Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Red Hat Quay release notes

The following sections detail y and z stream release information.

1.1. RHBA-2025:15212 - Red Hat Quay 3.14.5 release
Copy link

Issued 2025-09-18

Red Hat Quay release 3.14.5 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:15212 advisory.

1.1.1. Red Hat Quay 3.14.5 bug fixes
Copy link

  • PROJQUAY-5880. Before this update, Red Hat Quay remapping of non-Docker compatible characters in LDAP_UID_ATTR caused incorrect LDAP searches for user permissions. As a consequence, user permissions were incorrectly assigned. With this release, the LDAP search query uses the user’s LDAP UID instead of the Red Hat Quay username. As a result, Quay correctly searches for user info based on LDAP ID, ensuring that information is accurately returned.
  • PROJQUAY-7270. Before this update, the error message for on-premise customer instances incorrectly suggested the Red Hat status page for support. As a consequence, end users were directed to an incorrect support page, causing confusion and potential delay in issue resolution. With this release, the error message no longer recommends navigating to the Red Hat status page, and instead suggests to contact an organization administrator.
  • PROJQUAY-8879. Before this update, in LDAP Red Hat Quay environments, when users would log in for the first time with a username like u.user. Red Hat Quay automatically suggested and created a namespace in the form of u_user. As a consequence, usernames with dots (.) could not be found by superusers due to the discrepancy between the username and the namespace name. With this release, Quay now uses the actual LDAP username for user filtering. As a result, the LDAP user filter now correctly queries by actual username, resolving not found errors.
  • PROJQUAY-9362. With this release, the SQLite driver now supports multiple client access, preventing database locking. As a result, multiple users can access the SQLite database concurrently, improving system efficiency.

1.2. RHBA-2025:13257 - Red Hat Quay 3.14.4 release
Copy link

Issued 2025-08-14

Red Hat Quay release 3.14.4 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:13257 advisory.

1.2.1. Red Hat Quay 3.14.4 new features
Copy link

The following features have been added with Red Hat Quay 3.14.4.

1.2.1.1. v2 UI mirroring tab
Copy link

With this update, a Mirroring tab has been added to the Red Hat Quay v2 UI. Although the Mirroring tab exists, it is not functionally ready for use. You should continue using the v1 UI when mirroring a repository.

1.2.2. Red Hat Quay 3.14.4 bug fixes
Copy link

  • PROJQUAY-9136. Before this update, Alembic migrations failed to install certificates during run, causing issues with Red Hat Quay behind HTTPS proxy due to lack of certificates. As a consequence, users experienced migration failure when Red Hat Quay was behind an HTTPS proxy. With this release, Alembic migrations no longer require manual certificate installation for Red Hat Quay behind HTTPS proxy. As a result, Alembic migrations can now install certs, allowing smooth operation behind HTTPS proxies.
  • PROJQUAY-9156. Previously, some read-only permissions were missing for read-only superusers. This issue has been resolved.

1.3. RHBA-2025:9644 - Red Hat Quay 3.14.3 release
Copy link

Issued 2025-07-01

Red Hat Quay release 3.14.3 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:9644 advisory.

1.4. RHBA-2025:7674 - Red Hat Quay 3.14.2 release
Copy link

Issued 2025-06-09

Red Hat Quay release 3.14.2 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:8262 advisory.

1.4.1. Red Hat Quay 3.14.2 bug fixes
Copy link

  • PROJQUAY-8633. Previously, after pushing some image tags to Red Hat Quay, selecting the correct date range on the Tag history page showed Invalid date. This issue has been resolved.

1.5. RHBA-2025:7674 - Red Hat Quay 3.14.1 release
Copy link

Issued 2025-05-15

Red Hat Quay release 3.14.1 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:7674 advisory.

1.5.1. Red Hat Quay 3.14.1 bug fixes
Copy link

  • PROJQUAY-8673, PROJQUAY-8680, PROJQUAY-8740. Previously, the v2 UI model card feature did not render tables correctly; additionally, the UI did not display the checkbox in the correct format. With this release, issues with rendering have been resolved.
  • PROJQUAY-8716. Previously, the Model Card tab displayed as ModelCard on the v2 UI. Now, it correctly displays as Model Card.

  • PROJQUAY-8771. With this release, the Red Hat Quay Operator supports the customization of the haproxy.router.openshift.io/timeout annotation when the route component is set to managed (managed: true). For example: 

    # ...
kind: Route
metadata:
  annotations:
    haproxy.router.openshift.io/timeout: 30m
# ...
    Copy to Clipboard Toggle word wrap

    In this example, the timeout value is set to 30 minutes, which allows pushing large image layers.

  • PROJQUAY-5172. With this release, the Red Hat Quay Operator now garbage collects unneeded secrets.

1.6. RHBA-2025:8408 - Red Hat Quay 3.14.0 release
Copy link

Issued 2025-04-02

Red Hat Quay release 3.14 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:2467 advisory. For the most recent compatibility matrix, see Quay Enterprise 3.x Tested Integrations. For information the release cadence of Red Hat Quay, see the Red Hat Quay Life Cycle Policy.

1.7. Red Hat Quay documentation changes
Copy link

The following documentation changes have been made with the Red Hat Quay 3.14 release:

  • The Red Hat Quay API guide has been updated and split into two books:

    • Red Hat Quay API guide. This book contains an overview of the Red Hat Quay API, an overview of token types (OAuth 2.0 access tokens, robot account tokens, and OCI referrers OAuth access tokens), how to enable and use the Red Hat Quay API, suggestions for token management, and example commands for leveraging API endpoints to execute commands. This book is useful if you are new to the Red Hat Quay API or want information about its token types and how to leverage the API.
    • Red Hat Quay API reference. This book contains all API reference endpoints and accompanying example commands for those endpoints. This book is useful if you are already familiar with using the Red Hat Quay API.

1.8. Red Hat Quay new features and enhancements
Copy link

The following updates have been made to Red Hat Quay.

1.8.1. Clair enhancements
Copy link

  • With this release, Clair indexer data is now included with downstream builds. This allows Red Hat Quay administrators to more easily reference indexers in the clair-config.yaml file when running Clair in an air-gapped or disconnected environment.

    For more information, see Clair in disconnected environments.

  • Clair on Red Hat Quay now requires that you update the Clair PostgreSQL database from version 13 to version 15. For more information about this procedure, see Upgrading the Clair PostgreSQL database.

1.8.2. Model card rendering on the v2 UI
Copy link

With the release of Red Hat Quay 3.14, the v2 UI now renders model card information for machine learning models that include a model card. When a manifest has a certain annotation (for example, application/x-mlmodel) and a model card stored as a layer in the manifest, a Model Card tab is displayed on the tag’s information page. The information on the Model Card page provides users with comprehensive insights into each model, and can help enhance a user’s understanding of models stored within their registry.

Note

The Model Card rendering page is only available on the Red Hat Quay v2 UI.

To view model card information, Red Hat Quay users or administrators must push an artifact to a repository. The artifact must have have an accompanying model card. This information renders under Repository <tag_name> Model Card.

For more information, see Viewing model card information by using the v2 UI.

1.8.3. Tag expiration enhancement
Copy link

Previously, when configuring tag expiration for Red Hat Quay, the yearly option was unavailable on the Red Hat Quay v2 UI. With this update, users can now configure default tag expiration to occur yearly on the Red Hat Quay v2 UI. This can be set by using the Red Hat Quay UI or in your config.yaml file. For example: 

DEFAULT_TAG_EXPIRATION: 1y
TAG_EXPIRATION_OPTIONS:
  - 1y
Copy to Clipboard Toggle word wrap

The following configuration fields have been added to Red Hat Quay 3.14.

1.9.1. Model card rendering configuration fields
Copy link

The following configuration fields have been added for the model card rendering feature on the Red Hat Quay v2 UI:

Expand
FieldTypeDescription

FEATURE_UI_MODELCARD

Boolean

Enables Modelcard image tab in UI. Defaults to True.

UI_MODELCARD_ARTIFACT_TYPE

String

Defines the modelcard artifact type.

UI_MODELCARD_ANNOTATION

Object

This optional field defines the layer annotation of the model card stored in an OCI image.

UI_MODELCARD_LAYER_ANNOTATION

Object

This optional field defines the layer annotation of the model card stored in an OCI image.

These configuration fields are enabled and set by default in your config.yaml file:

Example model card YAML

FEATURE_UI_MODELCARD: true
UI_MODELCARD_ARTIFACT_TYPE: application/x-mlmodel
UI_MODELCARD_ANNOTATION:
  org.opencontainers.image.description: "Model card metadata"
UI_MODELCARD_LAYER_ANNOTATION:
  org.opencontainers.image.title: README.md
Copy to Clipboard Toggle word wrap

For more information, see Viewing model card information by using the v2 UI.

The IGNORE_UNKNOWN_MEDIATYPES configuration field has been removed. By default, Red Hat Quay accepts all artifact types.

1.10. API endpoint enhancements
Copy link

No new API endpoints were added in Red Hat Quay 3.14.

The following sections note known issues and limitations for Red Hat Quay 3.14.

When pushing an unsupported image type, for example, an AI model, to a Red Hat Quay registry, the Security Report and Packages pages on the UI fail to load. This occurs because these image types are stuck in a Querying status and, as a result, the pages of these tabs are left blank. This is a known issue and will be fixed in a future version of Red Hat Quay.

In OpenShift Container Platform clusters with multiple ingress controllers defined, the Red Hat Quay Operator iterates through the list of available ingress controllers are uses the first one that it encounters to determine the cluster hostname. However, the order of ingress controllers in this list is not guaranteed to be consistent across reconciliation cycles. Consequently, the Operator might pick a different ingress controller, leading it to detect a change in the cluster hostname and initiate a new reconciliation process. This can lead to instability in quay pods and your Red Hat Quay on OpenShift Container Platform deployment.

Use one of the following methods to avoid this issue:

  • Set the route and tls components of the QuayRegistry resource to be unmanaged (managed: false), and create a custom Route for Red Hat Quay. For more information about creating a custom Route, see Disabling the Route component.
  • Ensure that only one ingress controller matches the Red Hat Quay route resource, which can be done with ingress controller sharding. For more information, see Ingress sharding in OpenShift Container Platform.

1.12. Red Hat Quay bug fixes
Copy link

The following issues were fixed with Red Hat Quay 3.14:

  • PROJQUAY-8532. Previously, there was an issue when updating Clair when deployed with Amazon Web Services (AWS) Relational Database Service (RDS) from version 12.19 to 15.7. After upgrading, scanning new images would result images being stuck in a Queued state and be unable to procedure a bug report. This issue has been resolved.
  • PROJQUAY-8131. Previously, users could receive an unknown exception when trying to serialize manifest type for caching on a referrer’s endpoint. . This resulted in the following error: Object of type Manifest is not JSON serializable. This issue has been resolved.
  • PROJQUAY-8272. Previously, nested indexes, or intexes referring to another index, were broke in Red Hat Quay. This coiuld result in the following response when pushing to a registry: Error response from registry: recognizable error message not found: PUT "https://quay.io/v2/arewm/oci-spec-1217/manifests/nested-index": response status code 500: Internal Server Error. This issue has been resolved.
  • PROJQUAY-8559. Previously, a passport field in NGINX logs was not obfuscated. This issue has been resolved, and the repeatPassword value is hidden.

1.13. Red Hat Quay feature tracker
Copy link

New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.

Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.

Expand
Table 1.1. New features tracker
FeatureQuay 3.14Quay 3.13Quay 3.12

Viewing model card information by using the v2 UI.

General Availability

-

-

Keyless authentication with robot accounts

General Availability

General Availability

-

Certificate-based authentication between Red Hat Quay and SQL

General Availability

General Availability

-

Splunk HTTP Event Collector (HEC) support

General Availability

General Availability

General Availability

Open Container Initiative 1.1 support

General Availability

General Availability

General Availability

Reassigning an OAuth access token

General Availability

General Availability

General Availability

Creating an image expiration notification

General Availability

General Availability

General Availability

FEATURE_UI_V2

Technology Preview

Technology Preview

Technology Preview

Expand
Table 1.2. list of supported and unsupported features
FeatureIBM PowerIBM Z and IBM® LinuxONE

Allow team synchronization via OIDC on Azure

Not Supported

Not Supported

Backing up and restoring on a standalone deployment

Supported

Supported

Clair Disconnected

Supported

Supported

Geo-Replication (Standalone)

Supported

Supported

Geo-Replication (Operator)

Supported

Not Supported

IPv6

Not Supported

Not Supported

Migrating a standalone to operator deployment

Supported

Supported

Mirror registry

Supported

Supported

Quay config editor - mirror, OIDC

Supported

Supported

Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise

Not Supported

Not Supported

Quay config editor - Red Hat Quay V2 User Interface

Supported

Supported

Quay Disconnected

Supported

Supported

Repo Mirroring

Supported

Supported

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat