Release notes

What’s new

• Updated Anaconda Team Edition to meet Accessibility compliance
• Enable an end-user to mirror, install and upload CRAN packages in Windows environments
• Provided additional airgap functionality
• Improve the user experience with LDAP
• Refactored and Improved integration with Keycloak
• Ability to add certificates to Keycloak truststore for LDAP

Improvements

• Airgap:
  • Documentation on pulling down the package tarball on a schedule.
  • Automate the process for updating artifacts.
• LDAP:
  • Ability to link users that are assigned a group in Keycloak to the group in Anaconda Team Edition.
  • The ability for an admin to grant channel access to groups which can include groups an admin is not a member of.
  • The ability for an admin to edit the permission on a group - to increase or decrease permissions.
  • The ability for an admin to manage user access using LDAP groups.
  • The ability for a user to distinguish between an Anaconda Team Edition group and a group defined in Keycloak
• Added new platforms - Linux-ppc64, Linux-s390x, and osx-arm64
• Azure AD integration with Anaconda Team Edition
• Changed the wording from PyPI to standard python and CRAN to standard r
• Added type to mirror drop-down of standard python and standard r
• The user is now able to install packages from a sub-channel
• conda-repo-cli:
  • Added conda-repo-cli whoami command
  • Ability to set a certificate file post-install: conda repo config set —ssl_verify cert.cer
  • Cleaner error messages to inform the user
  • Ability to display CVEs via CLI
  • Improvements to help channel: conda repo channel —help
• Keycloak:
  • Store and manage users directly in Keycloak
  • Store and manage groups directly in Keycloak
  • Store and manage roles directly in Keycloak
  • Store and manage user-group relations directly in Keycloak

Bug fixes

• CRAN:

  • Licensing filtering - user can now utilize the exclude filter for license restriction
  • Mirror to include binaries, so that users can install libraries without each user having to (re)compile libraries
  • CRAN mirror configuration page no longer duplicates package filter information

• LDAP:

  • User count licensing limit user access

• Updated the ability to scroll on dependents and metadata tabs

• CVE score now displays a 0.0 when the CVE has a cleared or mitigated status

• Updated sorting on CVE tab to allow end-user to sort by channel and package

• The edit button is now enabled when a token name is edited

• Removed the need to refresh the page after adding a channel or subchannel to a group

• Corrected the selection select all checkboxes for packages to only work on the current page and not to all pages related to a package or packages within the channel

• The date range in mirror configuration is now hidden due to backend work needed

• Fixed the package search latency issue and refresh problems

What’s new

• Customer’s now have the ability to install an airgapped instance of Anaconda Team Edition
  • Updated install preparation instructions
  • Easy to self install
  • Centralized location to pull updated packages and associated CVE metadata
• Updated the upgrade and restore path

Improvements

• Improved the warning message when setting a future date in the mirror scheduling tool
• Deleted artifacts wiill no longer show up when customer is performing a search
• Improved CVE filtering
• Updated group role mapping with Active Directory integration for the admin role
• Improved the ability to add or update a license
• Improved mirror performance:
  • Default to monthly schedule
  • Default to active mirror
  • Updated edit function to ensure all current fields are available when editing
  • Corrected the double package format of .conda and .tar.bz2

Bug fixes

• Group create button is now active when intiating a group
• Notification now appears when you delete a token
• No longer recieve multiple notifications on mirror deletion
• Searching for a package now displays current package information
• Tokens now grant only specific access
• Mirror event history is displaying current status
• conda-repo cli help now display correct help instructions

What’s new

• Ability to mirror from another installation of Team Edition via https.
• Ability to upgrade Team Edition and maintain current settings and filters.
• Role Mapping: when additional roles are added to User Management, Admin is able to restrict or add additional permissions to the end user.
• Ability to mirror from repo.anaconda.cloud.
• Ability to move, copy, and delete artifacts within a package.
• Easily upgrade a license key from the Admin user’s UI dashboard

Improvements

• Improved the support and documentation for custom certificates.
• Mirror frequency and performance issues.
• When you remove a subdirectory, it is removed from the package artifact list upon updating the mirror.
• Added notification that frequency is in UTC time.
• CVE improvements:
  • CVEs are now updating in Team Edition every 4 hours to align with NIST.
  • All CVEs have the correct status for reporting (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).
  • Ability to filter by CVE status (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).
  • Display the CVE date as shown by NIST for Published and Modified.
  • Display the date Anaconda curated the CVE.

Bug fixes

• Dashboard now displays the correct package count for a channel.
• An error duing customer logout experience with Team Edition was caused by a miscommunication between web socket and callback endpoint API.
• Sorting in channels not working as expected.
• Ability to sort all pages of package artifacts by Size, Version, Last Updated, and Platform.
• Ability to sort packages based on Name.
• Issues with conda repo functionality for conda repo channel copy and conda repo upload options have been fixed.
• Index of cache on Team Edition related to If-Modified-Since header has been fixed.
• API to trigger on channel index refresh lead to displaying inconsistent information between the channel and actual artifacts in the channel.

What’s New

• CVEs will be automatically fed to and updated on the Team Edition dashboard, so you no longer have to mirror them.
• CVEs will now be pulled down from NIST and listed as Reported (not curated).
• CVEs that are curated by Anaconda will now be designated with a checkmark and a label defining the stage of curation.
• You can now search for CVEs in the search bar at the top of Team Edition (Admin only).
• CVEs are displayed using an algorithm. When one or more CVEs are associated with a package, the score that is displayed is based on the highest score and risk state of a CVE for each file.
• Clicking on the number of CVEs related to a package file will show a CVE listing view.
• The number of unique CVEs for a package is displayed at the package level.
• When viewing files in a package, the appropriate CVE score (or N/A) will be displayed based on the number of CVEs and severity.
• The metadata will now display all the CVEs score information.
• All the packages affected by a CVE will be associated with that CVE.

Improvements

• Each CVE status can be seen by clicking on “info” icons and viewing meta information.
• It is now more clear that the CVE number is a clickable link.
• There is greater distinction between Anaconda curated and non-curated CVEs via a checkbox selection.
• More than two mirrors can now be run at the same time.

Bug fixes

• The hierarchy for mirroring filters has been corrected; now, if a package is added to both “include” and “exclude”, the package will be excluded.
• System metering (Prometheus) is now showing up properly.
• Admins can now update user roles and create custom roles.