/
Changelog

Changelog

The changes summarized here are affecting only packagecloud:enterprise from release to release. Changes affecting the packagecloud.io website are not reflected below.

3.0.19 (released Nov 12 , 2025)

  • Patch Debian source list files generated via the install script to point to imported gpg key location where appropriate (/etc/apt/keyrings)

  • Update Debian manual installation instructions to use /etc/apt/keyrings instead of /usr/share/keyrings

  • Distro version added:

    • Ubuntu 25.10 (Questing Quokka)

3.0.18 (released Aug 4 , 2025)

  • Update Debian install scripts to store gpg keys in /etc/apt/keyrings when appropriate

  • Improve performance of RPM read requests by preventing row locks.

  • Distro versions added:

    • Ubuntu 25.04 (Plucky Puffin)

    • Debian 15 (Duke)

    • Raspberry PI OS 15 (Duke)

    • Elementary OS 8 (Circe)

    • Enterprise Linux (RHEL) 10.0

    • Oracle Linux 10.0

    • Yocto 5.3 (Whinlatter)

    • Yocto 6.0 (Wrynose)

    • SUSE Linux Enterprise Server 15.7

3.0.17 (released Mar 05 , 2025)

  • Code change to not use relative paths for 'noarch' packages when they are indexed in RPM index of specific arches

  • Code change to enable onprem to continue to support usage of filesystem (fs) as backend, which is useful for testing

  • Distro versions added:

    • Fedora 43

    • Linux Mint 22.1 Xia

3.0.16 (released Nov 22 , 2024)

  • Updated librpm from 4.12.0.1 to 4.17.1.1

    • This increased the size of RPM header data supported from 16MB to 64MB

3.0.15 (released Oct 15 , 2024)

  • Support added:

    • Ubuntu 24.10 (Oracular Oriole)

    • Raspberry 22 (Wilma)

    • Fedora 41

    • Fedora 42

    • Yocto 5.1 (Styhead)

    • Yocto 5.2 (Walnascar)

    • SUSE Linux Enterprise Server 15.6

    • Open SUSE LEAP 16.0

    • Amazon 2025

3.0.14 (released Jun 01 , 2024)

  • Tweak registry installation scripts to handle pygpgme for various amazonlinux

  • Don't set repo_gpgcheck to 0 if pygpgme is required but fails to install

  • Re-worded pygpgme messages to make it easier to understand for the user

3.0.13 (released May 06 , 2024)

  • Tweak registry installation scripts to handle pygpgme for various redhat/ubi

  • Change WARNING to NOTICE when pygpgme is not installed, as it does not affect functionality, but is an indication that pygpgme may not be required for the user's OS

3.0.12 (released Apr 29 , 2024)

  • Support for Raspbian 32-bit (Raspbian OS) & 64-bit (Debian)

  • Tweak registry installation scripts to handle pygpgme for various RPM-based distro versions

3.0.11 (released Mar 4 , 2024)

  • Improve startup time by reducing DB queries

3.0.10 (released Feb 27, 2024)

  • Add support for rpm package architecture:

    • ppc64le

    • ppc64el

  • Add Ubuntu:

    • 23.10, Mantic Minotaur

    • 24.04 LTS, Noble Numbat

  • Add Debian:

    • 14, Forky

  • Add Linux Mint:

    • 21.2, Victoria

    • 21.3, Virginia

  • Add Fedora

    • 39

    • 40            

  • Add SuSE Linux Enterprise

    • 15.5, SUSE Linux Enterprise Server 15.5

  • Add OpenSuSE

    • 15.6, openSUSE Leap 15.6

3.0.9 (released May 15, 2023)

  • New Distributions Added:

    • Amazon Linux 2023

  • Repo install scripts for rpm to exclude pygpgme for distro versions of el/8 (or equivalent) and above

  • Minor patch to make debian 12/bookworm upload work

3.0.8 (released Mar 15, 2023)

New Distributions Added:

  • Ubuntu Lunar Lobster 23.04

  • Linux Mint Vera 21.1

  • ElementaryOS Odin 6.0

  • ElementaryOS Jolnir 6.1

  • ElementaryOS Horus 7.0

  • Fedora 37

  • Fedora 38

  • Poky Nanbield 4.3

  • OpenSUSE 15.5

3.0.7 (released Oct 06, 2022)

Fix negative byte size due to overflow for rpm packages

3.0.6 (released Oct 06, 2022)

New Distributions Added

  • Red Hat Enterprise Linux 9

  • Oracle Linux 9

  • Fedora 36

  • OpenSUSE Leap 15.4

  • Amazon2022

  • SLES 15 sp 4

3.0.5 (released April 11, 2022)

Features

New Distributions Added

  • Ubuntu - Impish Indri (21.10), Jammy Jellyfish (22.04)

  • Debian - Bullseye (11.0)

  • Linux Mint - ulyana (20.0), ulyssa (20.1), uma (20.2), una (20.3)

  • Elementary OS - hera (5.1)

  • Fedora - 34, 35

  • Oracle Linux - 8.0

  • Enterprise Linux - 15.2, 15.3

3.0.4 (released August 26, 2021)

New Distributions Added

  • Amazon Linux 2

  • Support almalinux as a derivative of Enterprise Linux

3.0.3 (released February 7, 2021)

Bug fixes

  • Upgrade frameworks, language runtimes, and dependencies to latest available minor version.

  • Increase the size fields of Debian and RPM packages so that extremely large packages can be uploaded.

New Distributions Added

  • Debian Bookworm (12.0), and Trixie (13.0).

  • FEDORA 32 AND 33.

  • SLES AND OPENSUSE 15.2, 15.3.

  • UBUNTU GROOVY (20.10) AND UBUNTU HIRSUTE (21.04).

3.0.2 (released March 24, 2020)

Bug fixes

  • UPGRADE FRAMEWORKS TO LATEST AVAILABLE MINOR VERSION.

  • Prevent minor string leak to Redis.

  • Switch to Node.js 12 runtime for Lambda generator.

  • Improve performance of Python package indexing, lookup, and metadata storage.

  • Fix a bug which prevented automated recurring database and config backups (note: this issue did not affect manual backups).

New Distributions Added

  • SLES 12.4 and 12.5.

  • SLES 15.1.

3.0.1 (released February 3, 2020)

Bug fixes

  • Fix a bug in packagecloud:enterprise HA setup which can cause an infinite redirect

2.0.9 (released January 30, 2020)

Bug fixes

  • Fix a bug in packagecloud:enterprise HA setup which can cause an infinite redirect

3.0.0 (released January 27, 2020)



Note: Customers are very strongly encouraged to upgrade their packagecloud:enterprise 2.0.8 installation to use AWS CloudFront BEFORE upgrading to 3.0.0.

New features

  • packagecloud:enterprise can now be installed and run on Ubuntu Bionic (18.04).

  • Skip pygpgme on CentOS/RHEL 8.0 systems; gpg verification is handled by libdnf.

  • Added support for libzstd compressed RPM packages.

  • Updated the AWS RDS certificate bundle.

  • Support Android APK packages via web-based upload.

  • Gracefully handle Resque shutdown.

  • Performance boost for YUM Metadata requests.

  • Handle NPM scope passed as a header.

Bug fixes

  • Fix cache-control headers on certain repository metadata types to avoid caching

  • Fix bug that prevented correct Chunked Encoding headers in certain cases

  • Fix RubyGem version sorting algorithm

  • Upgrade of frameworks, languages, and runtime dependencies

  • Silence spurious warnings during CLI tasks

  • Clean up potential temporary file leaks in RPM indexer

  • Work around YAJL encoding bug which raises when writing utf8 encoded strings to IO objects.

  • Fix display bug when user account which has uploaded or deleted packages has been deleted

  • Fix Content-Type headers for Debian APT By-Hash metadata

  • Fix potential temporary file leaks in Java uploader



New Distributions Added

  • Added Linux Mint 19.1

  • Added Linux Mint 19.2

  •  Added Linux Mint 19.3

  • Added Ubuntu Disco Dingo (19.04)

  • Added Ubuntu Eoan Ermine (19.10)

  • Added Ubuntu Focal Fossa (20.04)

  • Added Fedora 30

  • Added CentOS/RHEL 8.0

  • Added Debian Bullseye

2.0.8 (released April 19, 2019)

Bug fixes

  • Attempting to install packagecloud:enterprise on AWS Linux 2 resulted in an error due to improper OS detection by the installer. This OS is not officially supported, but this bug has now been fixed.

2.0.7 (released April 12, 2019)

New Features

Bug fixes

  • Timezone tables for the embedded MySQL server are only inserted once or when needed, instead of on every reconfigure.

  • Allows uploads of xbstream backups to S3 greater than 5GB.

  • Old xbstream backups are now properly rotated.

2.0.6 (released March 28, 2019)

Bug fixes

  • Better support for improperly padded ZIP archives.

  • Allows uploads of backups to S3 greater than 5GB.

  • Updated Rails version which addresses CVE-2019-5418, CVE-2019-5419, CVE-2019-5420

2.0.5 (released March 1, 2019)


This release performs some long-running migrations during install, please read Upgrading from 2.0.4 to 2.05 before upgrading.

New Features

Bug fixes

  • Various styling/UI fixes.

  • More information displayed on Java, Node.js and Python package pages.

  • Fix case where RPM indexing would miss some things.

  • Show installed size for RPM and Debian packages.

  • Better download stats on package pages.

  • `packagecloud-ctl reindex-all` is now `packagecloud reindex-everything` and actually reindexes everything.

  • Upgrade xtrabackup version for compatibility with AWS RDS import of xbstream database backups.

  • Primary keys for Downloads, RPM files and Debian files have all been expanded to 64 bits.

  • Fix packagecloud-ctl backup-database-list command.

New Distributions Added

  • Linux Mint 19.1 (tessa)

*Docs for AWS RDS xbstream import coming soon!

2.0.4 (released December 13, 2018)


This release includes time-sensitive changes to the way packagecloud:enterprise licenses are validated, so you *must* upgrade to this version before 2019-01-12, or risk possible service interruption.

New Features

Bug fixes

  • Improved SBT deployment instructions.

  • Sprockets version bump to address CVE-2018-3760.

  • Rack version bump to address CVE-2018-16470.

  • Loofah version bump to address CVE-2018-16468.

  • Removed telemetry reporting from percona xtrabackup tool, also mitigates CVE-2015-1027 and CVE-2014-2029.

  • Improved error reporting for AAR uploads.

  • Node.js package uploads that contain multiple "package.json" files will no longer fail.

  • Fixed XSS vulnerability.

  • Ruby updated to 2.4.5.

New Distributions Added

  • Fedora 29

  • SLES 15.0

  • openSUSE LEAP 15.0

  • openSUSE LEAP 15.1

  • Elementary OS "juno" 0.5

  • Linux Mint 19 "tara"

  • Ubuntu 18.10 "Cosmic Cuttlefish"



2.0.3 (released September 6, 2018)

Bug fixes

  • Fixed XSS vulnerability.

  • HSTS is now set when HTTPS is enabled.

  • Cookies are now set to Secure: True when HTTPS is enabled.

2.0.2 (released May 20, 2018)

New Features

  • Ability to migrate embedded MySQL to Amazon RDS.

  • Using external MySQL databases with SSL is now supported.

  • SHA256 checksum of package added to all API responses (other checksums are still available via the package details API).

  • Additional error checking for malformed Rubygem archives.

  • Admins can now clear a specific type of queue.

  • Improved error checking/handling for NPM packages' "engines" field.

Performance improvements

  • packagecloud-ctl reconfigure command performance greatly improved.

  • Optimized code paths around Read Token authentication.

Bug fixes

  • API "limit" pagination parameter is now respected in all cases.

  • Indexing of Python repositories no longer occasionally deadlocks the database.

  • Fixed RPM versions API for SUSE packages.

  • Embedded MySQL no longer listens on 127.0.0.1:3306 (only uses a socket file now).

  • Add GPG key endpoint that lets Zypper verify repository metadata signatures.

  • pkg_gpgcheck set to 0 for Zypper repository configurations to work around Zypper bug where gpgkey= urls are not respected. More details available in the SUSE bug reports 1088037 and 954274.

  • Descriptions of packagecloud-ctl queue management commands fixed.

New Distributions Added

  • Fedora 28

  • SLES 12.3

  • Elementary OS "loki" 0.4

2.0.1 (released March 22, 2018)

New Features

  • Additional information about Node.js packages is now displayed on package pages.

Performance improvements

  • YUM indexer efficiency increased significantly for large repositories.

  • APT indexer efficiency increased significantly for large repositories.

  • Deletion of large repositories is now much more efficient.

  • Unnecessary queries removed from repository pages, resulting in faster load times.

Bug fixes

  • A feature added to recent versions of Bundler (1.14 and higher) to warn about an unwritable home directory was resulting in this warning being written out for all bundle-related tasks, including dumping the GPG public key. This issue has now been resolved.

  • A bug in an open source library prevented GPG signatures of repositories with UTF-8 strings in the repository description. This has now been fixed.

  • Python repositories previously incorrectly returned 404s for valid HEAD requests. This has now been fixed.

  • A bug preventing users from manually updating the 'latest' distribution tag for a package has been fixed.

  • Accessing private NPM repositories with the wrong authorization scheme (e.g. Basic instead of Bearer) previously returned a 500. This has been fixed to return a 401.

  • Prevent Debian packages with severely broken version strings from being uploaded.

  • Prevent RPM packages with missing version or release strings from being uploaded.

2.0.0 (released February 26, 2018)

New Distributions Added

  • Fedora 27

  • Ubuntu 18.04

  • LinuxMint Sylvia

New Features

  • Redesigned UI.

  • Support for NPM registries and Node.js packages.

  • Add support for Android Java packages (APK) files and the binary manifests contained within.

  • Allow promote and delete when using package search.

  • Bump all libraries, frameworks, and Ruby to the latest versions.

  • Add support for additional download URLs like: download.rpm to make package managers which string match file extensions happy.

  • Allow user to select master token on repo install pages so the install scripts will use the desired token.

  • Add detection of gnupg to repository install scripts.

  • Handle requests for 6Server and 7Server routing them to el/6 and el/7, respectively.

  • Extended Python License field to allow more verbose License files.

  • Add structured data so that links from packagecloud pasted into chat apps look much nicer :)

  • Improved performance of Debian indexer for "all" arch.

Bug fixes

  • RubyGems with different platforms (but the same version) were unable to be uploaded due to a buggy database constraint. This is now fixed.

  • Fix a bug introduced by certain versions of dpkg on Debian systems which generated malformed version strings in package metadata.

  • Parsing debian package metadata may have parsed control.swp files (generated by vim and erroneously included a debian package). Fix this by explicitly checking the filename.

  • Require all debian binary packages to have at least: version, maintainer, and description fields.

  • Fix an issue when uploading JAR packages with no pom.xml file.

1.0.55 (released September 17, 2017)

New Distributions Added

  • LinuxMint 18.2 (sonya)

  • openSUSE LEAP 42.3

  • Fedora 26

New Features

  • All repository indexer jobs now log a lot more useful information.

  • Java package API response now include a download_url field.

  • Link to enterprise documentation added to footer.

  • Improved error-handling for packagecloud-ctl reset-password command.

  • Adds configuration options for tuning Garbage Collection parameters for application and job workers, new defaults should increase performance overall. See the Garbage Collection page for more details.

Bug fixes

  • Fixed bug around handling of Debian DSC packages containing a '+' character in the filename.

  • Fixed bug with Search API pagination.

  • Fixed promotion of Debian DSC packages and Java packages.

  • Fixed a bug around stale repository indexes when all packages have been promoted out of a repository.

  • Names for Master Tokens and Read Tokens have been increased to 255 characters and slashes are no longer allowed. (Slash characters in token names will automatically be replaced with a dash). See Release Notes for instructions.

  • You can no longer accidentally delete web-dl read tokens.

  • Size field is now properly stored for Debian DSC packages.

  • Fixed race condition in Debian Indexer jobs that would cause Release files to occasionally return 404 while they were being generated.

  • Fixed packagecloud-ctl backup-all command.