From 3960a560bbb7a4e483da2d6f83158d18f9ab21f9 Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Tue, 21 Dec 2021 13:24:39 +0000 Subject: [PATCH 1/3] Prepare for v2.8.0 release Signed-off-by: Milos Gajdos --- .mailmap | 14 +++++++++++ releases/v2.8.0.toml | 55 ++++++++++++++++++++++++++++++++++++++++++++ version/version.go | 2 +- 3 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 releases/v2.8.0.toml diff --git a/.mailmap b/.mailmap index 0f48321d..34421a4e 100644 --- a/.mailmap +++ b/.mailmap @@ -30,3 +30,17 @@ Helen Xie Helen-xie Mike Brown Mike Brown Manish Tomar Manish Tomar Sakeven Jiang sakeven +Milos Gajdos Milos Gajdos +Derek McGowan Derek McGowa +Adrian Plata Adrian Plata <@users.noreply.github.com> +Sebastiaan van Stijn Sebastiaan van Stijn +Vishesh Jindal Vishesh Jindal +Wang Yan Wang Yan +Chris Patterson Chris Patterson +Eohyung Lee Eohyung Lee +João Pereira <484633+joaodrp@users.noreply.github.com> +Smasherr Smasherr +Thomas Berger Thomas Berger +Samuel Karp Samuel Karp +Justin Cormack +sayboras diff --git a/releases/v2.8.0.toml b/releases/v2.8.0.toml new file mode 100644 index 00000000..f70a9bd2 --- /dev/null +++ b/releases/v2.8.0.toml @@ -0,0 +1,55 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "registry" +github_repo = "distribution/distribution" + +# previous release +previous = "v2.7.1" + +pre_release = false + +preface = """\ +The 2.8.0 registry release has been a long time overdue. +This is the last 2.x release. No further active development will continue on +2.x branch. Security vulnerability patches to 2.x might be considered, but +all active development will be focussed on v3 release due next year. +This release thus includes a security vulnerability fix along +with a few minor bug fixes and improvemnts in documentation and CI. + +See changelog below for full list of changes. + +### Bugfixes +* Close the io.ReadCloser from storage driver [#3370](https://github.com/distribution/distribution/pull/3370) +* Remove empty Content-Type header [#3297](https://github.com/distribution/distribution/pull/3297) +* Make ipfilteredby not required in cloudfront storage middleware [#3088](https://github.com/distribution/distribution/pull/3088) + +### Features +* Add reference.ParseDockerRef utility function [#3002](https://github.com/distribution/distribution/pull/3002) + +### CI build +* First draft of actions based ci [#3347](https://github.com/distribution/distribution/pull/3347) +* Fix vndr and check [#3001](https://github.com/distribution/distribution/pull/3001) +* Improve code quality by adding linter checks [#3385](https://github.com/distribution/distribution/pull/3385) + +### Documentation +* Add redirect for old URL [#3197](https://github.com/distribution/distribution/pull/3197) +* Fix broken table [#3073](https://github.com/distribution/distribution/pull/3073) +* Adding deprecated schema v1 instructions [#2987](https://github.com/distribution/distribution/pull/2987) +* Change should to must in v2 spec ([#3495](https://github.com/distribution/distribution/pull/3495)) + +### Storage drivers +* S3 Driver: add support for ceph radosgw [#3119](https://github.com/distribution/distribution/pull/3119) + +### Security +* Added flag for user configurable cipher suites [#3384](https://github.com/distribution/distribution/pull/3384) +* Address [CVE-2020-26160](https://github.com/advisories/GHSA-w73w-5m7g-f7qc) by replacing vulnerable third-party depedency[#3466](https://github.com/distribution/distribution/pull/3466) +* Replace math rand with crypto rand [#3531](https://github.com/distribution/distribution/pull/3531) +* Address [CVE-2021-41190](https://github.com/advisories/GHSA-mc8v-mgrf-8f4m) by validating document type before unmarshal [GHSA-77vh-xpmg-72qh](https://github.com/distribution/distribution-ghsa-qq97-vm5h-rrhg/pull/2) + +### Dependency Changes +* github.com/dgrijalva/jwt-go -> github.com/golang-jwt/jwt.git # v3.2.2 (a601269ab70c -> 4bbdd8ac624f) +* github.com/opencontainers/image-spec -> github.com/opencontainers/image-spec # v1.0.2 (ab7389ef9f50 -> 67d2d5658fe0) + +Previous release can be found at [v2.7.1](https://github.com/distribution/distribution/releases/tag/v2.7.1) +""" diff --git a/version/version.go b/version/version.go index 2519fd6d..f2d4b44c 100644 --- a/version/version.go +++ b/version/version.go @@ -8,7 +8,7 @@ var Package = "github.com/docker/distribution" // the latest release tag by hand, always suffixed by "+unknown". During // build, it will be replaced by the actual version. The value here will be // used if the registry is run after a go get based install. -var Version = "v2.7.1+unknown" +var Version = "v2.8.0+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. From 1ddad0bad8c5e207904d9241ba2fb4557b27e1ed Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Wed, 22 Dec 2021 09:05:13 +0000 Subject: [PATCH 2/3] Apply suggestions from code review Signed-off-by: Milos Gajdos --- releases/v2.8.0.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases/v2.8.0.toml b/releases/v2.8.0.toml index f70a9bd2..d7fa6992 100644 --- a/releases/v2.8.0.toml +++ b/releases/v2.8.0.toml @@ -13,8 +13,8 @@ preface = """\ The 2.8.0 registry release has been a long time overdue. This is the last 2.x release. No further active development will continue on 2.x branch. Security vulnerability patches to 2.x might be considered, but -all active development will be focussed on v3 release due next year. -This release thus includes a security vulnerability fix along +all active development will be focussed on v3 release due in 2022. +This release includes a security vulnerability fix along with a few minor bug fixes and improvemnts in documentation and CI. See changelog below for full list of changes. From d5d89a46a388a1d35b3b9b9cd60515e45ac3a7d4 Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Fri, 21 Jan 2022 11:32:44 +0000 Subject: [PATCH 3/3] Make this releaes a beta release first. Signed-off-by: Milos Gajdos --- version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version/version.go b/version/version.go index f2d4b44c..dcd83ac8 100644 --- a/version/version.go +++ b/version/version.go @@ -8,7 +8,7 @@ var Package = "github.com/docker/distribution" // the latest release tag by hand, always suffixed by "+unknown". During // build, it will be replaced by the actual version. The value here will be // used if the registry is run after a go get based install. -var Version = "v2.8.0+unknown" +var Version = "v2.8.0-beta.1+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.