Releases: distribution/distribution
v3.0.0-alpha.1
This is the first major release in years!
It's an accumulation of effort that's bringing major improvements in performance, security and general code quality!
See the abridged changelog below and the full release log here.
Deprecations
- Image Manifest v2 Schema v1
oss
andswift
storage driversdocker/libtrust
has been replaced withgo-jose/go-jose
reference
package has been moved to a dedicated repository (see here)client
is no longer supported as a standalone package
Notable Changes
reference
package has been moved to its own dedicated repository- Go module has changed from
docker/distribution
todistribution/distribution/v3
- Major performance improvements across all supported storage drivers
- Major dependencies updates (see the full list below)
- Online documentation is available at https://distribution.github.io/distribution/
What's Changed
- default autoredirect to false by @davidswu in #2800
- Add docs for autoredirect config parameter by @caervs in #2801
- Registry - make minimum TLS version user configurable by @gregrebholz in #2808
- Support BYOK for OSS storage driver by @denverdino in #2791
- Add reference. ParseDockerRef utility function by @thaJeztah in #2786
- Fix gometalint errors by @manishtomar in #2840
- registry: fix binary JSON content-type by @lucab in #2813
- Log authorized username by @manishtomar in #2854
- Fix cloudfront middleware by @vishesh92 in #2837
- support Alibaba Cloud CDN storage middleware by @Shawnpku in #2849
- replace rsc.io/letsencrypt in favour of golang.org/x/crypto by @tariq1890 in #2926
- migrate to go modules from vndr by @tariq1890 in #2941
- Fix typo: offest -> offset by @jabrown85 in #2894
- Fix s3 driver for supporting ceph radosgw by @tbe in #2879
- Fixes #2835 Process Accept header MIME types in case-insensitive way by @yuwaMSFT2 in #2861
- change default Dockerfile to install ssl utils by @andyzhangx in #2809
- Append the written bytes to the blob writer's size by @dmathieu in #2920
- fix no error returned in fetchTokenWithOAuth by @sevki in #2900
- use latest version of alpine when building the Docker container by @tariq1890 in #2946
- Extract blob upload resume into its own method by @dmathieu in #2930
- Handle Blob Create when the underlying registry doesn't provide 'Docker-Upload-UUID' by @dmathieu in #2927
- Implement Repository ServeBlob by @dmathieu in #2921
- Add notification metrics by @tifayuki in #2522
- Update the versions of several dependencies by @tariq1890 in #2947
- Implement Repository Blobs upload resuming by @dmathieu in #2917
- allow for VERSION and REVISION to be passed in during docker builds by @alex-laties in #2955
- swift: correct segment path generation by @terinjokes in #2950
- Adding deprecated schema instructions by @adrian-plata in #3000
- Test httpBlobUpload.Write method by @dmathieu in #2918
- registry: Fix typo in RepositoryRemover warning by @bouk in #2984
- use travis, not circle, build badge by @laverya in #3003
- API to retrive tag's digests by @manishtomar in #2748
- use latest version of alpine when building the Docker container by @ad-m in #2991
- Add pathspec for repo _layers directory and allow Repository.BlobStore to enumerate over blobs by @guillaumerose in #3061
- Fixing broken table by @adrian-plata in #3053
- bump golang to 1.13.4 by @sootysec in #3050
- make it possible to wrap the client transport in another one by @novas0x2a in #2985
- Fix TestRegistryAsCacheMutationAPIs by @fermayo in #3072
- Migrate to golangci-lint by @sayboras in #3023
- [master] Use same env var in Dockerfile and Makefile by @thaJeztah in #3086
- Update Golang 1.13.7, golang.org/x/crypto (CVE-2020-0601, CVE-2020-7919) by @thaJeztah in #3089
- Fix the pointer initialization by @legionus in #2446
- Fix typo cloudfront updatefrenquency by @kd7lxl in #3020
- Update Golang 1.13.8 by @thaJeztah in #3105
- Update readme and contributing docs by @dmcgowan in #3071
- Increase Unit Test Code Coverage by @naveedjamil in #2272
- Update governance and maintainers by @dmcgowan in #3110
- vendor: update docker/go-metrics v0.0.1 by @thaJeztah in #3080
- Use go-events package by @halcyonCorsair in #2550
- Update reporting issues guidelines by @dmcgowan in #3111
- Redis cache fixes and metrics by @dmcgowan in #3113
- Update oci library by @wy65701436 in #3121
- Fix gosimple checks by @dmcgowan in #3128
- Fix err shadowing in gcs driver by @dmage in #3127
- Fix CI failures, upgrade to Go 1.14+ by @jdolitsky in #3187
- docs: add redirect for old URL by @thaJeztah in #3196
- clean up code because err is always nil by @zhipengzuo in #3209
- Add s390x support for travis by @srajmane in #3140
- catalog: List repositories with no unique layers by @adamwg in #3173
- Bump AWS SDK by @lawliet89 in #3118
- vendor: opencontainers/go-digest v1.0.0 by @thaJeztah in #3226
- Update logrus to v1.6.0, fixes #3223 by @AndreasHassing in #3224
- Support ECS TaskRole in S3 storage driver by @abulford in #2973
- Reopen PR #2973 (Support ECS TaskRole in S3 storage driver). by @ob1dev in #3245
- Upgrade Redigo to
1.8.2
. by @ob1dev in #3239 - Upgrade Gorilla Mux to
1.8.0
. by @ob1dev in #3237 - #3288 Remove empty Content-Type header by @Smasherr in #3289
- Add new maintainers by @justincormack in #3303
- Add Adopters by @justincormack in #3306
- Ignore self reference object on empty prefix by @ricardomaraschini in #3302
- Dummy workflow to enable GitHub Actions by @crazy-max in #3314
- Update roadmap by @justincormack in #3334
- Replace Arko with Milos as a maintainer by @justincormack in #3335
- Adding Steve Lasker as a maintainer by @SteveLasker in #3337
- Adding first draft of CI on GitHub Actions by @chrispat in #3338
- Fixing push workflow by @chrispat in #3344
- Update slack channel to CNCF slack by @thaJeztah in #3343
- Removing Travis by @Chri...
v2.8.3
What's Changed
- Pass
BUILDTAGS
argument togo build
by @marcusirgens in #3926 - Enable Go build tags by @thaJeztah in #4009
reference
: replace deprecated functionSplitHostname
by @thaJeztah in #4032- Dont parse errors as JSON unless Content-Type is set to JSON by @thaJeztah in #4054
- update to go 1.20.8 by @thaJeztah in #4056
- Set
Content-Type
header in registry clientReadFrom
by @thaJeztah in #4053 - deprecate reference package, migrate to github.com/distribution/reference by @thaJeztah in #4063
digestset
: deprecate package in favor ofgo-digest/digestset
by @thaJeztah in #4064- Do not close HTTP request body in HTTP handler by @milosgajdos in #4068
- Add v2.8.3 release notes by @milosgajdos in #4088
New Contributors
- @marcusirgens made their first contribution in #3926
Full Changelog: v2.8.2...v2.8.3
v2.8.2
What's Changed
- Revert registry/client: set
Accept: identity
header when getting layers by @ndeloof in #3783 - Parse
http
forbidden as denied by @vvoland in #3914 - Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @thaJeztah (#3650)
- Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @josegomezr
521ea3d9
- Fix panic in inmemory driver by @wy65701436 in #3815
- bump up golang version (alternative) by @thaJeztah in #3903
- Dockerfile: update xx to v1.2.1 by @thaJeztah in #3907
- update to go1.19.9 by @thaJeztah in #3908
- Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @davidspek in #3893
- Dockerfile: fix filenames of artifacts by @thaJeztah in #3911
Full Changelog: v2.8.1...v2.8.2
v2.8.2-beta.2
What's Changed
- Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @thaJeztah (#3650)
- Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @josegomezr
521ea3d9
- Fix panic in inmemory driver by @wy65701436 in #3815
- bump up golang version (alternative) by @thaJeztah in #3903
- Dockerfile: update xx to v1.2.1 by @thaJeztah in #3907
- update to go1.19.9 by @thaJeztah in #3908
- Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @davidspek in #3893
- Dockerfile: fix filenames of artifacts by @thaJeztah in #3911
Full Changelog: v2.8.1...v2.8.2-beta.2
v2.8.2-beta.1
NOTE: This is a pre-release that does not contain any artifacts!
What's Changed
- Fix runaway allocation on /v2/_catalog by @josegomezr
521ea3d9
- Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @thaJeztah in #3650
- Fix panic in inmemory driver by @wy65701436 in #3815
- bump up golang version (alternative) by @thaJeztah in #3903
- Dockerfile: update xx to v1.2.1 by @thaJeztah in #3907
- update to go1.19.9 by @thaJeztah in #3908
- Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @davidspek in #3893
Full Changelog: v2.8.1...v2.8.2-beta.1
v2.8.1
Welcome to the v2.8.1 release of registry!
The 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0
There have been no changes made in the released binaries other than the bump of the Go runtime.
See the changelog below for a full list of changes.
CI
- ci: use proper git ref for versioning #3595
- Go: make Go version explicit and pin it to the latest 1.16 release #3604
Contributors
- CrazyMax
- Milos Gajdos
Changes
6 commits
Dependency Changes
This release has no dependency changes
The previous release can be found at v2.8.0
v2.8.0
registry 2.8.0
Welcome to the v2.8.0 release of registry!
The 2.8.0 registry release has been a long time overdue.
This is the first step towards the last 2.x release.
No further active development will continue on 2.x branch.
Security vulnerability patches to 2.x might be considered, but
all active development will be focussed on v3 release due in 2022.
This release includes a security vulnerability fix along
with a few minor bug fixes and improvemnts in documentation and CI.
See changelog below for full list of changes.
Bugfixes
- Close the io.ReadCloser from storage driver #3370
- Remove empty Content-Type header #3297
- Make ipfilteredby not required in cloudfront storage middleware #3088
Features
- Add reference.ParseDockerRef utility function #3002
CI build
- First draft of actions based ci #3347
- Fix vndr and check #3001
- Improve code quality by adding linter checks #3385
Documentation
- Add redirect for old URL #3197
- Fix broken table #3073
- Adding deprecated schema v1 instructions #2987
- Change should to must in v2 spec (#3495)
Storage drivers
- S3 Driver: add support for ceph radosgw #3119
Security
- Added flag for user configurable cipher suites #3384
- Address CVE-2020-26160 by replacing vulnerable third-party depedency#3466
- Replace math rand with crypto rand #3531
- Address CVE-2021-41190 by validating document type before unmarshal GHSA-77vh-xpmg-72qh
Changes
50 commits
- Prepare for v2.8.0 release (#3552)
- [2.8] Release artifacts (#3568)
6241e099
[2.8] Release artifacts
- [2.8] Release workflow (#3565)
65ca39e6
release workflow3b7b5345
Merge pull request from GHSA-qq97-vm5h-rrhg10ade61d
manifest: validate document type before unmarshal
- [release/2.7] github.com/golang-jwt/jwt v3.2.2 (#3466)
c5679da3
[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
- [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2 (#3535)
97f6dace
[release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
- [release/2.7]fix go check issues (#3531)
9a3ff113
fix go check issues
- [release/2.7 backport] Change should to must in v2 spec (#3495)
19b573a6
Change should to must in v2 spec
- [release/2.7] update to go1.16 (#3472)
d836b23f
[release/2.7] update to go1.16
- [backport release/2.7]Added flag for user configurable cipher suites (#3384)
cc341b01
Added flag for user configurable cipher suites
- enable ci for release/2.7 (#3385)
- [cherry pick]close the io.ReadCloser from storage driver (#3370)
3fe1d67a
close the io.ReadCloser from storage driver
- [backport release/2.7] First draft of actions based ci (#3347)
f1bd6551
First draft of actions based ci
- [release/2.7 backport] Remove empty Content-Type header (#3297)
cf8615de
Remove empty Content-Type header
- [release/2.7 backport] docs: add redirect for old URL (#3197)
48eeac88
docs: add redirect for old URL
- [release/2.7] Fix s3 driver for supporting ceph radosgw (#3119)
- [release/2.7 backport] Bugfix: Make ipfilteredby not required (#3088)
afa91463
Bugfix: Make ipfilteredby not required
- [release/2.7 backport] Add reference.ParseDockerRef utility function (#3002)
fad36ed1
Add reference.ParseDockerRef utility function
- [release/2.7 backport] fix markdown issues on configuration page (#3073)
- [release/2.7] Fix vndr and check (#3001)
5883e2d9
Fix vndr and check
- [release/2.7] Adding deprecated schema v1 page (#2987)
a3c027e6
Adding deprecated schema instructions
Dependency Changes
- github.com/dgrijalva/jwt-go -> github.com/golang-jwt/jwt.git # v3.2.2 (a601269ab70c -> 4bbdd8ac624f)
- github.com/opencontainers/image-spec -> github.com/opencontainers/image-spec # v1.0.2 (ab7389ef9f50 -> 67d2d5658fe0)
Previous release can be found at v2.7.1
v2.8.0-beta.1
Welcome to the v2.8.0-beta.1 release of registry!
The 2.8.0 registry release has been a long time overdue.
This is the first step towards the last 2.x release.
No further active development will continue on 2.x branch.
Security vulnerability patches to 2.x might be considered, but
all active development will be focussed on v3 release due in 2022.
This beta release includes a security vulnerability fix along
with a few minor bug fixes and improvemnts in documentation and CI.
See changelog below for full list of changes.
Bugfixes
- Close the io.ReadCloser from storage driver #3370
- Remove empty Content-Type header #3297
- Make ipfilteredby not required in cloudfront storage middleware #3088
Features
- Add reference.ParseDockerRef utility function #3002
CI build
- First draft of actions based ci #3347
- Fix vndr and check #3001
- Improve code quality by adding linter checks #3385
Documentation
- Add redirect for old URL #3197
- Fix broken table #3073
- Adding deprecated schema v1 instructions #2987
- Change should to must in v2 spec (#3495)
Storage drivers
- S3 Driver: add support for ceph radosgw #3119
Security
- Added flag for user configurable cipher suites #3384
- Address CVE-2020-26160 by replacing vulnerable third-party depedency#3466
- Replace math rand with crypto rand #3531
- Address CVE-2021-41190 by validating document type before unmarshal GHSA-77vh-xpmg-72qh
Changes
50 commits
- Prepare for v2.8.0 release (#3552)
- [2.8] Release artifacts (#3568)
6241e099
[2.8] Release artifacts
- [2.8] Release workflow (#3565)
65ca39e6
release workflow3b7b5345
Merge pull request from GHSA-qq97-vm5h-rrhg10ade61d
manifest: validate document type before unmarshal
- [release/2.7] github.com/golang-jwt/jwt v3.2.2 (#3466)
c5679da3
[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
- [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2 (#3535)
97f6dace
[release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
- [release/2.7]fix go check issues (#3531)
9a3ff113
fix go check issues
- [release/2.7 backport] Change should to must in v2 spec (#3495)
19b573a6
Change should to must in v2 spec
- [release/2.7] update to go1.16 (#3472)
d836b23f
[release/2.7] update to go1.16
- [backport release/2.7]Added flag for user configurable cipher suites (#3384)
cc341b01
Added flag for user configurable cipher suites
- enable ci for release/2.7 (#3385)
- [cherry pick]close the io.ReadCloser from storage driver (#3370)
3fe1d67a
close the io.ReadCloser from storage driver
- [backport release/2.7] First draft of actions based ci (#3347)
f1bd6551
First draft of actions based ci
- [release/2.7 backport] Remove empty Content-Type header (#3297)
cf8615de
Remove empty Content-Type header
- [release/2.7 backport] docs: add redirect for old URL (#3197)
48eeac88
docs: add redirect for old URL
- [release/2.7] Fix s3 driver for supporting ceph radosgw (#3119)
- [release/2.7 backport] Bugfix: Make ipfilteredby not required (#3088)
afa91463
Bugfix: Make ipfilteredby not required
- [release/2.7 backport] Add reference.ParseDockerRef utility function (#3002)
fad36ed1
Add reference.ParseDockerRef utility function
- [release/2.7 backport] fix markdown issues on configuration page (#3073)
- [release/2.7] Fix vndr and check (#3001)
5883e2d9
Fix vndr and check
- [release/2.7] Adding deprecated schema v1 page (#2987)
a3c027e6
Adding deprecated schema instructions
Dependency Changes
- github.com/dgrijalva/jwt-go -> github.com/golang-jwt/jwt.git # v3.2.2 (a601269ab70c -> 4bbdd8ac624f)
- github.com/opencontainers/image-spec -> github.com/opencontainers/image-spec # v1.0.2 (ab7389ef9f50 -> 67d2d5658fe0)
Previous release can be found at v2.7.1
registry 2.7.1
Welcome to the v2.7.1 release of registry!
The first patch release of 2.7 addresses an upgrade issue when
using configurations from pre-2.7 registries. When upgrading from
2.6 or earlier use this patch release or newer to avoid a failure
on startup from not updating the configuration file.
- Set default for new
autoredirect
option - GCS driver is now included in binary builds using Dockerfile
Please try out the release binaries and report any issues at
https://github.com/docker/distribution/issues.
Contributors
- Derek McGowan
- Ryan Abrams
- David Wu
Changes
2461543d
Merge pull request #2824 from dmcgowan/update-version-file-2.7.15b98226a
Update version file for 2.7.12eab12df
Merge pull request #2805 from dmcgowan/release-2.7.1445ef068
Release notes for 2.7.1cbc30be4
Merge pull request #2821 from caervs/ISS-2819bf74e4f9
Use same env var in Dockerfile and Makefile62994fdd
Merge pull request #2804 from caervs/ISS-2793-2.7e702d95c
Merge pull request #2802 from davidswu/2.7-autoredirectcaf43bbc
default autoredirect to falsed1abdeb6
Add docs for autoredirect config parameter
Dependency Changes
Previous release can be found at v2.7.0
registry 2.7.0
Welcome to the v2.7.0 release of registry!
The 2.7 registry release has been a long time coming and represents both
a long gap since the previous release and a renewed effort to release
regularly. The maintainers were committed to get OCI support into the
next release and thanks to much effort in the community that has
been accomplished.
OCI Support
Push and Pull of OCI Images
The registry now allows pushing and pulling OCI images. OCI images will always
be preserved exactly without conversion to older types. With this change,
clients which implement OCI can feel comfortable creating OCI images as part of
their container image build process.
Specification Donation
The Distribution specification which has had 4 years of review, implementation,
and production use is now part of OCI. As part of that move, specification
changes will no longer be accepted in the open source registry and should
instead go to OCI's distribution-spec.
Bug Fixes and Improvements
General
- Update Go version to 1.11
- Switch to multi-stage Dockerfile
- Validations enabled by default with new
disabled
config option - Optimize health check performance
- Create separate permission for deleting objects in a repo
- Fix storage driver error propagation for manifest GETs
- Fix forwarded header resolution
- Add prometheus metrics
- Disable schema1 manifest by default (this affects docker versions
1.9
and older) - Graceful shutdown
- TLS: remove ciphers that do not support perfect forward secrecy
- Fix registry stripping newlines from manifests
- Add bugsnag logrus hook
- Support ARM builds
Storage Driver
- OSS: fix current directory showing up in OSS driver.List()
- Azure: fix race condition in PutContent()
- Azure: update vendor
- S3: update AWS SDK and use AWS SDK to validate regions
- S3: remove expiration tag on multi-part uploads
- S3: improve
Walk
performance - S3: allow bypassing cloudfront when in the same region
- S3: remove s3-goamz driver in favor of s3-aws
- Swift: update vendor
See changelog below for full list of changes
Please try out the release binaries and report any issues at
https://github.com/docker/distribution/issues.
Contributors
- Derek McGowan
- Stephen J Day
- Olivier Gambier
- Mike Brown
- Aaron Lehmann
- David Wu
- Manish Tomar
- Misty Stanley-Jones
- Sargun Dhillon
- fate-grand-order
- Huu Nguyen
- Ryan Abrams
- Yu Wang
- Ahmet Alp Balkan
- Andrew Leung
- Andrey Kostov
- Clayton Coleman
- Noah Treuhaft
- Owen W. Taylor
- Rui Cao
- Troels Thomsen
- Feng Honglin
- Gwendolynne Barr
- Haibing Zhou 周海兵
- Masataka Mizukoshi
- Michal Fojtik
- Oleg Bulatov
- Per Lundberg
- Tibor Vass
- Viktor Stanchev
- ning xie
- Alvin Feng
- Antonio Murdaca
- Christy Perez
- Corey Quon
- Deshi Xiao
- Elsan Li 李楠
- Elton Stoneman
- Eric Yang
- Felix Bünemann
- Gladkov Alexey
- Grachev Mikhail
- Helen Xie
- Igor Morozov
- Ina Panova
- Javier Palomo Almena
- Jesse Haka
- Joao Fernandes
- Jon Johnson
- Justin Cormack
- Justin Santa Barbara
- Kevin Lin
- Kira
- Leonardo Azize Martins
- LingFaKe
- Liron Levin
- Luis Lobo Borobia
- Matt Tescher
- Michal Minář
- Monika Katiyar
- Nishant Totla
- Nycholas de Oliveira e Oliveira
- Oleg Bulatov
- Parth Mehrotra
- Raphaël Enrici
- Riyaz Faizullabhoy
- Sakeven Jiang
- Santiago Torres
- Sebastiaan van Stijn
- Tianon Gravi
- Tonis Tiigi
- Tony Holdstock-Brown
- Wenkai Yin
- Yong Tang
- Yongxin Li
- YuJie
- kaiwentan
- liyongxin
- mlmhl
- uhayate
- william wei
- yixi zhang
Changes
40b7b583
Merge pull request #2775 from caervs/release_notes_2.708c6bbed
Release notes for 2.7d9e12182
Merge pull request #2772 from dmcgowan/add-arm-flag63f6c120
Add GOARM flag to dockerfileaa985ba8
Merge pull request #2711 from davidswu/autoredirectdd36fd36
Merge pull request #2742 from tescherm/configure-bugsnag-logging7c4d584e
add bugsnag logrus hook93e08274
Merge pull request #2734 from mgrachev/patch-1f7046a6d
Merge pull request #2735 from tonistiigi/update-dockerfilecd1648d6
Fix typo8a800e12
update Dockerfile to multi-stage1cb4180b
Merge pull request #2729 from liyongxin/master451cd548
Merge pull request #2731 from mirake/fix-typos6335cc25
Fix typo: commmand -> command17b3ff18
Merge pull request #2730 from dmcgowan/version-update-2.7.0-rc.0f08b3486
Update version to 2.7.0-rc.0f3adfea3
Merge pull request #2721 from dmcgowan/release-notes-2.7.0-rce1817db8
Merge pull request #2720 from dmcgowan/update-release-processde8636b7
typo fix about overridden97cb7f35
Update release documents2eb7a172
Add 2.7.0-rc release notes06a4c2f6
Update mailmap filed37f8164
Merge pull request #2723 from mirake/fix-typos569d18ae
Fix some typos2e1e6307
add autoredirect to optionb2bd4657
fix checksf730f3ab
add autoredirect auth config16128bba
Merge pull request #2707 from davidswu/go-1.11b089e916
Merge pull request #2712 from liyongxin/master6133840f
typo fix from existant to existenta927fbdb
track digest offset in blobwriterd8bde9b9
remove go 1.9 and 1.10 checks from travisbd41413d
remove closenotifier166874ad
fix gofmt and goimportsa5c2fdc5
Merge pull request #2705 from mirake/fix-typo9da0f07c
update travis with go 1.11877d706b
remove dependencies on resumabled1f36d46
Fix some typos642075f4
Merge pull request [#2631](https://github.com/dock...