distribution

mirror of https://github.com/distribution/distribution.git synced 2025-08-31 14:37:56 +00:00

Author	SHA1	Message	Date
Milos Gajdos	920120077f	Remove accidental typo Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2025-02-11 06:38:11 -08:00
Milos Gajdos	25be29b32b	Prep for v3-rc.3 release * Created a changelog file * Updated version Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2025-02-10 20:10:15 -08:00
Milos Gajdos	5ea9aa028d	Merge commit from fork Fix registry token authentication bug	2025-02-10 19:50:35 -08:00
Milos Gajdos	939a525dd5	Bump Go version (#4566 )	2025-02-08 07:20:26 -08:00
Milos Gajdos	7098b3f42c	Bump Go version Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2025-02-07 19:34:01 -08:00
Milos Gajdos	6ed60b0f48	Apply suggestions from code review Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com>	2025-02-06 17:43:28 +00:00
Milos Gajdos	53c382641c	Remove named returns and fix linting woes Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2025-02-05 21:26:23 -08:00
Milos Gajdos	f4a500caf6	Fix registry token authentication bug When a JWT contains a JWK header without a certificate chain, the original code only checked if the KeyID (kid) matches one of the trusted keys, but doesn't verify that the actual key material matches. As a result, if an attacker guesses the kid, they can inject an untrusted key which would then be used to grant access to protected data. This fixes the issue such as only the trusted key is verified. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2025-02-01 15:30:18 -08:00
Milos Gajdos	7271d882c0	ci: fix bake build (#4555 )	2025-01-16 20:19:08 +00:00
CrazyMax	4c5e394561	ci: fix bake build Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-01-16 18:54:00 +01:00
Milos Gajdos	3270367d89	(security): Bump golang.org/x/net module (#4542 )	2025-01-10 10:51:24 +00:00
Milos Gajdos	17550ead96	build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 (#4553 )	2025-01-10 10:23:20 +00:00
Milos Gajdos	9dff0cbf9f	ci: update bake-action to v6 (#4554 )	2025-01-10 10:06:22 +00:00
CrazyMax	808f0b8961	ci: update bake-action to v6 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-01-10 10:31:13 +01:00
dependabot[bot]	825eeb039d	build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-01-10 01:54:12 +00:00
Wang Yan	43291261fa	build(deps): bump actions/upload-artifact from 4.3.6 to 4.5.0 (#4538 )	2024-12-23 12:43:19 +08:00
Milos Gajdos	f1e33060cb	Fix conformance upload issue: We're trying to upload conformance test results from a hidden directory: Version 4.4.0 introduced a breaking change: https://github.com/actions/upload-artifact/releases/tag/v4.4.0 We can either set include-hidden-files: true or ename the directory to e.g., out/ without a leading dot which is what we do in this PR Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-12-20 06:32:18 +00:00
Milos Gajdos	38fd91a49e	(security): Bump golang.org/x/net module Fixes: https://nvd.nist.gov/vuln/detail/CVE-2024-45338 Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-12-20 06:21:59 +00:00
Milos Gajdos	4890d9e036	Prepare for rc2 release (#4539 ) v3.0.0-rc.2	2024-12-18 14:54:27 +00:00
Milos Gajdos	c4a604465f	Prepare for rc2 release Seems like we havent done AUTHORS update in a while: this commit rectififes that. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-12-18 08:17:36 +00:00
dependabot[bot]	d85819c08e	build(deps): bump actions/upload-artifact from 4.3.6 to 4.5.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.6...v4.5.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-12-18 01:26:29 +00:00
Milos Gajdos	1c62898144	feat(configuration): support mtls auth mod (#4537 )	2024-12-17 14:00:36 +00:00
vitshev	41a906f0c6	fix(configuration): replace string literals with constants in tests Signed-off-by: vitshev <vitshev@tracto.ai>	2024-12-16 22:34:26 +01:00
Vitshev	96c9a85b62	fix(configuration): replace string literals with constants in error Co-authored-by: Milos Gajdos <milosgajdos83@gmail.com> Signed-off-by: Vitshev <vitshev@tracto.ai>	2024-12-16 22:30:37 +01:00
vitshev	328f802b8e	fix(configuration): replace string literals with constants Signed-off-by: vitshev <vitshev@tracto.ai>	2024-12-16 20:43:30 +01:00
vitshev	916bdeae94	feat(configuration): support mtls auth mod Signed-off-by: vitshev <vitshev@tracto.ai>	2024-12-16 20:43:20 +01:00
Kyle Squizzato	258144d70f	Update squizzi maintainer email (#4530 )	2024-12-13 15:49:57 -08:00
Wang Yan	3241bc213c	chore: Bump alpine image version (#4532 )	2024-12-13 19:20:48 +08:00
Milos Gajdos	96a3daafe9	Move a direct dependency to direct deps required modules Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-12-12 11:34:21 +00:00
Milos Gajdos	fb3ba302d2	chore: Bump alpine and Go versions 3.20 had a minor security vulnerability. Let's bump it. Related: * https://github.com/distribution/distribution-library-image/issues/171 * https://github.com/distribution/distribution/pull/4527 Bump Go version * CI * go.mod Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-12-12 11:29:11 +00:00
Milos Gajdos	b2ae9e398c	update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ (#4527 )	2024-12-12 10:55:20 +00:00
Milos Gajdos	61ee69943b	build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 (#4531 )	2024-12-12 08:54:46 +00:00
dependabot[bot]	6eba54be60	build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-12-12 08:34:18 +00:00
Kyle Squizzato	183919cee5	Update squizzi maintainer email Signed-off-by: Kyle Squizzato <kyle@replicated.com>	2024-12-11 12:08:38 -08:00
Sebastiaan van Stijn	179e902fe9	update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ This fixes compatibility with alpine 3.21 and file 5.46+ - Fix additional possible `xx-cc`/`xx-cargo` compatibility issue with Alpine 3.21 - Support for Alpine 3.21 - Fix `xx-verify` with `file` 5.46+ - Fix possible error taking lock in `xx-apk` in latest Alpine without `coreutils` full diff: https://github.com/tonistiigi/xx/compare/v1.2.1...v1.6.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-12-10 10:40:30 +01:00
Milos Gajdos	f2658eeb0b	docs: Explain how to configure a list through env variables (#4522 )	2024-12-03 17:57:32 +00:00
Victor Barbu	1d104a9399	[docs] Explain how to configure a list through env variables Signed-off-by: Victor Barbu <git.zqk3n@vicb.cc>	2024-12-03 19:08:23 +02:00
Milos Gajdos	e3007cd2bc	Upgrade `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` (#4507 )	2024-11-20 11:23:40 +00:00
Wang Yan	a44f1fb058	build(deps): bump codecov/codecov-action from 4 to 5 (#4508 )	2024-11-18 11:00:09 +08:00
dependabot[bot]	4dfab838b7	build(deps): bump codecov/codecov-action from 4 to 5 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2024-11-15 02:04:35 +00:00
krynju	abbe03efef	Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp Signed-off-by: krynju <krystian.gulinski@juliahub.com>	2024-11-13 18:27:43 +01:00
Milos Gajdos	3ddd142339	Prep for v3-rc.1 release (#4502 ) v3.0.0-rc.1	2024-11-07 20:09:13 +00:00
Milos Gajdos	4118c80a99	Prep for v3-rc.1 release * Created a changelog file * Updated mailmap * Updated version Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-11-06 15:37:11 +00:00
Milos Gajdos	d67b46a05b	Bump dependencies (#4498 )	2024-11-06 10:52:35 +00:00
Milos Gajdos	f7236ab041	feat: support custom exec-based credential helper in proxy mode (#4438 )	2024-11-05 11:48:33 +00:00
Milos Gajdos	099201adde	fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#4424 )	2024-11-05 11:39:43 +00:00
Milos Gajdos	3ac2285631	Bump otel dependencies We want to be consistent in our deps so tracking down issue does not end up in a murder mystery hunt. This commit picks a specific otel versions that are unified in this codebase. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-11-05 05:45:37 +00:00
Milos Gajdos	bd52394e81	Update lint.Dockerfile Add a timeout to the lint: By default it is set to 1m Remove ARGs where not needed. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-11-05 05:31:45 +00:00
Milos Gajdos	85e99bce34	docs: update hugo and theme versions (#4499 )	2024-11-01 12:45:02 +00:00
David Karlsson	da2f24e205	docs: update hugo and theme versions Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>	2024-10-31 10:03:17 +01:00

1 2 3 4 5 ...

5585 Commits