The following notes are provided to help you understand the major changes made between releases, and therefore may not include minor bug fixes and updates.
Anaconda Server 6.6.2#
Released February 13, 2024
The ability to view system metrics in Prometheus is now reserved to a specific user account that is established during installation or upgrade.
A background job can now be established to automatically export all system events in either
You can now filter channel CVEs by CVE Status and Score.
If an OS-specific package has a noarch dependency, mirrors will now automatically include them.
Postgres has been updated to version 14.9.
A badge has been added alongside all package files that facilitates the download of a Software Bill Of Materials (SBOM) for the file, if one is available.
Fixed several security vulnerabilities identified during penetration testing, increasing the overall security of the application.
Server now supports artifact types over 3GB in size.
Anaconda Server 6.6.1#
Released November 3, 2023
Keycloak has been updated to version 22.0.5.
Anaconda Server 6.6.0#
Released October 27, 2023
An audit trail has been added to channels so you can see which users are downloading packages from a channel, what those packages are, and if any vulnerabilities have been included along with them!
A channel change log has been provided so you can see which packages are being added and removed from your channels and why.
CVE Notifications are now available so you can stay on top of changes to CVEs that affect packages in your channel.
New mirroring filters for CVE Status and CVE ID have been added. You can now allowlist CVEs by ID.
A new option has been added to the mirror form that automatically includes dependencies for packages you have specified by name in the mirror filter.
New UI has been implemented to improve the overall look and experience of Anaconda Server.
Documentation has been refreshed.
CVE status now displays in the package CVEs view.
Fixed a bug that would cause artifact report downloads to error.
Anaconda Server 6.5.3#
Released September 12, 2023
Keycloak has been upgraded to version 22.0.1.
Fixed a bug that was affecting the Anaconda Server helm chart.
Anaconda Server 6.5.2#
Released August 21, 2023
Support for external postgres and redis has been included in the Anaconda Server helm chart.
Anaconda Server 6.5.1#
Released August 9, 2023
Grafana has been removed from the installer bundle. It is still optionally available for users who want to include it for their installation.
Anaconda Server 6.5.0#
Released July 24, 2023
Admin users can now download user audit reports to view information about what packages their users are downloading, which channel they were downloaded from, and any CVEs that are associated with downloaded packages.
Signature information is now available for packages that are sourced from Anaconda’s curated repository.
Grafana dashboards are now available for end users to monitor the health of their Server installation.
CVE metadata is now available for packages. A new tab is available on the packages page to display CVEs associated with files in the package.
Notebooks can now be uploaded to a channel and downloaded by colleagues.
You can now create full and partial mirrors of PyPI. Full PyPI mirrors must be passive, and you must freeze your channel prior to starting your mirror.
CVE matching information is now available for packages mirrored from conda-forge.
CVE information is available for a package’s dependencies as well as its dependents.
UI improvements have been made to CVE information. A metadata view has been added and includes reviews of the CVE as well as references for the information presented in the CVE reviews.
Loading times for CVEs has been improved by 100%.
The base image has been updated to ubi 9 for the repo and repo-proxy containers.
Keycloak has been updated to version 20.0.3 and has a new UI!
Two new endpoints have been added to the API to provide more fine-grained control over blob cleanup and to diagnose issues with package blobs being removed in error.
An event has been added to the history to note when a channel unfreeze is complete.
Some documentation topics have been refreshed.
Fixed a bug that allowed the blob cleanup script to incorrectly clear blobs that were associated with multiple channels and mirrors.
Anaconda Server 6.4.0#
Released February 15, 2023
Stop and restart a mirror that is currently in progress from the Mirrors tab of a channel’s page or from the All Mirrors page.
Conserve your CPU usage during mirroring by freezing your channel.
View your software version by hovering your mouse over the Anaconda logo in the upper left corner of the dashboard.
The SBOM mirror is now created as a passive mirror by default to reduce required storage space and improve overall performance. If you currently have an active SBOM mirror and want the improved performance of a passive SBOM mirror, you can delete your SBOM channel and mirror, navigate to your License page, and re-enter your license.
Mirrors are now set to passive by default when being created.
Instructions have been added to the documentation for viewing user login events using the Keycloak API.
Fixed various minor bugs affecting the creation and editing of mirrors.
Fixed a bug preventing the platform filter from being applied to mirror forms.
Fixed a bug preventing a package’s Actions dropdown menu from correctly appearing.
Fixed a bug that would cause edited conda mirrors to always filter out uncurated CVEs.
Anaconda Server 6.3.1#
Released November 23, 2022
Test files that were being recognized as threats by third party security programs have been removed.
The mirror time out duration has been increased to make mirroring of very large sources such as
Minor bug fixes have been made to improve performance.
On the Create mirror form, the delta between your current time zone and UTC is applied to the mirror’s scheduled run time. For example, if your time zone is UTC +2, you must set the frequency to occur at 03:00 if you want to run the mirror at 05:00.
Anaconda Server 6.3.0#
Released October 19, 2022
The option to view or download a software bill of materials (SBOM) is now available for most packages.
A Podman installer version is available for Anaconda Server for RHEL 8 users.
You can now rebuild a channel’s package index from the Channel View.
Keycloak has been upgraded to version 18.0.
Documentation for installing Anaconda Server has been refreshed.
Documentation for upgrading your version of Anaconda Server has been refreshed.
Instructions for externalizing your instance of Postgres and Redis on Docker installations have been added.
no_proxyenvironment variable now allows Anaconda Server mirrors to bypass the proxy for specified repo URLs.
CVE loading times have been improved and now load up to 4x faster.
Fixed a bug that hid the actions button on the subchannel view.
Fixed a bug that prevented PyPI channels from migrating after enabling SSL.
Fixed a bug that removed previously configured mirror filters when upgrading to a newer version of Anaconda Server.
The SBOM mirror is interfering with CRAN package downloads.
Anaconda Server 6.2.0#
Released June 28, 2022
Download CVE reports to learn about security exposures, vulnerabilities, and security compliance within your repository. The report downloads in
Filter your channel’s associated CVEs to locate and view specific CVE data.
conda-auditto scan your conda environment and show the vulnerabilities associated with your projects.
There is a known issue with the CVE package filter that causes it to intermittently time out.
The CVE filters are not properly restricting packages by score or name.
Running a CVE report from the channel or subchannel view with filters applied does not apply set filters to your report.
These problems are expected to be fixed in version 6.2.1 or 6.2.2.
Instructions for the blob cleanup tool have been included to help you remove artifacts associated with deleted channels and free disc space.
Anaconda Server will now notify you when you approach or exceed the limits of your license, or when your license is approaching or past its expiration date.
The My Account dropdown menu now contains a scrollbar.
CVEs are now listed in descending order of severity under the CVE tab of the My Channel view.
The Mirroring Details view now shows percentage complete, has a visual indicator that a mirror is running, shows the full file path when mirroring from a subchannel, and accurately reflects the number of packages in the mirror source and in the channel.
Users are now automatically logged out after 10 hours of inactivity.
- New commands have been added to the
conda repoCLI tool!
conda repo cves --listto get a list of the latest CVEs.
conda repo show --<CVE-name>to view details of a specific CVE.
- New commands have been added to the
Fixed a bug that caused the search bar to return an error.
The search bar no longer caches searches.
Fixed a bug that returned CVEs when searching for packages using the search bar.
Mirrors can now be successfully generated in a subchannel.
Mirrors from deleted channels and subchannels no longer appear in the All Mirrors view.
Deleting a mirror from the All Mirrors view now removes it from the list.
Channels and subchannels now redirect properly when navigating from the All Mirrors view.
Fixed a bug that prevented the User Interface (UI) from loading when the channel list is empty. Now the dashboard will load and show an empty channel column.
The CVE loading indicator on the dashboard now properly shows in the CVE column only.
The CVE channel no longer appears in the Anaconda Navigator interface.
Subchannel mirrors now show their own privacy setting, not their parent channel’s privacy setting.
The Mirroring Details view now shows the full file path when mirroring from a subchannel.
Fixed a bug that caused the All Mirrors view to jump to the top of the screen every few seconds.
Fixed a bug that caused the mirrors Settings view to disappear after a few seconds.
Tooltips shown by hovering with the mouse no longer remain when the mouse moves away.
Fixed a bug that restricted naming for new channels based on the names of channels that have been deleted. Now you can delete a channel and create another channel with the same name as the deleted channel.
Non-administrator users who are promoted to administrator now have their updated permissions correctly reflected.
Fixed a bug that forced you to refresh the Token Management view to receive tokens for a newly-uploaded environment or project.
Notifications properly appear when a token is deleted to verify that the deletion process completed.
Subchannel count in the My Channel view now updates as subchannels are created and deleted.
Uploading packages to and moving packages between channels/subchannels now correctly modifies the file count shown on the Packages tab.
Anaconda Server 6.1.9#
Released May 25, 2022
Nginx has been moved to the unprivileged version of the 1.21.6 official image to allow non-root users to install Anaconda Server.
Anaconda Server 6.1.8#
Released April 27, 2022
Nginx has been updated to version 1.21.6 (mainline) to close critical security vulnerabilities.
Anaconda Server 6.1.7#
Released March 31, 2022
Anaconda Team Edition is now Anaconda Server!
- See mirror progress and results globally for all users from the new All Repository Mirrors view.
This view is available to users whose role in Keycloak has the mirror attribute set to manage.
View mirror status, which step is currently being performed, how long the mirror has been running, when it will complete, and the last time the state was updated.
Get statistics about packages as your mirror populates; view which packages are active or passive and how many packages are being filtered out of your repositories due to license or CVE score restrictions.
Commercial users and administrators can now access hosted miniconda client installers directly through Anaconda Server.
Group permissions can now be changed directly from the group page.
Fixed an issue that caused the disk usage by artifact value on the system page to report inaccurately.
The CRAN mirror configuration page no longer contains duplicate fields for packages.
Fixed an issue that killed the dispatcher container by consuming more than 8GB of RAM.
Fixed an issue that caused all CVE artifacts to display the most recent update date when you upload or update any one CVE.
Fixed an issue that caused the passive mirror counter to remain at 0 while synchronized.
Fixed a bug that caused some packages to not be deleted if the mirror was deleted while in the running state.
Anaconda Team Edition 6.1.6#
Released February 24, 2022
Updated Anaconda Team Edition to meet Accessibility compliance
Enabled an end-user to mirror, install, and upload CRAN packages in Windows environments
Provided additional airgap functionality
Improved the user experience with LDAP
Refactored and Improved integration with Keycloak
Ability to add certificates to Keycloak truststore for LDAP
Added new platforms - Linux-ppc64, Linux-s390x, and osx-arm64
Azure AD integration with Anaconda Team Edition
Changed the wording from PyPI to standard python and CRAN to standard r
Added type to mirror dropdown of standard python and standard r
The user is now able to install packages from a sub-channel
Documentation on pulling down the package tarball on a schedule
Automate the process for updating artifacts
Ability to link users that are assigned a group in Keycloak to the group in Anaconda Team Edition
Admins can now grant channel access to groups to which they do not subscribe
Admins can now increase or decrease permissions in a group
Admins can now manage user access using LDAP groups
Ability for a user to distinguish between an Anaconda Team Edition group and a group defined in Keycloak
Ability to set a certificate file post-install:
conda repo config --set ssl_verify cert.cer
Cleaner error messages
Ability to display CVEs via CLI
Improvements to help channel:
conda repo channel --help
Keycloak: Store and manage users, groups, roles, and user-group relations directly in Keycloak
Updated the ability to scroll on dependents and metadata tabs
CVE score now displays a 0.0 when the CVE has a cleared or mitigated status
Updated sorting on CVE tab to allow end-user to sort by channel and package
The edit button is now enabled when a token name is edited
Removed the need to refresh the page after adding a channel or subchannel to a group
Checking the “select all” checkbox in a channel allows you to modify the channel’s packages rather than the channel itself
Fixed package search latency issue and refresh problems
Licensing filtering - user can now use the exclude filter for license restriction
Mirror to include binaries so that users can install libraries without each user having to (re)compile libraries
CRAN mirror configuration page no longer duplicates package filter information
LDAP: User count licensing limits user access
Anaconda Team Edition 6.1.5#
Released October 1, 2021
- Customer’s now have the ability to install an airgapped instance of Anaconda Team Edition
Updated install preparation instructions
Easy to self install
Centralized location to pull updated packages and associated CVE metadata
Updated the upgrade and restore path
Improved the warning message when setting a future date in the mirror scheduling tool
Deleted artifacts wiill no longer show up when customer is performing a search
Improved CVE filtering
Updated group role mapping with Active Directory integration for the admin role
Improved the ability to add or update a license
- Improved mirror performance:
Default to monthly schedule
Default to active mirror
Updated edit function to ensure all current fields are available when editing
Corrected the double package format of .conda and .tar.bz2
Group create button is now active when initiating a group
Notification now appears when you delete a token
No longer receive multiple notifications on mirror deletion
Searching for a package now displays current package information
Tokens now grant only specific access
Mirror event history is displaying current status
conda-repo cli help now display correct help instructions
Anaconda Team Edition 6.1.4#
Released February 4, 2021
Ability to mirror from another installation of Team Edition via https.
Ability to upgrade Team Edition and maintain current settings and filters.
Role Mapping: when additional roles are added to User Management, Admin is able to restrict or add additional permissions to the end user.
Ability to mirror from repo.anaconda.cloud.
Ability to move, copy, and delete artifacts within a package.
Easily upgrade a license key from the Admin user’s UI dashboard
Improved the support and documentation for custom certificates.
Mirror frequency and performance issues.
When you remove a subdirectory, it is removed from the package artifact list upon updating the mirror.
Added notification that frequency is in UTC time.
- CVE improvements:
CVEs are now updating in Team Edition every 4 hours to align with NIST.
All CVEs have the correct status for reporting (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).
Ability to filter by CVE status (Reported or Anaconda Curated: Active, Cleared, Mitigated, or Disputed).
Display the CVE date as shown by NIST for Published and Modified.
Display the date Anaconda curated the CVE.
Dashboard now displays the correct package count for a channel.
An error duing customer logout experience with Team Edition was caused by a miscommunication between web socket and callback endpoint API.
Sorting in channels not working as expected.
Ability to sort all pages of package artifacts by Size, Version, Last Updated, and Platform.
Ability to sort packages based on Name.
Issues with conda repo functionality for conda repo channel copy and conda repo upload options have been fixed.
Index of cache on Team Edition related to If-Modified-Since header has been fixed.
API to trigger on channel index refresh lead to displaying inconsistent information between the channel and actual artifacts in the channel.
Anaconda Team Edition 6.1.3#
Released August 10, 2020
CVEs will be automatically fed to and updated on the Team Edition dashboard, so you no longer have to mirror them.
CVEs will now be pulled down from NIST and listed as Reported (not curated).
CVEs that are curated by Anaconda will now be designated with a checkmark and a label defining the stage of curation.
You can now search for CVEs in the search bar at the top of Team Edition (Admin only).
CVEs are displayed using an algorithm. When one or more CVEs are associated with a package, the score that is displayed is based on the highest score and risk state of a CVE for each file.
Clicking on the number of CVEs related to a package file will show a CVE listing view.
The number of unique CVEs for a package is displayed at the package level.
When viewing files in a package, the appropriate CVE score (or N/A) will be displayed based on the number of CVEs and severity.
The metadata will now display all the CVEs score information.
All the packages affected by a CVE will be associated with that CVE.
Each CVE status can be seen by clicking on “info” icons and viewing meta information.
It is now more clear that the CVE number is a clickable link.
There is greater distinction between Anaconda curated and non-curated CVEs via a checkbox selection.
More than two mirrors can now be run at the same time.
The hierarchy for mirroring filters has been corrected; now, if a package is added to both “include” and “exclude,” the package will be excluded.
System metering (Prometheus) is now showing up properly.
Admins can now update user roles and create custom roles.