v1.5.0-rc.24

[1.5.0-rc.24] — 2026-05-17

Changed

• Translations refreshed from Crowdin (commit 202f3d83). Human translations were synced from Crowdin for the ~110-string rc.23 i18n extraction sweep, updating the 16 non-English locales across the appShell, containerComponents, listViews, sharedComponents, configView, agentsView, and notificationOutboxView namespaces. Strings that were previously falling back to English now render in each locale.

Fixed

• #370 — Containers list "Version" column again shows the human-readable image tag for floating-tag + digest-watch containers, restoring the #356 fix that rc.20 inadvertently reverted. The rc.20 #342 follow-up (commit b40d3db8) added a visible sha256:… → sha256:… digest pair to the Containers table "Version" cell and card body for all updateKind === 'digest' containers that are not digest-pinned. The intent was to surface the digest transition for hybrid containers where both the tag and the underlying image layer changed simultaneously; however, the change cast too wide a net: it also applied to floating-tag + digest-watch containers (e.g. prom/prometheus:latest, linuxserver/plex with a transform tag) — exactly the rows that #356 fixed to show the human-readable tag instead of raw digest strings. The updateKind === 'digest' && !isDigestPinned branch of the table version cell and card body in ui/src/components/containers/ContainersGroupedViews.vue has been restored to the rc.19 behaviour: the version cell renders c.currentTag as a CopyableTag (with the full digest delta in the cell tooltip), and the card body shows only the update-state badge (with the digest delta in the badge tooltip). The digest transition remains visible through the adjacent "kind" column update-state indicator and the container detail panels. Digest-pinned containers (where isDigestPinned is true) are unaffected and continue to show the sha256:… → sha256:… pair directly in the cell.

• #374 — Security scans no longer hand Trivy a raw registry v2 API URL, which had caused every scan in controller mode to fail. resolveContainerImageFullName (app/api/container/shared.ts), used by both the security scan scheduler and the container API, falls back to composing the image reference directly from container.image.registry.url whenever the container's registry component is not present in the controller's registry state — the normal situation in controller mode (DD_LOCAL_WATCHER=false), where registries are configured on the agents rather than on the controller. registry.url is stored in the registry v2 API base form (e.g. https://registry-1.docker.io/v2), so the fallback produced references such as https://registry-1.docker.io/v2/dgtlmoon/sockpuppetbrowser:0.0.3; Trivy then interpreted the scheme as a hostname and every scan failed with dial tcp: lookup https. The fallback now mirrors Registry.getImageFullName: it strips the URL scheme and the /v2 path segment and uses an @ separator for digest references, yielding a plain registry-1.docker.io/dgtlmoon/sockpuppetbrowser:0.0.3 reference. Containers whose registry component is available are unaffected — they already resolved through the correct getImageFullName path.