What’s new in Citrix Secure Developer Spaces™

Citrix continuously delivers updates to enhance your Citrix Secure Developer Spaces™ experience. Each release introduces new features, improvements, and fixes to ensure you always have access to the latest innovations and performance enhancements. This article highlights the new and updated capabilities available in this release, as well as resolved issues.

To ensure compatibility and optimal performance, review the latest Technical Requirements for Citrix Secure Developer Spaces.

Secure Developer Spaces 2026.4

New and enhanced features

Smarter workspace idle detection

SDS now uses a hybrid approach to determine whether a workspace is truly idle before pausing it. Previously, an open SSH connection was enough to keep a workspace running indefinitely, even when no one was actively working. This led to unnecessary infrastructure costs, for example, when developers left their IDE open overnight or over the weekend.

The new idle detection engine introduces three layers of intelligence:

• IDE activity signals take priority. When the SDS IDE extension is active, the system uses granular input signals such as keyboard and mouse activity to determine whether a user is present. An open but unused SSH connection alone no longer prevents a workspace from pausing.
• SSH fallback for unsupported IDEs. For developers using IDEs that do not support the SDS extension, the system falls back to the previous SSH-based logic, so active work is not interrupted.
• Manual override. Security Officers can deactivate idle detection for select workspaces to support long-running services, such as shared development tooling or components. When activated, the workspace continues to run even without direct user input.

For more information, see Workspace idle detection for SSH connected workspaces

Shared storage mount points

Teams that work with large, shared datasets, such as ML training data, model artifacts, or experiment results, can now mount external storage directly into their workspaces. This new capability, called Mount Points, removes the need to copy data into the cluster before it becomes accessible.

Previously, SDS only offered Data Buckets, which function as point-in-time snapshots. While useful for versioning, snapshots duplicate data onto the cluster, require significant disk space, take a long time to replicate for large datasets, and prevent real-time collaboration because updates require a manual publish cycle.

With mount points:

• Platform admins enable the feature globally under Settings > Integrations.
• Project owners configure mount points by specifying the storage details, including server address, share name, default mount path, and access permissions (read-only or read-write).
• Developers attach available mount points when creating a workspace or workspace template. The mount path can be customized per workspace, and the system prevents path conflicts.

This initial release supports only Azure file-based storage.

For more information, see Sharing Data Between Users - Mount Points.

Unified access with Citrix DaaS (Technical Preview)

SDS now integrates with Citrix DaaS and Citrix Workspace to provide a unified access experience across Linux, Windows, and macOS development environments. Until now, SDS supported only Linux-based Kubernetes workspaces, excluding teams that depend on Windows or macOS tooling, such as Xcode, full Visual Studio, or platform-specific simulation tools.

With this integration, developers can access both traditional SDS workspaces and Citrix-based virtual desktops and applications from a single console. Users only need to sign in once in the SDS console, and all SDS- and Citrix-based resources can be accessed seamlessly without further authentication.

This feature provides:

• Unified access to Kubernetes-based and Citrix-based apps and workspaces from the SDS console
• Integrated authentication with single sign-on
• Access to virtual apps and desktops with the native Citrix Workspace app

This feature allows organizations to bring more developer teams onto one secure platform while leveraging their existing Citrix infrastructure and licensing.

For more information, see Citrix DaaS Integration.

Independent VS Code version management

VS Code updates are no longer tied to SDS platform releases. Previously, customers had to wait for a full SDS upgrade to get a newer VS Code version, which could delay access to new editor features and plugin compatibility.

With this release, VS Code is delivered and updated independently from the SDS platform. Key capabilities include:

• Controlled updates and rollback. Administrators can adopt new VS Code versions when ready and roll back to a previous version if issues arise.
• Offline and air-gapped support. Organizations that restrict internet access from the control plane or workspaces can host VS Code update files on an internal distribution point such as an artifact repository or network share.
• Built-in notifications. SDS admins and security officers receive notifications through the built-in notification system when a new VS Code version becomes available.
• User-controlled upgrades. Developers can control when the VS Code update is applied to each of their workspaces, similar to the existing workspace upgrade flow.

For more information, see VSCode Versions.

Native support for Kiro IDE

Kiro is now supported as an IDE for SSH-based workspace connections, joining VS Code Desktop, JetBrains Gateway, Cursor, and Windsurf. Previously, Kiro users had to manually configure SSH connections and extension installations to access their SDS workspaces.

With this update, the Connect via SSH modal in the SDS console includes Kiro as a launch option. Selecting it opens Kiro on the developer’s local machine, automatically installs or activates the SDS extension, and establishes the remote SSH connection to the target workspace.

For more information, see Connect to a workspace via SSH

Improved user onboarding flow

The Add User flow for projects has been redesigned to reduce errors and speed up onboarding. Project owners can now add users in bulk by pasting a list of email addresses, with inline validation and clear error feedback. Single-user search is limited to platform users not yet in the project, avoiding confusion. When adding external users, the flow guides the admin through the required additional details before completing the operation.

For more information, see Add and remove users and groups - Bulk add users

Automatic SDS extension installation for SSH connections

When connecting to a workspace via SSH from VS Code Desktop, SDS now automatically installs the required SDS extension on the remote workspace. This removes a previously manual step and reduces connection setup failures.

Configurable ghost workspace resources via Helm

Ghost workspace resource specifications can now be configured through the Helm chart, giving administrators more control over resource allocation for pre-provisioned workspaces.

Kubernetes PriorityClass support for workspace pods

Administrators can now assign a Kubernetes PriorityClass to workspace pods through a new optional Helm configuration field. When set, all newly created workspace pods are assigned the specified priority class, allowing Kubernetes schedulers and tools like Karpenter to make better scaling and scheduling decisions. When the setting is omitted, existing behavior is unchanged.

Debian desktop image with browser access

A new preconfigured Debian-based container image with NoVNC is now available, providing a full desktop environment directly accessible in the browser. This option is useful for teams that need GUI-based tooling or testing environments within their SDS workspaces.

VS Code updated to 1.114

SDS now ships with VS Code 1.114, bringing the latest editor features and plugin compatibility improvements.

Improved downloads for large analytics exports

Workspace measurement exports can now reliably handle large report files. Administrators and security officers can download workspace analytics filtered by organization, project, and date range, even when the resulting files are too large for a standard API call. The download mechanism now uses an optimized transfer path to support large file sizes.

For more information, see Workspace resource usage insights - Access workspace measurements

Preserve Host proxy option for workspace apps

Workspace apps now include a Preserve Host proxy option. When enabled, the proxy forwards the workspace app’s public URL in the Host header, aligning it with the Origin and X-Forwarded-Host headers. This allows tools like Jupyter Notebook and pgAdmin to work behind the SDS proxy without custom per-tool proxy configuration. The option is turned off by default to avoid breaking local development workflows that expect localhost.

For more information, see Workspace Apps - Override Host Header

Self-service OpenAPI specification downloads

The SDS REST API documentation page now includes a Download OpenAPI specification button. The OpenAPI spec is automatically packaged and shipped with every minor and major SDS release, so platform engineering teams can download the spec that matches their currently deployed SDS version without contacting Citrix.

Custom documentation URL

Platform admins can now replace the default Citrix SDS documentation link with a custom URL that points to their organization’s internal documentation. When enabled under Settings > General > Documentation, the custom link applies globally and updates the Documentation entry in the user profile menu for all users, projects, and organizations. When disabled, the link reverts to the default Citrix SDS documentation.

For more information, see General Settings - Documentation

Custom OpenVSX marketplace for VS Code extensions

Platform administrators can now point all VS Code workspaces to a custom OpenVSX marketplace under Settings > General > OpenVSX Marketplace, replacing the previous manual EXTENSIONS_GALLERY environment variable approach. The setting is inherited across all organizations, projects, and workspaces. New workspaces use the configured marketplace immediately; existing workspaces pick up the change after their next restart.

For more information, see General Settings - OpenVSX Marketplace

UI enhancements

Simpler workspace template versioning

Edit, Publish, and Set as Default actions are now directly available in the template version list, making versioning steps faster and easier to discover.

Streamlined Add Image workflow

The container image import flow now starts with the image URL, auto-fills fields where possible, supports inline credential entry, and includes clearer descriptions and tooltips.

Alphabetical sorting for workspaces and templates

Workspace and template lists are now sorted alphabetically by default.

Separate control for in-app guides

Usage Analytics settings now let administrators keep analytics enabled while turning off in-app guides independently.

Better search in dropdowns

Larger dropdowns now show a visible search field that is focused on open, with options sorted alphabetically.

Consistent select components

SDS now uses a unified select component with consistent search and sorting behavior across the console.

Cleaner Set as Default for container images

The Set as Default action is now shown more selectively in the container image version list, reducing visual clutter while keeping the action accessible.

Startup scripts description

The Startup Scripts step in the workspace and template wizard now includes a description explaining when and why to use startup scripts.

Language selector moved to user profile

Language selection has moved from the page footer to user profile settings, now labeled with language names instead of flags.

Consistent wizard exit warning

SDS now always warns users before they leave the workspace or template wizard, regardless of navigation path, and uses clearer dialog labels.

Improved empty secrets message

When no secrets exist, the wizard now shows guidance on how to add one instead of implying that a filter returned no results.

Clearer filter no-results messages

Filtered lists now show a contextual no-results message with a Clear Filters action so that users can distinguish between empty results and missing data.

Standardized UI components and tooltips

Icons, tooltips, and styling patterns are now more consistent across the SDS console.

Bug fixes

Context menus close on scroll

Context menus now close automatically when the user scrolls, preventing visual artifacts from continuous repositioning.

Maintenance banner stays aligned during scrolling

The maintenance notification banner no longer briefly slips under the menu bar when scrolling on long pages.

Validation checkmark no longer appears on empty input

The secret name input field no longer shows a success checkmark when the field is empty or invalid.

Consistent image cache scheduling across nodes

Image cache pods are now scheduled with node-level anti-affinity, ensuring one pod runs on every Karpenter-managed workspace node instead of one per availability zone. This restores predictable warm node behavior in multi-AZ clusters.

Secure Developer Spaces 2025.10

This release contains the following new features:

Renewal warning for CA certificates

SDS now displays a warning when a CA certificate is approaching expiration, enabling administrators to take timely action to renew certificates and prevent service disruptions.

Workspace resource usage insights

SDS now provides historic insights into workspace CPU and RAM consumption. This data is automatically collected and stored in the SDS database, and can be accessed via the workspace-measurements and workspace-measurement-samples APIs to support rightsizing analysis and long-term trending insights.

The system gathers the following information:

• CPU usage over time
• RAM usage over time

The data is retained for 7 days.

For more information, see Workspace resource usage insights

Enhanced idle detection for SSH sessions

When users connect to an SDS workspace via SSH with the SDS/Strong Network plugin, SDS can now monitor activity with greater precision. This will allow the system to pause idle workspaces more reliably, improving cost efficiency without disrupting active sessions. Users without the Citrix SDS/Strong Network plugin installed in their local IDE will be asked to install it via a notification within the SDS console. Administrators can use the SDS API /v1/metrics/ssh-workspaces-no-extension-usage to determine a list of users connecting via SSH without the plugin installed.

Note:

The initial version of this release will not change the behavior of the SDS scheduled to minimize the disruption to existing users. A future minor version will enable the scheduler changes.

Enhanced Quickstart workspace creation

The Quickstart interface, used when creating a new workspace via a Quickstart link, has been enhanced. Before provisioning, users can now review:

• The image and template used to create the workspace
• The organizational location where the workspace will be deployed

Additionally, users can select the template version and geographic deployment location, providing greater control and transparency during workspace setup.

For more information, see Quickstart

Support for Azure Cosmos DB

SDS now supports Azure Cosmos DB as a managed database option, in addition to MongoDB Atlas. This gives teams greater flexibility in choosing the database service that best fits their workloads and cloud environment.

Workspace template flow: Add draft & promote functionality

New Workspace template versions are now created in a draft state. Drafts can be modified and tested until they are explicitly promoted to the default version. This workflow simplifies the process of iterating on templates while preventing users from inadvertently using versions that are not production-ready.

For more information, see Create a new version of a Template

Template duplication in the SDS console

Project Owners can now duplicate existing Workspace templates directly within the SDS console. This makes it easier to create new templates that share the same toolstack and integrations as existing ones, while allowing for fine-tuned configuration to meet specific developer needs.

Workspace resource visibility and sorting

The Project/Workspace view now displays the full resource configuration (CPU, RAM, and storage) for every workspace in a project. Workspaces can also be sorted by these attributes, enabling Project Owners to quickly identify high-resource allocations and support rightsizing activities.

New filters in Project/Workspaces view

A new filter option has been added to the Project/Workspaces view, making it easier to identify workspaces with specific characteristics within large projects. Available filter criteria include:

• Owner – workspace owner
• Image – base image used for the workspace
• Created On – creation date
• Status – current workspace status
• CPU, RAM, Storage – allocated resources

This enhancement streamlines workspace management and helps quickly locate relevant workspaces.

For more information, see Filtering Workspaces

Optimized Console Responsiveness

We have significantly optimized the way the SDS console loads data, resulting in a much more responsive and fluid user experience.

• Near-instant navigation: Actions that previously had a short delay are now almost instant. For example, navigating from the platform level into a specific project is notably faster.
• Improved workflow: This foundational enhancement minimizes wait times, improving your overall workflow and making the console feel smoother and more efficient.

Interactive onboarding guides

When accessing the SDS web console for the first time, users are now presented with interactive onboarding guides. These guides highlight key functionality and walk through important first steps, helping new users get up and running more quickly.

Updated Visual Studio Code version

SDS workspaces now include Visual Studio Code v1.105.1, providing the latest features, improvements, and fixes.

Improved workspace creation workflow

The input fields for creating a new workspace from a template have been reorganized to reduce the number of clicks required. Additionally, the proposed workspace name is now automatically generated using the format <First Name><First 3 letters of Surname>-<TemplateName>, streamlining the setup process and ensuring consistent naming.

For example: StevenGal-Frontend Workspace

Enhanced UX for workspaces without resource limits

SDS now allows customers to create workspaces without CPU or RAM limits, enabling fully elastic scalability. Workspaces configured with unlimited resources will display an infinity symbol for the affected resource, providing a clear visual indicator of this configuration.

Default selection of current user for resource ownership

Whenever SDS prompts for an owner of a newly created resource, the current user is now listed at the top of the user list. This change streamlines common workflows and speeds up the resource creation process.

Enhanced user details page

The user details page now displays user-configured workspace schedules and lists all workspaces with custom schedules. This page is also accessible to Project Owners, in addition to Security Officers. The enhanced view provides better visibility into a user’s context and special configurations, aiding troubleshooting and workspace management.

Backstage plugin for SDS

SDS now offers a plugin for Backstage, enabling users to list and access all workspaces associated with a specific software project, as well as create new workspaces directly from Backstage. For organizations using a Backstage-based Integrated Developer Portal, this integration streamlines developer workflows and simplifies workspace management.

For more information, see Citrix SDS Workspaces Plugin for Backstage

HashiCorp Vault integration for secret management

SDS now integrates with HashiCorp Vault, the leading secret management solution. When enabled, all secrets previously stored in the SDS database are securely stored in Vault. This includes:

• Platform secrets: Platform SSH private key, OAuth app secrets, email gateway secrets, and workspace image registry credentials
• User secrets: User SSH personal identity, private SSH keys, and GPG keys

This integration enhances security by centralizing secret management and leveraging Vault’s robust access controls and auditing capabilities.

For more information, see Use HashiCorp Vault as a Secret Manager

Usage Telemetry

SDS now collects usage telemetry to help improve the platform. This telemetry is used for understanding feature adoption and identifying areas for performance and usability improvements. No personal data is collected, and all information is handled in accordance with organizational privacy policies.

Pendo integration for in-app guidance and analytics

SDS now collects usage telemetry to help improve the platform. This telemetry is used for understanding feature adoption and identifying areas for performance and usability improvements. No personal data is collected, and all information is handled in accordance with organizational privacy policies. https://FQDN/platform/settings/analytics/usage_analytics

For more information, see Usage Analytics