This week, the Cloudsmith team made the following improvements: Allow users to specify the use of an entitlement tokens name, rather than its identifier when configuring their webhook Fixes an issue where general Permission Denied API responses were including "Geo/IP" when not relevant. Fixed an issue where the Repository>Access Controls UI woul…
This week, the Cloudsmith team made the following improvements: Fixed an issue where an unprivileged user could send an Organization invite via the API which granted elevated privileges. Fixed a sporadic issue where the security scan result detail view would not show all vulnerabilities, and the graphs would not display any data. Fixed an issue…
Great news! We've made more progress in our mission to help ensure our customers can automate everything by extending the Cloudsmith API to support managing team and organization invites. You can now fetch all teams within an organization, create new teams or update existing ones, and delete teams. The API also supports listing team members, along…
This week, the Cloudsmith team made the following improvements: Fixed an issue where Managers had Admin privileges on Repositories when the Default Object Permission was set to Read or Write Fixed a bug preventing upload of GPG signing keys without a passphrase Fixed an issue that caused HTTP 413 errors when trying to perform DELETE requests usi…
Organization Managers will no longer have implicit Admin-level access for repositories in which they have been given explicit Read (or more) access. They will now need to be assigned a higher level if required. The change may be a breaking one that requires action on your part but brings it in line with intent. A Manager user is intended to have p…
This week, the Cloudsmith team made the following improvements: Fixed the API documentation for the Entitlement creation endpoint to reflect a 201 status on success Updated RPM setup script to alleviate GPG signature verification errors Added pagination to the team view page in order to improve performance…
Good news! Following user feedback, we’ve rolled out a new repository setting to empower control of how Cloudsmith identifies and selects the ‘latest’ tag for pre-release artifact versions. You’ll find this under the ‘Miscellaneous’ section in your repository ‘Main Settings’. With this setting turned on, pre-release artifacts uploaded with a newer…
This week, the Cloudsmith team made the following improvements: Fixed an issue related to expired user-based entitlement tokens Fixed an issue where packages were incorrectly tagged as "latest" when moved between repositories Fixed a bug so that filtering service accounts functions properly Increased package description character limit Webhook…
This week, the Cloudsmith team made the following improvements: Added support for upstream proxying for users of older Dart clients, using our legacy Dart endpoints. Fixed a bug that was preventing filtering on service accounts from functioning properly. Improved repository upstream setup when fetching GPG keys from a URL; now handles binary key…
To further strengthen the controls Cloudsmith offers organizations around user access, we've improved how we enforce 2-Factor Authentication (2FA) and SAML/SSO. Previously, both were only enforced when a user logged into the application and was not required to access the Cloudsmith API or for interactions in the same session beyond login. What Ch…
