Earlier this month, Anaconda announced that they are deprecating the r channel bundled in the defaults multichannel.
This decision does not impact R packages in conda-forge, which continue to be available without any changes.
With yesterday's release of Python 3.14, we not only have Python 3.14 itself available on conda-forge, but also a wide selection of packages to make use of it. As the conda ecosystem is based on binary packages, this means that several packages are already built for Python 3.14.
You can create a new environment by using:
conda create -n py314 python=3.14 -c conda-forge
At the time of writing, the Python 3.14 migration is 77% progressed. This means that:
During the first half of the year, conda-forge has been subject to a security audit in partnership with Open Source Technology Improvement Fund (OSTIF), Sovereign Tech Agency (STA) and the security firm 7ASecurity. This effort has resulted in the identification and remediation of 13 findings with security impact, a custom threat model, and a supply chain security analysis. Full details are now publicly available in the final report.
Today, 2025-04-11, marks the 10th anniversary of the conda-forge community.
Join us in this Zulip thread and share how you got involved with conda-forge, how this community has helped you, or just to show appreciation to the thousands of volunteers that make this effort possible!
To many more years! 馃帀
In the past few months, conda-forge has been engaging with an external security audit in collaboration with
the Open Source Technology Improvement Fund (OSTIF). The full results of this audit will be
made public once it is complete per OSTIF responsible disclosure policies.
During this process, OSTIF and their contractor uncovered misconfigured infrastructure which exposed the anaconda.org
token for the conda-forge channel to all feedstock maintainers. The token was exposed from on or about 2025-02-10 through
2025-04-01. See our GitHub Security Advisory
for more details.
The conda-forge team is excited to announce that the v1 recipe format is available on conda-forge. The v1 recipe format is a community initiative dating back over 3 years to improve the recipe format for conda packages. If you are a maintainer of a feedstock on conda-forge, you have probably dealt with meta.yaml files that conda-build utilizes. The file format has some limitations which is why the community has come together to come up with an improved version of the format: the v1 format.
We introduce noarch variants for python packages on conda-forge that have compiled extensions but with pure python reference implementations to make life easier for early adopters of new python variants.
conda-forge now supports Python 3.13 on conda. You can create a new environment with Python 3.13 by running the command:
conda create -n py313 python=3.13 -c conda-forge
On March 29th, 2024, at 18:07 UTC, the core team learnt about the recently disclosed xz backdoor, now labeled as CVE-2024-3094.
To the best of our knowledge, conda-forge's artifacts for xz are not affected.
In June 2023, software engineers from Anaconda have reported a security issue in the uninstallers that are included in the Windows versions of the miniforge and mambaforge installers, one of the main ways to bootstrap conda-forge based conda and mamba distributions.