From 19ca39123de7cdea5554d7b76e45f09457d4ce3b Mon Sep 17 00:00:00 2001 From: Lena Larionova Date: Thu, 3 Oct 2019 13:36:51 -0700 Subject: [PATCH 1/4] WIP of DTR release notes for september Signed-off-by: Lena Larionova --- ee/dtr/release-notes.md | 59 ++++++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index da716d7304d..521f6faeb30 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -22,6 +22,15 @@ to upgrade your installation to the latest release. # Version 2.7 +## 2.7.3 +(2019-10-07) + +### Bug Fixes + +* Fixed an bug where attempting to pull mirror manifest lists would not trigger +an evaluation of their existing push mirroring policies, and they would not get +push mirrored to a remote DTR. (docker/dhe-deploy #10669) + ## 2.7.2 (2019-09-03) @@ -93,7 +102,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * When changing your password if an incorrect password is entered the UI will not give the appropriate error message, and the save button will stay in a loading state. * Workaround: Refresh the page. * After a promotion policy is created they cannot be edited through the UI. - * Workaround: Either delete the promotion policy and recreate it. Alternatively, use the API to view and + * Workaround: Either delete the promotion policy and recreate it. Alternatively, use the API to view and edit the promotion policy. * Non admin users cannot create promotion policies through the UI. @@ -174,7 +183,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade). -## 2.6.6 +## 2.6.6 (2019-5-6) ### Security @@ -187,7 +196,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag - To use this option, first write your current storage settings to a JSON file via `curl ... /api/v0/admin/settings/registry > storage.json`. - Next, add `keep_metadata: true` as a top-level key in the JSON you just created and modify it to contain your new storage settings. - Finally, update your Registry settings with your modified JSON file via `curl -X PUT .../api/v0/admin/settings/registry -d @storage.json`. - + ### Bug fixes * Fixed an issue where replica version was inferred from DTR volume labels. (docker/dhe-deploy#10266) @@ -231,7 +240,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade). -## 2.6.4 +## 2.6.4 (2019-3-28) ### Enhancements @@ -241,7 +250,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag ### Bug fixes -* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` would fail on images that have been pushed to the repository after you upgrade to 2.5 and opt into garbage collection. This also applied when upgrading from 2.5 to 2.6. The issue has been fixed in DTR 2.6.4. (ENGDTR-330 and docker/dhe-deploy #10105) +* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` would fail on images that have been pushed to the repository after you upgrade to 2.5 and opt into garbage collection. This also applied when upgrading from 2.5 to 2.6. The issue has been fixed in DTR 2.6.4. (ENGDTR-330 and docker/dhe-deploy #10105) ### Known issues @@ -291,7 +300,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade). -## 2.6.2 +## 2.6.2 (2019-1-29) @@ -321,7 +330,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade). -## 2.6.1 +## 2.6.1 (2019-01-09) @@ -356,7 +365,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade). -## 2.6.0 +## 2.6.0 (2018-11-08) @@ -378,7 +387,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * API * Security admins can now export vulnerability scans to CSV via the `GET /api/v0/imagescan/scansummary/repositories/{namespace}/{reponame}/{tag}/export` endpoint. Specify `text/csv` as an Accept request HTTP header. * Repository admins can now interact with repository pruning policies using the following endpoints: - * `GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies` + * `GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies` * `POST /api/v0/repositories/{namespace}/{reponame}/pruningPolicies` * `GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/test` * `GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/{pruningpolicyid}` @@ -413,9 +422,9 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag ### Deprecations * API - * `GET /api/v0/imagescan/repositories/{namespace}/{reponame}/{tag}` is deprecated in favor of `GET /api/v0/imagescan/scansummary/repositories/{namespace}/{reponame}/{tag}`. - * The following endpoints have been removed since online garbage collection will take care of these operations: - * `DELETE /api/v0/accounts/{namespace}/repositories` + * `GET /api/v0/imagescan/repositories/{namespace}/{reponame}/{tag}` is deprecated in favor of `GET /api/v0/imagescan/scansummary/repositories/{namespace}/{reponame}/{tag}`. + * The following endpoints have been removed since online garbage collection will take care of these operations: + * `DELETE /api/v0/accounts/{namespace}/repositories` * `DELETE /api/v0/repositories/{namespace}/{reponame}/manifests/{reference}` * The `enableManifestLists` field on the `POST /api/v0/repositories/{namespace}` endpoint will be removed in DTR 2.7. See [Deprecation Notice](deprecation-notice) for more details. @@ -625,7 +634,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). ## 2.5.8 - + (2019-1-29) ### Bug fixes @@ -661,7 +670,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.7 +## 2.5.7 (2019-01-09) @@ -703,7 +712,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.6 +## 2.5.6 (2018-10-25) @@ -745,7 +754,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.5 +## 2.5.5 (2018-8-30) @@ -784,7 +793,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.3 +## 2.5.3 (2018-6-21) @@ -828,7 +837,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.2 +## 2.5.2 (2018-5-21) @@ -865,7 +874,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.1 +## 2.5.1 (2018-5-17) @@ -891,7 +900,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * Enhancements to the mirroring interface including: * Fixed URL for the destination repository. * Option to skip TLS verification when testing mirroring. - + ### Known issues * Web Interface @@ -921,7 +930,7 @@ Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-imag * System * When opting into online garbage collection, the system will run a `metadatastoremigration` job after a successful upgrade. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](../../v18.03/ee/dtr/admin/configure/garbage-collection/#metadata-store-migration). -## 2.5.0 +## 2.5.0 (2018-4-17) @@ -1160,7 +1169,7 @@ of testing the server to find which version works. * The `--nfs-storage-url` option uses the system's default NFS version instead of testing the server to find which version works. -## Version 2.4.3 +## Version 2.4.3 (2018-03-19) @@ -1168,7 +1177,7 @@ of testing the server to find which version works. * Dependencies updated to consume upstream CVE patches. -## Version 2.4.2 +## Version 2.4.2 (2018-02-13) @@ -1186,7 +1195,7 @@ potentially disclosed due to the vulnerability. Use the `--log-driver=none` option for `docker run` when running a DTR backup, HA cluster join or dumpcerts. -## 2.4.1 +## 2.4.1 (2017-11-20) @@ -1225,7 +1234,7 @@ removed in DTR 2.5. You can use the of testing the server to find which version works. -## DTR 2.4.0 +## DTR 2.4.0 (2017-11-2) From c11ce7b301db305db731baa4fdf9c4146a6af33c Mon Sep 17 00:00:00 2001 From: lena-larionova <54370747+lena-larionova@users.noreply.github.com> Date: Thu, 3 Oct 2019 14:11:58 -0700 Subject: [PATCH 2/4] Fixed typo --- ee/dtr/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 521f6faeb30..302ad30a9db 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -27,7 +27,7 @@ to upgrade your installation to the latest release. ### Bug Fixes -* Fixed an bug where attempting to pull mirror manifest lists would not trigger +* Fixed a bug where attempting to pull mirror manifest lists would not trigger an evaluation of their existing push mirroring policies, and they would not get push mirrored to a remote DTR. (docker/dhe-deploy #10669) From d0b45dbf1cb8d41abe94086208609d1dc82b6d53 Mon Sep 17 00:00:00 2001 From: lena-larionova <54370747+lena-larionova@users.noreply.github.com> Date: Mon, 7 Oct 2019 08:50:54 -0700 Subject: [PATCH 3/4] Added a few more entries, fixed issue reference Based on changelog https://github.com/docker/dhe-deploy/pull/10721/files --- ee/dtr/release-notes.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 302ad30a9db..228d3eab750 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -29,7 +29,14 @@ to upgrade your installation to the latest release. * Fixed a bug where attempting to pull mirror manifest lists would not trigger an evaluation of their existing push mirroring policies, and they would not get -push mirrored to a remote DTR. (docker/dhe-deploy #10669) +push mirrored to a remote DTR. (docker/dhe-deploy #10676) +* Fixed a bug where the S3 storage driver did not honor HTTP proxy settings. (docker/dhe-deploy #10639) +* Content Security Policy (CSSP) headers are now on one line to comply with RFC 7230. (docker/dhe-deploy #10594) + +### Security + +* Bumped the version of the Alpine base images from `3.9` to `3.10`. (docker/dhe-deploy #10716) + ## 2.7.2 (2019-09-03) From 5cf235fa478f44490c667f9132d67e23f3982b04 Mon Sep 17 00:00:00 2001 From: lena-larionova <54370747+lena-larionova@users.noreply.github.com> Date: Mon, 7 Oct 2019 14:51:17 -0700 Subject: [PATCH 4/4] Changed the date to 10/08 --- ee/dtr/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 228d3eab750..421f04fcd39 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -23,7 +23,7 @@ to upgrade your installation to the latest release. # Version 2.7 ## 2.7.3 -(2019-10-07) +(2019-10-08) ### Bug Fixes