Chapter 1. Red Hat Quay release notes

1.1. RHBA-2024:8408 - Red Hat Quay 3.14.0 release

Issued 2025-04-02

Red Hat Quay release 3.14 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:2467 advisory. For the most recent compatibility matrix, see Quay Enterprise 3.x Tested Integrations. For information the release cadence of Red Hat Quay, see the Red Hat Quay Life Cycle Policy.

1.2. Red Hat Quay documentation changes

The following documentation changes have been made with the Red Hat Quay 3.14 release:

The Red Hat Quay API guide has been updated and split into two books:
- Red Hat Quay API guide. This book contains an overview of the Red Hat Quay API, an overview of token types (OAuth 2.0 access tokens, robot account tokens, and OCI referrers OAuth access tokens), how to enable and use the Red Hat Quay API, suggestions for token management, and example commands for leveraging API endpoints to execute commands. This book is useful if you are new to the Red Hat Quay API or want information about its token types and how to leverage the API.
- Red Hat Quay API reference. This book contains all API reference endpoints and accompanying example commands for those endpoints. This book is useful if you are already familiar with using the Red Hat Quay API.

1.3. Red Hat Quay new features and enhancements

The following updates have been made to Red Hat Quay.

1.3.1. Clair enhancements

With this release, Clair indexer data is now included with downstream builds. This allows Red Hat Quay administrators to more easily reference indexers in the clair-config.yaml file when running Clair in an air-gapped or disconnected environment.

For more information, see Clair in disconnected environments.

1.3.2. Model card rendering on the v2 UI

With the release of Red Hat Quay 3.14, the v2 UI now renders model card information for machine learning models that include a model card. When a manifest has a certain annotation (for example, application/x-mlmodel) and a model card stored as a layer in the manifest, a Model Card tab is displayed on the tag’s information page. The information on the Model Card page provides users with comprehensive insights into each model, and can help enhance a user’s understanding of models stored within their registry.

Note

The Model Card rendering page is only available on the Red Hat Quay v2 UI.

To view model card information, Red Hat Quay users or administrators must push an artifact to a repository. The artifact must have have an accompanying model card. This information renders under Repository <tag_name> Model Card.

For more information, see Viewing model card information by using the v2 UI.

1.3.3. Tag expiration enhancement

Previously, when configuring tag expiration for Red Hat Quay, the yearly option was unavailable on the Red Hat Quay v2 UI. With this update, users can now configure default tag expiration to occur yearly on the Red Hat Quay v2 UI. This can be set by using the Red Hat Quay UI or in your config.yaml file. For example:

DEFAULT_TAG_EXPIRATION: 1y
TAG_EXPIRATION_OPTIONS:
  - 1y

1.4. Red Hat Quay configuration fields updates and changes

The following configuration fields have been added to Red Hat Quay 3.14.

1.4.1. Model card rendering configuration fields

The following configuration fields have been added for the model card rendering feature on the Red Hat Quay v2 UI:

Field	Type	Description
FEATURE_UI_MODELCARD	Boolean	Enables Modelcard image tab in UI. Defaults to `true`.
UI_MODELCARD_ARTIFACT_TYPE	String	Defines the modelcard artifact type.
UI_MODELCARD_ANNOTATION	Object	This optional field defines the layer annotation of the model card stored in an OCI image.
UI_MODELCARD_LAYER_ANNOTATION	Object	This optional field defines the layer annotation of the model card stored in an OCI image.

These configuration fields are enabled and set by default in your config.yaml file:

Example model card YAML

FEATURE_UI_MODELCARD: true
UI_MODELCARD_ARTIFACT_TYPE: application/x-mlmodel
UI_MODELCARD_ANNOTATION:
  org.opencontainers.image.description: "Model card metadata"
UI_MODELCARD_LAYER_ANNOTATION:
  org.opencontainers.image.title: README.md

For more information, see Viewing model card information by using the v2 UI.

1.4.2. IGNORE_UNKNOWN_MEDIATYPES configuration field removal

The IGNORE_UNKNOWN_MEDIATYPES configuration field has been removed. By default, Red Hat Quay accepts all artifact types.

1.4.3. New Red Hat Quay footer fields

The following configuration fields have been added to the original (v1) UI. You can use these fields to customize the footer of your on-prem v1 UI.

Note

These fields are currently unavailable on the Red Hat Quay v2 UI.

Field	Type	Description
FOOTER_LINKS	Object	Enable customization of footer links in Red Hat Quay’s UI for on-prem installations.
.TERMS_OF_SERVICE_URL	String	Custom terms of service for on-prem installations. Example: `https://index.hr`
.PRIVACY_POLICY_URL	String	Custom privacy policy for on-prem installations. Example: `https://index.hr`
.SECURITY_URL	String	Custom security page for on-prem installations. Example: `https://index.hr`
.ABOUT_URL	String	Custom about page for on-prem installations. Example: `https://index.hr`

Example footer links YAML

FOOTER_LINKS:
  "TERMS_OF_SERVICE_URL": "https://www.index.hr"
  "PRIVACY_POLICY_URL": "https://www.example.hr"
  "SECURITY_URL": "https://www.example.hr"
  "ABOUT_URL": "https://www.example.hr"

1.5. API endpoint enhancements

No new API endpoints were added in Red Hat Quay 3.14.

1.6. Red Hat Quay 3.14 known issues and limitations

The following sections note known issues and limitations for Red Hat Quay 3.14.

1.6.1. Unsupported image types stuck in querying status

When pushing an unsupported image type, for example, an AI model, to a Red Hat Quay registry, the Security Report and Packages pages on the UI fail to load. This occurs because these image types are stuck in a Querying status and, as a result, the pages of these tabs are left blank. This is a known issue and will be fixed in a future version of Red Hat Quay.

1.7. Red Hat Quay bug fixes

The following issues were fixed with Red Hat Quay 3.14:

PROJQUAY-8532. Previously, there was an issue when updating Clair when deployed with Amazon Web Services (AWS) Relational Database Service (RDS) from version 12.19 to 15.7. After upgrading, scanning new images would result images being stuck in a Queued state and be unable to procedure a bug report. This issue has been resolved.
PROJQUAY-8131. Previously, users could receive an unknown exception when trying to serialize manifest type for caching on a referrer’s endpoint. . This resulted in the following error: Object of type Manifest is not JSON serializable. This issue has been resolved.
PROJQUAY-8272. Previously, nested indexes, or intexes referring to another index, were broke in Red Hat Quay. This coiuld result in the following response when pushing to a registry: Error response from registry: recognizable error message not found: PUT "https://quay.io/v2/arewm/oci-spec-1217/manifests/nested-index": response status code 500: Internal Server Error. This issue has been resolved.
PROJQUAY-8559. Previously, a passport field in NGINX logs was not obfuscated. This issue has been resolved, and the repeatPassword value is hidden.

1.8. Red Hat Quay feature tracker

New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.

Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.

Table 1.1. New features tracker
Feature	Quay 3.14	Quay 3.13	Quay 3.12
Viewing model card information by using the v2 UI.	General Availability	-	-
Keyless authentication with robot accounts	General Availability	General Availability	-
Certificate-based authentication between Red Hat Quay and SQL	General Availability	General Availability	-
Splunk HTTP Event Collector (HEC) support	General Availability	General Availability	General Availability
Open Container Initiative 1.1 support	General Availability	General Availability	General Availability
Reassigning an OAuth access token	General Availability	General Availability	General Availability
Creating an image expiration notification	General Availability	General Availability	General Availability
FEATURE_UI_V2	Technology Preview	Technology Preview	Technology Preview

1.8.1. IBM Power, IBM Z, and IBM® LinuxONE support matrix

Table 1.2. list of supported and unsupported features
Feature	IBM Power	IBM Z and IBM® LinuxONE
Allow team synchronization via OIDC on Azure	Not Supported	Not Supported
Backing up and restoring on a standalone deployment	Supported	Supported
Clair Disconnected	Supported	Supported
Geo-Replication (Standalone)	Supported	Supported
Geo-Replication (Operator)	Supported	Not Supported
IPv6	Not Supported	Not Supported
Migrating a standalone to operator deployment	Supported	Supported
Mirror registry	Supported	Supported
Quay config editor - mirror, OIDC	Supported	Supported
Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise	Not Supported	Not Supported
Quay config editor - Red Hat Quay V2 User Interface	Supported	Supported
Quay Disconnected	Supported	Supported
Repo Mirroring	Supported	Supported