The v2.0.0 release of the Cloudsmith CLI GitHub Action migrates the action to the Node.js 24 runtime and updates default OIDC audience claims to align with modern security standards.
This is a major version release to prevent breaking changes for users pinned to @v1. While core CLI functionality remains unchanged, environment requirements and OIDC defaults have been updated to ensure long-term compatibility and improved security.
The action now utilizes the Node.js 24 (Current LTS) runtime.
v2.0.0.v1 until the Node 20 End-of-Life (EOL) scheduled in April 2026, but we recommend migrating to v2 as soon as possible.The default oidc-audience input has been updated to provide organization-specific audience claims, increasing the security of the OIDC exchange.
https://github.com/{org-name} (using GITHUB_REPOSITORY_OWNER)api://AzureADTokenExchangeIf your existing OIDC trust configuration relies on the legacy api:// claim, you must either update your validation logic within Cloudsmith or explicitly set oidc-audience: 'api://AzureADTokenExchange' in your workflow YAML to maintain current behavior.
For a detailed list of all technical commits and specific file changes, please refer to the official GitHub Changelog.
A crucial part of effective package management is package distribution. Whether you are dealing with distributed teams or deploying global applications, you need efficient, reliable delivery - anywhere in the world. To support this, we are continuing to expand our global footprint and are now live in Tokyo. What’s new Expanded Package Delivery N…
This update to the Cloudsmith CLI introduces programmatic management for Policy Deny Rules, standardizes pagination parameters across the CLI, and upgrades core dependencies…
You can now download auto-generated Software Bills of Materials (SBOMs) for your Docker images directly from the Cloudsmith web app. This allows you to instantly export supply chain data for use in analysis tools or alongside release documentation…
When Cloudsmith services experience an incident, we want you to know exactly how it impacts your builds, your deployments, and your teams. We’ve given the Cloudsmith Status Page an overhaul to provide a more granular and organized view of system health from our customers’ perspective…
We have updated the Cloudsmith Azure DevOps extension to support native Azure DevOps OIDC authentication. You can now authenticate pipelines using the Azure DevOps built-in issuer…
We have updated Client Logs to capture error events, ensuring platform engineering teams have the critical information needed to troubleshoot issues on behalf of their teams…
