Releases: goharbor/harbor
v2.9.1-rc1
What's Changed
Component updates ⬆️
- (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19307
- (cherry-pick) fix storage.redirect.disable migrate template error release-2.9.0 by @MinerYang in #19336
- [Cherry-pick]Hide version property if the value is undefined by @AllForNothing in #19396
- (cherry-pick) Change fixed_version to package_version by @stonezdj in #19432
- [cherry-pick]bump golang to 1.20.10 by @MinerYang in #19431
- fix: bump up TRIVYVERSION=v0.46.0 && TRIVYADAPTERVERSION=v0.30.17 by @zyyw in #19447
- [cherry-pick] Use batch to list the job id in the job queue to avoid crash redis by @stonezdj in #19455
- bump golang.org/x/net to v0.17.0 && go.opentelemetry.io/contrib on release-2.9.0 by @MinerYang in #19460
- bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/m… by @MinerYang in #19476
- bump golang to 1.21.3 on release-2.9.0 by @MinerYang in #19503
- fix: bump up TRIVYVERSION=v0.46.1 && TRIVYADAPTERVERSION=v0.30.18 by @zyyw in #19499
- update ut mock anything by @MinerYang in #19506
- bump google.golang.org/grpc by @MinerYang in #19513
Other Changes
- [cherry-pick]Refactor unstable test cases by @YangJiao0817 in #19351
- [cherry-pick]Add security hub API test case by @YangJiao0817 in #19377
- [cherry-pick]Add security hub UI test case by @YangJiao0817 in #19449
- Bump up version to v2.9.1 by @YangJiao0817 in #19451
- [cherry-pick]Add GC accessory API test case by @YangJiao0817 in #19463
- [cherry-pick]Add GC accessory UI test case by @YangJiao0817 in #19471
- Refresh base images on release-2.9.0 by @YangJiao0817 in #19475
- [cherry-pick]Add GC details and GC workers API test case by @YangJiao0817 in #19483
- [cherry-pick]Add GC details and GC workers UI test case by @YangJiao0817 in #19488
- [cherry-pick]Add banner message API test case by @YangJiao0817 in #19514
Full Changelog: v2.9.0...v2.9.1-rc1
v2.7.3
Known issue
- Due to the change of querying for listing tasks of scan by this PR, vulnerability scan report that's done in v2.7.3 cannot be retrieved in v2.8.0, but it's still available in v2.8.1 (applied the same logic in this PR) and onwards. Please do not upgrade from v2.7.3 to v2.8.0, instead, directly upgrading to v2.8.1 or v2.9.0.
What's Changed
Component updates ⬆️
- [cherry-pick] fix: improve the performance of list artifacts by @chlins in #18632
- bump golang 1.19.9 on release-2.7.0 by @MinerYang in #18650
- (cherry-pick) Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18711
- set tag pull time for proxy cache by @wy65701436 in #18742
- (cherry-pick) Return error when proxy cache get too many request error(429) by @stonezdj in #18751
- Changed logic search projects in gitlab adapter for 2.7.0 by @lxShaDoWxl in #18784
- [cherry-pick][2.7] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18802
- [Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18995
- [cherry-pick]fix accessory import issue by @wy65701436 in #19056
- fix: TRIVYVERSION=v0.44.0 && TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19089
- [Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19082
- [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19093
- bump go1.19.12 on release-2.7.0 base on ph4 by @MinerYang in #19162
- [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19148
- [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19121
- [cherry-pick] fix: support customize cache db for business by @chlins in #19189
- (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19306
- bump goharbor/golang 1.19.13 on release-2.7.0 by @MinerYang in #19324
- fix: bump up TRIVYVERSION=v0.45.0 && TRIVYADAPTERVERSION=v0.30.16 by @zyyw in #19329
Other Changes
- [cherry-pick]Fix setup-gcloud fails when building package by @YangJiao0817 in #18684
- [cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18980
- [cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19119
- [Cherry-pick]Add new uri path to ShouldNotReuseRoute array by @AllForNothing in #19220
Full Changelog: v2.7.2...v2.7.3
v2.7.3-rc1
What's Changed
Component updates ⬆️
- [cherry-pick] fix: improve the performance of list artifacts by @chlins in #18632
- bump golang 1.19.9 on release-2.7.0 by @MinerYang in #18650
- (cherry-pick) Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18711
- set tag pull time for proxy cache by @wy65701436 in #18742
- (cherry-pick) Return error when proxy cache get too many request error(429) by @stonezdj in #18751
- Changed logic search projects in gitlab adapter for 2.7.0 by @lxShaDoWxl in #18784
- [cherry-pick][2.7] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18802
- [Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18995
- [cherry-pick]fix accessory import issue by @wy65701436 in #19056
- fix: TRIVYVERSION=v0.44.0 && TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19089
- [Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19082
- [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19093
- bump go1.19.12 on release-2.7.0 base on ph4 by @MinerYang in #19162
- [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19148
- [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19121
- [cherry-pick] fix: support customize cache db for business by @chlins in #19189
- (cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19306
- bump goharbor/golang 1.19.13 on release-2.7.0 by @MinerYang in #19324
- fix: bump up TRIVYVERSION=v0.45.0 && TRIVYADAPTERVERSION=v0.30.16 by @zyyw in #19329
Other Changes
- [cherry-pick]Fix setup-gcloud fails when building package by @YangJiao0817 in #18684
- [cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18980
- [cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19119
- [Cherry-pick]Add new uri path to ShouldNotReuseRoute array by @AllForNothing in #19220
Full Changelog: v2.7.2...v2.7.3-rc1
v2.9.0
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Exciting New Features 🎉
Security Hub
Admin users can now access valuable security insights, which include the number of scanned and unscanned artifacts, identification of dangerous artifacts and CVEs, and advanced search capabilities for vulnerabilities using multiple combined conditions.
- Add Security Hub UI by @AllForNothing in #18942
- Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854
- Add vulnerability search API by @stonezdj in #18924
- Add security hub summary API by @stonezdj in #18872
- Create index in vulnerability_record table by @stonezdj in #18949
GC Enhancements
Improved visibility with detailed GC execution history and enable parallel deletion for faster GC triggers.
- Add worker parameter for GC by @AllForNothing in #18882
- Add more details in gc history by @wy65701436 in #18779
- Add multiple deletions of GC by @wy65701436 in #18855
Supporting OCI Distribution Spec v1.1.0-rc2
Harbor now supports OCI Distribution Spec v1.1.0-rc2 and added support for Notation signature and Nydus conversion as referrers.
- Support OCI-Subject header by @wy65701436 in #18885
- Add notation support by @wy65701436 in #18909
- Enable notary v2 policy checker by @wy65701436 in #18927
- Add Notation UI for deployment security by @AllForNothing in #18952
- Support nydus as an accessory by @wy65701436 in #18953
Additional Features
Customized banner message
Admins can now set a customized banner message displayed on top of Harbor web pages.
- Add customized banner message UI by @AllForNothing in #18827
Quota Update Provider
Introduced a new mechanism utilizing Redis for optimistic locking during quota updates when pushing images. Refer to the documentation at https://github.com/goharbor/perf/wiki/Quota-Update for instructions on enabling and utilizing this feature.
- feat: Optimize quota checking when pushing images by @lengrongfu in #17392
- perf: introduce update quota by redis by @chlins in #18871
- feat: add the configuration for quota update provider by @chlins in #18928
Deprecations ❌
Removal of Notary
Starting with version v2.9.0, Harbor no longer includes Notary in either the user interface or the backend. Please navigate to this page for details.
- Remove notary test cases by @YangJiao0817 in #18620
- Remove notary UI by @AllForNothing in #18666
- Remove the notary from the backend by @wy65701436 in #18668
Known issue
- Harbor v2.9.0 Online/Offline Installer and Docker Version Compatibility
If you install Harbor v2.9.0 using an online/offline installer with Docker version lower than 20.10.10, you may encounter an issue where the Harbor database container fails to start. This issue is being tracked at (#19141). For more detailed information about this specific problem, you can visit this page (timescale/timescaledb-docker-ha#260). To avoid this issue, we recommend ensuring that your Docker version is equal to or greater than 20.10.10 when using Harbor v2.9.0 with the online/offline installer.
Breaking Changes
- As of Harbor v2.9.0, only PostgreSQL >= 12 is supported for external databases. Before upgrading, you should make sure that your external databases are using a supported version of PostgreSQL.
- Different API behavior in Harbor version 2.9 vs. prior versions: Users with limited_guest role are not able to query the repository endpoint by id #19709
Enhancement 🚀
- Fix message prompt under the header by @AllForNothing in #18613
- fix: improve the performance of list artifacts by @chlins in #18610
- Improve repo_read_only header on the UI by @AllForNothing in #18729
- Add a text to explain the time window for GC by @AllForNothing in #18735
- Add a tooltip for slack notification by @AllForNothing in #18787
- 【UT】add unit test for collector system info by @lengrongfu in #18717
- Add Details column for gc history by @AllForNothing in #18797
- Add Podman push command to the UI by @AllForNothing in #18810
- Add new client Podman to the pull command by @AllForNothing in #18857
Component updates ⬆️
- fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487
- bump golang 1.20.3 on main by @MinerYang in #18492
- feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501
- Rewords quota definitions based on user input by @OrlinVasilev in #18512
- Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518
- GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386
- Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919
- feat: log with trace ID by @pgillich in #18181
- Fix typos in common.sh by @Maxi-Mega in #18151
- bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545
- Update position to vertical-align for copy button by @AllForNothing in #18563
- Add missing i18n key-value for helm chart by @AllForNothing in #18578
- Allow redis password using safe special characters by @MinerYang in #18566
- add goheader linter settings by @MinerYang in #18503
- fix: link to Github's rate limiting documentation. by @perjahn in #18588
- fix: error log use wrong variable err by @dyf991645 in #18602
- Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612
- Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608
- bump golang 1.20.4 on main by @MinerYang in #18647
- fix: sweep executions of image scan job by @chlins in #18649
- fix: cherry pick the migration sql by @chlins in #18644
- chore: replace
github.com/ghodss/yaml
withsigs.k8s.io/yaml
by @Juneezee in #18606 - Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263
- Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529
- bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687
- fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662
- Fix the channel that never receives a value by @iAklis in #18139
- Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697
- Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709
- chore: bump registry release to 2.8.2 by @davidspek in #18685
- Add support for TLSv1.3 in nginx configurations by @malmor in #18659
- set tag pull time for proxy cache by @wy65701436 in #18731
- http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990
- Return error when proxy cache get too many request error(429) by @stonezdj in #18728
- 【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in https://gi...
v2.9.0-rc3
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Exciting New Features 🎉
- Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854
- Add costomized banner message UI by @AllForNothing in #18827
- Add worker parameter for GC by @AllForNothing in #18882
- add notation support by @wy65701436 in #18909
- enable notary v2 policy checker by @wy65701436 in #18927
- Add vulnerability search API by @stonezdj in #18924
- Add Notation UI for deployment security by @AllForNothing in #18952
- Add Security Hub UI by @AllForNothing in #18942
- support nydus as a accessory by @wy65701436 in #18953
Enhancement 🚀
- Fix message prompt under the header by @AllForNothing in #18613
- fix: improve the performance of list artifacts by @chlins in #18610
- Improve repo_read_only header on the UI by @AllForNothing in #18729
- Add a text to explain the time window for GC by @AllForNothing in #18735
- add more details in gc history by @wy65701436 in #18779
- feat: Optimize quota checking when pushing images by @lengrongfu in #17392
- Add a tooltip for slack notification by @AllForNothing in #18787
- 【UT】add unit test for collector system info by @lengrongfu in #18717
- Add Details column for gc history by @AllForNothing in #18797
- Add Podman push command to the UI by @AllForNothing in #18810
- Add new client Podman to the pull command by @AllForNothing in #18857
- add multiple deletion of GC by @wy65701436 in #18855
- perf: introduce update quota by redis by @chlins in #18871
- Add security hub summary API by @stonezdj in #18872
- Create index in vulnerability_record table by @stonezdj in #18949
- feat: add the configuration for quota update provider by @chlins in #18928
Component updates ⬆️
- fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487
- bump golang 1.20.3 on main by @MinerYang in #18492
- feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501
- Reword quota definitions based on user input by @OrlinVasilev in #18512
- Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518
- GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386
- Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919
- feat: log with trace ID by @pgillich in #18181
- Fix typos in common.sh by @Maxi-Mega in #18151
- bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545
- Update position to vertical-align for copy button by @AllForNothing in #18563
- Add missing i18n key-value for helm chart by @AllForNothing in #18578
- Allow redis password using safe special characters by @MinerYang in #18566
- add goheader linter settings by @MinerYang in #18503
- fix: link to Github's rate limiting documentation. by @perjahn in #18588
- fix: error log use wrong variable err by @dyf991645 in #18602
- Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612
- Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608
- bump golang 1.20.4 on main by @MinerYang in #18647
- fix: sweep executions of image scan job by @chlins in #18649
- fix: cherry pick the migration sql by @chlins in #18644
- chore: replace
github.com/ghodss/yaml
withsigs.k8s.io/yaml
by @Juneezee in #18606 - Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263
- Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529
- bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687
- fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662
- Fix the channel that never receives a value by @iAklis in #18139
- Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697
- Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709
- chore: bump registry release to 2.8.2 by @davidspek in #18685
- Add support for TLSv1.3 in nginx configurations by @malmor in #18659
- set tag pull time for proxy cache by @wy65701436 in #18731
- http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990
- Return error when proxy cache get too many request error(429) by @stonezdj in #18728
- 【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716
- Fix syntax errors in comments by @lishaokai1995 in #18746
- add strong_ssl_ciphers for nginx https jinja template by @MinerYang in #18748
- fix: import optimization by @testwill in #18727
- fix invalid access action by @orblazer in #18188
- Fix: fix function name in comments by @cuishuang in #18726
- fix: clean up scan executions and reports after deleting artifact by @chlins in #18693
- Remove wrong format for boolean value in api definition by @sll552 in #18783
- fix: add checkpoint when enqueue scan tasks for scan all by @chlins in #18680
- Update/improve grafana dashboard by @mac-chaffee in #16661
- fix: optimize the mechanism of quota refresh by @chlins in #18795
- Update the text for the oidc cli secret tooltip by @AllForNothing in #18814
- jobservice: add DB to job logger config by @liubin in #18821
- jobservice: update readme by @liubin in #18849
- refactor: migrate the redis command keys to scan by @chlins in #18825
- Add unit test for hidden columns by @AllForNothing in #18873
- support OCI-Subject header by @wy65701436 in #18885
- Correct the hidden property for clrDgHideableColumn by @AllForNothing in #18890
- API: update ScannerRegistration.properties.url format by @liubin in #18799
- chore: upgrade golang-migrate to v4.16.2 by @chlins in #18879
- fix: add password/secret length check to be <= 128 by @zyyw in #18916
- update icons by @vndroid in #18767
- Log warning message when current user is freeze by @stonezdj in #18937
- fix: correct the operator in the webhook payload by @chlins in #18906
- Update the regex for policy name and the tooltip message by @AllForNothing in #18947
- fix: replication policy cron setting - the 1st field must be 0; the Minutes field cannot be ADOPTERS.md CHANGELOG.md CODEOWNERS CONTRI...
v2.9.0-rc2
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Exciting New Features 🎉
- Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854
- Add costomized banner message UI by @AllForNothing in #18827
- Add worker parameter for GC by @AllForNothing in #18882
- add notation support by @wy65701436 in #18909
- enable notary v2 policy checker by @wy65701436 in #18927
- Add vulnerability search API by @stonezdj in #18924
- Add Notation UI for deployment security by @AllForNothing in #18952
- Add Security Hub UI by @AllForNothing in #18942
- support nydus as a accessory by @wy65701436 in #18953
Enhancement 🚀
- Fix message prompt under the header by @AllForNothing in #18613
- fix: improve the performance of list artifacts by @chlins in #18610
- Improve repo_read_only header on the UI by @AllForNothing in #18729
- Add a text to explain the time window for GC by @AllForNothing in #18735
- add more details in gc history by @wy65701436 in #18779
- feat: Optimize quota checking when pushing images by @lengrongfu in #17392
- Add a tooltip for slack notification by @AllForNothing in #18787
- 【UT】add unit test for collector system info by @lengrongfu in #18717
- Add Details column for gc history by @AllForNothing in #18797
- Add Podman push command to the UI by @AllForNothing in #18810
- Add new client Podman to the pull command by @AllForNothing in #18857
- add multiple deletion of GC by @wy65701436 in #18855
- perf: introduce update quota by redis by @chlins in #18871
- Add security hub summary API by @stonezdj in #18872
- Create index in vulnerability_record table by @stonezdj in #18949
- feat: add the configuration for quota update provider by @chlins in #18928
Component updates ⬆️
- fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487
- bump golang 1.20.3 on main by @MinerYang in #18492
- feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501
- Reword quota definitions based on user input by @OrlinVasilev in #18512
- Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518
- GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386
- Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919
- feat: log with trace ID by @pgillich in #18181
- Fix typos in common.sh by @Maxi-Mega in #18151
- bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545
- Update position to vertical-align for copy button by @AllForNothing in #18563
- Add missing i18n key-value for helm chart by @AllForNothing in #18578
- Allow redis password using safe special characters by @MinerYang in #18566
- add goheader linter settings by @MinerYang in #18503
- fix: link to Github's rate limiting documentation. by @perjahn in #18588
- fix: error log use wrong variable err by @dyf991645 in #18602
- Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612
- Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608
- bump golang 1.20.4 on main by @MinerYang in #18647
- fix: sweep executions of image scan job by @chlins in #18649
- fix: cherry pick the migration sql by @chlins in #18644
- chore: replace
github.com/ghodss/yaml
withsigs.k8s.io/yaml
by @Juneezee in #18606 - Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263
- Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529
- bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687
- fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662
- Fix the channel that never receives a value by @iAklis in #18139
- Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697
- Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709
- chore: bump registry release to 2.8.2 by @davidspek in #18685
- Add support for TLSv1.3 in nginx configurations by @malmor in #18659
- set tag pull time for proxy cache by @wy65701436 in #18731
- http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990
- Return error when proxy cache get too many request error(429) by @stonezdj in #18728
- 【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716
- Fix syntax errors in comments by @lishaokai1995 in #18746
- add strong_ssl_ciphers for nginx https jinja template by @MinerYang in #18748
- fix: import optimization by @testwill in #18727
- fix invalid access action by @orblazer in #18188
- Fix: fix function name in comments by @cuishuang in #18726
- fix: clean up scan executions and reports after deleting artifact by @chlins in #18693
- Remove wrong format for boolean value in api definition by @sll552 in #18783
- fix: add checkpoint when enqueue scan tasks for scan all by @chlins in #18680
- Update/improve grafana dashboard by @mac-chaffee in #16661
- fix: optimize the mechanism of quota refresh by @chlins in #18795
- Update the text for the oidc cli secret tooltip by @AllForNothing in #18814
- jobservice: add DB to job logger config by @liubin in #18821
- jobservice: update readme by @liubin in #18849
- refactor: migrate the redis command keys to scan by @chlins in #18825
- Add unit test for hidden columns by @AllForNothing in #18873
- support OCI-Subject header by @wy65701436 in #18885
- Correct the hidden property for clrDgHideableColumn by @AllForNothing in #18890
- API: update ScannerRegistration.properties.url format by @liubin in #18799
- chore: upgrade golang-migrate to v4.16.2 by @chlins in #18879
- fix: add password/secret length check to be <= 128 by @zyyw in #18916
- update icons by @vndroid in #18767
- Log warning message when current user is freeze by @stonezdj in #18937
- fix: correct the operator in the webhook payload by @chlins in #18906
- Update the regex for policy name and the tooltip message by @AllForNothing in #18947
- fix: replication policy cron setting - the 1st field must be 0; the Minutes field cannot be ADOPTERS.md CHANGELOG.md CODEOWNERS CONTRI...
v2.8.4
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Component updates ⬆️
- [cherry-pick]fix accessory import issue by @wy65701436 in #19058
- fix: bump up TRIVYVERSION=v0.44.0 and TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19088
- [Cherry-pick]Convert the string "0" to number 0 by @AllForNothing in #19081
- [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19092
- bump go 1.20.7 && install git for p4 base golang image by @MinerYang in #19138
- [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19122
- [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19147
- fix: support customize cache db for business by @chlins in #19184
Other Changes
- [cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19117
Full Changelog: v2.8.3...v2.8.4
v2.8.4-rc1
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Component updates ⬆️
- [cherry-pick]fix accessory import issue by @wy65701436 in #19058
- fix: bump up TRIVYVERSION=v0.44.0 and TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19088
- [Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19081
- [cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19092
- bump go 1.20.7 && install git for p4 base golang image by @MinerYang in #19138
- [cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19122
- [cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19147
- fix: support customize cache db for business by @chlins in #19184
Other Changes
- [cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19117
Full Changelog: v2.8.3...v2.8.4-rc1
v2.9.0-rc1
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Exciting New Features 🎉
Security Hub
Admin users can now access valuable security insights, which including the number of scanned and unscanned artifacts, identification of dangerous artifacts and CVEs and advanced search capabilities for vulnerabilities using multiple combined conditions.
- Add Security Hub UI by @AllForNothing in #18942
- Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854
- Add vulnerability search API by @stonezdj in #18924
- Add security hub summary API by @stonezdj in #18872
- Create index in vulnerability_record table by @stonezdj in #18949
GC Enhancements
Improved visibility with detailed GC execution history and enable parallel deletion for faster GC triggers.
- Add worker parameter for GC by @AllForNothing in #18882
- add more details in gc history by @wy65701436 in #18779
- add multiple deletion of GC by @wy65701436 in #18855
Supporting OCI Distribution Spec v1.1.0-rc2
Harbor now supports OCI Distribution Spec v1.1.0-rc2 and added support for Notation signature and Nydus conversion as referrers.
- support OCI-Subject header by @wy65701436 in #18885
- add notation support by @wy65701436 in #18909
- enable notary v2 policy checker by @wy65701436 in #18927
- Add Notation UI for deployment security by @AllForNothing in #18952
- support nydus as a accessory by @wy65701436 in #18953
Additional Features
Customized banner message
Admins can now set a customized banner message displayed on top of Harbor web pages.
- Add costomized banner message UI by @AllForNothing in #18827
Quota Update Provider
Introduced a new mechanism utilizing Redis for optimistic locking during quota updates when pushing images. Refer to the documentation at https://github.com/goharbor/perf/wiki/Quota-Update for instructions on enabling and utilizing this feature.
- feat: Optimize quota checking when pushing images by @lengrongfu in #17392
- perf: introduce update quota by redis by @chlins in #18871
- feat: add the configuration for quota update provider by @chlins in #18928
Deprecations ❌
Removal of Notary
Starting with version v2.9.0, Harbor no longer includes Notary in either the user interface or the backend.
- Remove notary test cases by @YangJiao0817 in #18620
- Remove notary UI by @AllForNothing in #18666
- remove the notary from backend by @wy65701436 in #18668
Enhancement 🚀
- Fix message prompt under the header by @AllForNothing in #18613
- fix: improve the performance of list artifacts by @chlins in #18610
- Improve repo_read_only header on the UI by @AllForNothing in #18729
- Add a text to explain the time window for GC by @AllForNothing in #18735
- Add a tooltip for slack notification by @AllForNothing in #18787
- 【UT】add unit test for collector system info by @lengrongfu in #18717
- Add Details column for gc history by @AllForNothing in #18797
- Add Podman push command to the UI by @AllForNothing in #18810
- Add new client Podman to the pull command by @AllForNothing in #18857
Component updates ⬆️
- fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487
- bump golang 1.20.3 on main by @MinerYang in #18492
- feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501
- Reword quota definitions based on user input by @OrlinVasilev in #18512
- Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518
- GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386
- Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919
- feat: log with trace ID by @pgillich in #18181
- Fix typos in common.sh by @Maxi-Mega in #18151
- bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545
- Update position to vertical-align for copy button by @AllForNothing in #18563
- Add missing i18n key-value for helm chart by @AllForNothing in #18578
- Allow redis password using safe special characters by @MinerYang in #18566
- add goheader linter settings by @MinerYang in #18503
- fix: link to Github's rate limiting documentation. by @perjahn in #18588
- fix: error log use wrong variable err by @dyf991645 in #18602
- Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612
- Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608
- bump golang 1.20.4 on main by @MinerYang in #18647
- fix: sweep executions of image scan job by @chlins in #18649
- fix: cherry pick the migration sql by @chlins in #18644
- chore: replace
github.com/ghodss/yaml
withsigs.k8s.io/yaml
by @Juneezee in #18606 - Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263
- Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529
- bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687
- fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662
- Fix the channel that never receives a value by @iAklis in #18139
- Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697
- Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709
- chore: bump registry release to 2.8.2 by @davidspek in #18685
- Add support for TLSv1.3 in nginx configurations by @malmor in #18659
- set tag pull time for proxy cache by @wy65701436 in #18731
- http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990
- Return error when proxy cache get too many request error(429) by @stonezdj in #18728
- 【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716
- Fix syntax errors in comments by @lishaokai1995 in #18746
- add strong_ssl_ciphers for nginx https jinja template by @MinerYang in #18748
- fix: import optimization by @testwill in #18727
- fix invalid access action by @orblazer in #18188
- Fix: fix function name in comments by @cuishuang in #18726
- fix: clean up scan executions and reports after deleting artifact by @chlins in #18693
- Remove wrong format for boolean value in api definition by @sll552 in #18783
- fix: add checkpoint when enqueue scan tasks for scan all by @chlins in #18680
- Update/improve grafana dashboard by @mac-chaffee in #16661
- fix: optimize the mechanism of quota refresh by @chlins in #18795
- Update the text for the oidc cli secret tooltip by @AllForNothing in https://gith...
v2.8.3
Known issue
- There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific
storage_service.redirect.disable
configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.
What's Changed
Component updates ⬆️
- Changed logic search projects in gitlab adapter for 2.8.0 by @lxShaDoWxl in #18785
- [cherry-pick][2.8] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18803
- [Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18994
- bump golang1.20.6 on release-2.8.0& build golang based on photon by @MinerYang in #18990
Other Changes
- [cherry-pick]Add replication by chunk testcase by @YangJiao0817 in #18903
- [cherry-pick]Add CloudEvents format webhook testcase by @YangJiao0817 in #18907
- [cherry-pick]Add OIDC filter group testcase by @YangJiao0817 in #18915
- Refresh base images on 2.8 by @YangJiao0817 in #18961
- [cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18979
- Bump up version to v2.8.3 by @YangJiao0817 in #19007
Full Changelog: v2.8.2...v2.8.3