What's Changed
Exciting New Features 🎉
Cache Layer
Introduce cache layer to improve the performance of pulling artifacts in the high concurrency scenario. For more datails, see the wiki.
- feat(project): introduce cache manager for project (#16740) by @chlins in #16807
- feat(repository): introduce cache manager for repository (#16741) by @chlins in #16846
- feat(project): introduce cache layer for project_metadata (#16891) by @chlins in #16892
- feat(manifest): introduce cache layer for manifest (#16459) by @chlins in #16861
CVE Export
Introduce CVE Export which allows project owners and members to export CBR data generated by scanners for artifacts within projects.
- System Artifact Manager - database and model changes by @prahaladdarkin in #16678
- Introduce system artifact manager cleanup job by @prahaladdarkin in #16879
- Vulnerability scan data export functionality by @prahaladdarkin in #15998
- Add CVE data exporting UI by @AllForNothing in #16236
Purge AuditLog
Support purge audit log periodically or run on demand, add feature to forward audit log to remote sys log endpoint.
- (feat) Add job service to purge audit_log by @stonezdj in #16833
- Add clearances ui by @AllForNothing in #16941
- Add REST API for purge audit log by @stonezdj in #16865
- Add audit_log forward endpoint by @stonezdj in #16914
B/R With Velero
Support backup and restore Harbor helm chart with Velero. For more details and usage, see the user guide.
- Add stop button for GC by @AllForNothing in #17037
- Add stop button for audit log rotation by @AllForNothing in #17054
Additional Features
- GDPR compliant deletion of Users by @tpoxa in #16859
- [Experimental] Add new feature for supporting WebAssembly artifact by @ln23415 in #16931
Deprecations
- Start the deprecation of Chartmuseum from v2.6.0 and begin to remove in v2.8.0. More details, please refer to the discussion.
- Start the deprecation of Notary(signer&server) from v2.6.0 and begin to remove in v2.8.0. More details, please refer to the discussion.
Enhancement 🚀
- Update docker building for UI by @AllForNothing in #16692
- Add dotted line between the artifacts and their accessories by @AllForNothing in #16701
- fixed typo in legacy_swagger.yaml file by @tibeer in #16723
- Provide more useful error info by @AllForNothing in #16736
- Fix some css style issues by @AllForNothing in #16709
- Add release.yml to automate release notes #16633 by @OrlinVasilev in #16634
- replace install httpd by installing htpasswd binary only by @MinerYang in #16771
- Store default page size to local storage by @AllForNothing in #16753
- Refactor portal language code by @SimonAlling in #16795
- Fix lint errors in portal by @SimonAlling in #16799
- Improve replication policy datagrid by @AllForNothing in #16806
- fix: improve GC log message by @zyyw in #16790
- Improve css for tags column by @AllForNothing in #16811
- Allow all roles to see 'listed in CVE allowlist' column by @AllForNothing in #16860
- Improve css for accessories component by @AllForNothing in #16868
- Add date/time format setting in portal by @SimonAlling in #16796
- Remove message prompt clearing by @AllForNothing in #16894
- Modify HarborDatetimePipe to pure pipe to improve performance by @AllForNothing in #16906
- fix: add patch for registry layers larger than 10G with S3 backend by @franznemeth in #16322
- feat: enabled Github GHCR as proxy cache by @wilmardo in #16834
- Add NextScheduledTime in schedule object by @stonezdj in #16925
- Add style lint and add code lint to the pipeline by @AllForNothing in #16954
- Fix some UI issues by @AllForNothing in #16979
- Response the sign status to UI for the public project. by @wy65701436 in #16987
- Support stop GC execution by @ywk253100 in #17004
- Improve copy command component by @AllForNothing in #17068
- Improve cron validator for replication rule by @AllForNothing in #17069
- Enhance the read-only API to avoid deleting operations during the job running by @ywk253100 in #17055
- Making stale bot a bit more active by @OrlinVasilev in #17115
- Remove os.Kill in signal handling by @heylongdacoder in #16111
- Return bad request if audit log retention hour > 240000 hour by @stonezdj in #17217
Component updates ⬆️
- pkg/scan: fix dropped error by @alrs in #16712
- bump up astaxie/beego@v1.12.1 to beego/beego/@v1.12.7 by @MinerYang in #16770
- fix: registry/redis.patch & registry/builder by @zyyw in #16780
- Upgrade Angular to 13.3.4 by @AllForNothing in #16772
- fix close response missing by @wy65701436 in #16820
- add lint with golangci-lint by @MinerYang in #16821
- fix staticcheck issues by @wy65701436 in #16828
- fix: gc history update_time by @zyyw in #16841
- fix artifact count issue by @wy65701436 in #16851
- migrate tslint to eslint by @AllForNothing in #16856
- Upgrade clarity to the latest version by @AllForNothing in #16840
- fix accessory count issue by @wy65701436 in #16866
- bump up beego from v1.12.7 to v1.12.9 by @MinerYang in #16904
- fix 16883 by @wy65701436 in #16911
- fix replcation issue on accessory by @wy65701436 in #16912
- support docker compose v2 by @MinerYang in #16919
- fix: golangci-lint errcheck by @zyyw in #16920
- bump up golang version to v1.18.3 by @MinerYang in #16957
- fix(swagger): append scan report version 1.1 to swagger docs by @chlins in #16965
- fix(replication): azurecr replication with token (#16888) by @chlins in #16947
- fix: update code for golangci-lint gosimple by @zyyw in #16974
- fix: refactor code for golangci-lint whitespace by @zyyw in #17005
- fix: update the jobservice hook retry concurrency by @chlins in #17024
- Remove style-lint package and upgrade @angular-devkit/build-angular by @AllForNothing in #17009
- migrate: add db index on artifact repository name by @chlins in #17035
- update support for docker compose v2 by @MinerYang in #17039
- Unify the process of job schedule/task retrieve and update by @stonezdj in #17012
- fix: revise the process of policy update by @chlins in #17021
- fix: fix the update of retention policy by @chlins in #17064
- fix: bump trivy version to v0.29.2 and bump trivyadapter version to v0.30.0 by @zyyw in #17071
- Support stop purge audit log job by @stonezdj in #17033
- Fix scan log mismatch issue by @stonezdj in #17085
- fix: update preheat api handler and DAO by @chlins in #17079
- Upgrade pipenv to 2022.1.8 by @YangJiao0817 in #17093
- fix: update code in compliance with golangci-lint revive by @zyyw in #17087
- Create index on audit log, execution, artifact for performance by @stonezdj in #17022
- Added group_type information for type 3 OIDC group by @Dannyx323 in #17118
- fix: attach labels for replication event by @chlins in #17108
- resolve copy failure for artifact with multiple accessories by @wy65701436 in #17123
- Add options to the user.Count method by @stonezdj in #16285
- fix: repair execution status when it inconsistent by @chlins in #17128
- Added Tag Retention Permission to Developer by @DarthBlair in #16514
- resolve robot authgen password format issue by @wy65701436 in #17134
- Developer role should be able to view tag-retention rules by @AllForNothing in #17138
- Hide pull command for Nydus by @AllForNothing in #17143
- Fix to CVE Data Export functionality for images pushed by
docker pushby @prahaladdarkin in #17182 - fix: remove redundant check due to always false by @zyyw in #17206
- Fix log rotation UI issues by @AllForNothing in #17220
- Fix cve export UI issues by @AllForNothing in #17227
- Disable Nydus middleware for v2.6 by @MinerYang in #17233
- bumpup golang version to v1.18.4 by @MinerYang in #17257
- Fix router issues for UI by @AllForNothing in #17235
- Add permission check to CVE export by @AllForNothing in #17267
- [Cherry-pick]Fix null pointer issue for creating reolication rule by @AllForNothing in #17276
- upgrade: bump up beego to 1.12.11 by @chlins in #17278
Docs update 🗄️
- README.md: fix broken links to badges and Swagger editor by @koushik-ms in #16910
Community update 🧑🏻🤝🧑🏾
- Add new template file for PRs by @OrlinVasilev in #16645
- Add CODEOWNERS all maintainers by @OrlinVasilev in #16670
- In SECURITY.md, fix broken link to RELEASES.md by @stefanlasiewski in #17019
Other Changes
- Bump TRIVYVERSION to v0.24.2 and bump TRIVYADAPTERVERSION to v0.26.0 by @YangJiao0817 in #16486
- fix: resolve conformance test failed issue by @zyyw in #16478
- bump up base version to v2.6 by @wy65701436 in #16481
- Add a new robot permission and sort permissions by @AllForNothing in #16487
- docs: Link to latest/edge docs instead of 2.0.0 by @SimonAlling in #14945
- Improve style and correct typos by @AllForNothing in #16498
- Add online latest installer package by @YangJiao0817 in #16148
- Update readme by @AllForNothing in #16501
- Add replication index testcase by @YangJiao0817 in #16502
- Update trivy test case by @YangJiao0817 in #16493
- add transaction for artifact delete by @wy65701436 in #16506
- Updated translation for 2.5 by @sluetze in #16509
- refactor: import go-redis to core as replacement of redigo by @chlins in #16492
- fix: enable one skipped conformance test by @zyyw in #16521
- Fix duplicate labels issue by @AllForNothing in #16527
- add cosign signature icon by @wy65701436 in #16533
- Add cosign icon by @AllForNothing in #16531
- enhance health validataion by @wy65701436 in #16549
- Update push and pull command for helm by @AllForNothing in #16552
- lib/q: fix dropped test error by @alrs in #16494
- Improve UI with more inclusive words by @AllForNothing in #16548
- Add secret to download file when refreshing robot secret by @AllForNothing in #16564
- update log with more inclusive language by @wy65701436 in #16569
- update french translation by @bmfp in #16570
- Modify setup-gcloud from master to v0 by @YangJiao0817 in #16571
- feat: implement beego session provider by @chlins in #16546
- Update webhook testcase xpath from disable to deactivate by @YangJiao0817 in #16579
- Add python-dateutil module in api e2e image by @YangJiao0817 in #16588
- Upgrade UI dependencies by @AllForNothing in #16586
- Remove state restrictions for gc log button by @AllForNothing in #16585
- migrations: correct project metadata public value by @chlins in #16597
- fix: validate project metadata public value by @chlins in #16596
- Delete unused files and functions by @stonezdj in #16599
- fix: return BAD_REQUEST when validate project metadata by @chlins in #16605
- Update usergroups API to support search by group_name by @stonezdj in #16580
- Use list user groups API to search groups by @AllForNothing in #16610
- Add main menu routing test case by @YangJiao0817 in #16622
- Improve copy-artifact component by @AllForNothing in #16628
- skip policy check on pull cosign signature by @wy65701436 in #16658
- Improve user setting component by @AllForNothing in #16665
- Add project tab routing test case by @YangJiao0817 in #16664
- Clear some UI building warnings by @AllForNothing in #16684
- Add retries to test cases by @YangJiao0817 in #16690
- Add open more info page test case by @YangJiao0817 in #16708
- fix: controller/blob: dropped test error by @alrs in #16608
- fix: check the existence of the tag before updating pull time by @chlins in #16510
- Add open cve details page test case by @YangJiao0817 in #16705
- Add open image scanners documentation page test case by @YangJiao0817 in #16704
- Add test case for Enable Deployment Security Policy replication by @YangJiao0817 in #16737
- chore(deps): bump Trivy adapter from v0.26.0 to v0.28.0 by @danielpacak in #16729
- feat: add cache layer for artifact by @chlins in #16593
- CI: Replace stale.yaml with stale GH Actions by @OrlinVasilev in #16699
- enable default to build bin by @wy65701436 in #16763
- Add imgpkg copy test case by @YangJiao0817 in #16760
- Update cosign test case by @YangJiao0817 in #16832
- Use exec in registryctl so signals are passed properly by @mac-chaffee in #16642
- fix deadcode lint & update golangci-lint.yaml by @MinerYang in #16896
- Update header user xpath by @YangJiao0817 in #16917
- Add Publish Release workflow by @YangJiao0817 in #16956
- Add webhook functionality test case by @YangJiao0817 in #16944
- Update Web Routing test case by @YangJiao0817 in #16981
- Update CVE allowlist UI test case by @YangJiao0817 in #16980
- Update GC UI Testcase by @YangJiao0817 in #16975
- Update harbor-e2e-engine image by @YangJiao0817 in #17032
- Add P2P Preheat Test case by @YangJiao0817 in #17089
- Modify Build Package Workflow trigger condition by @YangJiao0817 in #17106
- Update tag immutability xpath by @YangJiao0817 in #17149
- Add retry to project quota GC test case by @YangJiao0817 in #17164
- Update delete project test case by @YangJiao0817 in #17158
New Contributors
- @SimonAlling made their first contribution in #14945
- @alrs made their first contribution in #16494
- @OrlinVasilev made their first contribution in #16645
- @tibeer made their first contribution in #16723
- @mac-chaffee made their first contribution in #16642
- @koushik-ms made their first contribution in #16910
- @franznemeth made their first contribution in #16322
- @tpoxa made their first contribution in #16859
- @stefanlasiewski made their first contribution in #17019
- @qnetter made their first contribution in #16984
- @Dannyx323 made their first contribution in #17118
- @heylongdacoder made their first contribution in #16111
- @DarthBlair made their first contribution in #16514
- @ln23415 made their first contribution in #16931
- @Abirdcfly made their first contribution in #17211
Full Changelog: v2.5.0...v2.6.0