registry 2.7.0-rc.0

Welcome to the v2.7.0-rc.0 release of registry!
This is a pre-release of registry

The 2.7 registry release has been a long time coming and represents both
a long gap since the previous release and a renewed effort to release
regularly. The maintainers were committed to get OCI support into the
next release and thanks to much effort in the community that has
been accomplished.

OCI Support

Push and Pull of OCI Images

The registry now allows pushing and pulling OCI images. OCI images will always
be preserved exactly without conversion to older types. With this change,
clients which implement OCI can feel comfortable creating OCI images as part of
their container image build process.

Specification Donation

The Distribution specification which has had 4 years of review, implementation,
and production use is now part of OCI. As part of that move, specification
changes will no longer be accepted in the open source registry and should
instead go to OCI's distribution-spec.

Bug fixes

Many many fixes and improvements, see the change log below

Please try out the release binaries and report any issues at
https://github.com/docker/distribution/issues.

Contributors

• Derek McGowan
• Stephen J Day
• Olivier Gambier
• Mike Brown
• Aaron Lehmann
• David Wu
• Manish Tomar
• Misty Stanley-Jones
• Sargun Dhillon
• fate-grand-order
• Huu Nguyen
• Yu Wang
• Ahmet Alp Balkan
• Andrew Leung
• Andrey Kostov
• Clayton Coleman
• Noah Treuhaft
• Owen W. Taylor
• Ryan Abrams
• Troels Thomsen
• Feng Honglin
• Gwendolynne Barr
• Haibing Zhou 周海兵
• Masataka Mizukoshi
• Michal Fojtik
• Oleg Bulatov
• Per Lundberg
• Rui Cao
• Tibor Vass
• ning xie
• Alvin Feng
• Antonio Murdaca
• Christy Perez
• Corey Quon
• Deshi Xiao
• Elsan Li 李楠
• Elton Stoneman
• Eric Yang
• Felix Bünemann
• Gladkov Alexey
• Helen Xie
• Igor Morozov
• Ina Panova
• Javier Palomo Almena
• Jesse Haka
• Joao Fernandes
• Jon Johnson
• Justin Cormack
• Justin Santa Barbara
• Kevin Lin
• Kira
• Leonardo Azize Martins
• LingFaKe
• Liron Levin
• Luis Lobo Borobia
• Michal Minář
• Monika Katiyar
• Nishant Totla
• Nycholas de Oliveira e Oliveira
• Oleg Bulatov
• Parth Mehrotra
• Raphaël Enrici
• Riyaz Faizullabhoy
• Sakeven Jiang
• Santiago Torres
• Sebastiaan van Stijn
• Tianon Gravi
• Tony Holdstock-Brown
• Viktor Stanchev
• Wenkai Yin
• Yong Tang
• YuJie
• kaiwentan
• liyongxin
• mlmhl
• uhayate
• william wei
• yixi zhang

Changes

• 17b3ff18 Merge pull request #2730 from dmcgowan/version-update-2.7.0-rc.0
• f08b3486 Update version to 2.7.0-rc.0
• f3adfea3 Merge pull request #2721 from dmcgowan/release-notes-2.7.0-rc
• e1817db8 Merge pull request #2720 from dmcgowan/update-release-process
• 97cb7f35 Update release documents
• 2eb7a172 Add 2.7.0-rc release notes
• 06a4c2f6 Update mailmap file
• d37f8164 Merge pull request #2723 from mirake/fix-typos
• 569d18ae Fix some typos
• 16128bba Merge pull request #2707 from davidswu/go-1.11
• b089e916 Merge pull request #2712 from liyongxin/master
• 6133840f typo fix from existant to existent
• a927fbdb track digest offset in blobwriter
• d8bde9b9 remove go 1.9 and 1.10 checks from travis
• bd41413d remove closenotifier
• 166874ad fix gofmt and goimports
• a5c2fdc5 Merge pull request #2705 from mirake/fix-typo
• 9da0f07c update travis with go 1.11
• 877d706b remove dependencies on resumable
• d1f36d46 Fix some typos
• 642075f4 Merge pull request #2631 from whoshuu/feature/improve-gcs-driver
• 15de837a Merge pull request #2704 from dmcgowan/fix-2703
• 7a195dd5 Add back include_gcs build constraint
• 69299d93 Use existing jwtConf instead of creating a scoped one
• f9187b25 Add regulator to GCS
• b424c3d8 Better error handling for GCS credential argument addition
• 3f9f073c Edit configuration.md to add gcs credentials option
• 78238ef1 Add credentials argument for GCS driver
• efa4c3bb Merge pull request #2702 from caervs/fix_path_enumeration
• 6d66d036 Merge pull request #2698 from cquon/swift_vendor
• c88728f2 Fix registry stripping newlines from manifests
• 6b73a9ab Ignore missing paths during enumeration
• fd32d5f9 update github.com/ncw/swift package in vendor to v1.0.40
• 5a74b806 update github.com/ncw/swift package in vendor to avoid potential memory leaks
• 9930542d Merge pull request #2701 from davidswu/metalinter
• 8d7e4cd3 fix goimports and gofmt
• 90705d2f Merge pull request #2362 from twistlock/populate_htpasswd
• b12bd400 Merge pull request #2639 from andrew-leung/manifesteventlayers
• 059f301d Merge pull request #2685 from manishtomar/mani-graceful-shutdown
• f95ac7db fix doc - thanks @dmp42
• 3354cf98 Merge pull request #2680 from manishtomar/mani-fix-mem-leak
• ef859e1b Merge pull request #2474 from vikstrous/disable-v1-master
• 90070b33 Merge pull request #2694 from caervs/fix_nginx_spacing
• [0101db11](0101db...

Docker Registry v2.6.2

This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.

Details for mitigation are in 29fa466

CVE-2017-11468 has been assigned for this issue.

Changelog

48294d9 Merge pull request #2343 from stevvooe/prepare-2.6.2
04ce686 release: prepare for 2.6.2 release
c829241 Merge pull request #2341 from stevvooe/limit-payload-size-26
29fa466 registry/{storage,handlers}: limit content sizes
42ea75c Merge pull request #2284 from mstanleyjones/release/2.6
ed2b686 Put architecture.md back into distribution repo

Docker Registry v2.5.2

This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.

Details for mitigation are in 58d239d.

CVE-2017-11468 has been assigned for this issue.

Changelog

0bae751 Merge pull request #2344 from stevvooe/prepare-2.5.2
48cb60a release: prepare for 2.5.2 release
2b0952d Merge pull request #2342 from stevvooe/limit-payload-size-25
58d239d registry/{storage,handlers}: limit content sizes
9bc9d21 Merge pull request #2122 from
mstanleyjones/configuration_changes_backport
fcbea60 Improve formatting of configuration.md
6b114e6 Merge pull request #2081 from Windfarer/release/2.5
6c985f7 Update main.go
2c3b616 Merge pull request #2054 from mstanleyjones/2.5_metadata_fixes
5adfbe3 Remove newlines from end of error strings
cfe7079 Satisfy the latest go lint rules
abd2d76 Metadata and formatting fixes needed for Jekyll build
6b3ccf9 Convert Markdown frontmatter to YAML
a8402a2 Merge pull request #1985 from johndmulhausen/master
0a22649 Update to fix lint errors

Docker Registry v2.6.1

Changelog

Registry

• Fix Forwarded header handling, revert use of X-Forwarded-Port
• Use driver Stat for registry health check

Docker Registry v2.6.1-rc.2

Changelog

Registry

• Fix Forwarded header handling, revert use of X-Forwarded-Port
• Use driver Stat for registry health check

Docker Registry v2.6.1-rc.1

Changelog

Registry

• Fix Forwarded header handling, revert use of X-Forwarded-Port

Docker Registry v2.6.0

2.6.0 (2017-01-18)

Storage

• S3: fixed bug in delete due to read-after-write inconsistency
• S3: allow EC2 IAM roles to be used when authorizing region endpoints
• S3: add Object ACL Support
• S3: fix delete method's notion of subpaths
• S3: use multipart upload API in Move method for performance
• S3: add v2 signature signing for legacy S3 clones
• Swift: add simple heuristic to detect incomplete DLOs during read ops
• Swift: support different user and tenant domains
• Swift: bulk deletes in chunks
• Aliyun OSS: fix delete method's notion of subpaths
• Aliyun OSS: optimize data copy after upload finishes
• Azure: close leaking response body
• Fix storage drivers dropping non-EOF errors when listing repositories
• Compare path properly when listing repositories in catalog
• Add a foreign layer URL host whitelist
• Improve catalog enumerate runtime

Registry

• Export storage.CreateOptions in top-level package
• Enable notifications to endpoints that use self-signed certificates
• Properly validate multi-URL foreign layers
• Add control over validation of URLs in pushed manifests
• Proxy mode: fix socket leak when pull is cancelled
• Tag service: properly handle error responses on HEAD request
• Support for custom authentication URL in proxying registry
• Add configuration option to disable access logging
• Add notification filtering by target media type
• Manifest: References() returns all children
• Honor X-Forwarded-Port and Forwarded headers
• Reference: Preserve tag and digest in With* functions
• Add policy configuration for enforcing repository classes

Client

• Changes the client Tags All() method to follow links
• Allow registry clients to connect via HTTP2
• Better handling of OAuth errors in client

Spec

• Manifest: clarify relationship between urls and foreign layers
• Authorization: add support for repository classes

Manifest

• Override media type returned from Stat() for existing manifests
• Add plugin mediatype to distribution manifest

Docs

• Document TOOMANYREQUESTS error code
• Document required Let's Encrypt port
• Improve documentation around implementation of OAuth2
• Improve documentation for configuration

Auth

• Add support for registry type in scope
• Add support for using v2 ping challenges for v1
• Add leeway to JWT nbf and exp checking
• htpasswd: dynamically parse htpasswd file
• Fix missing auth headers with PATCH HTTP request when pushing to default port

Dockerfile

• Update to go1.7
• Reorder Dockerfile steps for better layer caching

Notes

Documentation has moved to the documentation repository at
github.com/docker/docker.github.io/tree/master/registry

The registry is go 1.7 compliant, and passes newer, more restrictive lint and vet ing.

Docker Registry v2.6.0-rc.2

Changelog

Spec

• Authorization: add support for repository classes

Registry

• Add policy configuration for enforcing repository classes

Docker Registry v2.6.0-rc.1

Changelog

Storage

• S3: fixed bug in delete due to read-after-write inconsistency
• S3: allow EC2 IAM roles to be used when authorizing region endpoints
• S3: add Object ACL Support
• S3: fix delete method's notion of subpaths
• S3: use multipart upload API in Move method for performance
• S3: add v2 signature signing for legacy S3 clones
• Swift: add simple heuristic to detect incomplete DLOs during read ops
• Swift: support different user and tenant domains
• Swift: bulk deletes in chunks
• Aliyun OSS: fix delete method's notion of subpaths
• Aliyun OSS: optimize data copy after upload finishes
• Azure: close leaking response body
• Fix storage drivers dropping non-EOF errors when listing repositories
• Compare path properly when listing repositories in catalog
• Add a foreign layer URL host whitelist
• Improve catalog enumerate runtime

Registry

• Override media type returned from Stat() for existing manifests
• Export storage.CreateOptions in top-level package
• Enable notifications to endpoints that use self-signed certificates
• Properly validate multi-URL foreign layers
• Add control over validation of URLs in pushed manifests
• Proxy mode: fix socket leak when pull is cancelled
• Tag service: properly handle error responses on HEAD request
• Support for custom authentication URL in proxying registry
• Add configuration option to disable access logging
• Add notification filtering by target media type
• Manifest: References() returns all children
• Honor X-Forwarded-Port and Forwarded headers
• Reference: Preserve tag and digest in With* functions

Client

• Changes the client Tags All() method to follow links
• Allow registry clients to connect via HTTP2
• Better handling of OAuth errors in client

Spec

• Manifest: clarify relationship between urls and foreign layers

Manifest

• Add plugin mediatype to distribution manifest

Docs

• Document TOOMANYREQUESTS error code
• Document required Let's Encrypt port
• Improve documentation around implementation of OAuth2

Auth

• Add support for registry type in scope
• Add support for using v2 ping challenges for v1
• Add leeway to JWT nbf and exp checking
• htpasswd: dynamically parse htpasswd file
• Fix missing auth headers with PATCH HTTP request when pushing to default port

Dockerfile

• Update to go1.7
• Reorder Dockerfile steps for better layer caching

Notes

Documentation has moved to the documentation repository at
github.com/docker/docker.github.io/tree/master/registry

The registry is go 1.7 compliant, and passes newer, more restrictive lint and vet ing.

Docker Registry v2.5.1

Catalog endpoint improvements.