v2.1.13

What's Changed

• fix: do not reject requests having an Authorization header if basic auth is disabled by @andaaron in #3673

Full Changelog: v2.1.12...v2.1.13

v2.1.12

What's Changed

• docs: update examples with the sync config example by @andaaron in #3573
• fix: Add HTTP client timeouts to prevent indefinite hangs in sync operations by @andaaron in #3574
• chore: update golangci-lint and fix all issues by @andaaron in #3575
• refactor: optimize code with modern Go patterns and pre-allocation by @andaaron in #3576
• fix: handle zero time values in LastUpdated sorting functions by @andaaron in #3580
• ci: use minio==7.2.18 by @andaaron in #3581
• fix: sync should be disabled when enable is false by @mottetm in #3579
• fix: multiple fixes based on recent test failures by @andaaron in #3582
• chore: sync golang 1.25 by @rchincha in #3596
• fix(storage): enforce standard OCI blob path structure in GetNextDigestWithBlobPaths by @andaaron in #3594
• chore: fix dependabot alerts by @rchincha in #3595
• chore: Enable Go jsonv2 experiment and update the trivy dependency (v0.67.2) by @andaaron in #3572
• feat: explicitly log if each authentication method is enabled by @andaaron in #3599
• fix(meta): handle cases when substores are nested by @andaaron in #3598
• Fix error handling: return nil explicitly on successful completion by @andaaron in #3603
• feat(config): validate storage root directories for path conflicts by @andaaron in #3602
• fix(trivy): cleanup Trivy temporary directory by @andaaron in #3618
• chore: Fix deps by @rchincha in #3620
• refactor(test): new apis for creating temporary files by @andaaron in #3605
• ci: split needsprivileges tests from devmode tests by @andaaron in #3625
• ci: save unified coverage as build artifact by @andaaron in #3626
• fix: remove misleading error messages on successful syncs by @andaaron in #3619
• chore: fix dependabot alerts by @rchincha in #3636
• feat: support mTLS-only authn/authz with AccessControl and allow combining mTLS with other auth mechanisms by @andaaron in #3624
• fix: accept log levels supported by older zot versions, validate configured log level by @andaaron in #3639
• refactor: enhance TLS cert generation and refactor HTTP client architecture by @andaaron in #3638
• docs: fix deadlink and typo by @andaaron in #3641
• fix: more logging for sync extension by @andaaron in #3656
• chore: fix dependabot alerts by @rchincha in #3657
• fix: prevent nil pointer dereference in RemoveImageFromRepoMeta by @M0Rf30 in #3658
• feat: add configurable mTLS identity extraction with fallback chain by @andaaron in #3640
• fix: make sure the function and caller information are added to log messages emitted by 3rd party libraries using slog directly. by @andaaron in #3659
• chore: fix dependabot alerts by @rchincha in #3660

New Contributors

• @M0Rf30 made their first contribution in #3658

Full Changelog: v2.1.11...v2.1.12

v2.1.11

What's Changed

• fix: minor fixes based on intermittent test failures by @andaaron in #3465
• chore: fix dependabot alerts by @rchincha in #3477
• chore: stabilize coverage in specific sync test by @andaaron in #3480
• fix: zot version broken after switching to /v2 by @andaaron in #3479
• refactor: remove usage of goto in the image store by @andaaron in #2969
• fix: configure cookie Secure flag based on TLS configuration by @andaaron in #3482
• feat: add zot subcommand to enable testing retention policy settings by @andaaron in #3449
• chore: fix dependabot alerts by @rchincha in #3496
• chore: fix monitoring goroutine leak in tests by @andaaron in #3500
• docs: update maintainers and codeowners info by @rchincha in #3502
• fix: close file handle before moving file in FullBlobUpload by @andaaron in #3499
• fix(log): ensure func record is correct by @rchamarthy in #3501
• fix: support custom OAuth2 URLs for GitHub Enterprise and self-hosted providers by @analytically in #3513
• chore: fix dependabot alerts by @rchincha in #3514
• chore: fix dependabot alerts by @rchincha in #3517
• fix: re-introduce pagination by @ljakimczuk in #3521
• fix: add support for sha256 and sha512 in htpasswd by @rchincha in #3497
• fix: deduplicate entries in referrers responses by @andaaron in #3524
• fix: separate cipher suites and curve preferences into FIPS and non FIPS, and use them accordingly by @andaaron in #3523
• chore: fix dependabot alerts by @rchincha in #3534
• fix: gracefully handle manifests missing from storage (prepare for sparse indexes) by @andaaron in #3503
• Fix Dockerfiles by moving the BASE_IMAGE arg into the global scope by @lfrancke in #3536
• fix: img-src annotation changes with zui move to vite by @rchincha in #3539
• fix: show relevant error messages in case of images which cannot be scanned by Trivy by @andaaron in #3554
• chore: fix dependabot alerts by @rchincha in #3555
• fix (metadb): make sure metadb statistics are initialized on image download, and minor metadb fixes for Docker v2 manifest compatibility by @andaaron in #3545
• chore: update github.com/olekukonko/tablewriter to v1.1.1 by @andaaron in #3559
• chore: update cosign from v2 to v3 by @andaaron in #3561
• fix(ui): update zui version by @rchincha in #3564
• chore: fix dependabot alerts by @rchincha in #3566
• Sync images with a background context by @lfrancke in #3537
• feat: allow claim mapping for user name with oidc by @rchincha in #3540
• fix(sync): properly handle CommitAll errors in syncImage and skip failed temp sync dirs by @andaaron in #3567

New Contributors

• @analytically made their first contribution in #3513
• @lfrancke made their first contribution in #3536

Full Changelog: v2.1.10...v2.1.11

v2.1.10

What's Changed

• fix: migrate to Go module v2 for proper semantic versioning by @muscariello in #3462
• fix: make config read/write thread safe by @andaaron in #3432

New Contributors

• @muscariello made their first contribution in #3462

Full Changelog: v2.1.9...v2.1.10

v2.1.9

What's Changed

• chore: fix dependabot alerts by @rchincha in #3365
• chore: fix dependabot alerts by @rchincha in #3380
• chore: fix dependabot alerts by @rchincha in #3397
• chore: fix dependabot alerts by @rchincha in #3407
• feat: GC to cleanup untagged manifests by default by @andaaron in #3408
• chore: Update to graphql 5.2.0 by @andaaron in #3410
• chore: update zui version by @andaaron in #3412
• chore: fix dependabot alerts by @rchincha in #3422
• chore: increase/stabilize go test coverage by @andaaron in #3411
• fix: broken CodeQL badge by @rchincha in #3424
• ci: more sync/local driver tests to stabilize/increase coverage by @andaaron in #3425
• ci: fix stale check by @rchincha in #3427
• ci: move workflow to oci runner by @rchincha in #3426
• fix: migrate from github.com/rs/zerolog to golang-native log/slog by @rchincha in #3405
• fix(ci): use fixed ranges for BATS server ports by @vrajashkr in #3428
• feat(sync): enable regclient logs by @ljakimczuk in #3363
• chore: stabilize coverage for specific imagestore case by @andaaron in #3429
• feat(sessions): add support for remote redis session store by @vrajashkr in #3345
• ci: fix nightly by @andaaron in #3431
• chore: fix dependabot alerts by @rchincha in #3444
• ci: update stale checks by @andaaron in #3446
• feat: the default retention delay is not the GC delay by @andaaron in #3447
• ci: fix values in stale comment messages by @andaaron in #3448
• fix: update go-redsync for fips-140 compatibility by @rchincha in #3451
• ci: pre download docker images used in bats tests by @andaaron in #3452
• ci: debugging blackbox failures by @andaaron in #3453
• chore: fix dependabot alerts by @rchincha in #3461
• ci: enable fips140 blackbox test by @rchincha in #3460

Full Changelog: v2.1.8...v2.1.9

v2.1.8

What's Changed

• chore: fix dependabot alerts by @rchincha in #3292
• chore(ci): update github runners to oci gh arc runners by @koksay in #3293
• ci: selectively revert this runner by @rchincha in #3297
• chore: fix dependabot alerts by @rchincha in #3312
• chore: update notation version by @rchincha in #3316
• chore: fix dependabot alerts by @rchincha in #3328
• Fix deps by @rchincha in #3343
• fix: gc for untagged docker manifests by @stephanme in #3349
• fix: close the syncResult channel by any goroutine that receives the data by @ljakimczuk in #3348

New Contributors

• @koksay made their first contribution in #3293
• @stephanme made their first contribution in #3349
• @ljakimczuk made their first contribution in #3348

Full Changelog: v2.1.7...v2.1.8

v2.1.7

What's Changed

• fix: close metadb on shutdown by @rchincha in #3277
• fix: return the entire blob size in patch upload response by @rchincha in #3279
• chore: fix dependabot alerts by @rchincha in #3280
• feat(freebsd): add support native freebsd container images by @rchincha in #3256

Full Changelog: v2.1.6...v2.1.7

v2.1.6

What's Changed

• chore: fix dependabot alerts by @rchincha in #3225
• chore: bump zui version by @andaaron in #3241
• fix: GetNextRepository to use a list already scanned repositories as input by @andaaron in #3230
• feat: healthz server by @asgeirn in #3228
• chore: fix dependabot alerts by @rchincha in #3245
• chore: fix dependabot alerts by @rchincha in #3255
• Fix building zot natively on FreeBSD by @dfr in #3247
• Read OpenID credentials from file by @uwej711 in #3244
• chore: fix dependabot alerts by @rchincha in #3258
• chore: fix dependabot alerts by @rchincha in #3274
• chore: fix dependabot alerts by @rchincha in #3275

New Contributors

• @asgeirn made their first contribution in #3228
• @uwej711 made their first contribution in #3244

Full Changelog: v2.1.5...v2.1.6

v2.1.5

What's Changed

• Fix dependabot alerts by @andaaron in #3188
• fix: image retention policy to handle patterns even if metadb is not instantiated by @andaaron in #3200
• chore: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.0.7 by @andaaron in #3198
• feat: add token auth support for event sink by @rchincha in #3197
• chore: update zui version by @rchincha in #3212
• chore: fix dependabot alerts by @rchincha in #3213

Full Changelog: v2.1.4...v2.1.5

v2.1.4

What's Changed

• Revert "feat(mcp): add MCP extension support with routes and configur… by @rchincha in #3166
• fix: license copyright update by @andaaron in #3167
• chore: fix dependabot alerts by @rchincha in #3155
• fix: parse public key as fallback for certificate for bearer authentication by @evanebb in #3180
• Fix metrics authorization middleware bleed by @mottetm in #3183

New Contributors

• @mottetm made their first contribution in #3183

Full Changelog: v2.1.3...v2.1.4