Release notes

What’s new

• Anaconda Team Edition is now Anaconda Server!
• See mirror progress and results globally for all users from the new All Repository Mirrors view.
  • This view is available to users whose role in Keycloak has the mirror attribute set to manage.
  • View mirror status, which step is currently being performed, how long the mirror has been running, when it will complete, and the last time the state was updated.
  • Get statistics about packages as your mirror populates; view which packages are active or passive and how many packages are being filtered out of your repositories due to license or CVE score restrictions.
• Commercial users and administrators can now access hosted miniconda client installers directly through Anaconda Server.

Improvements

• Group permissions can now be changed directly from the group page.

Bug Fixes

• Fixed an issue that caused the disk usage by artifact value on the system page to report inaccurately.
• The CRAN mirror configuration page no longer contains duplicate fields for packages.
• Fixed an issue that killed the dispatcher container by consuming more than 8GB of RAM.
• Fixed an issue that caused all CVE artifacts to display the most recent update date when you upload or update any one CVE.
• Fixed an issue that caused the passive mirror counter to remain at 0 while synchronized.
• Fixed a bug that caused some packages to not be deleted if the mirror was deleted while in the running state.

What’s new

• Updated Anaconda Team Edition to meet Accessibility compliance
• Enabled an end-user to mirror, install, and upload CRAN packages in Windows environments
• Provided additional airgap functionality
• Improved the user experience with LDAP
• Refactored and Improved integration with Keycloak
• Ability to add certificates to Keycloak truststore for LDAP

Improvements

• Added new platforms - Linux-ppc64, Linux-s390x, and osx-arm64
• Azure AD integration with Anaconda Team Edition
• Changed the wording from PyPI to standard python and CRAN to standard r
• Added type to mirror drop-down of standard python and standard r
• The user is now able to install packages from a sub-channel
• Airgap:
  • Documentation on pulling down the package tarball on a schedule
  • Automate the process for updating artifacts
• LDAP:
  • Ability to link users that are assigned a group in Keycloak to the group in Anaconda Team Edition
  • Admins can now grant channel access to groups to which they do not subscribe
  • Admins can now increase or decrease permissions in a group
  • Admins can now manage user access using LDAP groups
  • Ability for a user to distinguish between an Anaconda Team Edition group and a group defined in Keycloak
• conda-repo-cli:
  • Added conda-repo-cli whoami command
  • Ability to set a certificate file post-install: conda repo config --set ssl_verify cert.cer
  • Cleaner error messages
  • Ability to display CVEs via CLI
  • Improvements to help channel: conda repo channel --help
• Keycloak: Store and manage users, groups, roles, and user-group relations directly in Keycloak

Bug fixes

• Updated the ability to scroll on dependents and metadata tabs
• CVE score now displays a 0.0 when the CVE has a cleared or mitigated status
• Updated sorting on CVE tab to allow end-user to sort by channel and package
• The edit button is now enabled when a token name is edited
• Removed the need to refresh the page after adding a channel or subchannel to a group
• Checking the “select all” checkbox in a channel allows you to modify the channel’s packages rather than the channel itself
• Fixed package search latency issue and refresh problems
• CRAN:
  • Licensing filtering - user can now use the exclude filter for license restriction
  • Mirror to include binaries so that users can install libraries without each user having to (re)compile libraries
  • CRAN mirror configuration page no longer duplicates package filter information
• LDAP: User count licensing limits user access

What’s new

• Customer’s now have the ability to install an airgapped instance of Anaconda Team Edition
  • Updated install preparation instructions
  • Easy to self install
  • Centralized location to pull updated packages and associated CVE metadata
• Updated the upgrade and restore path

Improvements

• Improved the warning message when setting a future date in the mirror scheduling tool
• Deleted artifacts wiill no longer show up when customer is performing a search
• Improved CVE filtering
• Updated group role mapping with Active Directory integration for the admin role
• Improved the ability to add or update a license
• Improved mirror performance:
  • Default to monthly schedule
  • Default to active mirror
  • Updated edit function to ensure all current fields are available when editing
  • Corrected the double package format of .conda and .tar.bz2

Bug fixes

• Group create button is now active when intiating a group
• Notification now appears when you delete a token
• No longer recieve multiple notifications on mirror deletion
• Searching for a package now displays current package information
• Tokens now grant only specific access
• Mirror event history is displaying current status
• conda-repo cli help now display correct help instructions

What’s new

• Ability to mirror from another installation of Team Edition via https.
• Ability to upgrade Team Edition and maintain current settings and filters.
• Role Mapping: when additional roles are added to User Management, Admin is able to restrict or add additional permissions to the end user.
• Ability to mirror from repo.anaconda.cloud.
• Ability to move, copy, and delete artifacts within a package.
• Easily upgrade a license key from the Admin user’s UI dashboard

Improvements

• Improved the support and documentation for custom certificates.
• Mirror frequency and performance issues.
• When you remove a subdirectory, it is removed from the package artifact list upon updating the mirror.
• Added notification that frequency is in UTC time.
• CVE improvements:
  • CVEs are now updating in Team Edition every 4 hours to align with NIST.
  • All CVEs have the correct status for reporting (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).
  • Ability to filter by CVE status (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).
  • Display the CVE date as shown by NIST for Published and Modified.
  • Display the date Anaconda curated the CVE.

Bug fixes

• Dashboard now displays the correct package count for a channel.
• An error duing customer logout experience with Team Edition was caused by a miscommunication between web socket and callback endpoint API.
• Sorting in channels not working as expected.
• Ability to sort all pages of package artifacts by Size, Version, Last Updated, and Platform.
• Ability to sort packages based on Name.
• Issues with conda repo functionality for conda repo channel copy and conda repo upload options have been fixed.
• Index of cache on Team Edition related to If-Modified-Since header has been fixed.
• API to trigger on channel index refresh lead to displaying inconsistent information between the channel and actual artifacts in the channel.

What’s New

• CVEs will be automatically fed to and updated on the Team Edition dashboard, so you no longer have to mirror them.
• CVEs will now be pulled down from NIST and listed as Reported (not curated).
• CVEs that are curated by Anaconda will now be designated with a checkmark and a label defining the stage of curation.
• You can now search for CVEs in the search bar at the top of Team Edition (Admin only).
• CVEs are displayed using an algorithm. When one or more CVEs are associated with a package, the score that is displayed is based on the highest score and risk state of a CVE for each file.
• Clicking on the number of CVEs related to a package file will show a CVE listing view.
• The number of unique CVEs for a package is displayed at the package level.
• When viewing files in a package, the appropriate CVE score (or N/A) will be displayed based on the number of CVEs and severity.
• The metadata will now display all the CVEs score information.
• All the packages affected by a CVE will be associated with that CVE.

Improvements

• Each CVE status can be seen by clicking on “info” icons and viewing meta information.
• It is now more clear that the CVE number is a clickable link.
• There is greater distinction between Anaconda curated and non-curated CVEs via a checkbox selection.
• More than two mirrors can now be run at the same time.

Bug fixes

• The heirarchy for mirroring filters has been corrected; now, if a package is added to both “include” and “exclude,” the package will be excluded.

• System metering (Prometheus) is now showing up properly.

• Admins can now update user roles and create custom roles.