Harbor - v2.9.0-rc1

Security

What's Changed

Exciting New Features πŸŽ‰

Security Hub

Admin users can now access valuable security insights, which including the number of scanned and unscanned artifacts, identification of dangerous artifacts and CVEs and advanced search capabilities for vulnerabilities using multiple combined conditions.
* Add Security Hub UI by @AllForNothing in https://github.com/goharbor/harbor/pull/18942
* Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in https://github.com/goharbor/harbor/pull/18854
* Add vulnerability search API by @stonezdj in https://github.com/goharbor/harbor/pull/18924
* Add security hub summary API by @stonezdj in https://github.com/goharbor/harbor/pull/18872
* Create index in vulnerability_record table by @stonezdj in https://github.com/goharbor/harbor/pull/18949

GC Enhancements

Improved visibility with detailed GC execution history and enable parallel deletion for faster GC triggers.
* Add worker parameter for GC by @AllForNothing in https://github.com/goharbor/harbor/pull/18882
* add more details in gc history by @wy65701436 in https://github.com/goharbor/harbor/pull/18779
* add multiple deletion of GC by @wy65701436 in https://github.com/goharbor/harbor/pull/18855

Supporting OCI Distribution Spec v1.1.0-rc2

Harbor now supports OCI Distribution Spec v1.1.0-rc2 and added support for Notation signature and Nydus conversion as referrers.
* add notation support by @wy65701436 in https://github.com/goharbor/harbor/pull/18909
* enable notary v2 policy checker by @wy65701436 in https://github.com/goharbor/harbor/pull/18927
* Add Notation UI for deployment security by @AllForNothing in https://github.com/goharbor/harbor/pull/18952
* support nydus as a accessory by @wy65701436 in https://github.com/goharbor/harbor/pull/18953

Additional Features

Costomized banner message

Admins can now set a customized banner message displayed on top of Harbor web pages.
* Add costomized banner message UI by @AllForNothing in https://github.com/goharbor/harbor/pull/18827

Quota Update Provider

Introduced a new mechanism utilizing Redis for optimistic locking during quota updates when pushing images. Refer to the documentation at https://github.com/goharbor/perf/wiki/Quota-Update for instructions on enabling and utilizing this feature.
* feat: Optimize quota checking when pushing images by @lengrongfu in https://github.com/goharbor/harbor/pull/17392
* perf: introduce update quota by redis by @chlins in https://github.com/goharbor/harbor/pull/18871
* feat: add the configuration for quota update provider by @chlins in https://github.com/goharbor/harbor/pull/18928

Deprecations ❌

Removal of Notary

Starting with version v2.9.0, Harbor no longer includes Notary in either the user interface or the backend.
* Remove notary test cases by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18620
* Remove notary UI by @AllForNothing in https://github.com/goharbor/harbor/pull/18666
* remove the notary from backend by @wy65701436 in https://github.com/goharbor/harbor/pull/18668

Enhancement πŸš€

  • Fix message prompt under the header by @AllForNothing in https://github.com/goharbor/harbor/pull/18613
  • fix: improve the performance of list artifacts by @chlins in https://github.com/goharbor/harbor/pull/18610
  • Improve repo_read_only header on the UI by @AllForNothing in https://github.com/goharbor/harbor/pull/18729
  • Add a text to explain the time window for GC by @AllForNothing in https://github.com/goharbor/harbor/pull/18735
  • Add a tooltip for slack notification by @AllForNothing in https://github.com/goharbor/harbor/pull/18787
  • 【UT】add unit test for collector system info by @lengrongfu in https://github.com/goharbor/harbor/pull/18717
  • Add Details column for gc history by @AllForNothing in https://github.com/goharbor/harbor/pull/18797
  • Add Podman push command to the UI by @AllForNothing in https://github.com/goharbor/harbor/pull/18810
  • Add new client Podman to the pull command by @AllForNothing in https://github.com/goharbor/harbor/pull/18857

Component updates ⬆️

  • fix: fix error bitsize of jobservice reaper scan locks by @chlins in https://github.com/goharbor/harbor/pull/18487
  • bump golang 1.20.3 on main by @MinerYang in https://github.com/goharbor/harbor/pull/18492
  • feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in https://github.com/goharbor/harbor/pull/18501
  • Reword quota definitions based on user input by @OrlinVasilev in https://github.com/goharbor/harbor/pull/18512
  • Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in https://github.com/goharbor/harbor/pull/18518
  • GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in https://github.com/goharbor/harbor/pull/18386
  • Change the permissions of the *.go file from 0755 to 0644 by @Iceber in https://github.com/goharbor/harbor/pull/17919
  • feat: log with trace ID by @pgillich in https://github.com/goharbor/harbor/pull/18181
  • Fix typos in common.sh by @Maxi-Mega in https://github.com/goharbor/harbor/pull/18151
  • bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in https://github.com/goharbor/harbor/pull/18545
  • Update position to vertical-align for copy button by @AllForNothing in https://github.com/goharbor/harbor/pull/18563
  • Add missing i18n key-value for helm chart by @AllForNothing in https://github.com/goharbor/harbor/pull/18578
  • Allow redis password using safe special characters by @MinerYang in https://github.com/goharbor/harbor/pull/18566
  • add goheader linter settings by @MinerYang in https://github.com/goharbor/harbor/pull/18503
  • fix: link to Github's rate limiting documentation. by @perjahn in https://github.com/goharbor/harbor/pull/18588
  • fix: error log use wrong variable err by @dyf991645 in https://github.com/goharbor/harbor/pull/18602
  • Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18612
  • Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in https://github.com/goharbor/harbor/pull/18608
  • bump golang 1.20.4 on main by @MinerYang in https://github.com/goharbor/harbor/pull/18647
  • fix: sweep executions of image scan job by @chlins in https://github.com/goharbor/harbor/pull/18649
  • fix: cherry pick the migration sql by @chlins in https://github.com/goharbor/harbor/pull/18644
  • chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in https://github.com/goharbor/harbor/pull/18606
  • Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in https://github.com/goharbor/harbor/pull/18263
  • Changed logic search projects in gitlab adapter by @lxShaDoWxl in https://github.com/goharbor/harbor/pull/18529
  • bump up github.com/distribution/distribution v2.8.2 by @MinerYang in https://github.com/goharbor/harbor/pull/18687
  • fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in https://github.com/goharbor/harbor/pull/18662
  • Fix the channel that never receives a value by @iAklis in https://github.com/goharbor/harbor/pull/18139
  • Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in https://github.com/goharbor/harbor/pull/18697
  • Upgrade Angular and Clarity to the latest version by @AllForNothing in https://github.com/goharbor/harbor/pull/18709
  • chore: bump registry release to 2.8.2 by @DavidSpek in https://github.com/goharbor/harbor/pull/18685
  • Add support for TLSv1.3 in nginx configurations by @malmor in https://github.com/goharbor/harbor/pull/18659
  • set tag pull time for proxy cache by @wy65701436 in https://github.com/goharbor/harbor/pull/18731
  • http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in https://github.com/goharbor/harbor/pull/16990
  • Return error when proxy cache get too many request error(429) by @stonezdj in https://github.com/goharbor/harbor/pull/18728
  • 【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in https://github.com/goharbor/harbor/pull/18716
  • Fix syntax errors in comments by @lishaokai1995 in https://github.com/goharbor/harbor/pull/18746
  • add strong_ssl_ciphers for nginx https jinja template by @MinerYang in https://github.com/goharbor/harbor/pull/18748
  • fix: import optimization by @testwill in https://github.com/goharbor/harbor/pull/18727
  • fix invalid access action by @orblazer in https://github.com/goharbor/harbor/pull/18188
  • Fix: fix function name in comments by @cuishuang in https://github.com/goharbor/harbor/pull/18726
  • fix: clean up scan executions and reports after deleting artifact by @chlins in https://github.com/goharbor/harbor/pull/18693
  • Remove wrong format for boolean value in api definition by @sll552 in https://github.com/goharbor/harbor/pull/18783
  • fix: add checkpoint when enqueue scan tasks for scan all by @chlins in https://github.com/goharbor/harbor/pull/18680
  • Update/improve grafana dashboard by @mac-chaffee in https://github.com/goharbor/harbor/pull/16661
  • fix: optimize the mechanism of quota refresh by @chlins in https://github.com/goharbor/harbor/pull/18795
  • Update the text for the oidc cli secret tooltip by @AllForNothing in https://github.com/goharbor/harbor/pull/18814
  • jobservice: add DB to job logger config by @liubin in https://github.com/goharbor/harbor/pull/18821
  • jobservice: update readme by @liubin in https://github.com/goharbor/harbor/pull/18849
  • refactor: migrate the redis command keys to scan by @chlins in https://github.com/goharbor/harbor/pull/18825
  • Add unit test for hidden columns by @AllForNothing in https://github.com/goharbor/harbor/pull/18873
  • support OCI-Subject header by @wy65701436 in https://github.com/goharbor/harbor/pull/18885
  • Correct the hidden property for clrDgHideableColumn by @AllForNothing in https://github.com/goharbor/harbor/pull/18890
  • API: update ScannerRegistration.properties.url format by @liubin in https://github.com/goharbor/harbor/pull/18799
  • chore: upgrade golang-migrate to v4.16.2 by @chlins in https://github.com/goharbor/harbor/pull/18879
  • fix: add password/secret length check to be <= 128 by @zyyw in https://github.com/goharbor/harbor/pull/18916
  • update icons by @vndroid in https://github.com/goharbor/harbor/pull/18767
  • Log warning message when current user is freeze by @stonezdj in https://github.com/goharbor/harbor/pull/18937
  • fix: correct the operator in the webhook payload by @chlins in https://github.com/goharbor/harbor/pull/18906
  • Update the regex for policy name and the tooltip message by @AllForNothing in https://github.com/goharbor/harbor/pull/18947
  • fix: replication policy cron setting - the 1st field must be 0; the Minutes field cannot be ADOPTERS.md CHANGELOG.md CODEOWNERS CONTRIBUTING.md LICENSE Makefile OWNERS.md README.md RELEASES.md ROADMAP.md SECURITY.md VERSION api assets codecov.yml contrib docs gha-creds-0f3ff0103af6cfb3.json harbor icons make src tests tools by @zyyw in https://github.com/goharbor/harbor/pull/18923
  • Update the parameter to search cosign by @AllForNothing in https://github.com/goharbor/harbor/pull/18963
  • refactor: remove duplicated artifact deletion handler by @chlins in https://github.com/goharbor/harbor/pull/18959
  • refactor: replace the gc redigo client to the standard cache by @chlins in https://github.com/goharbor/harbor/pull/18965
  • feat: add config for job_loggers by @zyyw in https://github.com/goharbor/harbor/pull/18970
  • fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in https://github.com/goharbor/harbor/pull/18993
  • Fix wrong scanned artifact count when there are multiple report for an artifact by @stonezdj in https://github.com/goharbor/harbor/pull/18975
  • add migration script for 2.9 by @MinerYang in https://github.com/goharbor/harbor/pull/18997
  • Skip to run migrate script when data available by @stonezdj in https://github.com/goharbor/harbor/pull/18976
  • update installation hint by @MinerYang in https://github.com/goharbor/harbor/pull/19024
  • Conserve sentinel_master_set value between upgraded versions by @sixeela in https://github.com/goharbor/harbor/pull/18875
  • fix accessory import issue by @wy65701436 in https://github.com/goharbor/harbor/pull/19053
  • fix dry run creation time by @wy65701436 in https://github.com/goharbor/harbor/pull/19060
  • Update security hub ui by @AllForNothing in https://github.com/goharbor/harbor/pull/19062
  • Remove cache for project policy updating by @AllForNothing in https://github.com/goharbor/harbor/pull/19068
  • Update style for banner message ui by @AllForNothing in https://github.com/goharbor/harbor/pull/19069
  • Add validator for duration of banner message by @AllForNothing in https://github.com/goharbor/harbor/pull/19057
  • bump golang 1.20.6 on main by @MinerYang in https://github.com/goharbor/harbor/pull/19066
  • fix: bump up TRIVYVERSION=v0.44.0 and TRIVYADAPTERVERSION=v0.30.15 by @zyyw in https://github.com/goharbor/harbor/pull/19087
  • Merge cosign check and notation check by @AllForNothing in https://github.com/goharbor/harbor/pull/19079
  • Update ui for gc history and banner message by @AllForNothing in https://github.com/goharbor/harbor/pull/19094
  • Show banner message on log in page by @AllForNothing in https://github.com/goharbor/harbor/pull/19078
  • Update cron ui for add replicatipn rule page by @AllForNothing in https://github.com/goharbor/harbor/pull/19083
  • Convert the string οΏ½\ to number 0 by @AllForNothing in https://github.com/goharbor/harbor/pull/19080
  • fix: fix replication list projects with pure numberic name by @chlins in https://github.com/goharbor/harbor/pull/19090
  • Update style for add-replication-rule page by @AllForNothing in https://github.com/goharbor/harbor/pull/19100
  • Fix incorrect artifact and scanned artifact count issue by @stonezdj in https://github.com/goharbor/harbor/pull/19106
  • Add artifact digest to query condition by @stonezdj in https://github.com/goharbor/harbor/pull/19102
  • Sort most dangerous vulnerabilities by score and severity level by @stonezdj in https://github.com/goharbor/harbor/pull/19103
  • fix ScheduleObj.type in swagger by @wy65701436 in https://github.com/goharbor/harbor/pull/19109
  • fix: skip to delete scan reports if the digest still referenced by @chlins in https://github.com/goharbor/harbor/pull/19110
  • Update ui to fix some issues by @AllForNothing in https://github.com/goharbor/harbor/pull/19101
  • bump golang 1.20.7 on main by @MinerYang in https://github.com/goharbor/harbor/pull/19111

Docs update πŸ—„οΈ

  • Specify proper language in CONTRIBUTING.md code blocks by @PeterDaveHello in https://github.com/goharbor/harbor/pull/18605
  • fix: non-ASCII chars in swagger.yaml by @liubin in https://github.com/goharbor/harbor/pull/18642

Community update πŸ§‘πŸ»β€πŸ€β€πŸ§‘πŸΎ

  • Update proposal process with steps and board by @OrlinVasilev in https://github.com/goharbor/harbor/pull/18379
  • Add Dynatrace as adopter and fix master to main by @OrlinVasilev in https://github.com/goharbor/harbor/pull/18823

Other Changes

  • Bump mheap/github-action-required-labels from 3 to 4 by @dependabot in https://github.com/goharbor/harbor/pull/18472
  • Update UI testcases by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18491
  • bump base version by @wy65701436 in https://github.com/goharbor/harbor/pull/18485
  • Update nightly-trivy-scan.yml for the workflows by @AllForNothing in https://github.com/goharbor/harbor/pull/18510
  • Upgrade harbor-portal to v2.9.0 by @AllForNothing in https://github.com/goharbor/harbor/pull/18525
  • Add Job Service Dashboard Schedules testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18555
  • Handling skipped but required checks by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18564
  • Fix Handling skipped but required checks by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18570
  • Update Support Matrix by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18540
  • Fix setup docker error by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18583
  • Add Job Service Dashboard Workers testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18580
  • Replace python script with node script for portal Dockerfile by @AllForNothing in https://github.com/goharbor/harbor/pull/18635
  • Copy swagger.json to the dist folder by @AllForNothing in https://github.com/goharbor/harbor/pull/18646
  • Refresh the base images when building on main by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18661
  • Fix build db base image symlink error by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18673
  • Bump google-github-actions/setup-gcloud from 0 to 1 by @dependabot in https://github.com/goharbor/harbor/pull/17772
  • Fix setup-gcloud fails when building package by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18682
  • Add Retain image last pull time API test case by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18689
  • Add Retain image last pull time UI test case by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18695
  • Update e2e engine image by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18747
  • Add Referrers API testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18775
  • Add podman pull & push testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18790
  • chore(deps): bump mheap/github-action-required-labels from 4 to 5 by @dependabot in https://github.com/goharbor/harbor/pull/18805
  • Refactor the keyword in the testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18898
  • Add replication by chunk testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18904
  • Add CloudEvents format webhook testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18908
  • Add OIDC filter group testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18914
  • Add CVE Allowlist expires Test Cases by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18921
  • Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18977
  • Update webhook and replication testcase by @YangJiao0817 in https://github.com/goharbor/harbor/pull/18998
  • Fix build harbor-db-base error by @YangJiao0817 in https://github.com/goharbor/harbor/pull/19003
  • Bump up photon version from 4.0 to 5.0 by @YangJiao0817 in https://github.com/goharbor/harbor/pull/19006
  • [cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in https://github.com/goharbor/harbor/pull/19118

New Contributors

  • @pgillich made their first contribution in https://github.com/goharbor/harbor/pull/18181
  • @Maxi-Mega made their first contribution in https://github.com/goharbor/harbor/pull/18151
  • @yrs147 made their first contribution in https://github.com/goharbor/harbor/pull/18282
  • @perjahn made their first contribution in https://github.com/goharbor/harbor/pull/18588
  • @dyf991645 made their first contribution in https://github.com/goharbor/harbor/pull/18602
  • @PeterDaveHello made their first contribution in https://github.com/goharbor/harbor/pull/18605
  • @iAklis made their first contribution in https://github.com/goharbor/harbor/pull/18139
  • @DavidSpek made their first contribution in https://github.com/goharbor/harbor/pull/18685
  • @malmor made their first contribution in https://github.com/goharbor/harbor/pull/18659
  • @mcsage made their first contribution in https://github.com/goharbor/harbor/pull/16990
  • @lishaokai1995 made their first contribution in https://github.com/goharbor/harbor/pull/18746
  • @orblazer made their first contribution in https://github.com/goharbor/harbor/pull/18188
  • @cuishuang made their first contribution in https://github.com/goharbor/harbor/pull/18726
  • @sll552 made their first contribution in https://github.com/goharbor/harbor/pull/18783
  • @vndroid made their first contribution in https://github.com/goharbor/harbor/pull/18767

Full Changelog: https://github.com/goharbor/harbor/compare/v2.8.0...v2.9.0-rc1

Security

Security wording was detected, but no CVEs were found.

Details

date
Aug. 7, 2023, 1:13 p.m.
name
v2.9.0-rc1
type
Pre-release
official page
https://github.com/goharbor/harbor/releases/tag/v2.9.0-rc1
πŸ‘‡
Register or login to:
  • πŸ”View and search all Harbor releases.
  • πŸ› οΈCreate and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • πŸš€Much more coming soon!
Continue with GitHub
Continue with Google
or