Release notes

The following notes are provided to help you understand the major changes made between releases, and therefore may not include minor bug fixes and updates.

Anaconda Server 6.2.0

What’s new

  • Download CVE reports to learn about security exposures, vulnerabilities, and security compliance within your repository. The report downloads in .csv file format.

  • Filter your channel’s associated CVEs to locate and view specific CVE data.

  • Use conda-audit to scan your conda environment and show the vulnerabilities associated with your projects.

Known Issues

  • There is a known issue with the CVE package filter that causes it to intermittently time out.

  • The CVE filters are not properly restricting packages by score or name.

  • Running a CVE report from the channel or subchannel view with filters applied does not apply set filters to your report.

  • These problems are expected to be fixed in version 6.2.1 or 6.2.2.

Improvements

  • Instructions for the blob cleanup tool have been included to help you remove artifacts associated with deleted channels and free disc space.

  • Anaconda Server will now notify you when you approach or exceed the limits of your license, or when your license is approaching or past its expiration date.

  • The My Account drop-down menu now contains a scrollbar.

  • CVEs are now listed in descending order of severity under the CVE tab of the My Channel view.

  • The Mirroring Details view now shows percentage complete, has a visual indicator that a mirror is running, shows the full file path when mirroring from a subchannel, and accurately reflects the number of packages in the mirror source and in the channel.

  • Users are now automatically logged out after 10 hours of inactivity.

  • New commands have been added to the conda repo CLI tool!
    • Use conda repo cves --list to get a list of the latest CVEs.

    • Use conda repo show --<CVE-name> to view details of a specific CVE.

Bug fixes

  • Fixed a bug that caused the search bar to return an error.

  • The search bar no longer caches searches.

  • Fixed a bug that returned CVEs when searching for packages using the search bar.

  • Mirrors can now be successfully generated in a subchannel.

  • Mirrors from deleted channels and subchannels no longer appear in the All Mirrors view.

  • Deleting a mirror from the All Mirrors view now removes it from the list.

  • Channels and subchannels now redirect properly when navigating from the All Mirrors view.

  • Fixed a bug that prevented the User Interface (UI) from loading when the channel list is empty. Now the dashboard will load and show an empty channel column.

  • The CVE loading indicator on the dashboard now properly shows in the CVE column only.

  • The CVE channel no longer appears in the Anaconda Navigator interface.

  • Subchannel mirrors now show their own privacy setting, not their parent channel’s privacy setting.

  • The Mirroring Details view now shows the full file path when mirroring from a subchannel.

  • Fixed a bug that caused the All Mirrors view to jump to the top of the screen every few seconds.

  • Fixed a bug that caused the mirrors Settings view to disappear after a few seconds.

  • Tooltips shown by hovering with the mouse no longer remain when the mouse moves away.

  • Fixed a bug that restricted naming for new channels based on the names of channels that have been deleted. Now you can delete a channel and create another channel with the same name as the deleted channel.

  • Non-administrator users who are promoted to administrator now have their updated permissions correctly reflected.

  • Fixed a bug that forced you to refresh the Token Management view to receive tokens for a newly-uploaded environment or project.

  • Notifications properly appear when a token is deleted to verify that the deletion process completed.

  • Subchannel count in the My Channel view now updates as subchannels are created and deleted.

  • Uploading packages to and moving packages between channels/subchannels now correctly modifies the file count shown on the Packages tab.

Anaconda Server 6.1.9

Released May 25, 2022

Bug Fixes

  • Nginx has been moved to the unprivileged version of the 1.21.6 official image to allow non-root users to install Anaconda Server.

Anaconda Server 6.1.8

Released April 27, 2022

Improvements

  • Nginx has been updated to version 1.21.6 (mainline) to close critical security vulnerabilities.

Anaconda Server 6.1.7

Released March 31, 2022

What’s new

  • Anaconda Team Edition is now Anaconda Server!

  • See mirror progress and results globally for all users from the new All Repository Mirrors view.
    • This view is available to users whose role in Keycloak has the mirror attribute set to manage.

    • View mirror status, which step is currently being performed, how long the mirror has been running, when it will complete, and the last time the state was updated.

    • Get statistics about packages as your mirror populates; view which packages are active or passive and how many packages are being filtered out of your repositories due to license or CVE score restrictions.

  • Commercial users and administrators can now access hosted miniconda client installers directly through Anaconda Server.

Improvements

  • Group permissions can now be changed directly from the group page.

Bug Fixes

  • Fixed an issue that caused the disk usage by artifact value on the system page to report inaccurately.

  • The CRAN mirror configuration page no longer contains duplicate fields for packages.

  • Fixed an issue that killed the dispatcher container by consuming more than 8GB of RAM.

  • Fixed an issue that caused all CVE artifacts to display the most recent update date when you upload or update any one CVE.

  • Fixed an issue that caused the passive mirror counter to remain at 0 while synchronized.

  • Fixed a bug that caused some packages to not be deleted if the mirror was deleted while in the running state.

Anaconda Team Edition 6.1.6

Released February 24, 2022

What’s new

  • Updated Anaconda Team Edition to meet Accessibility compliance

  • Enabled an end-user to mirror, install, and upload CRAN packages in Windows environments

  • Provided additional airgap functionality

  • Improved the user experience with LDAP

  • Refactored and Improved integration with Keycloak

  • Ability to add certificates to Keycloak truststore for LDAP

Improvements

  • Added new platforms - Linux-ppc64, Linux-s390x, and osx-arm64

  • Azure AD integration with Anaconda Team Edition

  • Changed the wording from PyPI to standard python and CRAN to standard r

  • Added type to mirror drop-down of standard python and standard r

  • The user is now able to install packages from a sub-channel

  • Airgap:
    • Documentation on pulling down the package tarball on a schedule

    • Automate the process for updating artifacts

  • LDAP:
    • Ability to link users that are assigned a group in Keycloak to the group in Anaconda Team Edition

    • Admins can now grant channel access to groups to which they do not subscribe

    • Admins can now increase or decrease permissions in a group

    • Admins can now manage user access using LDAP groups

    • Ability for a user to distinguish between an Anaconda Team Edition group and a group defined in Keycloak

  • conda-repo-cli:
    • Added conda-repo-cli whoami command

    • Ability to set a certificate file post-install: conda repo config --set ssl_verify cert.cer

    • Cleaner error messages

    • Ability to display CVEs via CLI

    • Improvements to help channel: conda repo channel --help

  • Keycloak: Store and manage users, groups, roles, and user-group relations directly in Keycloak

Bug fixes

  • Updated the ability to scroll on dependents and metadata tabs

  • CVE score now displays a 0.0 when the CVE has a cleared or mitigated status

  • Updated sorting on CVE tab to allow end-user to sort by channel and package

  • The edit button is now enabled when a token name is edited

  • Removed the need to refresh the page after adding a channel or subchannel to a group

  • Checking the “select all” checkbox in a channel allows you to modify the channel’s packages rather than the channel itself

  • Fixed package search latency issue and refresh problems

  • CRAN:
    • Licensing filtering - user can now use the exclude filter for license restriction

    • Mirror to include binaries so that users can install libraries without each user having to (re)compile libraries

    • CRAN mirror configuration page no longer duplicates package filter information

  • LDAP: User count licensing limits user access

Anaconda Team Edition 6.1.5

Released October 1, 2021

What’s new

  • Customer’s now have the ability to install an airgapped instance of Anaconda Team Edition
    • Updated install preparation instructions

    • Easy to self install

    • Centralized location to pull updated packages and associated CVE metadata

  • Updated the upgrade and restore path

Improvements

  • Improved the warning message when setting a future date in the mirror scheduling tool

  • Deleted artifacts wiill no longer show up when customer is performing a search

  • Improved CVE filtering

  • Updated group role mapping with Active Directory integration for the admin role

  • Improved the ability to add or update a license

  • Improved mirror performance:
    • Default to monthly schedule

    • Default to active mirror

    • Updated edit function to ensure all current fields are available when editing

    • Corrected the double package format of .conda and .tar.bz2

Bug fixes

  • Group create button is now active when intiating a group

  • Notification now appears when you delete a token

  • No longer recieve multiple notifications on mirror deletion

  • Searching for a package now displays current package information

  • Tokens now grant only specific access

  • Mirror event history is displaying current status

  • conda-repo cli help now display correct help instructions

Anaconda Team Edition 6.1.4

Released February 4, 2021

What’s new

  • Ability to mirror from another installation of Team Edition via https.

  • Ability to upgrade Team Edition and maintain current settings and filters.

  • Role Mapping: when additional roles are added to User Management, Admin is able to restrict or add additional permissions to the end user.

  • Ability to mirror from repo.anaconda.cloud.

  • Ability to move, copy, and delete artifacts within a package.

  • Easily upgrade a license key from the Admin user’s UI dashboard

Improvements

  • Improved the support and documentation for custom certificates.

  • Mirror frequency and performance issues.

  • When you remove a subdirectory, it is removed from the package artifact list upon updating the mirror.

  • Added notification that frequency is in UTC time.

  • CVE improvements:
    • CVEs are now updating in Team Edition every 4 hours to align with NIST.

    • All CVEs have the correct status for reporting (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).

    • Ability to filter by CVE status (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).

    • Display the CVE date as shown by NIST for Published and Modified.

    • Display the date Anaconda curated the CVE.

Bug fixes

  • Dashboard now displays the correct package count for a channel.

  • An error duing customer logout experience with Team Edition was caused by a miscommunication between web socket and callback endpoint API.

  • Sorting in channels not working as expected.

  • Ability to sort all pages of package artifacts by Size, Version, Last Updated, and Platform.

  • Ability to sort packages based on Name.

  • Issues with conda repo functionality for conda repo channel copy and conda repo upload options have been fixed.

  • Index of cache on Team Edition related to If-Modified-Since header has been fixed.

  • API to trigger on channel index refresh lead to displaying inconsistent information between the channel and actual artifacts in the channel.

Anaconda Team Edition 6.1.3

Released August 10, 2020

What’s New

  • CVEs will be automatically fed to and updated on the Team Edition dashboard, so you no longer have to mirror them.

  • CVEs will now be pulled down from NIST and listed as Reported (not curated).

  • CVEs that are curated by Anaconda will now be designated with a checkmark and a label defining the stage of curation.

  • You can now search for CVEs in the search bar at the top of Team Edition (Admin only).

  • CVEs are displayed using an algorithm. When one or more CVEs are associated with a package, the score that is displayed is based on the highest score and risk state of a CVE for each file.

  • Clicking on the number of CVEs related to a package file will show a CVE listing view.

  • The number of unique CVEs for a package is displayed at the package level.

  • When viewing files in a package, the appropriate CVE score (or N/A) will be displayed based on the number of CVEs and severity.

  • The metadata will now display all the CVEs score information.

  • All the packages affected by a CVE will be associated with that CVE.

Improvements

  • Each CVE status can be seen by clicking on “info” icons and viewing meta information.

  • It is now more clear that the CVE number is a clickable link.

  • There is greater distinction between Anaconda curated and non-curated CVEs via a checkbox selection.

  • More than two mirrors can now be run at the same time.

Bug fixes

  • The heirarchy for mirroring filters has been corrected; now, if a package is added to both “include” and “exclude,” the package will be excluded.

  • System metering (Prometheus) is now showing up properly.

  • Admins can now update user roles and create custom roles.