf997a77ecc58fe669b015aa6e8d2578c4e78607 from #5787

Backport 1269f3af4920629aab9a6fbc6a770932a7b8e64f from #5689

release: add container test to verify glibc version does not get unintentionally upgraded in PostgreSQL container images`

Backport 68a8d54c9e8fd0a3ff0286d0141f07372209f19a from #5670

Backport 0bc959fd07f2f6d55da1f3e6ce6cc6f5e5b2d231 from #5643