Cloudsmith Changelog

On 10th December 2021, a critical severity Remote Code Execution (RCE) exploit disclosure for log4j was published, as CVE-2021-44228, affecting versions below 2.15.0. The vulnerability has been coined as Log4Shell. The log4j framework allows Java developers to log data (incl. user-based) in their applications. Is Cloudsmith impacted? In short: No…

After nearly a year of effort in which we designated 2021 as the “Year of Security,” we’re incredibly proud to announce that we are now ISO27001:2013 certified. The certification is an incredible achievement by the team at Cloudsmith and excellent news for all of our customers. What exactly is ISO27001:2013? ISO27001:2013, also known as ISO27001…

One of the features our customers have requested is the ability to sort packages when querying via the Cloudsmith API. Good news everyone - we can now offer that functionality! What does this mean for me? By default we will sort packages by the uploaded date descending (the most recently uploaded package first), but what if you wanted to view w…

Our more observant Debian users may have noticed that we rolled out support for acquire-by-hash over the past week - you may have also noticed fewer pipeline disruptions as a result! What does this mean for me? If you're someone spinning many plates, you may have encountered some hiccups with your pipeline when updating your repository whilst sim…

Good news! As part of our efforts to further secure access for users in your org, we're introducing the ability to enforce SAML-only Authentication. Plus, a bonus is that SAML is now fully self-service configurable: With SAML-only Authentication configured, all members of your organization will no longer be able to use password-based or social-bas…

Good news! You can now set a custom support email and URL for your organizations. For error messages when installs or setups go wrong or where we need to communicate an issue to your users, we'll now display your own support email and URL. You can configure it in your org profile settings: For example, if your users use the automated bash installs…

Good news! If you've been looking for an easy method of setting the default access for a repository across your organization, we've got you covered. Introducing repository-level default privileges: These complement the existing default org-wide repository privileges. Such that the privilege for a user is the greatest privilege granted to them via…

We've just released several awesome improvements to our Entitlements and Metrics API endpoints in our quest to strive for API nirvana. First up - at the request of many of our users, we now extended token lookup in the Entitlements API to resolve tokens by name and by token content. Historically users would have to make an API call to retrieve the…

Good news! When you're embedding version badges elsewhere, you'll probably have noticed that services like GitHub like to cache them for an excruciatingly long time*, often well beyond the lifetime of the package version itself. That changes today, along with a stylish (yes, stylish, not just style) update: Couple of things to note: The cache TTL…

Not your usual feature update, but we'll be updating our Terms of Service, effective 19th May 2021*: For all individual users, the following terms will apply, both replacing the existing terms: Individual Terms of Service Individual Privacy Policy For all organisations and organisation users, the following terms will apply, extending the above…