Releases: goharbor/harbor
v1.10.19-rc1
What's Changed
- bump go1.20.7 on release-1.10.0 base on ph4 by @MinerYang in #19206
- bump up version to 1.10.19 by @zyyw in #20698
Full Changelog: v1.10.18...v1.10.19-rc1
v2.11.1
What's Changed
Component updates ⬆️
- [cherry-pick] Use internal registry url to push artifact accessory by @stonezdj in #20581
- [cherry-pick] Add menu item for ko_KR local by @stonezdj in #20633
- [cherry-pick] Add translation for zh_CN by @stonezdj in #20634
- [cherry-pick] fix: disable the scan related button when installation without scanner or scanner deactived by @chlins in #20661
- [cherry-pick] Change the log message when PostScan failed. by @stonezdj in #20699
- [cherry-pick ]Release 2.11.0 cp 20803 by @wy65701436 in #20814
- cherry-pick #20603 by @wy65701436 in #20824
- remove migrate patch by @wy65701436 in #20834
- [cherry-pick] Check create when fire the artifact event by @stonezdj in #20838
- fix: bump up golang to v1.22.6 by @zyyw in #20839
- fix: bump trivy-adapter version to v0.31.4 and trivy version to v0.54.1; by @zyyw in #20854
Other Changes
Full Changelog: v2.11.0...v2.11.1
v2.11.1-rc2
What's Changed
Component updates ⬆️
- [cherry-pick] Use internal registry url to push artifact accessory by @stonezdj in #20581
- [cherry-pick] Add menu item for ko_KR local by @stonezdj in #20633
- [cherry-pick] Add translation for zh_CN by @stonezdj in #20634
- [cherry-pick] fix: disable the scan related button when installation without scanner or scanner deactived by @chlins in #20661
- [cherry-pick] Change the log message when PostScan failed. by @stonezdj in #20699
- [cherry-pick ]Release 2.11.0 cp 20803 by @wy65701436 in #20814
- cherry-pick #20603 by @wy65701436 in #20824
- remove migrate patch by @wy65701436 in #20834
- [cherry-pick] Check create when fire the artifact event by @stonezdj in #20838
- fix: bump up golang to v1.22.6 by @zyyw in #20839
- fix: bump trivy-adapter version to v0.31.4 and trivy version to v0.54.1; by @zyyw in #20854
Other Changes
Full Changelog: v2.11.0...v2.11.1-rc2
v2.11.1-rc1
What's Changed
Component updates ⬆️
- [cherry-pick] Use internal registry url to push artifact accessory by @stonezdj in #20581
- [cherry-pick] Add menu item for ko_KR local by @stonezdj in #20633
- [cherry-pick] Add translation for zh_CN by @stonezdj in #20634
- [cherry-pick] fix: disable the scan related button when installation without scanner or scanner deactived by @chlins in #20661
- [cherry-pick] Change the log message when PostScan failed. by @stonezdj in #20699
- [cherry-pick ]Release 2.11.0 cp 20803 by @wy65701436 in #20814
- cherry-pick #20603 by @wy65701436 in #20824
- remove migrate patch by @wy65701436 in #20834
- [cherry-pick] Check create when fire the artifact event by @stonezdj in #20838
- fix: bump up golang to v1.22.6 by @zyyw in #20839
Other Changes
Full Changelog: v2.11.0...v2.11.1-rc1
v2.10.3
Known issue
- known issue #20691 LDAP handshake failure with LDAP server having old TLS_RSA_* cipher suites. Workaround: add env variable GODEBUG="tlsrsakex=1" to common/config/core/env file and restart Harbor.
What's Changed
Component updates ⬆️
- fix: update doublestar lib by @zyyw in #20442
- [cherry-pick] Adjust the query by UUID sql so that it can use the idx_task_extra_at… by @stonezdj in #20551
- fix: upgrade golang to 1.22.4 and bump up dep by @zyyw in #20665
Full Changelog: v2.10.2...v2.10.3
v2.10.3-rc1
v2.9.5
Known issue
- known issue #20691 LDAP handshake failure with LDAP server having old TLS_RSA_* cipher suites. Workaround: add env variable GODEBUG="tlsrsakex=1" to common/config/core/env file and restart Harbor.
What's Changed
Component updates ⬆️
- fix: update doublestar dep by @zyyw in #20443
- [cherry-pick] Adjust the query by UUID sql so that it can use the idx_task_extra_at… by @stonezdj in #20552
- upgrade golang to 1.22.4 and bump up dep by @zyyw in #20662
Other Changes
Full Changelog: v2.9.4...v2.9.5
v2.9.5-rc1
v2.11.0
Known issue
- known issue #20412 Harbor supports only one signature for each artifact been replicated to destination Harbor which is signed by legacy cosign. If you want to replicated multiple signatures for a subject image, please using oci-1.1 mode(cosign v2.2.1+) for signing.
- known issue #20565 Issue with SBOM generation in Harbor v2.11.0 when using external Reverse Proxy (HTTP 404)
- known issue #20691 LDAP handshake failure with LDAP server has old TLS_RSA_* cipher suites. Workaround: add env variable GODEBUG="tlsrsakex=1" to common/config/core/env file and restart Harbor.
Tips
- Best practice for image singing with Notation v1.2.0 in Harbor
What's Changed
Exciting New Features 🎉
SBOM Generation and Management
Harbor now provides robust support for generating Software Bill of Materials (SBOM) either manually or automatically. Users can conveniently view, download, and replicate SBOMs across different instances of Harbor.
When
Automatically generate SBOM on push
is enabled and there are massive concurrent push to that project, users may need to enable asynchronously updating project quota by settingcore.quotaUpdateProvider: redis
(values.yaml for harbor-helm) or setting core.quota_update_provider: redis (harbor.yml
for installation via docker-compose) so that it can reduce the overall resource consumption, like db connection, cpu usage and memory usage.
Supporting OCI Distribution Spec v1.1.0 🎉
Harbor now fully supports OCI Distribution Spec v1.1.0
Integration with VolcEngine Registry
Users can now seamlessly replicate images to and from the VolcEngine registry, enhancing interoperability and flexibility within the Harbor ecosystem.
Korean UI Translation
The user interface of Harbor has been enriched with the addition of Korean language support, ensuring a more inclusive and accessible experience for Korean-speaking users.
Enhancement 🚀
- skip transaction for POST /service/token by @liubin in #19339
- Updated internationalisation : fr-fr by @tostt in #19915
Component updates ⬆️
- Bump github.com/go-openapi/errors from 0.19.6 to 0.20.4 in /src by @dependabot in #19697
- bump golang 1.21.5 & fix golangci-lint error by @MinerYang in #19722
- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /src by @dependabot in #19729
- Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 in /src by @dependabot in #19701
- Bump github.com/prometheus/client_golang from 1.14.0 to 1.17.0 in /src by @dependabot in #19699
- Bump github.com/bmatcuk/doublestar from 1.1.1 to 1.3.4 in /src by @dependabot in #19698
- Fix project metadata validate bug by @YangJiao0817 in #19746
- Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.45.0 to 0.46.1 in /src by @dependabot in #19727
- add description in scanner page by @ShengqiWang in #19733
- Fix OpenAPI Specification structural error by @blueswen in #19782
- update project-SelectScanner modal Default field css by @ShengqiWang in #19753
- Bump up PostgreSQL from 14 to 15 by @YangJiao0817 in #19789
- fix invalid links in harbor.yml.tmpl by @microyahoo in #19786
- Bump golang.org/x/time from 0.4.0 to 0.5.0 in /src by @dependabot in #19767
- Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.0 in /src by @dependabot in #19766
- Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 in /src by @dependabot in #19764
- Add quota permissions to robot account by @YangJiao0817 in #19799
- Bump gopkg.in/h2non/gock.v1 from 1.0.16 to 1.1.2 in /src by @dependabot in #19765
- Bump github.com/go-openapi/runtime from 0.19.20 to 0.26.2 in /src by @dependabot in #19763
- add repository read permission to limitedGuest by @tpoxa in #19757
- registryctl/api/registry/blob: fix dropped test error by @alrs in #19721
- Remove robot account update quota permission by @YangJiao0817 in #19819
- Cache image list with digest key by @stonezdj in #19801
- Add verification that robot account duration is not 0 by @YangJiao0817 in #19829
- fix artifact page bug by @ShengqiWang in #19807
- Log ensureArtifact ConflictErr by @LiuShuaiyi in #19294
- Fixing typo for About UI by @hasonhai in #19840
- Update isValidDuration function by @YangJiao0817 in #19843
- fix label select bugs by @ShengqiWang in #19850
- Bump k8s.io/client-go from 0.26.2 to 0.29.0 in /src by @dependabot in #19813
- Bump github.com/vmihailenco/msgpack/v5 from 5.0.0-rc.2 to 5.4.1 in /src by @dependabot in #19810
- Bump github.com/go-openapi/swag from 0.22.4 to 0.22.7 in /src by @dependabot in #19809
- feat: add auto_sbom_generation for SBOM auto generation on pushing a … by @zyyw in #19869
- add v6 port for nginx and portal config by @MinerYang in #19868
- add ip_family config in harbor.yml by @MinerYang in #19934
- Bump github.com/aws/aws-sdk-go from 1.34.28 to 1.50.5 in /src by @dependabot in #19920
- Bump github.com/go-openapi/errors from 0.20.4 to 0.21.0 in /src by @dependabot in #19890
- Bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.4.6 in /src by @dependabot in #19889
- Bump vite and @angular-devkit/build-angular in /src/portal by @dependabot in #19945
- remove ipfamily config migrate jinja in 2.9 and 2.10 by @MinerYang in #19949
- feat: enable configuration of skip_java_db_update by @zyyw in #19996
- [Token/JWT] Update to golang-jwt v5.2.0 by @an-toine in #19802
- Remove redundant file package-lock.json under src folder by @AllForNothing in #20007
- Limit url to local site by @stonezdj in #20013
- Bump go.opentelemetry.io/otel from 1.21.0 to 1.23.1 in /src by @dependabot in #19972
- Bump github.com/go-openapi/strfmt from 0.21.8 to 0.22.0 in /src by @dependabot in #19955
- Bump github.com/google/uuid from 1.3.1 to 1.6.0 in /src by @dependabot in #19954
- Limit url to local path by @stonezdj in #20025
- Bump helm.sh/helm/v3 from 3.11.3 to 3.14.2 in /src by @dependabot in #20017
- Bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.24 in /src by @dependabot in #20018
- Move strong_ssl_ciphers to top level in harbor.yml by @stonezdj in #19914
- Check if the internal_tls_config is not null when get strong_ssl_ciph… by @stonezdj in #20032
- add sbom settings for project by @wy65701436 in #20069
- update referrers api by @wy65701436 in #20068
- fix: typos by @testwill in #20106
- Update swagger.yaml bad request permission: helm-chart:read by @jm-nab in #20094
- Update support for artifactType for both manifest and index by @MinerYang in #20030
- Update deletion for index type of accessory by @MinerYang in #20073
- add type for scanner metadata by @wy65701436 in #20108
- panic due to mark retention task error by @stonezdj in #20161
- chore: fix function names by @majorteach in #20159
- ScanAll should only log an error when an error occurs by @twhiteman in #20087
- Bump github.com/tencentcloud/tencentcloud-sdk-go from 1.0.62 to 3.0.233+incompatible in /src by @dependabot in https://gi...
v2.11.0-rc3
Known issue
- known issue #20056 requires a user to be a member of a project in the source (GitLab) registry when doing pull-based replication from GitLab registry to Harbor registry. Even if it is a public project in GitLab registry, a user has to be a member of that project and then performs replication. Affected versions are v2.10.x, v2.9.x.
What's Changed
Exciting New Features 🎉
SBOM Generation and Management:
Harbor now provides robust support for generating Software Bill of Materials (SBOM) either manually or automatically. Users can conveniently view, download, and replicate SBOMs across different instances of Harbor.
Supporting OCI Distribution Spec v1.1.0 🎉
Harbor now fully supports OCI Distribution Spec v1.1.0
Integration with VolcEngine Registry:
Users can now seamlessly replicate images to and from the VolcEngine registry, enhancing interoperability and flexibility within the Harbor ecosystem.
Korean UI Translation:
The user interface of Harbor has been enriched with the addition of Korean language support, ensuring a more inclusive and accessible experience for Korean-speaking users.
Enhancement 🚀
- skip transaction for POST /service/token by @liubin in #19339
- Updated internationalisation : fr-fr by @tostt in #19915
Component updates ⬆️
- Bump github.com/go-openapi/errors from 0.19.6 to 0.20.4 in /src by @dependabot in #19697
- bump golang 1.21.5 & fix golangci-lint error by @MinerYang in #19722
- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /src by @dependabot in #19729
- Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 in /src by @dependabot in #19701
- Bump github.com/prometheus/client_golang from 1.14.0 to 1.17.0 in /src by @dependabot in #19699
- Bump github.com/bmatcuk/doublestar from 1.1.1 to 1.3.4 in /src by @dependabot in #19698
- Fix project metadata validate bug by @YangJiao0817 in #19746
- Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.45.0 to 0.46.1 in /src by @dependabot in #19727
- add description in scanner page by @ShengqiWang in #19733
- Fix OpenAPI Specification structural error by @blueswen in #19782
- update project-SelectScanner modal Default field css by @ShengqiWang in #19753
- Bump up PostgreSQL from 14 to 15 by @YangJiao0817 in #19789
- fix invalid links in harbor.yml.tmpl by @microyahoo in #19786
- Bump golang.org/x/time from 0.4.0 to 0.5.0 in /src by @dependabot in #19767
- Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.0 in /src by @dependabot in #19766
- Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 in /src by @dependabot in #19764
- Add quota permissions to robot account by @YangJiao0817 in #19799
- Bump gopkg.in/h2non/gock.v1 from 1.0.16 to 1.1.2 in /src by @dependabot in #19765
- Bump github.com/go-openapi/runtime from 0.19.20 to 0.26.2 in /src by @dependabot in #19763
- add repository read permission to limitedGuest by @tpoxa in #19757
- registryctl/api/registry/blob: fix dropped test error by @alrs in #19721
- Remove robot account update quota permission by @YangJiao0817 in #19819
- Cache image list with digest key by @stonezdj in #19801
- Add verification that robot account duration is not 0 by @YangJiao0817 in #19829
- fix artifact page bug by @ShengqiWang in #19807
- Log ensureArtifact ConflictErr by @LiuShuaiyi in #19294
- Fixing typo for About UI by @hasonhai in #19840
- Update isValidDuration function by @YangJiao0817 in #19843
- fix label select bugs by @ShengqiWang in #19850
- Bump k8s.io/client-go from 0.26.2 to 0.29.0 in /src by @dependabot in #19813
- Bump github.com/vmihailenco/msgpack/v5 from 5.0.0-rc.2 to 5.4.1 in /src by @dependabot in #19810
- Bump github.com/go-openapi/swag from 0.22.4 to 0.22.7 in /src by @dependabot in #19809
- feat: add auto_sbom_generation for SBOM auto generation on pushing a … by @zyyw in #19869
- add v6 port for nginx and portal config by @MinerYang in #19868
- add ip_family config in harbor.yml by @MinerYang in #19934
- Bump github.com/aws/aws-sdk-go from 1.34.28 to 1.50.5 in /src by @dependabot in #19920
- Bump github.com/go-openapi/errors from 0.20.4 to 0.21.0 in /src by @dependabot in #19890
- Bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.4.6 in /src by @dependabot in #19889
- Bump vite and @angular-devkit/build-angular in /src/portal by @dependabot in #19945
- remove ipfamily config migrate jinja in 2.9 and 2.10 by @MinerYang in #19949
- feat: enable configuration of skip_java_db_update by @zyyw in #19996
- [Token/JWT] Update to golang-jwt v5.2.0 by @an-toine in #19802
- Remove redundant file package-lock.json under src folder by @AllForNothing in #20007
- Limit url to local site by @stonezdj in #20013
- Bump go.opentelemetry.io/otel from 1.21.0 to 1.23.1 in /src by @dependabot in #19972
- Bump github.com/go-openapi/strfmt from 0.21.8 to 0.22.0 in /src by @dependabot in #19955
- Bump github.com/google/uuid from 1.3.1 to 1.6.0 in /src by @dependabot in #19954
- Limit url to local path by @stonezdj in #20025
- Bump helm.sh/helm/v3 from 3.11.3 to 3.14.2 in /src by @dependabot in #20017
- Bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.24 in /src by @dependabot in #20018
- Move strong_ssl_ciphers to top level in harbor.yml by @stonezdj in #19914
- Check if the internal_tls_config is not null when get strong_ssl_ciph… by @stonezdj in #20032
- add sbom settings for project by @wy65701436 in #20069
- update referrers api by @wy65701436 in #20068
- fix: typos by @testwill in #20106
- Update swagger.yaml bad request permission: helm-chart:read by @jm-nab in #20094
- Update support for artifactType for both manifest and index by @MinerYang in #20030
- Update deletion for index type of accessory by @MinerYang in #20073
- add type for scanner metadata by @wy65701436 in #20108
- panic due to mark retention task error by @stonezdj in #20161
- chore: fix function names by @majorteach in #20159
- ScanAll should only log an error when an error occurs by @twhiteman in #20087
- Bump github.com/tencentcloud/tencentcloud-sdk-go from 1.0.62 to 3.0.233+incompatible in /src by @dependabot in #20035
- Bump golang.org/x/sync from 0.3.0 to 0.6.0 in /src by @dependabot in #20036
- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /src by @dependabot in #20104
- Bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.2 in /src by @dependabot in #20099
- Bump golang.org/x/net from 0.17.0 to 0.22.0 in /src by @dependabot in #20113
- Bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.3 in /src by @dependabot in #20139
- Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /src by @dependabot in #20124
- Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /src by @dependabot in #20147
- Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.21.0 to 1.24.0 in /src by @dependabot in https://github.com/goharbor/harbo...