TecharoHQ · kouhaidev · Dec 2, 2025 · Dec 2, 2025
diff --git a/data/clients/docker-client.yaml b/data/clients/docker-client.yaml
@@ -58,3 +58,10 @@
     all:
       - path.startsWith("/v2/")
       - userAgent.contains("Renovate/")
+
+- name: allow-skopeo
+  action: ALLOW
+  expression:
+    all:
+      - path.startsWith("/v2/")
+      - userAgent.contains("skopeo/")
diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md
@@ -23,6 +23,7 @@
 - Add support to simple Valkey/Redis cluster mode
 - Open Graph passthrough now reuses the configured target Host/SNI/TLS settings, so metadata fetches succeed when the upstream certificate differs from the public domain. ([1283](https://github.com/TecharoHQ/anubis/pull/1283))
 - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
+- Add Skopeo to the builtin list of common Docker clients
 
 ### Deprecate `report_as` in challenge configuration
 
@@ -287,7 +288,7 @@

 #### Fixes a problem with nonstandard URLs and redirects

 Fixes [GHSA-jhjj-2g64-px7c](https://github.com/TecharoHQ/anubis/security/advisories/GHSA-jhjj-2g64-px7c).

 This could allow an attacker to craft an Anubis pass-challenge URL that forces a redirect to nonstandard URLs, such as the `javascript:` scheme which executes arbitrary JavaScript code in a browser context when the user clicks the "Try again" button.

@@ -314,7 +315,7 @@

 - [Czech](https://github.com/TecharoHQ/anubis/pull/849)
 - [Finnish](https://github.com/TecharoHQ/anubis/pull/863)
 - [Norwegian Bokmål](https://github.com/TecharoHQ/anubis/pull/855)
 - [Norwegian Nynorsk](https://github.com/TecharoHQ/anubis/pull/855)
 - [Russian](https://github.com/TecharoHQ/anubis/pull/882)