Change8

v2.13.0

📦 harborView on GitHub →
12 features🐛 9 fixes🔧 2 symbols

Summary

Version v2.13.0 introduces significant security and feature enhancements, including detailed audit logging, OIDC improvements, CNAI integration, and Redis TLS support. A known configuration issue exists for external Redis with TLS enabled, which will be patched in v2.13.1.

Migration Steps

  1. If you are using an external Redis service with TLS enabled, be aware of a known TLS connection issue due to improper registry config template rendering. Follow the workaround provided in issue [known-issue-21913](https://github.com/goharbor/harbor/issues/21913#issuecomment-2823640387) to correct the configuration until v2.13.1 is released.

✨ New Features

  • Enhanced Harbor's audit logging with more granular tracking of user actions and system events, including detailed log filtering, enhanced API logging, and improved query performance.
  • Enhanced OIDC integration to improve support for user session logout and Proof Key for Code Exchange (PKCE).
  • Integration with CloudNativeAI (CNAI) to enhance AI model management, supporting seamless storage, versioning, and retrieval of AI models.
  • Introduction of Redis TLS support to secure communication between Harbor components and Redis.
  • Enhanced Dragonfly preheating with new parameters, customizable scope, and cluster ID targeting for optimizing large-scale AI model image distribution.
  • Added support for configuring `audit_log_disable`.
  • Added configuration for `max_job_duration_hours` for jobservice.
  • Added OIDC login event to audit log.
  • Artifacts now support the AI Model type.
  • Added execution_id and task_id to the replication webhook payload.
  • Revamped Copy Pull Command functionality.
  • Added Persistent Page Size UI setting.

🐛 Bug Fixes

  • Fixed replication rule message display in UI.
  • Fixed event-based replication deletion when policy includes a label.
  • Fixed robot deletion event handling.
  • Fixed robot account creation issue.
  • Fixed export CVE permission issue.
  • Fixed the type in DTR adapter info.
  • Unified auth data handling to the decode method.
  • Skipped admin user processing and made OIDC user not found message more readable.
  • Avoided error when `max_job_duration_hours` was not configured (in preparation step).

🔧 Affected Symbols

audit_log_ext tablereplication webhook payload