Red Hat SummitRed Hat Quay Release Notes
Preface
Red Hat Quay container registry platform provides secure storage, distribution, and governance of containers and cloud-native artifacts on any infrastructure. It is available as a standalone component or as an Operator on OpenShift Container Platform. Red Hat Quay includes the following features and benefits:
- Granular security management
- Fast and robust at any scale
- High velocity CI/CD
- Automated installation and updates
- Enterprise authentication and team-based access control
- OpenShift Container Platform integration
Red Hat Quay is regularly released, containing new features, bug fixes, and software updates. To upgrade Red Hat Quay for both standalone and OpenShift Container Platform deployments, see Upgrade Red Hat Quay.
Red Hat Quay only supports rolling back, or downgrading, to previous z-stream versions, for example, 3.13.2 → 3.13.1. Rolling back to previous y-stream versions (3.14 → 3.13) is not supported. This is because Red Hat Quay updates might contain database schema upgrades that are applied when upgrading to a new version of Red Hat Quay. Database schema upgrades are not considered backwards compatible.
Downgrading to previous z-streams is neither recommended nor supported by either Operator based deployments or virtual machine based deployments. Downgrading should only be done in extreme circumstances. The decision to rollback your Red Hat Quay deployment must be made in conjunction with the Red Hat Quay support and development teams. For more information, contact Red Hat Quay support.
Documentation for Red Hat Quay is versioned with each release. The latest Red Hat Quay documentation is available from the Red Hat Quay Documentation page. Currently, version 3 is the latest major version.
Prior to version 2.9.2, Red Hat Quay was called Quay Enterprise. Documentation for 2.9.2 and prior versions are archived on the Product Documentation for Red Hat Quay 2.9 page.
Chapter 1. Red Hat Quay release notes
The following sections detail y and z stream release information.
1.1. RHBA-2024:8408 - Red Hat Quay 3.14.0 release
Issued 2025-04-02
Red Hat Quay release 3.14 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:2467 advisory. For the most recent compatibility matrix, see Quay Enterprise 3.x Tested Integrations. For information the release cadence of Red Hat Quay, see the Red Hat Quay Life Cycle Policy.
1.2. Red Hat Quay documentation changes
The following documentation changes have been made with the Red Hat Quay 3.14 release:
The Red Hat Quay API guide has been updated and split into two books:
- Red Hat Quay API guide. This book contains an overview of the Red Hat Quay API, an overview of token types (OAuth 2.0 access tokens, robot account tokens, and OCI referrers OAuth access tokens), how to enable and use the Red Hat Quay API, suggestions for token management, and example commands for leveraging API endpoints to execute commands. This book is useful if you are new to the Red Hat Quay API or want information about its token types and how to leverage the API.
- Red Hat Quay API reference. This book contains all API reference endpoints and accompanying example commands for those endpoints. This book is useful if you are already familiar with using the Red Hat Quay API.
1.3. Red Hat Quay new features and enhancements
The following updates have been made to Red Hat Quay.
1.3.1. Clair enhancements
With this release, Clair indexer data is now included with downstream builds. This allows Red Hat Quay administrators to more easily reference indexers in the clair-config.yaml file when running Clair in an air-gapped or disconnected environment.
For more information, see Clair in disconnected environments.
1.3.2. Model card rendering on the v2 UI
With the release of Red Hat Quay 3.14, the v2 UI now renders model card information for machine learning models that include a model card. When a manifest has a certain annotation (for example, application/x-mlmodel) and a model card stored as a layer in the manifest, a Model Card tab is displayed on the tag’s information page. The information on the Model Card page provides users with comprehensive insights into each model, and can help enhance a user’s understanding of models stored within their registry.
The Model Card rendering page is only available on the Red Hat Quay v2 UI.
To view model card information, Red Hat Quay users or administrators must push an artifact to a repository. The artifact must have have an accompanying model card. This information renders under Repository → <tag_name> → Model Card.
For more information, see Viewing model card information by using the v2 UI.
1.3.3. Tag expiration enhancement
Previously, when configuring tag expiration for Red Hat Quay, the yearly option was unavailable on the Red Hat Quay v2 UI. With this update, users can now configure default tag expiration to occur yearly on the Red Hat Quay v2 UI. This can be set by using the Red Hat Quay UI or in your config.yaml file. For example:
DEFAULT_TAG_EXPIRATION: 1y TAG_EXPIRATION_OPTIONS: - 1y
1.4. Red Hat Quay configuration fields updates and changes
The following configuration fields have been added to Red Hat Quay 3.14.
1.4.1. Model card rendering configuration fields
The following configuration fields have been added for the model card rendering feature on the Red Hat Quay v2 UI:
| Field | Type | Description |
|---|---|---|
| FEATURE_UI_MODELCARD | Boolean |
Enables Modelcard image tab in UI. Defaults to |
| UI_MODELCARD_ARTIFACT_TYPE | String | Defines the modelcard artifact type. |
| UI_MODELCARD_ANNOTATION | Object | This optional field defines the layer annotation of the model card stored in an OCI image. |
| UI_MODELCARD_LAYER_ANNOTATION | Object | This optional field defines the layer annotation of the model card stored in an OCI image. |
These configuration fields are enabled and set by default in your config.yaml file:
Example model card YAML
FEATURE_UI_MODELCARD: true UI_MODELCARD_ARTIFACT_TYPE: application/x-mlmodel UI_MODELCARD_ANNOTATION: org.opencontainers.image.description: "Model card metadata" UI_MODELCARD_LAYER_ANNOTATION: org.opencontainers.image.title: README.md
For more information, see Viewing model card information by using the v2 UI.
1.4.2. IGNORE_UNKNOWN_MEDIATYPES configuration field removal
The IGNORE_UNKNOWN_MEDIATYPES configuration field has been removed. By default, Red Hat Quay accepts all artifact types.
1.5. API endpoint enhancements
No new API endpoints were added in Red Hat Quay 3.14.
1.6. Red Hat Quay 3.14 known issues and limitations
The following sections note known issues and limitations for Red Hat Quay 3.14.
1.6.1. Unsupported image types stuck in querying status
When pushing an unsupported image type, for example, an AI model, to a Red Hat Quay registry, the Security Report and Packages pages on the UI fail to load. This occurs because these image types are stuck in a Querying status and, as a result, the pages of these tabs are left blank. This is a known issue and will be fixed in a future version of Red Hat Quay.
1.6.2. Red Hat Quay on OpenShift Container Platform multiple ingress controllers known issue
In OpenShift Container Platform clusters with multiple ingress controllers defined, the Red Hat Quay Operator iterates through the list of available ingress controllers are uses the first one that it encounters to determine the cluster hostname. However, the order of ingress controllers in this list is not guaranteed to be consistent across reconciliation cycles. Consequently, the Operator might pick a different ingress controller, leading it to detect a change in the cluster hostname and initiate a new reconciliation process. This can lead to instability in quay pods and your Red Hat Quay on OpenShift Container Platform deployment.
Use one of the following methods to avoid this issue:
-
Set the
routeandtlscomponents of theQuayRegistryresource to be unmanaged (managed: false), and create a custom Route for Red Hat Quay. For more information about creating a custom Route, see Disabling the Route component. -
Ensure that only one ingress controller matches the Red Hat Quay
routeresource, which can be done with ingress controller sharding. For more information, see Ingress sharding in OpenShift Container Platform.
1.7. Red Hat Quay bug fixes
The following issues were fixed with Red Hat Quay 3.14:
-
PROJQUAY-8532. Previously, there was an issue when updating Clair when deployed with Amazon Web Services (AWS) Relational Database Service (RDS) from version 12.19 to 15.7. After upgrading, scanning new images would result images being stuck in a
Queuedstate and be unable to procedure a bug report. This issue has been resolved. -
PROJQUAY-8131. Previously, users could receive an unknown exception when trying to serialize manifest type for caching on a referrer’s endpoint. . This resulted in the following error:
Object of type Manifest is not JSON serializable. This issue has been resolved. -
PROJQUAY-8272. Previously, nested indexes, or intexes referring to another index, were broke in Red Hat Quay. This coiuld result in the following response when pushing to a registry:
Error response from registry: recognizable error message not found: PUT "https://quay.io/v2/arewm/oci-spec-1217/manifests/nested-index": response status code 500: Internal Server Error. This issue has been resolved. -
PROJQUAY-8559. Previously, a passport field in NGINX logs was not obfuscated. This issue has been resolved, and the
repeatPasswordvalue is hidden.
1.8. Red Hat Quay feature tracker
New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.
| Feature | Quay 3.14 | Quay 3.13 | Quay 3.12 |
|---|---|---|---|
| General Availability | - | - | |
| General Availability | General Availability | - | |
| Certificate-based authentication between Red Hat Quay and SQL | General Availability | General Availability | - |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| General Availability | General Availability | General Availability | |
| Technology Preview | Technology Preview | Technology Preview |
1.8.1. IBM Power, IBM Z, and IBM® LinuxONE support matrix
| Feature | IBM Power | IBM Z and IBM® LinuxONE |
|---|---|---|
| Allow team synchronization via OIDC on Azure | Not Supported | Not Supported |
| Backing up and restoring on a standalone deployment | Supported | Supported |
| Clair Disconnected | Supported | Supported |
| Geo-Replication (Standalone) | Supported | Supported |
| Geo-Replication (Operator) | Supported | Not Supported |
| IPv6 | Not Supported | Not Supported |
| Migrating a standalone to operator deployment | Supported | Supported |
| Mirror registry | Supported | Supported |
| Quay config editor - mirror, OIDC | Supported | Supported |
| Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise | Not Supported | Not Supported |
| Quay config editor - Red Hat Quay V2 User Interface | Supported | Supported |
| Quay Disconnected | Supported | Supported |
| Repo Mirroring | Supported | Supported |
