Component updates ⬆️

[cherry-pick] fix: improve the performance of list artifacts by @chlins in #18632

bump golang 1.19.9 on release-2.7.0 by @MinerYang in #18650

(cherry-pick) Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18711

set tag pull time for proxy cache by @wy65701436 in #18742

(cherry-pick) Return error when proxy cache get too many request error(429) by @stonezdj in #18751

Changed logic search projects in gitlab adapter for 2.7.0 by @lxShaDoWxl in #18784

[cherry-pick][2.7] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18802

[Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18995

[cherry-pick]fix accessory import issue by @wy65701436 in #19056

fix: TRIVYVERSION=v0.44.0 && TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19089

[Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19082

[cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19093

bump go1.19.12 on release-2.7.0 base on ph4 by @MinerYang in #19162

[cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19148

[cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19121

[cherry-pick] fix: support customize cache db for business by @chlins in #19189

(cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19306

bump goharbor/golang 1.19.13 on release-2.7.0 by @MinerYang in #19324

fix: bump up TRIVYVERSION=v0.45.0 && TRIVYADAPTERVERSION=v0.30.16 by @zyyw in #19329

Other Changes

[cherry-pick]Fix setup-gcloud fails when building package by @YangJiao0817 in #18684

[cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18980

[cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19119

[Cherry-pick]Add new uri path to ShouldNotReuseRoute array by @AllForNothing in #19220

Full Changelog : v2.7.2...v2.7.3

Contributors

Component updates ⬆️

[cherry-pick] fix: improve the performance of list artifacts by @chlins in #18632

bump golang 1.19.9 on release-2.7.0 by @MinerYang in #18650

(cherry-pick) Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18711

set tag pull time for proxy cache by @wy65701436 in #18742

(cherry-pick) Return error when proxy cache get too many request error(429) by @stonezdj in #18751

Changed logic search projects in gitlab adapter for 2.7.0 by @lxShaDoWxl in #18784

[cherry-pick][2.7] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18802

[Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18995

[cherry-pick]fix accessory import issue by @wy65701436 in #19056

fix: TRIVYVERSION=v0.44.0 && TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19089

[Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19082

[cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19093

bump go1.19.12 on release-2.7.0 base on ph4 by @MinerYang in #19162

[cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19148

[cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19121

[cherry-pick] fix: support customize cache db for business by @chlins in #19189

(cherry-pick) Remove job status track information from redis after stop the job in the queue by @stonezdj in #19306

bump goharbor/golang 1.19.13 on release-2.7.0 by @MinerYang in #19324

fix: bump up TRIVYVERSION=v0.45.0 && TRIVYADAPTERVERSION=v0.30.16 by @zyyw in #19329

Other Changes

[cherry-pick]Fix setup-gcloud fails when building package by @YangJiao0817 in #18684

[cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18980

[cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19119

[Cherry-pick]Add new uri path to ShouldNotReuseRoute array by @AllForNothing in #19220

Full Changelog : v2.7.2...v2.7.3-rc1

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Security Hub

Admin users can now access valuable security insights, which include the number of scanned and unscanned artifacts, identification of dangerous artifacts and CVEs, and advanced search capabilities for vulnerabilities using multiple combined conditions.

Add Security Hub UI by @AllForNothing in #18942

Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854

Add vulnerability search API by @stonezdj in #18924

Add security hub summary API by @stonezdj in #18872

Create index in vulnerability_record table by @stonezdj in #18949

GC Enhancements

Improved visibility with detailed GC execution history and enable parallel deletion for faster GC triggers.

Add worker parameter for GC by @AllForNothing in #18882

Add more details in gc history by @wy65701436 in #18779

Add multiple deletions of GC by @wy65701436 in #18855

Supporting OCI Distribution Spec v1.1.0-rc2

Harbor now supports OCI Distribution Spec v1.1.0-rc2 and added support for Notation signature and Nydus conversion as referrers.

Support OCI-Subject header by @wy65701436 in #18885

Add notation support by @wy65701436 in #18909

Enable notary v2 policy checker by @wy65701436 in #18927

Add Notation UI for deployment security by @AllForNothing in #18952

Support nydus as an accessory by @wy65701436 in #18953

Additional Features

Customized banner message

Admins can now set a customized banner message displayed on top of Harbor web pages.

Add customized banner message UI by @AllForNothing in #18827

Quota Update Provider

Introduced a new mechanism utilizing Redis for optimistic locking during quota updates when pushing images. Refer to the documentation at https://github.com/goharbor/perf/wiki/Quota-Update for instructions on enabling and utilizing this feature.

feat: Optimize quota checking when pushing images by @lengrongfu in #17392

perf: introduce update quota by redis by @chlins in #18871

feat: add the configuration for quota update provider by @chlins in #18928

Deprecations ❌

Removal of Notary

Starting with version v2.9.0, Harbor no longer includes Notary in either the user interface or the backend. Please navigate to this page for details.

Remove notary test cases by @YangJiao0817 in #18620

Remove notary UI by @AllForNothing in #18666

Remove the notary from the backend by @wy65701436 in #18668

Known issue

Harbor v2.9.0 Online/Offline Installer and Docker Version Compatibility
If you install Harbor v2.9.0 using an online/offline installer with Docker version lower than 20.10.10, you may encounter an issue where the Harbor database container fails to start. This issue is being tracked at ( #19141 ). For more detailed information about this specific problem, you can visit this page ( timescale/timescaledb-docker-ha#260 ). To avoid this issue, we recommend ensuring that your Docker version is equal to or greater than 20.10.10 when using Harbor v2.9.0 with the online/offline installer.

Breaking Changes

As of Harbor v2.9.0, only PostgreSQL >= 12 is supported for external databases. Before upgrading, you should make sure that your external databases are using a supported version of PostgreSQL.

Enhancement 🚀

Fix message prompt under the header by @AllForNothing in #18613

fix: improve the performance of list artifacts by @chlins in #18610

Improve repo_read_only header on the UI by @AllForNothing in #18729

Add a text to explain the time window for GC by @AllForNothing in #18735

Add a tooltip for slack notification by @AllForNothing in #18787

【UT】add unit test for collector system info by @lengrongfu in #18717

Add Details column for gc history by @AllForNothing in #18797

Add Podman push command to the UI by @AllForNothing in #18810

Add new client Podman to the pull command by @AllForNothing in #18857

Component updates ⬆️

fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487

bump golang 1.20.3 on main by @MinerYang in #18492

feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501

Rewords quota definitions based on user input by @OrlinVasilev in #18512

Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518

GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386

Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919

feat: log with trace ID by @pgillich in #18181

Fix typos in common.sh by @Maxi-Mega in #18151

bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545

Update position to vertical-align for copy button by @AllForNothing in #18563

Add missing i18n key-value for helm chart by @AllForNothing in #18578

Allow redis password using safe special characters by @MinerYang in #18566

add goheader linter settings by @MinerYang in #18503

fix: link to Github's rate limiting documentation. by @perjahn in #18588

fix: error log use wrong variable err by @dyf991645 in #18602

Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612

Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608

bump golang 1.20.4 on main by @MinerYang in #18647

fix: sweep executions of image scan job by @chlins in #18649

fix: cherry pick the migration sql by @chlins in #18644

chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in #18606

Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263

Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529

bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687

fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662

Fix the channel that never receives a value by @iAklis in #18139

Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697

Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709

chore: bump registry release to 2.8.2 by @DavidSpek in #18685

Add support for TLSv1.3 in nginx configurations by @malmor in #18659

set tag pull time for proxy cache by @wy65701436 in #18731

http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990

Return error when proxy cache get too many request error(429) by @stonezdj in #18728

【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716

Fix syntax errors in comments by @lishaokai1995 in #18746

add strong_ssl_ciphers ...

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854

Add costomized banner message UI by @AllForNothing in #18827

Add worker parameter for GC by @AllForNothing in #18882

add notation support by @wy65701436 in #18909

enable notary v2 policy checker by @wy65701436 in #18927

Add vulnerability search API by @stonezdj in #18924

Add Notation UI for deployment security by @AllForNothing in #18952

Add Security Hub UI by @AllForNothing in #18942

support nydus as a accessory by @wy65701436 in #18953

Enhancement 🚀

Fix message prompt under the header by @AllForNothing in #18613

fix: improve the performance of list artifacts by @chlins in #18610

Improve repo_read_only header on the UI by @AllForNothing in #18729

Add a text to explain the time window for GC by @AllForNothing in #18735

add more details in gc history by @wy65701436 in #18779

feat: Optimize quota checking when pushing images by @lengrongfu in #17392

Add a tooltip for slack notification by @AllForNothing in #18787

【UT】add unit test for collector system info by @lengrongfu in #18717

Add Details column for gc history by @AllForNothing in #18797

Add Podman push command to the UI by @AllForNothing in #18810

Add new client Podman to the pull command by @AllForNothing in #18857

add multiple deletion of GC by @wy65701436 in #18855

perf: introduce update quota by redis by @chlins in #18871

Add security hub summary API by @stonezdj in #18872

Create index in vulnerability_record table by @stonezdj in #18949

feat: add the configuration for quota update provider by @chlins in #18928

Component updates ⬆️

fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487

bump golang 1.20.3 on main by @MinerYang in #18492

feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501

Reword quota definitions based on user input by @OrlinVasilev in #18512

Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518

GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386

Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919

feat: log with trace ID by @pgillich in #18181

Fix typos in common.sh by @Maxi-Mega in #18151

bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545

Update position to vertical-align for copy button by @AllForNothing in #18563

Add missing i18n key-value for helm chart by @AllForNothing in #18578

Allow redis password using safe special characters by @MinerYang in #18566

add goheader linter settings by @MinerYang in #18503

fix: link to Github's rate limiting documentation. by @perjahn in #18588

fix: error log use wrong variable err by @dyf991645 in #18602

Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612

Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608

bump golang 1.20.4 on main by @MinerYang in #18647

fix: sweep executions of image scan job by @chlins in #18649

fix: cherry pick the migration sql by @chlins in #18644

chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in #18606

Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263

Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529

bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687

fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662

Fix the channel that never receives a value by @iAklis in #18139

Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697

Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709

chore: bump registry release to 2.8.2 by @DavidSpek in #18685

Add support for TLSv1.3 in nginx configurations by @malmor in #18659

set tag pull time for proxy cache by @wy65701436 in #18731

http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990

Return error when proxy cache get too many request error(429) by @stonezdj in #18728

【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716

Fix syntax errors in comments by @lishaokai1995 in #18746

add strong_ssl_ciphers for nginx https jinja template by @MinerYang in #18748

fix: import optimization by @testwill in #18727

fix invalid access action by @orblazer in #18188

Fix: fix function name in comments by @cuishuang in #18726

fix: clean up scan executions and reports after deleting artifact by @chlins in #18693

Remove wrong format for boolean value in api definition by @sll552 in #18783

fix: add checkpoint when enqueue scan tasks for scan all by @chlins in #18680

Update/improve grafana dashboard by @mac-chaffee in #16661

fix: optimize the mechanism of quota refresh by @chlins in #18795

Update the text for the oidc cli secret tooltip by @AllForNothing in #18814

jobservice: add DB to job logger config by @liubin in #18821

jobservice: update readme by @liubin in #18849

refactor: migrate the redis command keys to scan by @chlins in #18825

Add unit test for hidden columns by @AllForNothing in #18873

support OCI-Subject header by @wy65701436 in #18885

Correct the hidden property for clrDgHideableColumn by @AllForNothing in #18890

API: update ScannerRegistration.properties.url format by @liubin in #18799

chore: upgrade golang-migrate to v4.16.2 by @chlins in #18879

fix: add password/secret length check to be <= 128 by @zyyw in #18916

update icons by @vndroid in #18767

Log warning message when current user is freeze by @stonezdj in #18937

fix: correct the operator in the webhook payload by @chlins in #18906

Update the regex for policy name and the tooltip message by @AllForNothing in #18947

fix: replication policy cron setting - the 1st field must be 0; the Minutes field cannot be ADOPTERS.md CHANGELOG.md CODEOWNERS CONTRI...

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854

Add costomized banner message UI by @AllForNothing in #18827

Add worker parameter for GC by @AllForNothing in #18882

add notation support by @wy65701436 in #18909

enable notary v2 policy checker by @wy65701436 in #18927

Add vulnerability search API by @stonezdj in #18924

Add Notation UI for deployment security by @AllForNothing in #18952

Add Security Hub UI by @AllForNothing in #18942

support nydus as a accessory by @wy65701436 in #18953

Enhancement 🚀

Fix message prompt under the header by @AllForNothing in #18613

fix: improve the performance of list artifacts by @chlins in #18610

Improve repo_read_only header on the UI by @AllForNothing in #18729

Add a text to explain the time window for GC by @AllForNothing in #18735

add more details in gc history by @wy65701436 in #18779

feat: Optimize quota checking when pushing images by @lengrongfu in #17392

Add a tooltip for slack notification by @AllForNothing in #18787

【UT】add unit test for collector system info by @lengrongfu in #18717

Add Details column for gc history by @AllForNothing in #18797

Add Podman push command to the UI by @AllForNothing in #18810

Add new client Podman to the pull command by @AllForNothing in #18857

add multiple deletion of GC by @wy65701436 in #18855

perf: introduce update quota by redis by @chlins in #18871

Add security hub summary API by @stonezdj in #18872

Create index in vulnerability_record table by @stonezdj in #18949

feat: add the configuration for quota update provider by @chlins in #18928

Component updates ⬆️

fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487

bump golang 1.20.3 on main by @MinerYang in #18492

feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501

Reword quota definitions based on user input by @OrlinVasilev in #18512

Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518

GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386

Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919

feat: log with trace ID by @pgillich in #18181

Fix typos in common.sh by @Maxi-Mega in #18151

bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545

Update position to vertical-align for copy button by @AllForNothing in #18563

Add missing i18n key-value for helm chart by @AllForNothing in #18578

Allow redis password using safe special characters by @MinerYang in #18566

add goheader linter settings by @MinerYang in #18503

fix: link to Github's rate limiting documentation. by @perjahn in #18588

fix: error log use wrong variable err by @dyf991645 in #18602

Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612

Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608

bump golang 1.20.4 on main by @MinerYang in #18647

fix: sweep executions of image scan job by @chlins in #18649

fix: cherry pick the migration sql by @chlins in #18644

chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in #18606

Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263

Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529

bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687

fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662

Fix the channel that never receives a value by @iAklis in #18139

Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697

Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709

chore: bump registry release to 2.8.2 by @DavidSpek in #18685

Add support for TLSv1.3 in nginx configurations by @malmor in #18659

set tag pull time for proxy cache by @wy65701436 in #18731

http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990

Return error when proxy cache get too many request error(429) by @stonezdj in #18728

【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716

Fix syntax errors in comments by @lishaokai1995 in #18746

add strong_ssl_ciphers for nginx https jinja template by @MinerYang in #18748

fix: import optimization by @testwill in #18727

fix invalid access action by @orblazer in #18188

Fix: fix function name in comments by @cuishuang in #18726

fix: clean up scan executions and reports after deleting artifact by @chlins in #18693

Remove wrong format for boolean value in api definition by @sll552 in #18783

fix: add checkpoint when enqueue scan tasks for scan all by @chlins in #18680

Update/improve grafana dashboard by @mac-chaffee in #16661

fix: optimize the mechanism of quota refresh by @chlins in #18795

Update the text for the oidc cli secret tooltip by @AllForNothing in #18814

jobservice: add DB to job logger config by @liubin in #18821

jobservice: update readme by @liubin in #18849

refactor: migrate the redis command keys to scan by @chlins in #18825

Add unit test for hidden columns by @AllForNothing in #18873

support OCI-Subject header by @wy65701436 in #18885

Correct the hidden property for clrDgHideableColumn by @AllForNothing in #18890

API: update ScannerRegistration.properties.url format by @liubin in #18799

chore: upgrade golang-migrate to v4.16.2 by @chlins in #18879

fix: add password/secret length check to be <= 128 by @zyyw in #18916

update icons by @vndroid in #18767

Log warning message when current user is freeze by @stonezdj in #18937

fix: correct the operator in the webhook payload by @chlins in #18906

Update the regex for policy name and the tooltip message by @AllForNothing in #18947

fix: replication policy cron setting - the 1st field must be 0; the Minutes field cannot be ADOPTERS.md CHANGELOG.md CODEOWNERS CONTRI...

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Component updates ⬆️

[cherry-pick]fix accessory import issue by @wy65701436 in #19058

fix: bump up TRIVYVERSION=v0.44.0 and TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19088

[Cherry-pick]Convert the string "0" to number 0 by @AllForNothing in #19081

[cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19092

bump go 1.20.7 && install git for p4 base golang image by @MinerYang in #19138

[cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19122

[cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19147

fix: support customize cache db for business by @chlins in #19184

Other Changes

[cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19117

Full Changelog : v2.8.3...v2.8.4

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Component updates ⬆️

[cherry-pick]fix accessory import issue by @wy65701436 in #19058

fix: bump up TRIVYVERSION=v0.44.0 and TRIVYADAPTERVERSION=v0.30.15 by @zyyw in #19088

[Cherry-pick]Convert the string �\ to number 0 by @AllForNothing in #19081

[cherry-pick] fix: fix replication list projects with pure numberic name by @chlins in #19092

bump go 1.20.7 && install git for p4 base golang image by @MinerYang in #19138

[cherry-pick] chore: fix incorrect otel timeout in harbor yaml template by @chlins in #19122

[cherry-pick] refactor: migrate the redis command keys to scan by @chlins in #19147

fix: support customize cache db for business by @chlins in #19184

Other Changes

[cherry-pick]Bump up setup-gcloud to 430.0.0 by @YangJiao0817 in #19117

Full Changelog : v2.8.3...v2.8.4-rc1

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Exciting New Features 🎉

Security Hub

Admin users can now access valuable security insights, which including the number of scanned and unscanned artifacts, identification of dangerous artifacts and CVEs and advanced search capabilities for vulnerabilities using multiple combined conditions.

Add Security Hub UI by @AllForNothing in #18942

Update table scan_report and extract cvss_v3_score from vendor attribute by @stonezdj in #18854

Add vulnerability search API by @stonezdj in #18924

Add security hub summary API by @stonezdj in #18872

Create index in vulnerability_record table by @stonezdj in #18949

GC Enhancements

Improved visibility with detailed GC execution history and enable parallel deletion for faster GC triggers.

Add worker parameter for GC by @AllForNothing in #18882

add more details in gc history by @wy65701436 in #18779

add multiple deletion of GC by @wy65701436 in #18855

Supporting OCI Distribution Spec v1.1.0-rc2

Harbor now supports OCI Distribution Spec v1.1.0-rc2 and added support for Notation signature and Nydus conversion as referrers.

support OCI-Subject header by @wy65701436 in #18885

add notation support by @wy65701436 in #18909

enable notary v2 policy checker by @wy65701436 in #18927

Add Notation UI for deployment security by @AllForNothing in #18952

support nydus as a accessory by @wy65701436 in #18953

Additional Features

Customized banner message

Admins can now set a customized banner message displayed on top of Harbor web pages.

Add costomized banner message UI by @AllForNothing in #18827

Quota Update Provider

Introduced a new mechanism utilizing Redis for optimistic locking during quota updates when pushing images. Refer to the documentation at https://github.com/goharbor/perf/wiki/Quota-Update for instructions on enabling and utilizing this feature.

feat: Optimize quota checking when pushing images by @lengrongfu in #17392

perf: introduce update quota by redis by @chlins in #18871

feat: add the configuration for quota update provider by @chlins in #18928

Deprecations ❌

Removal of Notary

Starting with version v2.9.0, Harbor no longer includes Notary in either the user interface or the backend.

Remove notary test cases by @YangJiao0817 in #18620

Remove notary UI by @AllForNothing in #18666

remove the notary from backend by @wy65701436 in #18668

Enhancement 🚀

Fix message prompt under the header by @AllForNothing in #18613

fix: improve the performance of list artifacts by @chlins in #18610

Improve repo_read_only header on the UI by @AllForNothing in #18729

Add a text to explain the time window for GC by @AllForNothing in #18735

Add a tooltip for slack notification by @AllForNothing in #18787

【UT】add unit test for collector system info by @lengrongfu in #18717

Add Details column for gc history by @AllForNothing in #18797

Add Podman push command to the UI by @AllForNothing in #18810

Add new client Podman to the pull command by @AllForNothing in #18857

Component updates ⬆️

fix: fix error bitsize of jobservice reaper scan locks by @chlins in #18487

bump golang 1.20.3 on main by @MinerYang in #18492

feat: update TRIVYVERSION=v0.39.0 & TRIVYADAPTERVERSION=v0.30.10 by @zyyw in #18501

Reword quota definitions based on user input by @OrlinVasilev in #18512

Synchronize text modification of quota tooltip to all the i18n files by @AllForNothing in #18518

GC: correctly handle manifest unknown (404) condition in v2DeleteManifest retry loop by @dkulchinsky in #18386

Change the permissions of the *.go file from 0755 to 0644 by @Iceber in #17919

feat: log with trace ID by @pgillich in #18181

Fix typos in common.sh by @Maxi-Mega in #18151

bump golang.org/x/net && helm.sh/helm/v3 on main by @MinerYang in #18545

Update position to vertical-align for copy button by @AllForNothing in #18563

Add missing i18n key-value for helm chart by @AllForNothing in #18578

Allow redis password using safe special characters by @MinerYang in #18566

add goheader linter settings by @MinerYang in #18503

fix: link to Github's rate limiting documentation. by @perjahn in #18588

fix: error log use wrong variable err by @dyf991645 in #18602

Upgrade the internal PostgreSQL to 14 in 2.9.0 by @YangJiao0817 in #18612

Improve zh-tw (Traditional Chinese) locale by @PeterDaveHello in #18608

bump golang 1.20.4 on main by @MinerYang in #18647

fix: sweep executions of image scan job by @chlins in #18649

fix: cherry pick the migration sql by @chlins in #18644

chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in #18606

Bump kentaro-m/auto-assign-action from 1.2.4 to 1.2.5 by @dependabot in #18263

Changed logic search projects in gitlab adapter by @lxShaDoWxl in #18529

bump up github.com/distribution/distribution v2.8.2 by @MinerYang in #18687

fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @zyyw in #18662

Fix the channel that never receives a value by @iAklis in #18139

Use subtle.ConstantTimeCompare instead of compare directly by @stonezdj in #18697

Upgrade Angular and Clarity to the latest version by @AllForNothing in #18709

chore: bump registry release to 2.8.2 by @DavidSpek in #18685

Add support for TLSv1.3 in nginx configurations by @malmor in #18659

set tag pull time for proxy cache by @wy65701436 in #18731

http2 enabled and ciphers changed to get an A+ rating instead of B fr… by @mcsage in #16990

Return error when proxy cache get too many request error(429) by @stonezdj in #18728

【optimization】Use URL.Redacted method repleace redacted by @lengrongfu in #18716

Fix syntax errors in comments by @lishaokai1995 in #18746

add strong_ssl_ciphers for nginx https jinja template by @MinerYang in #18748

fix: import optimization by @testwill in #18727

fix invalid access action by @orblazer in #18188

Fix: fix function name in comments by @cuishuang in #18726

fix: clean up scan executions and reports after deleting artifact by @chlins in #18693

Remove wrong format for boolean value in api definition by @sll552 in #18783

fix: add checkpoint when enqueue scan tasks for scan all by @chlins in #18680

Update/improve grafana dashboard by @mac-chaffee in #16661

fix: optimize the mechanism of quota refresh by @chlins in #18795

Update the text for the oidc cli secret tooltip by @AllForNothing in https://gith ...

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Component updates ⬆️

Changed logic search projects in gitlab adapter for 2.8.0 by @lxShaDoWxl in #18785

[cherry-pick][2.8] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18803

[Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18994

bump golang1.20.6 on release-2.8.0& build golang based on photon by @MinerYang in #18990

Other Changes

[cherry-pick]Add replication by chunk testcase by @YangJiao0817 in #18903

[cherry-pick]Add CloudEvents format webhook testcase by @YangJiao0817 in #18907

[cherry-pick]Add OIDC filter group testcase by @YangJiao0817 in #18915

Refresh base images on 2.8 by @YangJiao0817 in #18961

[cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18979

Bump up version to v2.8.3 by @YangJiao0817 in #19007

Full Changelog : v2.8.2...v2.8.3

Contributors

Known issue

There's a known issue #19320 that occurs when running harbor.yml migrate script with the specific storage_service.redirect.disable configuration. Impact version would be Harbor v2.8 and v2.9, for example migrate from v2.7.X to v2.8.Y or v2.7.X to v2.9.Z. Please refer to this comment as a workaround.

What's Changed

Component updates ⬆️

Changed logic search projects in gitlab adapter for 2.8.0 by @lxShaDoWxl in #18785

[cherry-pick][2.8] fix: add retry on the caller of v2DeleteManifest instead within v2DeleteManifest by @dkulchinsky in #18803

[Cherry-pick] fix: bump-up TRIVYVERSION=v0.43.0 and TRIVYADAPTERVERSION=v0.30.14 by @zyyw in #18994

bump golang1.20.6 on release-2.8.0& build golang based on photon by @MinerYang in #18990

Other Changes

[cherry-pick]Add replication by chunk testcase by @YangJiao0817 in #18903

[cherry-pick]Add CloudEvents format webhook testcase by @YangJiao0817 in #18907

[cherry-pick]Add OIDC filter group testcase by @YangJiao0817 in #18915

Refresh base images on 2.8 by @YangJiao0817 in #18961

[cherry-pick]Fix APITEST_DB_PROXY_CACHE x509 by @YangJiao0817 in #18979

Bump up version to v2.8.3 by @YangJiao0817 in #19007

Full Changelog : v2.8.2...v2.8.3-rc1

Contributors