Change8

v2.14.0

Breaking Changes
📦 harbor
1 breaking5 features🐛 12 fixes🔧 8 symbols

Summary

This release introduces significant features like Single Active Replication, enhanced proxy-caching, and support for raw CNAI models. It also includes a breaking change related to the introduction of a replication adapter whitelist.

⚠️ Breaking Changes

  • The replication adapter whitelist has been introduced to control the list of actively supported adapters. Users might need to configure this whitelist if they rely on previously unsupported replication adapters.

Migration Steps

  1. Review and configure the new replication adapter whitelist if you utilize custom or specific replication adapters.

✨ New Features

  • Enhanced Proxy-cache: Syncs state with the upstream registry by deleting local cache when artifacts are removed, and serves the local manifest if its digest matches the upstream registry.
  • Single Active Replication: Adds an option to enforce single active replication, preventing parallel runs under the same policy.
  • Enhanced artifact scanning: Adds support for fixVersion in CVE reports and skips vulnerability checks for non-scannable artifacts (though a subsequent fix suggests this skip logic was refined).
  • Enhanced garbage collection: Displays GC progress while running.
  • Enhanced CNAI Model integration: Adds support for raw CNAI model format.

🐛 Bug Fixes

  • Fixed issue where the severity, fixed version, and cvss_score_v3 were not updated correctly.
  • Fixed Helm Chart Copy Button in UI.
  • Fixed Audit Log Eventtype antipattern in System Settings UI.
  • Fixed CVE Allowlist Validation.
  • Fixed issue where the tag retention job failed with a 403 error message.
  • Fixed issue where the project maintainer role permission for webhook policy was incorrect.
  • Fixed issue where creating a robot account resulted in an unexpected error instead of HTTP 409.
  • Fixed issue where project metadata for tag retention policy was not cleaned up after deletion.
  • Fixed issue where the Docker client timeout was too low for robot account operations.
  • Fixed issue where 'No SBOM' was displayed in multi-arch images in HarborUI.
  • Fixed issue where the check for blob existence before copying layers smaller than chunk size was incorrect.
  • Fixed issue where the replication adapter whitelist was not correctly added (related to the breaking change).

🔧 Affected Symbols

replication adapter whitelistCVE reportsartfact scan reportCNAI modelwebhook policyrobot accounttag retention jobv2_swagger_client