Skip to content

Releases: goharbor/harbor

v2.7.4

30 Nov 03:15
8693b25
Compare
Choose a tag to compare

Known issue

  • Due to the change of querying for listing tasks of scan by this PR, vulnerability scan report that's done in v2.7.4 cannot be retrieved in v2.8.0, but it's still available in v2.8.1 (applied the same logic in this PR) and onwards. Please do not upgrade from v2.7.4 to v2.8.0, instead, directly upgrading to v2.8.1 or v2.9.0.

What's Changed

Component updates ⬆️

  • feat: bump up golang-runtime from 1.19.3 to 1.21.4; upgrade MOCKERY_VERSION; upgrade golangci-lint; fix mock issue by @zyyw in #19608
  • fix: bump TRIVYVERSION=v0.46.1 & TRIVYADAPTERVERSION=v0.30.18 by @zyyw in #19607
  • fix: upgrade dependency library version and run \go mod vendor\ by @zyyw in #19613
  • fix: upgrade github.com/gorilla/mux/otelmux to v0.44.0 by @zyyw in #19620

Other Changes

Full Changelog: v2.7.3...v2.7.4

v2.7.4-rc1

29 Nov 07:34
8693b25
Compare
Choose a tag to compare
v2.7.4-rc1 Pre-release
Pre-release

What's Changed

Component updates ⬆️

  • feat: bump up golang-runtime from 1.19.3 to 1.21.4; upgrade MOCKERY_VERSION; upgrade golangci-lint; fix mock issue by @zyyw in #19608
  • fix: bump TRIVYVERSION=v0.46.1 & TRIVYADAPTERVERSION=v0.30.18 by @zyyw in #19607
  • fix: upgrade dependency library version and run \go mod vendor\ by @zyyw in #19613
  • fix: upgrade github.com/gorilla/mux/otelmux to v0.44.0 by @zyyw in #19620

Other Changes

Full Changelog: v2.7.3...v2.7.4-rc1

v2.9.1

02 Nov 01:22
5cbb1b0
Compare
Choose a tag to compare

Known issue

  • known issue #19912 will affect nginx component of offline-installer when specify strong_cipher.enabled in harbor.yml but not been rendered in config file properly. Impact version are v2.9.0, v2.9.1, v2.9.2, v2.10.0. Will fixed in v2.10.1. if you do need set strong_cipher, please refer to manually-add-strong-cipher

What's Changed

Component updates ⬆️

  • (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19307
  • (cherry-pick) fix storage.redirect.disable migrate template error release-2.9.0 by @MinerYang in #19336
  • [Cherry-pick]Hide version property if the value is undefined by @AllForNothing in #19396
  • (cherry-pick) Change fixed_version to package_version by @stonezdj in #19432
  • [cherry-pick]bump golang to 1.20.10 by @MinerYang in #19431
  • fix: bump up TRIVYVERSION=v0.46.0 && TRIVYADAPTERVERSION=v0.30.17 by @zyyw in #19447
  • [cherry-pick] Use batch to list the job id in the job queue to avoid crash redis by @stonezdj in #19455
  • bump golang.org/x/net to v0.17.0 && go.opentelemetry.io/contrib on release-2.9.0 by @MinerYang in #19460
  • bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/m… by @MinerYang in #19476
  • bump golang to 1.21.3 on release-2.9.0 by @MinerYang in #19503
  • fix: bump up TRIVYVERSION=v0.46.1 && TRIVYADAPTERVERSION=v0.30.18 by @zyyw in #19499
  • update ut mock anything by @MinerYang in #19506
  • bump google.golang.org/grpc by @MinerYang in #19513

Other Changes

Full Changelog: v2.9.0...v2.9.1

v2.9.1-rc1

01 Nov 10:19
5cbb1b0
Compare
Choose a tag to compare
v2.9.1-rc1 Pre-release
Pre-release

What's Changed

Component updates ⬆️

  • (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19307
  • (cherry-pick) fix storage.redirect.disable migrate template error release-2.9.0 by @MinerYang in #19336
  • [Cherry-pick]Hide version property if the value is undefined by @AllForNothing in #19396
  • (cherry-pick) Change fixed_version to package_version by @stonezdj in #19432
  • [cherry-pick]bump golang to 1.20.10 by @MinerYang in #19431
  • fix: bump up TRIVYVERSION=v0.46.0 && TRIVYADAPTERVERSION=v0.30.17 by @zyyw in #19447
  • [cherry-pick] Use batch to list the job id in the job queue to avoid crash redis by @stonezdj in #19455
  • bump golang.org/x/net to v0.17.0 && go.opentelemetry.io/contrib on release-2.9.0 by @MinerYang in #19460
  • bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/m… by @MinerYang in #19476
  • bump golang to 1.21.3 on release-2.9.0 by @MinerYang in #19503
  • fix: bump up TRIVYVERSION=v0.46.1 && TRIVYADAPTERVERSION=v0.30.18 by @zyyw in #19499
  • update ut mock anything by @MinerYang in #19506
  • bump google.golang.org/grpc by @MinerYang in #19513

Other Changes

Full Changelog: v2.9.0...v2.9.1-rc1

v2.7.3

11 Sep 06:31
252a0b7
Compare
Choose a tag to compare

Known issue

  • Due to the change of querying for listing tasks of scan by this PR, vulnerability scan report that's done in v2.7.3 cannot be retrieved in v2.8.0, but it's still available in v2.8.1 (applied the same logic in this PR) and onwards. Please do not upgrade from v2.7.3 to v2.8.0, instead, directly upgrading to v2.8.1 or v2.9.0.

What's Changed

Component updates ⬆️

  • [cherry-pick] fix: improve the performance of list artifacts by @chlins in #18632
  • bump golang 1.19.9 on release-2.7.0 by @MinerYang in #18650
  • (cherry-pick) Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18711
  • set tag pull time for proxy cache by @wy65701436 in #18742
  • (cherry-pick) Return error when proxy cache get too many request error(429) by @stonezdj in #18751
  • Changed logic search projects in gitlab adapter for 2.7.0 by @lxShaDoWxl in #18784
  • [cherry-pick][2.7] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18802
  • [Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18995
  • [cherry-pick]fix accessory import issue by @wy65701436 in #19056
  • fix: TRIVYVERSION=v0.44.0 && TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19089
  • [Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19082
  • [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19093
  • bump go1.19.12 on release-2.7.0 base on ph4 by @MinerYang in #19162
  • [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19148
  • [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19121
  • [cherry-pick] fix: support customize cache db for business by @chlins in #19189
  • (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19306
  • bump goharbor/golang 1.19.13 on release-2.7.0 by @MinerYang in #19324
  • fix: bump up TRIVYVERSION=v0.45.0 && TRIVYADAPTERVERSION=v0.30.16 by @zyyw in #19329

Other Changes

Full Changelog: v2.7.2...v2.7.3

v2.7.3-rc1

08 Sep 07:21
252a0b7
Compare
Choose a tag to compare
v2.7.3-rc1 Pre-release
Pre-release

What's Changed

Component updates ⬆️

  • [cherry-pick] fix: improve the performance of list artifacts by @chlins in #18632
  • bump golang 1.19.9 on release-2.7.0 by @MinerYang in #18650
  • (cherry-pick) Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18711
  • set tag pull time for proxy cache by @wy65701436 in #18742
  • (cherry-pick) Return error when proxy cache get too many request error(429) by @stonezdj in #18751
  • Changed logic search projects in gitlab adapter for 2.7.0 by @lxShaDoWxl in #18784
  • [cherry-pick][2.7] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18802
  • [Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18995
  • [cherry-pick]fix accessory import issue by @wy65701436 in #19056
  • fix: TRIVYVERSION=v0.44.0 && TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19089
  • [Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19082
  • [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19093
  • bump go1.19.12 on release-2.7.0 base on ph4 by @MinerYang in #19162
  • [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19148
  • [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19121
  • [cherry-pick] fix: support customize cache db for business by @chlins in #19189
  • (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19306
  • bump goharbor/golang 1.19.13 on release-2.7.0 by @MinerYang in #19324
  • fix: bump up TRIVYVERSION=v0.45.0 && TRIVYADAPTERVERSION=v0.30.16 by @zyyw in #19329

Other Changes

Full Changelog: v2.7.2...v2.7.3-rc1

v2.9.0

01 Sep 04:36
6d1ad65
Compare
Choose a tag to compare

Known issue

  • There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Security Hub

Admin users can now access valuable security insights, which include the number of scanned and unscanned artifacts, identification of dangerous artifacts and CVEs, and advanced search capabilities for vulnerabilities using multiple combined conditions.

GC Enhancements

Improved visibility with detailed GC execution history and enable parallel deletion for faster GC triggers.

Supporting OCI Distribution Spec v1.1.0-rc2

Harbor now supports OCI Distribution Spec v1.1.0-rc2 and added support for Notation signature and Nydus conversion as referrers.

Additional Features

Customized banner message

Admins can now set a customized banner message displayed on top of Harbor web pages.

Quota Update Provider

Introduced a new mechanism utilizing Redis for optimistic locking during quota updates when pushing images. Refer to the documentation at https://github.com/goharbor/perf/wiki/Quota-Update for instructions on enabling and utilizing this feature.

Deprecations ❌

Removal of Notary

Starting with version v2.9.0, Harbor no longer includes Notary in either the user interface or the backend. Please navigate to this page for details.

Known issue

  • Harbor v2.9.0 Online/Offline Installer and Docker Version Compatibility
    If you install Harbor v2.9.0 using an online/offline installer with Docker version lower than 20.10.10, you may encounter an issue where the Harbor database container fails to start. This issue is being tracked at (#19141). For more detailed information about this specific problem, you can visit this page (timescale/timescaledb-docker-ha#260). To avoid this issue, we recommend ensuring that your Docker version is equal to or greater than 20.10.10 when using Harbor v2.9.0 with the online/offline installer.

Breaking Changes

  • As of Harbor v2.9.0, only PostgreSQL >= 12 is supported for external databases. Before upgrading, you should make sure that your external databases are using a supported version of PostgreSQL.
  • Different API behavior in Harbor version 2.9 vs. prior versions: Users with limited_guest role are not able to query the repository endpoint by id #19709

Enhancement 🚀

Component updates ⬆️

Read more

v2.9.0-rc3

01 Sep 04:28
6d1ad65
Compare
Choose a tag to compare
v2.9.0-rc3 Pre-release
Pre-release

Known issue

  • There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Enhancement 🚀

Component updates ⬆️

Read more

v2.9.0-rc2

28 Aug 13:25
44f5702
Compare
Choose a tag to compare
v2.9.0-rc2 Pre-release
Pre-release

Known issue

  • There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Enhancement 🚀

Component updates ⬆️

Read more

v2.8.4

16 Aug 06:39
ad3e767
Compare
Choose a tag to compare

Known issue

  • There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Component updates ⬆️

  • [cherry-pick]fix accessory import issue by @wy65701436 in #19058
  • fix: bump up TRIVYVERSION=v0.44.0 and TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19088
  • [Cherry-pick]Convert the string "0" to number 0 by @AllForNothing in #19081
  • [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19092
  • bump go 1.20.7 && install git for p4 base golang image by @MinerYang in #19138
  • [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19122
  • [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19147
  • fix: support customize cache db for business by @chlins in #19184

Other Changes

Full Changelog: v2.8.3...v2.8.4