v2.0.2-rc1

What's Changed

• chore: fix dependabot alerts by @rchincha in #2208
• feat(search): search for a specific tag cross-repo by @andaaron in #2211
• feat(ui): update zui version by @Andreea-Lupu in #2216
• refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot by @andaaron in #2187
• fix(scheduler): the session cleanup generator is reset too often by @andaaron in #2220
• ci: stabilize ecosystem client tools workflow by @andaaron in #2224
• ci: add script to build/publish a zot multiarch image by @andaaron in #2214
• chore(deps): fix dependabot alerts by @andaaron in #2232
• ci: release a checksums file with SHA256 hashes for release assets by @vrajashkr in #2227
• feat(ui): show more information about CVEs by @andaaron in #2233

New Contributors

• @vrajashkr made their first contribution in #2227

Full Changelog: v2.0.1...v2.0.2-rc1

v2.0.1

What's Changed

• patch: Add user route to extension_ui.go by @raulkele in #2141
• fix(shutdown): fix crash when shutting down before server and task scheduler have started. by @peusebiu in #2148
• chore: fix dependabot alerts by @rchincha in #2160
• docs: update docs website url by @rchincha in #2159
• fix: high CPU utilization by scheduler while idle by @andaaron in #2156
• fix: enable panic backtraces by @rchincha in #2150
• fix: npe if ldap query doesn't return attributes by @rchincha in #2151
• feat(config): handle config files with no explicit extension by @peusebiu in #2147
• docs: Fix Examples Readme to use proper field repositories instead of repoNames by @ericgraf in #2074
• fix: excessive memory usage by @peusebiu in #2164
• feat(log): print traceback when panics occur by @peusebiu in #2166
• feat(ui): update zui version by @Andreea-Lupu in #2162
• refactor: update tests to use the newer API for creating test images by @andaaron in #2168
• feat(ui): update zui version by @Andreea-Lupu in #2171
• feat(ui): show CVE severity statistics in the UI by @andaaron in #2172
• feat(cve): add option to exclude string from cve search by @laurentiuNiculae in #2163
• fix(nightly): increase wait time for dedupe nightly build by @peusebiu in #2177
• refactor: replace deprecated APIs for creating images in the search tests by @andaaron in #2173
• fix(bearer): fixed /v2/ route not implementing token spec by @peusebiu in #2176
• fix: the scheduler is now fair by @andaaron in #2158
• feat(ldap): hot reloading ldap credentials on change by @laurentiuNiculae in #2167
• fix(scrub): hold locks per image not per repo while executing scrub by @Andreea-Lupu in #2180
• chore: update go.mod to fix dependabot alerts by @rchincha in #2181

New Contributors

• @raulkele made their first contribution in #2141
• @ericgraf made their first contribution in #2074

Full Changelog: v2.0.0...v2.0.1

v2.0.1-rc2

What's Changed

• fix: the scheduler is now fair by @andaaron in #2158
• feat(ldap): hot reloading ldap credentials on change by @laurentiuNiculae in #2167
• fix(scrub): hold locks per image not per repo while executing scrub by @Andreea-Lupu in #2180

Full Changelog: v2.0.1-rc1...v2.0.1-rc2

v2.0.1-rc1

What's Changed

• patch: Add user route to extension_ui.go by @raulkele in #2141
• fix(shutdown): fix crash when shutting down before server and task scheduler have started. by @peusebiu in #2148
• chore: fix dependabot alerts by @rchincha in #2160
• docs: update docs website url by @rchincha in #2159
• fix: high CPU utilization by scheduler while idle by @andaaron in #2156
• fix: enable panic backtraces by @rchincha in #2150
• fix: npe if ldap query doesn't return attributes by @rchincha in #2151
• feat(config): handle config files with no explicit extension by @peusebiu in #2147
• docs: Fix Examples Readme to use proper field repositories instead of repoNames by @ericgraf in #2074
• fix: excessive memory usage by @peusebiu in #2164
• feat(log): print traceback when panics occur by @peusebiu in #2166
• feat(ui): update zui version by @Andreea-Lupu in #2162
• refactor: update tests to use the newer API for creating test images by @andaaron in #2168
• feat(ui): update zui version by @Andreea-Lupu in #2171
• feat(ui): show CVE severity statistics in the UI by @andaaron in #2172
• feat(cve): add option to exclude string from cve search by @laurentiuNiculae in #2163
• fix(nightly): increase wait time for dedupe nightly build by @peusebiu in #2177
• refactor: replace deprecated APIs for creating images in the search tests by @andaaron in #2173
• fix(bearer): fixed /v2/ route not implementing token spec by @peusebiu in #2176

New Contributors

• @raulkele made their first contribution in #2141
• @ericgraf made their first contribution in #2074

Full Changelog: v2.0.0...v2.0.1-rc1

v2.0.0

What's Changed

• chore(deps): fix dependabot alerts by @rchincha in #1048
• fix(test): consolidate flaky scrub test by @peusebiu in #1042
• ci: remove superfluous parts of github workflows by @rchincha in #1050
• fix(sync): syncing OCI artifacts with distribution package fails by @peusebiu in #1013
• fix: queries with images without a reference should return an error by @alexstan12 in #1040
• feat(scrub): add scrub logic for ImageIndex media type by @Andreea-Lupu in #1031
• fix(swagger): update docs.go - fix typo by @arukiidou in #1055
• chore(deps): fix dependabot alerts by @rchincha in #1060
• docs: add pkg.go.dev badge by @rchincha in #1061
• refactor: Cleanup/simplify test cases by @nicoldr in #1041
• fix(sync): fix sync on demand with docker library by @peusebiu in #1065
• chore(deps): fix dependabot alerts by @rchincha in #1074
• chore(deps): fix dependabot alerts by @rchincha in #1077
• chore(deps): fix dependabot alerts by @rchincha in #1080
• docs: update README.md by @rchincha in #1078
• refactor: Cleanup/simplify tests: uploads by @nicoldr in #1082
• fix(sync): also add docker v2 mediatype as supported in sync by @peusebiu in #1084
• cleanup: replaced resty client with http client in sync and moved to … by @aokirisaki in #1016
• ci: start localstack container only if needed by @peusebiu in #1086
• chore(deps): fix dependabot alerts by @rchincha in #1090
• fix(test): use correct aws region for dynamodb by @peusebiu in #1093
• feat(repodb): Implement RepoDB for image specific information using boltdb/dynamodb by @laurentiuNiculae in #979
• fix: error message when CVE search is disabled by @aokirisaki in #1100
• docs: fix CNCF related documentation by @rchincha in #1099
• chore(deps): fix dependabot alerts by @rchincha in #1098
• fix: add stacker to .gitignore by @rchamarthy in #1091
• fix: added error message for missing CVEs by @aokirisaki in #1085
• ci(trivy): copy trivydb oci artefact to project-zot repo by @andaaron in #1106
• fix(ci): fix path to trivy-db copy under project-zot by @andaaron in #1108
• ci: also allow manual workflow triggers by @rchincha in #1109
• fix(ci): do not build zot container image for the annotation tests by @andaaron in #1110
• Fixes for DynamoDB driver tests by @andaaron in #1111
• refactor: Cleanup/simplify testcases in /pkg/cli by @nicoldr in #1103
• chore(deps): fix dependabot alerts by @rchincha in #1115
• feat(cve): cache trivy results for an image:tag by @andaaron in #1101
• feat(repodb): add pagination for ImageListForDigest and implement FilterTags by @andaaron in #1102
• docs: fix copyright related info for cncf onboarding by @rchincha in #1117
• chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage by @andaaron in #1068
• Test downloading trivy-db from alternate location by @andaaron in #1107
• feat(repodb): add PageInfo to GlobalSearch and RepoListWithNewestImage results by @andaaron in #1121
• refactor: Cleanup/simplify testcases in /pkg/extensions by @nicoldr in #1116
• test(refactor): cleanup/simplify testcases by @nicoldr in #1124
• feat(cve): the cve related calls to use repodb and add pagination on image results by @andaaron in #1118
• feat(repodb): implement pagination for ImageList and integrate it with RepoDB by @andaaron in #1129
• feat(cve): graphql: paginate returned CVEs for a given image by @andaaron in #1136
• fix: Sort tags returned by ExpendedRepoInfo in the Images property with the newest first by @andaaron in #1137
• chore(deps): fix dependabot alerts by @rchincha in #1131
• fix(referrers): annotation key is incorrect by @rchincha in #1139
• feat(repodb): DerivedImageList and BaseImageList make use of RepoDB by @andaaron in #1135
• fix(referrers): fix some conformance issues by @rchincha in #1134
• chore: update the version of go-lru we use to the latest available by @andaaron in #1141
• chore(deps): fix dependabot alerts by @rchincha in #1143
• test(exporter): add unit test to cover cli pkg by @rchincha in #1148
• removed references to old dist-spec by @aokirisaki in #1128
• chore(deps): fix dependabot alerts by @rchincha in #1153
• fix(test): update the zot tests not to use test/data as rootDir (use … by @nicoldr in #1162
• docs(graphql): rewrote search.md by @andaaron in #1130
• ci(cache): split go build cache from go modules cache by @andaaron in #1169
• test: avoid running trivy tests if search build label is missing by @andaaron in #1172
• test: refactor CVE tests in CLI package by @andaaron in #1170
• chore(deps): fix dependabot alerts by @rchincha in #1179
• test: show the execution times of the tests by @andaaron in #1163
• ci: Revert "test: show the execution times of the tests (#1163)" by @andaaron in #1186
• refactor(cve): improve CVE test time by mocking trivy by @andaaron in #1184
• feat(ui): package zui within zot binary by @andaaron in #1161
• onDemand check for updated manifest by @marxus in #1190
• fix: call notation-go libs instead of using notation binary by @Andreea-Lupu in #1104
• chore(go.mod): fix dependabot alerts by @rchincha in #1194
• feat(ui): use a Makefile variable to download a pre-existing zui build by @andaaron in #1196
• fix: set GC delay defaults for storage subPaths by @rchincha in #1189
• perf: update the ImageList queries to return PaginatedImagesResult by @nicoldr in #1182
• feat(scheduler): use an worker pool for scheduler by @peusebiu in #1146
• Centralise extensions config entries by @bogdanbiv in #1177
• chore: add/sync golang 1.20.x images by @rchincha in #1200
• ci(golang): fix syncing build image golang 1.20 by @andaaron in #1205
• chore(go.mod): fix dependabot alerts by @rchincha in #1210
• chore(codecov): use a token to authenticate to codecov by @andaaron in #1212
• chore(go.mod): fix dependabot alerts by @rchincha in #1218
• build(ui): the ui is now included in the zot binary by default by @andaaron in #1202
• chore(go.mod): fix dependabot alerts by @rchincha in #1222
• feat(graphql): Image() call now returns a non-nullable ImageSummary by @andaaron in #1216
• refactor(test): remove unnecessary usage of images copied from under … by @nicoldr in #1217
• feat(repodb): Multiarch Image support by @laurentiuNiculae in #1147
• test(ui): add owasp zap scanner in ci/cd by @andaaron in #1224
• chore(go.mod): fix dependabot alerts by @rchincha in #1228
• fix: trivydb update now uses task scheduler by @aokirisaki in #1204
• refactor(test): update cve tests to stop duplicating test/data if not… by @nicoldr in #1232
• fix(go.mod): replace ope...

v2.0.0-rc8

What's Changed

• chore: fix dependabot alerts by @rchincha in #2066
• ci: move distroless to debian12 by @rchincha in #2056
• test(bats): fix CVE bats test failure if zot runs on different port than 8080 by @andaaron in #2072
• Cli server version by @laurentiuNiculae in #1709
• refactor(log): replace panics with log fatal or log panic functions by @laurentiuNiculae in #1723
• Scheduler shutdown gracefully by @peusebiu in #1951
• fix(ci): prevent spaces from being removed when helm chart is updated by @Andreea-Lupu in #2078
• feat(metadb): search images by blob digest by @laurentiuNiculae in #2077
• Sync s3 by @peusebiu in #2073
• fix(metadb): set LastUpdated field also for indexes by @Andreea-Lupu in #2088
• feat(cve): expand search domain to cve description and package info by @laurentiuNiculae in #2086
• chore: fix dependabot alerts by @rchincha in #2097
• chore: fix dependabot alerts by @rchincha in #2113
• feat(metrics): add scheduler related metrics by @adodon2go in #2076
• fix(log): trimmed error level logs by @Andreea-Lupu in #2115
• feat(pagination): make sure the URL to in the link header is inside angle brackets by @andaaron in #2116
• build(zui): add a new env to set the path to a local build of zui by @Andreea-Lupu in #2118
• feat(ui): update zui version by @andaaron in #2119
• test(lint): refactor logs and add linting rules by @laurentiuNiculae in #2045
• fix(proto): the size of the repo should be int64, since that is the same type used for the manifest/config/index/digest sizes it sums up. by @andaaron in #2120
• ci(nightly): fix nightly after log message refactor by @andaaron in #2121
• fix(scheduler): fix data race by @peusebiu in #2085
• chore: fix dependabot alerts by @rchincha in #2133
• feat(ui): show a message while results are loading for dynamic search by @andaaron in #2134
• feat(ui): let UI delete manifests if current user has permissions to … by @peusebiu in #2132
• feat(CVE): add CVE severity counters to returned images by @andaaron in #2131
• fix(apikey): show api key configuration in mgmt API by @andaaron in #2138
• Fix deps by @rchincha in #2139

Full Changelog: v2.0.0-rc7...v2.0.0-rc8

v2.0.0-rc7

What's Changed

• chore: fix dependabot alerts by @rchincha in #1649
• feat: signal handling by @peusebiu in #1651
• feat(test): Simplify tests by @laurentiuNiculae in #1583
• fix(authn): session authn is skipped when anonymous policy is configured by @peusebiu in #1647
• test(upload): update the new signature of the upload image function by @laurentiuNiculae in #1655
• fix(auth): fix anonymous auth for ui by @andaaron in #1662
• feat(ui): update ui to support cve filtering by platform by @andaaron in #1661
• fix: freebsd build support by @dfr in #1659
• Refactor metadb sorting pagination by @laurentiuNiculae in #1637
• ci: add freebsd target for releases by @rchincha in #1660
• refactor(extensions)!: refactor the extensions URLs and errors by @andaaron in #1636
• fix: Build scripts broken on Mac by @adodon2go in #1668
• ci(conformance): revert to upstream OCI checks by @rchincha in #1678
• fix(convert): now returned annotations for an index will fallback to … by @laurentiuNiculae in #1667
• fix: remove inline GC and schedule a background task instead by @Andreea-Lupu in #1610
• test(annotations): print logs for annotations bats tests by @laurentiuNiculae in #1680
• fix(authn): handle the case where zot with openid runs behind a proxy by @peusebiu in #1675
• chore(go.mod): fix dependabot alerts by @rchincha in #1684
• fix: binary-stacker Makefile target is broken by @adodon2go in #1689
• docs: fix apikey case by @babs in #1693
• chore: fix dependabot alerts by @rchincha in #1702
• fix: swagger Makefile target broken on darwin by @adodon2go in #1701
• test(refactor): refactor tests that use zot-test to use smaller images by @laurentiuNiculae in #1690
• feat: automated detection of OS and ARCH if unset by @adodon2go in #1711
• refactor: move /pkg/meta/signatures under /pkg/extensions/imagetrust by @Andreea-Lupu in #1712
• chore: fix dependabot alerts by @rchincha in #1720
• fix(ci/cd): detect uncommited swagger docs by @adodon2go in #1724
• fix(parse): lock storage while reading using image store by @laurentiuNiculae in #1719
• feat: propagate detailed error msgs to client (OCI dist-spec format) by @adodon2go in #1681
• feat(authn): add generic oidc and allow customizable name by @babs in #1691
• feat(mgmt): mgmt extention no longer depends on UI being enabled by @andaaron in #1728
• feat(apikey): added route to list user api keys by @peusebiu in #1708
• refactor(log): replace default logger with config complient log in ro… by @laurentiuNiculae in #1734
• feat(ui): update to latest zui version by @andaaron in #1735
• chore: fix dependabot alerts by @rchincha in #1737
• fix(examples): revert examples/config-minimal.json by @peusebiu in #1740
• refactor(cli): added equivalent subcommands for each flag combination under every command by @laurentiuNiculae in #1674
• fix: bats test refactoring by @adodon2go in #1731
• chore(go.mod): upgrade 3rd party packages by @andaaron in #1742
• fix: nightly build by @adodon2go in #1745
• test(bats): added bats example for deleting an image by @laurentiuNiculae in #1718
• refactor(storage): refactor storage into a single ImageStore by @peusebiu in #1656
• refactor(authz): use a struct for user access control info operations by @peusebiu in #1682
• fix: add manifest validation checks by @rchincha in #1747
• fix(gc): gc removes unknown manifests by @peusebiu in #1762
• feat(scheduler): pass the shutdown/reload context to running tasks by @peusebiu in #1671
• chore: fix dependabot alerts by @rchincha in #1763
• refactor: Reduce binary size of zot-minimal; Added CI check for binar… by @adodon2go in #1758
• refactor(makefile): consolidate the make targets used for bats tests by @andaaron in #1746
• feat: upload cosign public key and notation certificates to cloud by @Andreea-Lupu in #1744
• fix: DATA RACE in TestNewExporter by @adodon2go in #1766
• refactor(cli): remove old cli commands by @laurentiuNiculae in #1756
• fix(api): Fix 'last' query param for /tags/list to work without param 'n' by @andaaron in #1777
• chore: fix dependabot alerts by @rchincha in #1774
• fix: add retry logic to recreate existing trustpolicy secret by @Andreea-Lupu in #1776
• chore(dependabot): increase the limit of dependabot PRs by @andaaron in #1788
• chore: fix dependabot alerts by @rchincha in #1797
• fix: do not recreate trustpolicy secret if the content doesn't change by @Andreea-Lupu in #1800
• bug: can't build zot with empty EXTENSIONS by @adodon2go in #1803
• refactor: Reduce zb binary size by @adodon2go in #1783
• fix: change log msg for updating signatures validity by @Andreea-Lupu in #1804
• fix(sync): ping func should not try to read response body by @peusebiu in #1757
• fix(config): fix config reloader panic by @peusebiu in #1806
• fix(convert): fix the update rule of download count for images by @laurentiuNiculae in #1802
• feat(cli): add cli sort flag to subcommands by @laurentiuNiculae in #1768
• refactor: Review metrics endpoints by @adodon2go in #1770
• refactor(test): move image utils for tests in a separate module by @laurentiuNiculae in #1789
• refactor: Reduce zli binary size by @adodon2go in #1805
• fix(cve): cumulative fixes and improvements for CVE scanning logic by @andaaron in #1810
• chore: fix dependabot alerts by @rchincha in #1827
• feat(pprof): add profiling route handler to debug runtime by @andaaron in #1818
• fix(ci): print zot log on failure by @peusebiu in #1799
• test(cosign): add a oci dist-spec 1.1.0 conformant test case by @rchincha in #1835
• refactor(cli): Move cmdflags package under pkg/cli/client by @adodon2go in #1840
• feat(cve): implement CVE scanning as background tasks by @andaaron in #1833
• fix(gc): update repodb when gc'ing manifests by @peusebiu in #1819
• fix(tests): call ImageStore constructor with correct parameters by @andaaron in #1846
• chore: fix dependabot alerts by @rchincha in #1855
• ci: add a "nightly jobs" badge by @rchincha in #1858
• Add cross-compile to dockerfile by @sagikazarmark in #1816
• refactor(scrub): replace umoci logic in scrub implementation by @Andreea-Lupu in #1845
• fix(dedupe): run dedupe only for repositories found at startup by @peusebiu in #1844
• refactor(pkg/test): split logic in pkg/test/common.go into multiple packages by @andaaron in #1861
• fix: reduce test run time by @adodon2go in #1832
• ci(localstack): pin localstack python package to 2.2.0 and pull container image from ghcr by @andaaron in #1867
• ci: update localstack to 2.3.1 by @rchincha in #1869
• fix: errors returned by zot should match the dist-spec errors by @adodon...

v2.0.0-rc6

What's Changed

• fix(cli): add help message for searching referrers under search command by @laurentiuNiculae in #1551
• fix: update conformance test by @rchincha in #1552
• fix: change commit message for pushing changes to project-zot/helm-ch… by @Andreea-Lupu in #1564
• test: add more registries in sync blackbox tests by @peusebiu in #1568
• documentation: Add example for various popular public registries by @Poulpatine in #1550
• fix(extensions): setup UI extension as last one by @peusebiu in #1572
• fix: changing default numWorkers, making it customizable and refactor… by @aokirisaki in #1563
• chore: fix dependabot alerts by @rchincha in #1576
• chore: fix dependabot alerts by @rchincha in #1581
• fix(CVE): attempt to scan now returns early with an error if trivyDB metadata json is missing by @andaaron in #1548
• refactor: split AuthZ mdw in 2 different parts, each for a specific purpose by @alexstan12 in #1542
• feat(referrers): added index support for referrers queries by @laurentiuNiculae in #1560
• feat(cve): update trivy and add support for scanning image indexes by @laurentiuNiculae in #1510
• fix(test): TestConfigReloader, wait for trivy db download by @peusebiu in #1543
• feat: upload certificates and public keys for verifying signatures by @Andreea-Lupu in #1485
• fix(nightly): fix nightly builds by @peusebiu in #1584
• fix: missing Oci-Subject header pushing index with subject by @jdolitsky in #1589
• fix(storage): do not open/download blobs when validating manifests by @peusebiu in #1566
• feat: integrate openID auth logic and user profile management by @peusebiu in #1381
• fix(ci/cd): stop localstack after ci/cd pipeline by @peusebiu in #1590
• fix: refactor monitoring code outside locks by @rchincha in #1596
• fix: don't allow blobs to be deleted if in use by @peusebiu in #1559
• feat(sync): sync can include self url in registry.URLs by @peusebiu in #1562
• fix: remove config by @peusebiu in #1600
• fix(test): consolidate api tests build tags by @peusebiu in #1602
• build: fix mgmt and userprefs when building them separately by @peusebiu in #1601
• feat(cve): ability to return CVEs per image os and architecture by @andaaron in #1607
• Fix multiple issues with zli output formatting by @andaaron in #1612
• fix(test): sync inconsistent test by @peusebiu in #1611
• chore: fix dependabot alerts by @rchincha in #1613
• feat: add additional manifest validations by @peusebiu in #1609
• feat(zli): add new subcommand to remove a zli config by @andaaron in #1619
• fix(cli): make sure all needed ImageSummary properties are requested from the server by @andaaron in #1618
• chore: fix dependabot alerts by @rchincha in #1621
• fix(ci): trivy test to expect 3 CVEs instead of 2 in the vulnerable test layer by @andaaron in #1623
• chore: fix dependabot alerts by @rchincha in #1631
• feat(refator): refactoring repodb into meta by @laurentiuNiculae in #1626
• chore(go.mod): upgrade trivy, cosign and remove replace directive by @andaaron in #1635
• fix(authn): fix several issues with authn, closes #1632 by @peusebiu in #1633
• feat(zui): update to zui supporting social login by @andaaron in #1639
• fix(conformance): OCI-Filters-Applied should return a literal by @rchincha in #1640

New Contributors

• @Poulpatine made their first contribution in #1550

Full Changelog: v2.0.0-rc5...v2.0.0-rc6

v2.0.0-rc5

What's Changed

• feat(sync): added tests for sync on demand with the most used upstrea… by @aokirisaki in #1414
• fix(sync): skip non distributable layers by @peusebiu in #1421
• fix(repoinfo): fix userprefs values for repos returned by expanded re… by @laurentiuNiculae in #1413
• fix(sync): fix syncing signatures when using destination in sync's co… by @peusebiu in #1429
• fix(ui): update to latest available zui by @andaaron in #1433
• fix(ci-cd): trigger update-helm-chart after push-image is completed by @Andreea-Lupu in #1435
• feat(userpreferences): update allowed methods header for user prefere… by @laurentiuNiculae in #1430
• refactor(artifact): remove oci artifact support by @laurentiuNiculae in #1359
• fix(search): added the missing headers for allow methods and allowed h… by @laurentiuNiculae in #1438
• chore: fix dependabot alerts by @rchincha in #1409
• chore(go.mod): fix dependabot alerts by @rchincha in #1443
• Update referrers response by @laurentiuNiculae in #1415
• feat: verifying and enabling necessary extensions for ui by @aokirisaki in #1369
• bug(makefile): the EXTENSIONS variable was not replaces by BUILD_LABELS in 2 places by @andaaron in #1444
• fix(sync): fixed way of updating repodb when syncing a signature by @laurentiuNiculae in #1439
• Fix sync repodb signatures by @laurentiuNiculae in #1446
• feat(search): add artifact type to manifest summary gql structure by @laurentiuNiculae in #1448
• chore: fix dependabot alerts by @rchincha in #1458
• feat(UI): upgrade to a UI which supports user preferences by @andaaron in #1460
• fix(zb): fixed remote repositories cleanup by @peusebiu in #1461
• feat(routes): move the cors handler from /v2 to only where it's needed by @laurentiuNiculae in #1457
• chore(go.mod): fix dependabot alerts by @rchincha in #1466
• ci(cri-o): update cri-o installation steps by @andaaron in #1470
• chore(go.mod): upgrade to notation-go v1.0.0-rc.5 and image-spec v1.1… by @laurentiuNiculae in #1468
• feat(graphql & repodb): add info about signature validity by @Andreea-Lupu in #1344
• feat(userprefs): update documentation and list extensions endpoint by @laurentiuNiculae in #1456
• fix(test): fix storage flaky tests by @peusebiu in #1474
• fix: removed duplicate structures from service.go and moved them to p… by @aokirisaki in #1436
• fix(extensions): consolidate extensions headers returned to UI by ext… by @peusebiu in #1473
• refactor(storage): refactoring storage by @laurentiuNiculae in #1459
• fix: revert "org.opencontainers.referrers.filtersApplied" by @rchincha in #1478
• chore(go.mod): fix dependabot alerts by @rchincha in #1479
• refactor(sync): use task scheduler by @peusebiu in #1301
• chore(go.mod): fix dependabot alerts by @rchincha in #1491
• fix(cve): Fix CVE scanning in images containing Jar files by @andaaron in #1475
• chore: fix security alerts by @rchincha in #1493
• chore: fix dependabot alerts by @rchincha in #1501
• fix: referrers now appears in swagger generated docs by @aokirisaki in #1488
• chore: fix dependabot alerts by @rchincha in #1508
• chore(deps): downgrade golang-lru by @peusebiu in #1515
• fix: replaced used CVE in blackbox test by @aokirisaki in #1519
• ci(disk usage): disk related fixes and improvements by @andaaron in #1524
• chore: fix dependabot alerts by @rchincha in #1517
• feat(ci): give minio container more time to start by @peusebiu in #1527
• fix(ui): fix login screen when anonymous and auth are both enabled by @andaaron in #1528
• feat(sync): sync references(signatures/artifacts) recursively by @peusebiu in #1500
• added swagger doc generation for mgmt and userprefs by @aokirisaki in #1530
• chore: fix dependabot alerts by @rchincha in #1537
• fix: removed quotation marks from enum in swagger docs by @aokirisaki in #1539
• fix(authz): assign identity to authz context in tls mutual authentica… by @peusebiu in #1541
• fix(test): fix flaky test by @peusebiu in #1544
• fix(sync): fixed skipping docker images when they already synced by @peusebiu in #1521
• refactor: move helper functions under common, in usage specific named files by @alexstan12 in #1540
• feat(cli): add referrers and search commands to cli by @laurentiuNiculae in #1497
• fix(sync): flaky test on fetching tags by @peusebiu in #1546
• refactor: filenames should use _ not - by @rchincha in #1547
• build: ui extension needs mgmt by @rchincha in #1549

Full Changelog: v2.0.0-rc4...v2.0.0-rc5

v2.0.0-rc4

What's Changed

• feat(graphql): Image() call now returns a non-nullable ImageSummary by @andaaron in #1216
• refactor(test): remove unnecessary usage of images copied from under … by @nicoldr in #1217
• feat(repodb): Multiarch Image support by @laurentiuNiculae in #1147
• test(ui): add owasp zap scanner in ci/cd by @andaaron in #1224
• chore(go.mod): fix dependabot alerts by @rchincha in #1228
• fix: trivydb update now uses task scheduler by @aokirisaki in #1204
• refactor(test): update cve tests to stop duplicating test/data if not… by @nicoldr in #1232
• fix(go.mod): replace opencontainers/umoci dependency with project-sta… by @Andreea-Lupu in #1240
• feat(doc): add documentation for dynamodb by @peusebiu in #1236
• feat(ui): update to the latest zui version which supports new multiarch image APIs by @andaaron in #1246
• chore(go.mod): fix dependabot alerts by @andaaron in #1247
• chore(go.mod): fix dependabot alerts by @rchincha in #1251
• feat(sync): skip already synced images in sync ondemand by @peusebiu in #1234
• feat(authz): added groups mechanism by @aokirisaki in #1123
• feat(ui): zui can now show multiple manifests per image by @andaaron in #1254
• feat(repodb): update repodb after sync operation by @laurentiuNiculae in #1241
• feat(mgmt): added mgmt extension which returns current zot configuration by @peusebiu in #1198
• bug(cve): fix trivyDB being downloaded multiple times in a loop by @andaaron in #1255
• feat(repodb): update referrers api to use repodb by @laurentiuNiculae in #1230
• chore(deps): remove usage of deprecated package pkg/errors by @nicoldr in #1262
• chore(deps): modify pkg/errors dependency as indirect by @nicoldr in #1266
• fix(repodb): GQL request for ExpandedRepoInfo errors when artifacts w… by @laurentiuNiculae in #1265
• fix(mgmt): skip bearer authn for mgmt route by @peusebiu in #1267
• fix(cve): Search by CVE title/id (full or partial) when listing an im… by @aokirisaki in #1264
• feat(routes): better error message in case of missing annotations by @peusebiu in #1150
• feat(search): add referrers field to ImageSummary by @laurentiuNiculae in #1261
• fix(errors): remove direct dependency on 'github.com/pkg/errors' by @laurentiuNiculae in #1275
• feat: cleanup error msgs by @nicoldr in #1273
• test(referrers): add test for getting referrers for a image index, mu… by @laurentiuNiculae in #1282
• feat(cli): updated display format for multiarch images by @laurentiuNiculae in #1268
• ci(go.mod): verify go.mod and go.sum don't have uncommitted changes after go mod tidy by @andaaron in #1287
• feat(ui): upgrade to a zui version supporting cve search for a specific image by @andaaron in #1290
• fix(http): fix GET requests to use 'Accept' header by @peusebiu in #1288
• fix(trivy): consistent coverage for reset method + longer wait time b… by @aokirisaki in #1272
• feat(ui): update zui to a version which leverages the referrers on ImageSummary by @andaaron in #1293
• feat(search): update search pattern matching rules by @laurentiuNiculae in #1257
• chore(deps): fix dependabot alerts by @rchincha in #1291
• fix(loadrepodb): statistics are now preserved after reloading zot by @laurentiuNiculae in #1289
• fix(cve): blackbox cve tests now verifying actual cves by @aokirisaki in #1300
• chore(deps): remove unused package pkg/extensions/search/digest by @nicoldr in #1298
• chore(go.mod): fix dependabot alerts by @rchincha in #1305
• chore: fix dependabot alerts by @rchincha in #1312
• refactor(repodb): moving common utilities under pkg/meta by @laurentiuNiculae in #1292
• test(convert): added test for consistent coverage for update last-upd… by @laurentiuNiculae in #1299
• test: stop task scheduler between test runs by @peusebiu in #1311
• chore: fix dependabot alerts by @rchincha in #1320
• feat(ui): if zui tag is not found for download, it now builds locally… by @aokirisaki in #1318
• fix(repodb): fixed assigned repoLastUpdated when searching for repos by @laurentiuNiculae in #1323
• chore(go.mod): fix dependabot alerts by @rchincha in #1330
• chore(go.mod): fix dependabot alerts by @andaaron in #1333
• bug: replaced printing the port with logging it when chosen dynamically by @aokirisaki in #1339
• chore(go.mod): fix dependabot alerts by @rchincha in #1343
• test(sync): consolidate all sync tests by @peusebiu in #1332
• feat(storage): rebuild s3/local dedupe index when switching dedupe status by @peusebiu in #1062
• refactor: move pkg/extensions/search/common/oci_layout.go un… by @nicoldr in #1325
• chore(go.mod): fix dependabot alerts by @rchincha in #1351
• chore(go.mod): fix dependabot alerts by @rchincha in #1360
• chore(go.mod): fix dependabot alerts by @rchincha in #1365
• test: additional blackbox tests for client push/pull by @rchincha in #1371
• fix(csp): upgrade UI and fix zap failure by @andaaron in #1372
• refactor: remove pkg/extensions/search/common and move the code to th… by @nicoldr in #1358
• test(sync): make sure sync doesn't write on shutdown by @peusebiu in #1370
• feat: add a kind cluster example by @rchincha in #1378
• User preferences support by @laurentiuNiculae in #1317
• chore: update golang (to 1.20.x) and golangci-linter by @rchincha in #1388
• Global search filterby bookmarked by @laurentiuNiculae in #1336
• feat(ui): UX update for UI by @andaaron in #1391
• fix(authz): get username from authn.go request context by @peusebiu in #1383
• chore(go.mod): upgrade trivy and cosign by @Andreea-Lupu in #1387
• feat: remove usage of zerolog.Logger.Msgf() from zot code by @nicoldr in #1382
• fix(serve): exit with a status code on error instead of panic by @rchincha in #1396
• chore(go.mod): fix dependabot alerts by @rchincha in #1377
• chore: fix dependabot alerts by @rchincha in #1403
• fix: non-distributable layers may not exist by @rchincha in #1404
• fix: use golang 1.20 to build our container images by @rchincha in #1408

Full Changelog: v2.0.0-rc3...v2.0.0-rc4