Releases: goharbor/harbor
Releases · goharbor/harbor
v2.11.0-rc2
Known issue
- known issue #20056 requires a user to be a member of a project in the source (GitLab) registry when doing pull-based replication from GitLab registry to Harbor registry. Even if it is a public project in GitLab registry, a user has to be a member of that project and then performs replication. Affected versions are v2.10.x, v2.9.x.
What's Changed
Exciting New Features 🎉
SBOM Generation and Management:
Harbor now provides robust support for generating Software Bill of Materials (SBOM) either manually or automatically. Users can conveniently view, download, and replicate SBOMs across different instances of Harbor.
Supporting OCI Distribution Spec v1.1.0 🎉
Harbor now fully supports OCI Distribution Spec v1.1.0
Integration with VolcEngine Registry:
Users can now seamlessly replicate images to and from the VolcEngine registry, enhancing interoperability and flexibility within the Harbor ecosystem.
Korean UI Translation:
The user interface of Harbor has been enriched with the addition of Korean language support, ensuring a more inclusive and accessible experience for Korean-speaking users.
Enhancement 🚀
- skip transaction for POST /service/token by @liubin in #19339
- Updated internationalisation : fr-fr by @tostt in #19915
Component updates ⬆️
- Bump github.com/go-openapi/errors from 0.19.6 to 0.20.4 in /src by @dependabot in #19697
- bump golang 1.21.5 & fix golangci-lint error by @MinerYang in #19722
- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /src by @dependabot in #19729
- Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 in /src by @dependabot in #19701
- Bump github.com/prometheus/client_golang from 1.14.0 to 1.17.0 in /src by @dependabot in #19699
- Bump github.com/bmatcuk/doublestar from 1.1.1 to 1.3.4 in /src by @dependabot in #19698
- Fix project metadata validate bug by @YangJiao0817 in #19746
- Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.45.0 to 0.46.1 in /src by @dependabot in #19727
- add description in scanner page by @ShengqiWang in #19733
- Fix OpenAPI Specification structural error by @blueswen in #19782
- update project-SelectScanner modal Default field css by @ShengqiWang in #19753
- Bump up PostgreSQL from 14 to 15 by @YangJiao0817 in #19789
- fix invalid links in harbor.yml.tmpl by @microyahoo in #19786
- Bump golang.org/x/time from 0.4.0 to 0.5.0 in /src by @dependabot in #19767
- Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.0 in /src by @dependabot in #19766
- Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 in /src by @dependabot in #19764
- Add quota permissions to robot account by @YangJiao0817 in #19799
- Bump gopkg.in/h2non/gock.v1 from 1.0.16 to 1.1.2 in /src by @dependabot in #19765
- Bump github.com/go-openapi/runtime from 0.19.20 to 0.26.2 in /src by @dependabot in #19763
- add repository read permission to limitedGuest by @tpoxa in #19757
- registryctl/api/registry/blob: fix dropped test error by @alrs in #19721
- Remove robot account update quota permission by @YangJiao0817 in #19819
- Cache image list with digest key by @stonezdj in #19801
- Add verification that robot account duration is not 0 by @YangJiao0817 in #19829
- fix artifact page bug by @ShengqiWang in #19807
- Log ensureArtifact ConflictErr by @LiuShuaiyi in #19294
- Fixing typo for About UI by @hasonhai in #19840
- Update isValidDuration function by @YangJiao0817 in #19843
- fix label select bugs by @ShengqiWang in #19850
- Bump k8s.io/client-go from 0.26.2 to 0.29.0 in /src by @dependabot in #19813
- Bump github.com/vmihailenco/msgpack/v5 from 5.0.0-rc.2 to 5.4.1 in /src by @dependabot in #19810
- Bump github.com/go-openapi/swag from 0.22.4 to 0.22.7 in /src by @dependabot in #19809
- feat: add auto_sbom_generation for SBOM auto generation on pushing a … by @zyyw in #19869
- add v6 port for nginx and portal config by @MinerYang in #19868
- add ip_family config in harbor.yml by @MinerYang in #19934
- Bump github.com/aws/aws-sdk-go from 1.34.28 to 1.50.5 in /src by @dependabot in #19920
- Bump github.com/go-openapi/errors from 0.20.4 to 0.21.0 in /src by @dependabot in #19890
- Bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.4.6 in /src by @dependabot in #19889
- Bump vite and @angular-devkit/build-angular in /src/portal by @dependabot in #19945
- remove ipfamily config migrate jinja in 2.9 and 2.10 by @MinerYang in #19949
- feat: enable configuration of skip_java_db_update by @zyyw in #19996
- [Token/JWT] Update to golang-jwt v5.2.0 by @an-toine in #19802
- Remove redundant file package-lock.json under src folder by @AllForNothing in #20007
- Limit url to local site by @stonezdj in #20013
- Bump go.opentelemetry.io/otel from 1.21.0 to 1.23.1 in /src by @dependabot in #19972
- Bump github.com/go-openapi/strfmt from 0.21.8 to 0.22.0 in /src by @dependabot in #19955
- Bump github.com/google/uuid from 1.3.1 to 1.6.0 in /src by @dependabot in #19954
- Limit url to local path by @stonezdj in #20025
- Bump helm.sh/helm/v3 from 3.11.3 to 3.14.2 in /src by @dependabot in #20017
- Bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.24 in /src by @dependabot in #20018
- Move strong_ssl_ciphers to top level in harbor.yml by @stonezdj in #19914
- Check if the internal_tls_config is not null when get strong_ssl_ciph… by @stonezdj in #20032
- add sbom settings for project by @wy65701436 in #20069
- update referrers api by @wy65701436 in #20068
- fix: typos by @testwill in #20106
- Update swagger.yaml bad request permission: helm-chart:read by @jm-nab in #20094
- Update support for artifactType for both manifest and index by @MinerYang in #20030
- Update deletion for index type of accessory by @MinerYang in #20073
- add type for scanner metadata by @wy65701436 in #20108
- panic due to mark retention task error by @stonezdj in #20161
- chore: fix function names by @majorteach in #20159
- ScanAll should only log an error when an error occurs by @twhiteman in #20087
- Bump github.com/tencentcloud/tencentcloud-sdk-go from 1.0.62 to 3.0.233+incompatible in /src by @dependabot in #20035
- Bump golang.org/x/sync from 0.3.0 to 0.6.0 in /src by @dependabot in #20036
- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /src by @dependabot in #20104
- Bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.2 in /src by @dependabot in #20099
- Bump golang.org/x/net from 0.17.0 to 0.22.0 in /src by @dependabot in #20113
- Bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.3 in /src by @dependabot in #20139
- Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /src by @dependabot in #20124
- Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /src by @dependabot in #20147
- Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.21.0 to 1.24.0 in /src by @dependabot in https://github.com/goharbor/harbo...
Contributors
alrs, tpoxa, and 24 other contributors
Assets 5
v2.11.0-rc1
Known issue
- known issue #20056 requires a user to be a member of a project in the source (GitLab) registry when doing pull-based replication from GitLab registry to Harbor registry. Even if it is a public project in GitLab registry, a user has to be a member of that project and then performs replication. Affected versions are v2.10.x, v2.9.x.
What's Changed
Exciting New Features 🎉
SBOM Generation and Management:
Harbor now provides robust support for generating Software Bill of Materials (SBOM) either manually or automatically. Users can conveniently view, download, and replicate SBOMs across different instances of Harbor.
Supporting OCI Distribution Spec v1.1.0 🎉
Harbor now fully supports OCI Distribution Spec v1.1.0
Integration with VolcEngine Registry:
Users can now seamlessly replicate images to and from the VolcEngine registry, enhancing interoperability and flexibility within the Harbor ecosystem.
Korean UI Translation:
The user interface of Harbor has been enriched with the addition of Korean language support, ensuring a more inclusive and accessible experience for Korean-speaking users.
Enhancement 🚀
- skip transaction for POST /service/token by @liubin in #19339
- Updated internationalisation : fr-fr by @tostt in #19915
Component updates ⬆️
- Bump github.com/go-openapi/errors from 0.19.6 to 0.20.4 in /src by @dependabot in #19697
- bump golang 1.21.5 & fix golangci-lint error by @MinerYang in #19722
- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /src by @dependabot in #19729
- Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 in /src by @dependabot in #19701
- Bump github.com/prometheus/client_golang from 1.14.0 to 1.17.0 in /src by @dependabot in #19699
- Bump github.com/bmatcuk/doublestar from 1.1.1 to 1.3.4 in /src by @dependabot in #19698
- Fix project metadata validate bug by @YangJiao0817 in #19746
- Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.45.0 to 0.46.1 in /src by @dependabot in #19727
- add description in scanner page by @ShengqiWang in #19733
- Fix OpenAPI Specification structural error by @blueswen in #19782
- update project-SelectScanner modal Default field css by @ShengqiWang in #19753
- Bump up PostgreSQL from 14 to 15 by @YangJiao0817 in #19789
- fix invalid links in harbor.yml.tmpl by @microyahoo in #19786
- Bump golang.org/x/time from 0.4.0 to 0.5.0 in /src by @dependabot in #19767
- Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.0 in /src by @dependabot in #19766
- Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 in /src by @dependabot in #19764
- Add quota permissions to robot account by @YangJiao0817 in #19799
- Bump gopkg.in/h2non/gock.v1 from 1.0.16 to 1.1.2 in /src by @dependabot in #19765
- Bump github.com/go-openapi/runtime from 0.19.20 to 0.26.2 in /src by @dependabot in #19763
- add repository read permission to limitedGuest by @tpoxa in #19757
- registryctl/api/registry/blob: fix dropped test error by @alrs in #19721
- Remove robot account update quota permission by @YangJiao0817 in #19819
- Cache image list with digest key by @stonezdj in #19801
- Add verification that robot account duration is not 0 by @YangJiao0817 in #19829
- fix artifact page bug by @ShengqiWang in #19807
- Log ensureArtifact ConflictErr by @LiuShuaiyi in #19294
- Fixing typo for About UI by @hasonhai in #19840
- Update isValidDuration function by @YangJiao0817 in #19843
- fix label select bugs by @ShengqiWang in #19850
- Bump k8s.io/client-go from 0.26.2 to 0.29.0 in /src by @dependabot in #19813
- Bump github.com/vmihailenco/msgpack/v5 from 5.0.0-rc.2 to 5.4.1 in /src by @dependabot in #19810
- Bump github.com/go-openapi/swag from 0.22.4 to 0.22.7 in /src by @dependabot in #19809
- feat: add auto_sbom_generation for SBOM auto generation on pushing a … by @zyyw in #19869
- add v6 port for nginx and portal config by @MinerYang in #19868
- add ip_family config in harbor.yml by @MinerYang in #19934
- Bump github.com/aws/aws-sdk-go from 1.34.28 to 1.50.5 in /src by @dependabot in #19920
- Bump github.com/go-openapi/errors from 0.20.4 to 0.21.0 in /src by @dependabot in #19890
- Bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.4.6 in /src by @dependabot in #19889
- Bump vite and @angular-devkit/build-angular in /src/portal by @dependabot in #19945
- remove ipfamily config migrate jinja in 2.9 and 2.10 by @MinerYang in #19949
- feat: enable configuration of skip_java_db_update by @zyyw in #19996
- [Token/JWT] Update to golang-jwt v5.2.0 by @an-toine in #19802
- Remove redundant file package-lock.json under src folder by @AllForNothing in #20007
- Limit url to local site by @stonezdj in #20013
- Bump go.opentelemetry.io/otel from 1.21.0 to 1.23.1 in /src by @dependabot in #19972
- Bump github.com/go-openapi/strfmt from 0.21.8 to 0.22.0 in /src by @dependabot in #19955
- Bump github.com/google/uuid from 1.3.1 to 1.6.0 in /src by @dependabot in #19954
- Limit url to local path by @stonezdj in #20025
- Bump helm.sh/helm/v3 from 3.11.3 to 3.14.2 in /src by @dependabot in #20017
- Bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.24 in /src by @dependabot in #20018
- Move strong_ssl_ciphers to top level in harbor.yml by @stonezdj in #19914
- Check if the internal_tls_config is not null when get strong_ssl_ciph… by @stonezdj in #20032
- add sbom settings for project by @wy65701436 in #20069
- update referrers api by @wy65701436 in #20068
- fix: typos by @testwill in #20106
- Update swagger.yaml bad request permission: helm-chart:read by @jm-nab in #20094
- Update support for artifactType for both manifest and index by @MinerYang in #20030
- Update deletion for index type of accessory by @MinerYang in #20073
- add type for scanner metadata by @wy65701436 in #20108
- panic due to mark retention task error by @stonezdj in #20161
- chore: fix function names by @majorteach in #20159
- ScanAll should only log an error when an error occurs by @twhiteman in #20087
- Bump github.com/tencentcloud/tencentcloud-sdk-go from 1.0.62 to 3.0.233+incompatible in /src by @dependabot in #20035
- Bump golang.org/x/sync from 0.3.0 to 0.6.0 in /src by @dependabot in #20036
- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /src by @dependabot in #20104
- Bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.2 in /src by @dependabot in #20099
- Bump golang.org/x/net from 0.17.0 to 0.22.0 in /src by @dependabot in #20113
- Bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.3 in /src by @dependabot in #20139
- Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /src by @dependabot in #20124
- Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /src by @dependabot in #20147
- Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.21.0 to 1.24.0 in /src by @dependabot in https://github.com/goharbor/h...
Contributors
alrs, tpoxa, and 24 other contributors
Assets 5
v2.9.4
What's Changed
Component updates ⬆️
- fix: assign metas to key and value by @zyyw in #20126
- [cherry-pick] panic due to mark retention task error by @stonezdj in #20170
- bump golang 1.21.8 on release-2.9.0 by @MinerYang in #20196
- fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.30.23 by @zyyw in #20211
- fix: close file by @zyyw in #20221
- [cherry-pick] Allow empty path in redirect_url by @stonezdj in #20236
- fix: add 400 response code for /scan/{report_id}/log by @zyyw in #20242
- bump golang 1.21.9 on release-2.9.0 by @MinerYang in #20263
- fix: update version of some dependencies by @zyyw in #20268
Full Changelog: v2.9.3...v2.9.4
Contributors
stonezdj, zyyw, and MinerYang
Assets 7
v2.9.4-rc1
What's Changed
Component updates ⬆️
- fix: assign metas to key and value by @zyyw in #20126
- [cherry-pick] panic due to mark retention task error by @stonezdj in #20170
- bump golang 1.21.8 on release-2.9.0 by @MinerYang in #20196
- fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.30.23 by @zyyw in #20211
- fix: close file by @zyyw in #20221
- [cherry-pick] Allow empty path in redirect_url by @stonezdj in #20236
- fix: add 400 response code for /scan/{report_id}/log by @zyyw in #20242
- bump golang 1.21.9 on release-2.9.0 by @MinerYang in #20263
- fix: update version of some dependencies by @zyyw in #20268
Full Changelog: v2.9.3...v2.9.4-rc1
Contributors
stonezdj, zyyw, and MinerYang
Assets 5
v2.8.6
What's Changed
Component updates ⬆️
- fix: assign metas to key and value by @zyyw in #20127
- [cherry-pick] panic due to mark retention task error by @stonezdj in #20168
- fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.30.23 by @zyyw in #20212
- fix: close file by @zyyw in #20222
- [cherry-pick] Allow empty path in redirect_url by @stonezdj in #20235
- fix: add 400 response code for /scan/{report_id}/log by @zyyw in #20243
- bump golang to 1.21.9 on release-2.8.0 by @MinerYang in #20267
- fix: update version of some dependencies by @zyyw in #20271
Full Changelog: v2.8.5...v2.8.6
Contributors
stonezdj, zyyw, and MinerYang
Assets 7
v2.8.6-rc1
What's Changed
Component updates ⬆️
- fix: assign metas to key and value by @zyyw in #20127
- [cherry-pick] panic due to mark retention task error by @stonezdj in #20168
- fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.30.23 by @zyyw in #20212
- fix: close file by @zyyw in #20222
- [cherry-pick] Allow empty path in redirect_url by @stonezdj in #20235
- fix: add 400 response code for /scan/{report_id}/log by @zyyw in #20243
- bump golang to 1.21.9 on release-2.8.0 by @MinerYang in #20267
- fix: update version of some dependencies by @zyyw in #20271
Full Changelog: v2.8.5...v2.8.6-rc1
Contributors
stonezdj, zyyw, and MinerYang
Assets 5
v2.10.2
What's Changed
Component updates ⬆️
- [cherry-pick] panic due to mark retention task error by @stonezdj in #20169
- bump golang to 1.21.8 on release-2.10.0 by @MinerYang in #20194
- fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.30.23 by @zyyw in #20210
- fix: close file by @zyyw in #20220
- [cherry-pick] Allow empty path in redirect_url by @stonezdj in #20237
- fix: test robot account permission by @zyyw in #20241
Full Changelog: v2.10.1...v2.10.2
Contributors
stonezdj, zyyw, and MinerYang
Assets 7
v2.10.2-rc1
What's Changed
Component updates ⬆️
- [cherry-pick] panic due to mark retention task error by @stonezdj in #20169
- bump golang to 1.21.8 on release-2.10.0 by @MinerYang in #20194
- fix: update TRIVYVERSION=v0.50.1 && TRIVYADAPTERVERSION=v0.30.23 by @zyyw in #20210
- fix: close file by @zyyw in #20220
- [cherry-pick] Allow empty path in redirect_url by @stonezdj in #20237
- fix: test robot account permission by @zyyw in #20241
Full Changelog: v2.10.1...v2.10.2-rc1
Contributors
stonezdj, zyyw, and MinerYang
Assets 7
v2.10.1
What's Changed
Enhancement 🚀
- [cherry-pick]remove the log for ScannerSkipUpdatePullTime by @wy65701436 in #19846
Component updates ⬆️
- [cherry-pick]Add quota permissions to robot account by @YangJiao0817 in #19800
- [cherry-pick]Remove robot account update quota permission by @YangJiao0817 in #19818
- [cherry-pick] Cache image list with digest key by @stonezdj in #19838
- [Cherry pick] add repository read permission to limitedGuest by @tpoxa in #19816
- [cherry-pick]fix label select bugs (#19850) by @YangJiao0817 in #19862
- [cherry-pick]add v6 port for nginx ad portal config by @MinerYang in #19894
- add ip_family config in harbor.yml on release-2.10 by @MinerYang in #19939
- reverse ip_family config for release-2.10 by @MinerYang in #19950
- [Cherry-pick] feat: enable configuration of skip_java_db_update by @zyyw in #19998
- [cherry-pick] limit url to local site by @stonezdj in #20020
- [cherry-pick] Move strong_ssl_ciphers to top level in harbor.yaml by @stonezdj in #20022
- update go.mod dep, golangci-lint, mocks by @zyyw in #20121
Other Changes
- [cherry-pick]Add notation replication test case by @YangJiao0817 in #19739
- [cherry-pick]Add multi-tier accessory replication test cases by @YangJiao0817 in #19736
- [cherry-pick]Add quota permissions testcase by @YangJiao0817 in #19823
- [Cherry-Pick] Update replication rule filter label xpath (#19895) by @zyyw in #19904
- [Cherry-pick] fix: cve export label filter xpath (#19931) by @zyyw in #19947
- update retry of get_scan_data_export_execution from 5 to 15 by @zyyw in #19960
Full Changelog: v2.10.0...v2.10.1
Contributors
tpoxa, stonezdj, and 4 other contributors
Assets 7
v2.10.1-rc1
What's Changed
Enhancement 🚀
- [cherry-pick]remove the log for ScannerSkipUpdatePullTime by @wy65701436 in #19846
Component updates ⬆️
- [cherry-pick]Add quota permissions to robot account by @YangJiao0817 in #19800
- [cherry-pick]Remove robot account update quota permission by @YangJiao0817 in #19818
- [cherry-pick] Cache image list with digest key by @stonezdj in #19838
- [Cherry pick] add repository read permission to limitedGuest by @tpoxa in #19816
- [cherry-pick]fix label select bugs (#19850) by @YangJiao0817 in #19862
- [cherry-pick]add v6 port for nginx ad portal config by @MinerYang in #19894
- add ip_family config in harbor.yml on release-2.10 by @MinerYang in #19939
- reverse ip_family config for release-2.10 by @MinerYang in #19950
- [Cherry-pick] feat: enable configuration of skip_java_db_update by @zyyw in #19998
- [cherry-pick] limit url to local site by @stonezdj in #20020
- [cherry-pick] Move strong_ssl_ciphers to top level in harbor.yaml by @stonezdj in #20022
- update go.mod dep, golangci-lint, mocks by @zyyw in #20121
Other Changes
- [cherry-pick]Add notation replication test case by @YangJiao0817 in #19739
- [cherry-pick]Add multi-tier accessory replication test cases by @YangJiao0817 in #19736
- [cherry-pick]Add quota permissions testcase by @YangJiao0817 in #19823
- [Cherry-Pick] Update replication rule filter label xpath (#19895) by @zyyw in #19904
- [Cherry-pick] fix: cve export label filter xpath (#19931) by @zyyw in #19947
- update retry of get_scan_data_export_execution from 5 to 15 by @zyyw in #19960
Full Changelog: v2.10.0...v2.10.1-rc1
Contributors
tpoxa, stonezdj, and 4 other contributors