some bug fixes and features

What's Changed

• feat(cve): better distinguish max severity on an image by @andaaron in #918
• chore(deps): fix dependabot alerts by @rchincha in #919
• refactor(tests): removed globals from digest test, more hardcoded digests by @chofnar in #923
• fix(sync): also sync on demand digests, not only tags, closes #902 by @peusebiu in #932
• test: Add cosign and notations bats tests by @nicoldr in #929
• chore(deps): fix dependabot alerts by @rchincha in #945
• refactor: changed github issue templates to yml form by @chofnar in #949
• test(bats): added regclient artifact commands by @peusebiu in #938
• refactor(cache): Add database interface for blob paths + refactor BoltDB to use interface by @chofnar in #667
• bug: fixed image size not counting config and manifest sizes by @aokirisaki in #937
• feat(artifact): add OCI references support by @rchincha in #936
• chore(deps): fix dependabot alerts by @rchincha in #965

Full Changelog: v1.4.3-rc4...v1.4.3-rc5

some bug fixes and features

What's Changed

• ci: fix image build/release workflow by @rchincha in #874
• fix(workflow): gql introspection - run only at release, resulting json in downloadable files by @chofnar in #873
• chore(deps): fix dependabot alerts by @rchincha in #885
• refactor(tests): remove hardcoded digests by @chofnar in #871
• chore: rename search route prefix by @peusebiu in #887
• test: Build images with annotations by @nicoldr in #872
• fix(tests): consolidate routes tests by @peusebiu in #892
• fix: zli images show if signed instead of signature by @aokirisaki in #886
• fix(s3): remove tracking multipart uploads by @peusebiu in #883
• chore(lint): gci to separate zot from other imports by @andaaron in #870
• fix(config): make all extension config consistent by @rchincha in #888
• fix: flaky scheduler coverage by @chofnar in #893
• fix: replace time.sleep() with checking logs by @aokirisaki in #899
• fix(sync): fixed broken logic to get tags for repo by @peusebiu in #900
• refactor(digests): standardise representation of digests to digest.Digest by @andaaron in #898
• fix(cli): do not show signatures and fix tls verification client side by @andaaron in #904

Full Changelog: v1.4.3-rc3...v1.4.3-rc4

some bug fixes and features

What's Changed

• ci(workflows): changed workflow to generate introspection json when gql schema changed by @chofnar in #810
• fix: incorrect path for playground template by @chofnar in #858
• test(authz): add an extra test for authz by @andaaron in #859
• build(tags): remove redundant build tag ui_base by @andaaron in #857
• chore(deps): fix dependabot alerts by @rchincha in #868
• fix(lastUpdated): fix image lastUpdated timestamp logic by @andaaron in #863
• fix: images command not truncating image name/tag by @aokirisaki in #851
• build: add commit hash to Config at build for proper discovery readme by @chofnar in #854
• fix(storage): resolve cache/storage inconsistencies on HEAD request by @peusebiu in #794

Full Changelog: v1.4.3-rc2...v1.4.3-rc3

some bug fixes and features

What's Changed

• Add enable/disable option for scrub extension by @Andreea-Lupu in #827
• add sponsors info by @rchincha in #828
• Include image vulnerability information in ImageSummary by @andaaron in #798
• Remove forking logger by @laurentiuNiculae in #825
• Add graphql query for retrieving imgSummary based on repo:tag image id by @bogdanbiv in #814
• storage: Move common code in helper functions, closes #730 by @peusebiu in #820
• style(ci/cd): add a commit msg style checker by @rchincha in #796
• build(swagger): removed swagger requirement from binary-minimal and binary by @chofnar in #838
• chore(deps): update dependabot dependency update alerts by @rchincha in #845
• fix(ci/cd): update the commit msg checker settings by @rchincha in #846
• fix(license-check): also account for another result condition by @rchincha in #848
• Update go version to 1.19 by @nicoldr in #829
• fix(sync): revert code which removed image destination feature by @peusebiu in #840
• feat(GraphQL): playground, served by zot in specific binary by @chofnar in #753
• fix(sync): also sync image index mediatype by @peusebiu in #847

Full Changelog: v1.4.3-rc1...v1.4.3-rc2

some bug fixes and features

What's Changed

• graphql: Populate ImageSummary missing fields: by @peusebiu in #787
• update presentation links by @rchincha in #804
• fix dependabot alerts by @rchincha in #795
• update ImageSummary to return the history of an image by @alexstan12 in #784
• fix dependabot alerts by @rchincha in #808
• fix dependabot alerts by @rchincha in #809
• dco: enable DCO checks only on PRs by @rchincha in #812
• list all images that have all layers of the base image included (2) by @andaaron in #813
• Adding a task scheduler for background tasks by @Andreea-Lupu in #700
• zli: fix http client transport by @rchincha in #802
• list all images that have are derived from the given image by @aokirisaki in #713
• add debug flag for zli commands by @aokirisaki in #785
• Validate Annotations present in image manifest and fallback to annota… by @nicoldr in #790
• Fix logger race condition by @laurentiuNiculae in #817
• also sync golang 1.19 by @rchincha in #826

Full Changelog: v1.4.2...v1.4.3-rc1

some bug fixes and features

What's Changed

• changed go version to 1.18.x by @alexstan12 in #577
• added repos command to list repositories by @aokirisaki in #569
• Modified sync error log calls to include error type by @chofnar in #506
• Periodically sync golang image from dockerhub to ghcr.io by @peusebiu in #589
• cleanup: refactor filenames to reflect functionality by @rchincha in #539
• zb: replace map with sync.Map to avoid concurrent writes closes #582 by @peusebiu in #590
• Build extensions - manage builds with different combinations of extensions by @alexstan12 in #532
• Fix data races in tests closes #599, closes #598 by @peusebiu in #600
• build: remove swagger install in stacker files by @peusebiu in #602
• fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g by @rchincha in #607
• Add a way to list imports used by specific binaries by @alexstan12 in #605
• Create scorecards.yml by @rchincha in #611
• Update automatically helm chart when publish a new release for zot by @Andreea-Lupu in #609
• ci/cd: fix oras cli flags after it got updated by @peusebiu in #619
• add a security policy document by @rchincha in #613
• Rename push token by @Andreea-Lupu in #617
• restrict workflow action permissions by @rchincha in #612
• fix dependabot.yml by @rchincha in #623
• Fix test data races by @peusebiu in #620
• fix dependabot alerts by @rchincha in #634
• fix dependabot alerts by @rchincha in #642
• harden github action/workflow perms by @rchincha in #643
• Update to latest gqlgen - 1.17.13 by @andaaron in #639
• fix dependabot alerts by @rchincha in #654
• GetRefferers of any artifactType, not just application/vnd.cncf.notary.v2.signature by @alexstan12 in #637
• Freeform search API by @laurentiuNiculae in #618
• add a github workflow to report branch coverage by @rchincha in #655
• Fixes/Improvements to pkg/cli/stress_test.go by @andaaron in #680
• change filenames in pkg/extensions by @alexstan12 in #669
• Fix typos in workflow permissions by @andaaron in #681
• fix dependabot alerts by @rchincha in #679
• mandatory annotations verification + testing by @aokirisaki in #595
• RepoSummary has a new attribute NewestTag of type ImageSummary by @andaaron in #671
• Fuzzing for local storage by @alexstan12 in #601
• Fix permissions for image sync and stale workflows by @andaaron in #683
• regclient blackbox tests and regclient installation in Makefile by @aokirisaki in #668
• fix dependabot alerts by @rchincha in #686
• Make rejecting docker manifests more explicit by @bogdanbiv in #596
• fix dependabot alerts by @rchincha in #694
• RepoInfo structure now includes new field representing RepoSummary by @alexstan12 in #687
• fix dependabot alerts by @rchincha in #711
• replace dependency of tagsInfo with list of manifests by @alexstan12 in #695
• deprecation: allowReadAccess and ReadOnly by @nicoldr in #594
• fix dependabot alerts by @rchincha in #723
• fix dependabot alerts by @rchincha in #727
• GQL Playground: Added content-type to Access-Control-Allow-Headers by @chofnar in #722
• Fix file handlers not being closed after calls to ImageStore.GetBlob by @andaaron in #731
• Add the hack folder to .gitignore by @andaaron in #733
• support OCI image index at manifest endpoint by @rchincha in #638
• fix chart version from pushpull.bats by @Andreea-Lupu in #741
• [cloud usecase] zot cli should not download manifests when listing images by @roxanaN in #457
• fix dependabot alerts by @rchincha in #736
• add a copyright notice by @rchincha in #743
• fix artifact upload action in github workflow by @rchincha in #742
• Get identity from certificate when using mTLS by @nicoldr in #719
• graphql: Apply authorization on /_search endpoint by @alexstan12 in #728
• fix make binary-stacker Makefile target by @rchincha in #752
• GraphQL: RepoListWithNewestImage to return list of RepoSummary by @chofnar in #697
• fix dependabot alerts by @rchincha in #761
• zb: populate images first for the GetCatalog test by @roxanaN in #744
• Fix syntax errors in benchmark and cluster workflows by @andaaron in #763
• Updates following the new oras version by @roxanaN in #764
• storage: different subpaths can point to same root directory by @shimish2 in #718
• Skip manifest which have no annotation for tags by @alexstan12 in #754
• Replaced deprecated io/ioutil functions by @slab713 in #768
• Read log path and verify content separately to avoid failed tests by @nicoldr in #760
• s3: fix dedupe failing to manage blobs correctly by @peusebiu in #772
• fix security alerts from artifacthub by @rchincha in #771
• report listening port when chosen by kernel by @rchincha in #770
• Refactor s3 dedupe by @peusebiu in #774
• routes: support resumable pull by @rchincha in #765
• update README.md for release by @rchincha in #791

New Contributors

• @bogdanbiv made their first contribution in #596
• @nicoldr made their first contribution in #594
• @slab713 made their first contribution in #768

Full Changelog: v1.4.1...v1.4.2

final pre-release for v1.4.2

What's Changed

• Get identity from certificate when using mTLS by @nicoldr in #719
• graphql: Apply authorization on /_search endpoint by @alexstan12 in #728
• fix make binary-stacker Makefile target by @rchincha in #752
• GraphQL: RepoListWithNewestImage to return list of RepoSummary by @chofnar in #697
• fix dependabot alerts by @rchincha in #761
• zb: populate images first for the GetCatalog test by @roxanaN in #744
• Fix syntax errors in benchmark and cluster workflows by @andaaron in #763
• Updates following the new oras version by @roxanaN in #764
• storage: different subpaths can point to same root directory by @shimish2 in #718
• Skip manifest which have no annotation for tags by @alexstan12 in #754
• Replaced deprecated io/ioutil functions by @slab713 in #768
• Read log path and verify content separately to avoid failed tests by @nicoldr in #760
• s3: fix dedupe failing to manage blobs correctly by @peusebiu in #772
• fix security alerts from artifacthub by @rchincha in #771
• report listening port when chosen by kernel by @rchincha in #770
• Refactor s3 dedupe by @peusebiu in #774
• routes: support resumable pull by @rchincha in #765

New Contributors

• @slab713 made their first contribution in #768

Full Changelog: v1.4.2-rc5...v1.4.2-rc6

some bug fixes and features

What's Changed

• [cloud usecase] zot cli should not download manifests when listing images by @roxanaN in #457
• fix dependabot alerts by @rchincha in #736
• add a copyright notice by @rchincha in #743
• fix artifact upload action in github workflow by @rchincha in #742

Full Changelog: v1.4.2-rc4...v1.4.2-rc5

some bug fixes and features

What's Changed

• update metrics/Dockerfile to match current binary name format by @Andreea-Lupu in #497
• build(deps): bump github.com/swaggo/http-swagger from 1.2.5 to 1.2.6 by @rchincha in #513
• linter: upgrade linter version and add fixes accordingly by @alexstan12 in #503
• codeql: move from v1 to v2 by @rchincha in #514
• storage: prevent tag overwrites controlled via configuration by @laurentiuNiculae in #445
• dependabot alert: fix CVE-2022-29810 by @rchincha in #518
• add a CODEOWNERS file by @rchincha in #520
• use TempDir instead of /tmp/zot in tests by @shimish2 in #517
• zb: fix usage help output by @rchincha in #523
• stacker builds: use a different base image by @rchincha in #530
• add failfast flag in go test by @shimish2 in #533
• Reduce downloads by grouping .sync dirs for all images in the same repo by @chofnar in #493
• Report unknown keys when parsing configuration files by @peusebiu in #521
• clustering: Give time to minio container to come up by @peusebiu in #535
• Changed Github workflow to cache dependencies by @chofnar in #525
• build: fix base image in stacker files by @rchincha in #543
• update linter version to 1.46.2 by @rchincha in #540
• Adding mocked tests for routes by @laurentiuNiculae in #500
• update cosign deps by @rchincha in #544
• ext: use distribution spec route prefix for extension api by @shimish2 in #449
• fix stacker build file to include compatible glibc runtime by @rchincha in #545
• fix CVE-2022-29162/GHSA-f3fp-gc8g-vw66 by @rchincha in #550
• zb: pick client IPs from a pool, closes #472 by @peusebiu in #477
• s3: added logic for deduping blobs by @peusebiu in #504
• add endpoints field in ext discover api by @shimish2 in #548
• sync: specify contentType for cosign manifest, preserve digests, allow http redirects when syncing signatures by @peusebiu in #542
• fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj by @rchincha in #552
• fix extension endpoints by @shimish2 in #557
• fix CVE-2022-28948/GHSA-hp87-p4gw-j4gq by @rchincha in #559
• Code coverage improvement by @aokirisaki in #553
• fixed failed tests for all skopeo versions by @aokirisaki in #524
• ci/cd: Fix arm builds by @peusebiu in #555
• Fix periodic background tasks (gc and scrub) by @Andreea-Lupu in #529
• zli: cve scan doesn't print CRITICAL vulnerabilities for image by @laurentiuNiculae in #556
• check notary v2 signature while looking for available signatures by @shimish2 in #423
• Added sync onDemand test for ORAS artifact by @chofnar in #522
• fix dependabot alerts by @rchincha in #581
• fix sample request url in search extension README by @shimish2 in #583
• routes: strip query parameter from request URL by @shimish2 in #576

New Contributors

• @alexstan12 made their first contribution in #503
• @aokirisaki made their first contribution in #553

Full Changelog: v1.4.0...v1.4.1

some bug fixes and features

What's Changed

• s3: bugfix, use sync.Map instead of map for storing multi part upload… by @peusebiu in #436
• CVE-2022-23648: update dependencies in go.mod by @rchincha in #439
• go.mod: cleanup deps so 'go mod tidy' works by @rchincha in #438
• conformance: fix cross-mount behavior when 'from' is missing by @rchincha in #443
• test: use T.TempDir to create temporary test directory by @Juneezee in #447
• Root access for skopeo in Makefile by @laurentiuNiculae in #446
• routes: changes required to do browser authentication by @shimish2 in #429
• Added clustering github workflow by @peusebiu in #416
• Distribution-spec version named simply Version in zot logs by @laurentiuNiculae in #448
• fix dependabot alert by @rchincha in #460
• fix issue and PR templates by @rchincha in #463
• ci/cd: scan released images with trivy scanner by @rchincha in #453
• Export absolute path for notation binary so it runs locally by @chofnar in #470
• sync: support reloading sync config when the config file changes by @peusebiu in #406
• new config option for sync-destination by @laurentiuNiculae in #454
• move module deps under project-zot repo by @rchincha in #473
• Refactor the push/pull tests to use the bats test framework by @andaaron in #467
• sync: Add a new flag to enforce syncing only signed images, closes #455 by @peusebiu in #456
• gc: add a unit test by @rchincha in #478
• build: add -buildmode=pie to builds by @rchincha in #412
• sync: fix inconsistent test by @peusebiu in #489
• Modified shared storage haproxy config to stick only writes, not reads by @peusebiu in #471
• Leave zot repositories in a consistent state after zot hits fd limit closes #359 by @adodon2go in #381
• make scrub inline and periodic by @Andreea-Lupu in #440
• demos: initial commit of asciinema demos by @rchincha in #491
• Separate make targets that require elevated privileges by @chofnar in #461
• update 3rd party licenses by @rchincha in #496
• update demos for better sizing and layout by @rchincha in #498
• Add read-only tests, mixed read-only tests, mixed write-only tests and mixed read-write tests for zb binary by @roxanaN in #372
• "make verify-config" target reports issues by @laurentiuNiculae in #488
• s3: fix initRepo not creating index.json in some edge cases by @peusebiu in #469
• go.mod: update dependencies by @peusebiu in #505
• gc: make garbage-collect periodic by @Andreea-Lupu in #476
• Migrate from docker/build-push-action to stacker-build-push-action by @peusebiu in #499

New Contributors

• @Juneezee made their first contribution in #447
• @laurentiuNiculae made their first contribution in #446
• @chofnar made their first contribution in #470

Full Changelog: v1.3.9...v1.4.0