What's new in Harbor 2.6

New feature walkthrough and important deprecation announcements

Harbor 2.6 is about to land in the next days containing some long-awaited functionalities and two important deprecations. With over 150 enhancements and bug fixes, this release further improves stability and reliability. The deprecation hits Notary and ChartMuseum, which was used in Harbor to store Helm Chart Repositories.

While the deprecation of Notary isn’t a big thing for most of us, frankly nobody was using it. The deprecation of ChartMuseum might impact users, especially those who won’t be able to switch to Helm’s capability to store Charts in OCI Registries.

If you are using the Helm CLI directly, it should be safe and straightforward for you to store Helm Charts in OCI Registries. You can use the Harbor chart migration tool to migrate your existing charts to OCI.

Pay attention if use Helm prior version 3.7 or when Helm is stuck in some GitOps or proprietary deployment tools that can not be updated or switched over OCI. Start looking for alternatives or address this issue with the respective project/vendor. Giving Harbor’s discontinuation process, then Notary and ChartMuseum could be removed as early as version 2.8, so about in 1 year.

Let us look at the new features and changes.


Since the last release

  • 280 Commits
  • 28 Contributors
  • 15 New Contributors
  • 164 Enhancements


Big thanks go out to all the 28 contributors for the Harbor release 2.6.

@prahaladdarkin @chlins @stonezdj @AllForNothing @tpoxa @ln23415 @MinerYang @tibeer @OrlinVasilev @SimonAlling @zyyw @franznemeth @wilmardo @wy65701436 @ywk253100 @heylongdacoder @alrs @YangJiao0817 @Dannyx323 @DarthBlair @koushik-ms @stefanlasiewski @sluetze @bmfp @danielpacak @mac-chaffee @qnetter @Abirdcfly

New Features

Cache Layer 🍰

Introduction and improvement of the existing caching mechanism to further improve the performance of pulling artifacts in high concurrency scenario. Now Harbor is caching projects, repositories, manifest, which should improve the common pull, push and UI operations.

Corresponding PRs: (#16740), (#16741), (#16891),(#16459)

CVE Export πŸ’£

The CVE export capability newly introduced in Harbor 2.6.0 is a crucial part for auditing and monitoring the CVE status of container images. CVE export opens up opportunities to integrate CVE compliance checks to the software supply chain and ensure that software is audited against vulnerabilities.

The CVE Export allows users with project admin, developers, or maintainer role to generate and download vulnerabilities reports as CSVs files. An export can be generated via REST API or UI on a project basis.

Exporting CVEs in Harbor

Filter on CVEs to export, based on tags, labels, repositories

Corresponding PRs: #16678, #16879, #15998, #16236

Audit Log πŸ“œ

In Harbor audit logs are used to trace pull/push/delete operations on artifact and users, to create a auditable changelog of events.

With audit log rotation you can now periodically clean up audit logs. In addition, it is also possible start an on demand cleanup job.
The second improvement regarding audit log is the possibility to forward audit logs in a Syslog message format%2C%20followed%20by%20a%20message.) to a remote server.

Corresponding PRs: #16833, #16941, #16865, #16914, #17054

WebAssembly πŸ•Έ

Harbor now supports and displays WebAssembly Module artifact, when it is carrying the annotation module.wasm.image/variant=compat-smart. Corresponding PR: #16931

Additional Features πŸŽ‰

  • GDPR compliant deletion of Users. PR #16859
  • Add stop button for GC. PR #17037

Enhancement πŸš€

  • Update docker building for UI by @AllForNothing in #16692
  • Add dotted line between the artifacts and their accessories by @AllForNothing in #16701
  • fixed typo in legacy_swagger.yaml file by @tibeer in #16723
  • Provide more useful error info by @AllForNothing in #16736
  • Fix some css style issues by @AllForNothing in #16709
  • Add release.yml to automate release notes #16633 by @OrlinVasilev in #16634
  • replace install httpd by installing htpasswd binary only by @MinerYang in #16771
  • Store default page size to local storage by @AllForNothing in #16753
  • Refactor portal language code by @SimonAlling in #16795
  • Fix lint errors in portal by @SimonAlling in #16799
  • Improve replication policy datagrid by @AllForNothing in #16806
  • fix: improve GC log message by @zyyw in #16790
  • Improve css for tags column by @AllForNothing in #16811
  • Allow all roles to see ’listed in CVE allowlist’ column by @AllForNothing in #16860
  • Improve css for accessories component by @AllForNothing in #16868
  • Add date/time format setting in portal by @SimonAlling in #16796
  • Remove message prompt clearing by @AllForNothing in #16894
  • Modify HarborDatetimePipe to pure pipe to improve performance by @AllForNothing in #16906
  • fix: add patch for registry layers larger than 10G with S3 backend by @franznemeth in #16322
  • feat: enabled Github GHCR as proxy cache by @wilmardo in #16834
  • Add NextScheduledTime in schedule object by @stonezdj in #16925
  • Add style lint and add code lint to the pipeline by @AllForNothing in #16954
  • Fix some UI issues by @AllForNothing in #16979
  • Response the sign status to UI for the public project. by @wy65701436 in #16987
  • Support stop GC execution by @ywk253100 in #17004
  • Improve copy command component by @AllForNothing in #17068
  • Improve cron validator for replication rule by @AllForNothing in #17069
  • Enhance the read-only API to avoid deleting operations during the job running by @ywk253100 in #17055
  • Making stale bot a bit more active by @OrlinVasilev in #17115
  • Remove os.Kill in signal handling by @heylongdacoder in #16111
  • Return bad request if audit log retention hour > 240000 hour by @stonezdj in #17217

Component updates ⬆️

  • pkg/scan: fix dropped error by @alrs in #16712
  • bump up astaxie/beego@v1.12.1 to beego/beego/@v1.12.7 by @MinerYang in #16770
  • fix: registry/redis.patch & registry/builder by @zyyw in #16780
  • Upgrade Angular to 13.3.4 by @AllForNothing in #16772
  • fix close response missing by @wy65701436 in #16820
  • add lint with golangci-lint by @MinerYang in #16821
  • fix staticcheck issues by @wy65701436 in #16828
  • fix: gc history update_time by @zyyw in #16841
  • fix artifact count issue by @wy65701436 in #16851
  • migrate tslint to eslint by @AllForNothing in #16856
  • Upgrade clarity to the latest version by @AllForNothing in #16840
  • fix accessory count issue by @wy65701436 in #16866
  • bump up beego from v1.12.7 to v1.12.9 by @MinerYang in #16904
  • fix 16883 by @wy65701436 in #16911
  • fix replcation issue on accessory by @wy65701436 in #16912
  • support docker compose v2 by @MinerYang in #16919
  • fix: golangci-lint errcheck by @zyyw in #16920
  • bump up golang version to v1.18.3 by @MinerYang in #16957
  • fix(swagger): append scan report version 1.1 to swagger docs by @chlins in #16965
  • fix(replication): azurecr replication with token (#16888) by @chlins in #16947
  • fix: update code for golangci-lint gosimple by @zyyw in #16974
  • fix: refactor code for golangci-lint whitespace by @zyyw in #17005
  • fix: update the jobservice hook retry concurrency by @chlins in #17024
  • Remove style-lint package and upgrade @angular-devkit/build-angular by @AllForNothing in #17009
  • migrate: add db index on artifact repository name by @chlins in #17035
  • update support for docker compose v2 by @MinerYang in #17039
  • Unify the process of job schedule/task retrieve and update by @stonezdj in #17012
  • fix: revise the process of policy update by @chlins in #17021
  • fix: fix the update of retention policy by @chlins in #17064
  • fix: bump trivy version to v0.29.2 and bump trivyadapter version to v0.30.0 by @zyyw in #17071
  • Support stop purge audit log job by @stonezdj in #17033
  • Fix scan log mismatch issue by @stonezdj in #17085
  • fix: update preheat api handler and DAO by @chlins in #17079
  • Upgrade pipenv to 2022.1.8 by @YangJiao0817 in #17093
  • fix: update code in compliance with golangci-lint revive by @zyyw in #17087
  • Create index on audit log, execution, artifact for performance by @stonezdj in #17022
  • Added group_type information for type 3 OIDC group by @Dannyx323 in #17118
  • fix: attach labels for replication event by @chlins in #17108
  • resolve copy failure for artifact with multiple accessories by @wy65701436 in #17123
  • Add options to the user.Count method by @stonezdj in #16285
  • fix: repair execution status when it inconsistent by @chlins in #17128
  • Added Tag Retention Permission to Developer by @DarthBlair in #16514
  • resolve robot authgen password format issue by @wy65701436 in #17134
  • Developer role should be able to view tag-retention rules by @AllForNothing in #17138
  • Hide pull command for Nydus by @AllForNothing in #17143
  • Fix to CVE Data Export functionality for images pushed by docker push by @prahaladdarkin in #17182
  • fix: remove redundant check due to always false by @zyyw in #17206
  • Fix log rotation UI issues by @AllForNothing in #17220
  • Fix cve export UI issues by @AllForNothing in #17227
  • Disable Nydus middleware for v2.6 by @MinerYang in #17233
  • bumpup golang version to v1.18.4 by @MinerYang in #17257
  • Fix router issues for UI by @AllForNothing in #17235
  • Add permission check to CVE export by @AllForNothing in #17267
  • [Cherry-pick]Fix null pointer issue for creating reolication rule by @AllForNothing in #17276
  • upgrade: bump up beego to 1.12.11 by @chlins in #17278

Docs update πŸ—„οΈ

  • README.md: fix broken links to badges and Swagger editor by @koushik-ms in #16910

Community update πŸ§‘πŸ»β€πŸ€β€πŸ§‘πŸΎ

  • Add new template file for PRs by @OrlinVasilev in #16645
  • Add CODEOWNERS all maintainers by @OrlinVasilev in #16670
  • In SECURITY.md, fix broken link to RELEASES.md by @stefanlasiewski in #17019

Other Changes

  • Bump TRIVYVERSION to v0.24.2 and bump TRIVYADAPTERVERSION to v0.26.0 by @YangJiao0817 in #16486
  • fix: resolve conformance test failed issue by @zyyw in #16478
  • bump up base version to v2.6 by @wy65701436 in #16481
  • Add a new robot permission and sort permissions by @AllForNothing in #16487
  • docs: Link to latest/edge docs instead of 2.0.0 by @SimonAlling in #14945
  • Improve style and correct typos by @AllForNothing in #16498
  • Add online latest installer package by @YangJiao0817 in #16148
  • Update readme by @AllForNothing in #16501
  • Add replication index testcase by @YangJiao0817 in #16502
  • Update trivy test case by @YangJiao0817 in #16493
  • add transaction for artifact delete by @wy65701436 in #16506
  • Updated translation for 2.5 by @sluetze in #16509
  • refactor: import go-redis to core as replacement of redigo by @chlins in #16492
  • fix: enable one skipped conformance test by @zyyw in #16521
  • Fix duplicate labels issue by @AllForNothing in #16527
  • add cosign signature icon by @wy65701436 in #16533
  • Add cosign icon by @AllForNothing in #16531
  • enhance health validataion by @wy65701436 in #16549
  • Update push and pull command for helm by @AllForNothing in #16552
  • lib/q: fix dropped test error by @alrs in #16494
  • Improve UI with more inclusive words by @AllForNothing in #16548
  • Add secret to download file when refreshing robot secret by @AllForNothing in #16564
  • update log with more inclusive language by @wy65701436 in #16569
  • update french translation by @bmfp in #16570
  • Modify setup-gcloud from master to v0 by @YangJiao0817 in #16571
  • feat: implement beego session provider by @chlins in #16546
  • Update webhook testcase xpath from disable to deactivate by @YangJiao0817 in #16579
  • Add python-dateutil module in api e2e image by @YangJiao0817 in #16588
  • Upgrade UI dependencies by @AllForNothing in #16586
  • Remove state restrictions for gc log button by @AllForNothing in #16585
  • migrations: correct project metadata public value by @chlins in #16597
  • fix: validate project metadata public value by @chlins in #16596
  • Delete unused files and functions by @stonezdj in #16599
  • fix: return BAD_REQUEST when validate project metadata by @chlins in #16605
  • Update usergroups API to support search by group_name by @stonezdj in #16580
  • Use list user groups API to search groups by @AllForNothing in #16610
  • Add main menu routing test case by @YangJiao0817 in #16622
  • Improve copy-artifact component by @AllForNothing in #16628
  • skip policy check on pull cosign signature by @wy65701436 in #16658
  • Improve user setting component by @AllForNothing in #16665
  • Add project tab routing test case by @YangJiao0817 in #16664
  • Clear some UI building warnings by @AllForNothing in #16684
  • Add retries to test cases by @YangJiao0817 in #16690
  • Add open more info page test case by @YangJiao0817 in #16708
  • fix: controller/blob: dropped test error by @alrs in #16608
  • fix: check the existence of the tag before updating pull time by @chlins in #16510
  • Add open cve details page test case by @YangJiao0817 in #16705
  • Add open image scanners documentation page test case by @YangJiao0817 in #16704
  • Add test case for Enable Deployment Security Policy replication by @YangJiao0817 in #16737
  • chore(deps): bump Trivy adapter from v0.26.0 to v0.28.0 by @danielpacak in #16729
  • feat: add cache layer for artifact by @chlins in #16593
  • CI: Replace stale.yaml with stale GH Actions by @OrlinVasilev in #16699
  • enable default to build bin by @wy65701436 in #16763
  • Add imgpkg copy test case by @YangJiao0817 in #16760
  • Update cosign test case by @YangJiao0817 in #16832
  • Use exec in registryctl so signals are passed properly by @mac-chaffee in #16642
  • fix deadcode lint & update golangci-lint.yaml by @MinerYang in #16896
  • Update header user xpath by @YangJiao0817 in #16917
  • Add Publish Release workflow by @YangJiao0817 in #16956
  • Add webhook functionality test case by @YangJiao0817 in #16944
  • Update Web Routing test case by @YangJiao0817 in #16981
  • Update CVE allowlist UI test case by @YangJiao0817 in #16980
  • Update GC UI Testcase by @YangJiao0817 in #16975
  • Update harbor-e2e-engine image by @YangJiao0817 in #17032
  • Add P2P Preheat Test case by @YangJiao0817 in #17089
  • Modify Build Package Workflow trigger condition by @YangJiao0817 in #17106
  • Update tag immutability xpath by @YangJiao0817 in #17149
  • Add retry to project quota GC test case by @YangJiao0817 in #17164
  • Update delete project test case by @YangJiao0817 in #17158

Harbor 2.6 at Container-Registry.com

The 8gears container registry team is planning to upgrade our customer instances in the next few weeks to version 2.6.0 or 2.6.1.

Container Registry logo

Harbor based Container Management

Level-up your cloud native journey.

Discover our offer

Published β€” August 19, 2022

Last Updated β€”