Red Hat SummitChapter 1. Red Hat Quay release notes
The following sections detail y and z stream release information.
1.1. RHBA-2025:14523 - Red Hat Quay 3.10.15 release
Issued 2025-09-24
Red Hat Quay release 3.10.14 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:15645 advisory.
1.2. RHBA-2025:14523 - Red Hat Quay 3.10.14 release
Issued 2025-08-27
Red Hat Quay release 3.10.14 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:14523 advisory.
1.3. RHBA-2025:12510 - Red Hat Quay 3.10.13 release
Issued 2025-08-08
Red Hat Quay release 3.10.13 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:12510 advisory.
1.4. RHBA-2025:10419 - Red Hat Quay 3.10.12 release
Issued 2025-07-10
Red Hat Quay release 3.10.12 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:10419 advisory.
1.5. RHBA-2025:8212 - Red Hat Quay 3.10.11 release
Issued 2025-06-16
Red Hat Quay release 3.10.11 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:8212 advisory.
1.6. RHBA-2025:4023 - Red Hat Quay 3.10.10 release
Issued 2025-04-24
Red Hat Quay release 3.10.10 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:4023 advisory.
1.7. RHBA-2025:1600 - Red Hat Quay 3.10.9 release
Issued 2025-02-20
Red Hat Quay release 3.10.9 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:1600 advisory.
1.8. RHBA-2025:1077 - Red Hat Quay 3.10.8 release
Issued 2025-02-06
Red Hat Quay release 3.10.8 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2025:1077 advisory.
1.9. RHBA-2024:10969 - Red Hat Quay 3.10.7 release
Issued 2024-12-16
Red Hat Quay release 3.10.7 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2024:10969 advisory.
1.9.1. Red Hat Quay 3.10.7 bug fixes
-
PROJQUAY-7542. Previously, after setting a user a global
read-onlysuperuser, several API endpoints failed for that user. This issue has been resolved. -
PROJQUAY-7545. Previously, global
read-onlysuperusers could not obtain resources from a normal user’s organization when using the API. This issue has been resolved. -
PROJQUAY-7549. Previously, global
read-onlysuperusers could not obtain information when using thelistReposAPI endpoint. This issue has been resolved.
1.10. RHBA-2024:3633 - Red Hat Quay 3.10.6 release
Issued 2024-06-13
Red Hat Quay release 3.10.6 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2024:3633 advisory.
1.10.1. Red Hat Quay 3.10.6 bug fixes
- PROJQUAY-7294. Upgrade from 3.8 to 3.9, postgresql data lost
1.11. RHBA-2024:1714 - Red Hat Quay 3.10.5 release
Issued 2024-04-18
Red Hat Quay release 3.10.5 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2024:1714 advisory.
1.11.1. Red Hat Quay 3.10.5 bug fixes
- PROJQUAY-6229. Quay 3.10 can’t audit the operations of create/update/delete autoprunepolicy.
- PROJQUAY-6895. Repository list API does not scale when quota is enabled
1.12. RHBA-2024:0382 - Red Hat Quay 3.10.4 release
Issued 2024-02-21
Red Hat Quay release 3.10.4 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2024:0767 advisory.
1.12.1. Red Hat Quay 3.10.4 bug fixes
-
PROJQUAY-6512. An error was found wherein the Container Security Operator failed to create the
imagemanifestvulnsresource on the upcoming version of OpenShift Container Platform 4.15. This issue was resolved in preparation for that release.
1.13. RHBA-2024:0382 - Red Hat Quay 3.10.3 release
Issued 2024-01-31
Red Hat Quay release 3.10.3 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2024:0382 advisory.
1.13.1. Red Hat Quay 3.10.3 bug fixes
- PROJQUAY-4849. Previously, the exporter failed to update the lifetime end of child manifests in the main manifest lists. Consequently, this led to exceptions when attemping to pull Docker images by tag after the tag was removed from the database due to garbage collection. This issue has been resolved.
- PROJQUAY-6007. Previously, the Operator would attempt to create a temporary fake route to check if the cluster supported the Route API. This check was unable to be conducted when the route and TLS component were marked as unamanged because these components are supposed to be managed manually by the user. This issue has been resolved.
1.14. RHBA-2024:0102 - Red Hat Quay 3.10.2 release
Issued 2024-01-16
Red Hat Quay release 3.10.2 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2024:0102 advisory.
1.14.1. Red Hat Quay 3.10.2 new features
With this release, IBM Cloud object storage is now supported. For more information, see IBM Cloud Object Storage.
1.14.2. Red Hat Quay 3.10.2 bug fixes
1.14.3. Known issues
A known issue was discovered when using naming conventions with the following words for repository names:
buildtriggertagWhen these words are used for repository names, users are unable access the repository, and are unable to permanently delete the repository. Attempting to delete these repositories returns the following error:
Failed to delete repository <repository_name>, HTTP404 - Not Found.There is no workaround for this issue. Users should not use
build,trigger, ortagin their repository names.
1.15. RHBA-2023:7819 - Red Hat Quay 3.10.1 release
Issued 2023-12-14
Red Hat Quay release 3.10.1 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHBA-2023:7819 advisory.
1.15.1. Red Hat Quay 3.10.1 bug fixes
- PROJQUAY-5452 - Breadcrumbs incorrect when visiting a direct link
- PROJQUAY-6333 - [New UI] The user in the team which has "member" or "creator" role can’t see the "Teams and Membership" tab
- PROJQUAY-6336 - Quay 3.10 new UI can’t add normal user to quay new team during Create team wizard
- PROJQUAY-6369 - The search input box doesn’t work in permanently delete default permissions wizard of new UI
1.16. RHBA-2023:7341 - Red Hat Quay 3.10.0 release
Issued 2023-11-28
Red Hat Quay release 3.10 is now available with Clair 4.7.2. The bug fixes that are included in the update are listed in the RHSA-2023:7341 and RHSA-2023:7575 advisories.
1.17. Red Hat Quay release cadence
With the release of Red Hat Quay 3.10, the product has begun to align its release cadence and lifecycle with OpenShift Container Platform. As a result, Red Hat Quay releases are now generally available (GA) within approximately four weeks of the most recent version of OpenShift Container Platform. Customers can not expect the support lifecycle phases of Red Hat Quay to align with OpenShift Container Platform releases.
For more information, see the Red Hat Quay Life Cycle Policy.
1.18. Red Hat Quay new features and enhancements
The following updates have been made to Red Hat Quay.
1.18.1. IBM Power, IBM Z, IBM® LinuxONE support
With this release, IBM Power (ppc64le), IBM Z (s390x), and IBM® LinuxONE (s390x) architectures are supported.
1.18.2. Namespace auto-pruning
With Red Hat Quay 3.10, Red Hat Quay administrators can set up auto-pruning policies on namespaces (both users and organization). This feature allows for image tags to be automatically deleted within a namespace based on specified criteria. For this release, two policies have been added:
- Auto-pruning images based on the number of tags.
- Auto-pruning based on the age of a tag.
The auto-pruning feature allows Red Hat Quay organization owners to stay below the storage quota by automatically pruning content based on one of the aforementioned policies.
For more information about implementing this feature, see Red Hat Quay namespace auto-pruning overview.
1.18.3. Red Hat Quay UI v2 enhancements
In Red Hat Quay 3.8, a new UI was introduced as a technology preview feature. With Red Hat Quay 3.10, the following enhancements have been made to the UI v2:
- With this update, a Settings page has been added for Red Hat Quay organizations. Red Hat Quay administrators can edit their preferences, billing information, and set organization types from this page.
-
With this update, a Settings page has been added for Red Hat Quay repositories. This page must be enabled by setting
FEATURE_UI_V2_REPO_SETTINGStoTruein yourconfig.yamlfile. This page allows users to create and set robot permissions, create events and notifications, set repository visibility, and delete repositories. - With this update, bulk managing robot account repository access is available on the Red Hat Quay v2 UI. Users can now easily add a robot account to multiple repositories using the v2 UI.
- With this update, the default user repository, or namespace, now includes a Robot accounts tab. This allows users to easily create their own robot accounts.
With this update, the following alert messages have been added to confirm either the creation, or failure, of robot accounts and permission updates:
- Successfully updated repository permission
Successfully created robot account with robot name: <organization_name> + <robot_name>
Alternatively, you can receive the following error if you try to create a robot account with the same name as another: Error creating robot account
- Successfully deleted robot account
With this update, a Teams and membership page has been added to the v2 UI. Red Hat Quay administrators can perform the following actions from this page:
- Create new teams
- Manage or create new team members
- Set repository permissions
- Search for specific teams
- View teams, members of a team, or collaborators of a team
- With this update, a Default permissions page has be been added to the v2 UI. This page allows Red Hat Quay administrators to set repository permissions.
- With this update, a Tag History page has been added to the v2 UI. Additionally, Red Hat Quay administrators can add and manage labels for repositories, and set expiration dates for specified tags in a repository.
For more information about navigating the v2 UI and enabling, or using, these features, see Using the Red Hat Quay v2 UI.
1.18.4. Garbage collection of manifests for Clair
Previously, Clair’s indexer database was continually growing as it added storage when new manifests and layers were uploaded. This could cause the following issues for Red Hat Quay deployments:
- Increased storage requirements
- Performance issues
- Increased storage management burden, requiring that administrators would monitor usage and develop a scaling strategy
With this update, a new configuration field, SECURITY_SCANNER_V4_MANIFEST_CLEANUP, has been added. When this field is set to True, the Red Hat Quay garbage collector removes manifests that are not referenced by other tags or manifests. As a result, manifest reports are removed from Clair’s database.
1.18.5. Managing Red Hat Quay robot accounts
Prior to Red Hat Quay 3.10, all users were able to create robot accounts with unrestricted access. With this release, Red Hat Quay administrators can manage robot accounts by disallowing users to create new robot accounts.
For more information, see Disabling robot accounts
1.19. New Red Hat Quay configuration fields
The following configuration fields have been added to Red Hat Quay 3.10.
1.19.1. Clair garbage collection of manifests configuration field
SECURITY_SCANNER_V4_MANIFEST_CLEANUP. When set to
Truethe Red Hat Quay garbage collector removes manifests that are not referenced by other tags or manifests.Default:
True
1.19.2. Disabling robot accounts configuration field
ROBOTS_DISALLOW: When set to
True, robot accounts are prevented from all interactions, as well as from being createdDefault:
False
1.19.3. Namespace auto-pruning configuration field
The following configuration fields have been added for the auto-pruning feature:
FEATURE_AUTO_PRUNE: When set to
True, enables functionality related to the auto-pruning of tags.Default:
False
1.19.4. Red Hat Quay v2 UI repository settings configuration field
FEATURE_UI_V2_REPO_SETTINGS: When set to
True, enables repository settings in the Red Hat Quay v2 UI.Default:
False
1.20. Red Hat Quay Operator
The following updates have been made to the Red Hat Quay Operator:
The config editor has been removed from the Red Hat Quay Operator on OpenShift Container Platform deployments. As a result, the
quay-config-editorpod no longer deploys, and users cannot check the status of the config editor route. Additionally, the Config Editor Endpoint no longer generates on the Red Hat Quay Operator Details page.Users with existing Red Hat Quay Operators who are upgrading from 3.7, 3.8, or 3.9 to 3.10 must manually remove the Red Hat Quay config editor by removing the
deployment,route,service, andsecretobjects. For information about this procedure, see Removing config editor objects on Red Hat Quay Operator.By default, the config editor was deployed for every
QuayRegistryinstance, which made it difficult to establish an audit trail over the registry’s configuration. Anyone with access to the namespace, config editor secret, and config editor route could use the editor to make changes to Red Hat Quay’s configuration, and their identity was no logged in the system. Removing the config editor forces all changes through the config bundle property of theQuayRegistryresource, which points to a secret, which is then subject to native Kubernetes auditing and logging.
1.21. Red Hat Quay 3.10 known issues and limitations
The following sections note known issues and limitations for Red Hat Quay 3.10.
1.21.1. Red Hat Quay 3.10 known issues
- There is a known issue with the auto-pruning feature when pushing image tags with Cosign signatures. In some scenarios, for example, when each image tag uses a different Cosign key, the auto-pruner worker removes the image signature and only keeps the image tag. This occurs because Red Hat Quay considers image tags and the signature as two tags. The expected behavior of this feature is that the auto-pruner should consider the image tag and signature as one item, calculate only the image tag, and when the auto-pruner worker is configured in such a way that the tag is pruned, it also prunes the signature. This will be fixed in a future version of Red Hat Quay. (PROJQUAY-6380)
- Currently, auditing for auto-pruning policy operations, including creating, updating, or deleting policies, is unavailable. This is a known issue and will be fixed in a future release of Red Hat Quay. (PROJQUAY-6228)
-
Currently, the the auto-pruning worker prunes
ReadOnlyand mirror repositories, in addition to normal repositories.ReadOnlyand mirror repositories should not be pruned automatically. This is a known issue and will be fixed in a future version of Red Hat Quay. (PROJQUAY-6235) -
When upgrading the Red Hat Quay Operator from versions 3.7, 3.8, or 3.9 to 3.10, users must manually remove the Red Hat Quay config editor by removing the
deployment,route,service, andsecretobjects. For information about this procedure, see Removing config editor objects on Red Hat Quay Operator. - When creating a new team using the Red Hat Quay v2 UI, users are unable to add normal users to the new team while. This only occurs while setting up the new team. As a workaround, you can add users after the team has been created. Robot accounts are unaffected by this issue. This is a known issue and will be fixed in a future version of Red Hat Quay. (PROJQUAY-6336)
- Sometimes, when creating a new default permission setting, the Create default permission button is disabled. As a workaround, you can try adjusting the Applied to setting in the Create default permission wizard. This is a known issue and will be fixed in a future version of Red Hat Quay. (PROJQUAY-6341)
1.21.2. Red Hat Quay 3.10 limitations
In this release, the following features are not supported on IBM Power (ppc64le) and IBM Z (s390x):
- Geo-Replication
- IPv6 Single stack/ Dual Stack
- Mirror registry
- Quay config editor - Mirror, MAG, Kinesis, Keystone, GitHub Enterprise, OIDC
- RedHat Quay V2 User Interface
Deploy Red Hat Quay - High Availability is supported but the following is not:
- Backing up and restoring on a standalone deployment
- Migrating a standalone to operator deployment
-
Robot accounts are mandatory for repository mirroring. Setting the
ROBOTS_DISALLOWconfiguration field toTruebreaks mirroring configurations. This will be fixed in a future version of Red Hat Quay
1.22. Red Hat Quay bug fixes
- PROJQUAY-6184. Add missing props for Create robot account modal
- PROJQUAY-6048. Poor UI performance with quotas enabled
- PROJQUAY-6010. Registry quota total worker fails to start due to import
- PROJQUAY-5212. Quay 3.8.1 can’t mirror OCI images from Docker Hub
- PROJQUAY-2462. Consider changing the type of the removed_tag_expiration_s from integer to bigint
- PROJQUAY-2803. Quay should notify Clair when manifests are garbage collected
- PROJQUAY-5598. Log auditing tries to write to the database in read-only mode
- PROJQUAY-4126. Clair database growing
- PROJQUAY-5489. Pushing an artifact to Quay with oras binary results in a 502
- PROJQUAY-3906. Quay can see the push image on Console after push image get error "Quota has been exceeded on namespace"
1.23. Red Hat Quay feature tracker
New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.
| Feature | Quay 3.10 | Quay 3.9 | Quay 3.8 |
|---|---|---|---|
| General Availability | - | - | |
| General Availability | - | - | |
| General Availability | General Availability | - | |
| General Availability | General Availability | - | |
| General Availability | General Availability | - | |
| Technology Preview | Technology Preview | Technology Preview | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| Technology Preview | Technology Preview | Technology Preview |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}