Red Hat SummitRed Hat Quay Release Notes
Preface
Red Hat Quay container registry platform provides secure storage, distribution, and governance of containers and cloud-native artifacts on any infrastructure. It is available as a standalone component or as an Operator on OpenShift Container Platform. Red Hat Quay includes the following features and benefits:
- Granular security management
- Fast and robust at any scale
- High velocity CI/CD
- Automated installation and updates
- Enterprise authentication and team-based access control
- OpenShift Container Platform integration
Red Hat Quay is regularly released, containing new features, bug fixes, and software updates. To upgrade Red Hat Quay for both standalone and OpenShift Container Platform deployments, see Upgrade Red Hat Quay.
Red Hat Quay only supports rolling back, or downgrading, to previous z-stream versions, for example, 3.14.2 → 3.14.1. Rolling back to previous y-stream versions (3.15 → 3.14) is not supported. This is because Red Hat Quay updates might contain database schema upgrades that are applied when upgrading to a new version of Red Hat Quay. Database schema upgrades are not considered backwards compatible.
Downgrading to previous z-streams is neither recommended nor supported by either Operator based deployments or virtual machine based deployments. Downgrading should only be done in extreme circumstances. The decision to rollback your Red Hat Quay deployment must be made in conjunction with the Red Hat Quay support and development teams. For more information, contact Red Hat Quay support.
Documentation for Red Hat Quay is versioned with each release. The latest Red Hat Quay documentation is available from the Red Hat Quay Documentation page. Currently, version 3 is the latest major version.
Prior to version 2.9.2, Red Hat Quay was called Quay Enterprise. Documentation for 2.9.2 and prior versions are archived on the Product Documentation for Red Hat Quay 2.9 page.
Chapter 1. RHBA-2025:8408 - Red Hat Quay 3.15.0 release
Issued 2025-07-07
Red Hat Quay release 3.15 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:9240 advisory. For the most recent compatibility matrix, see Quay Enterprise 3.x Tested Integrations. For information on the release cadence of Red Hat Quay, see the Red Hat Quay Life Cycle Policy.
1.1. Red Hat Quay documentation changes
The following documentation changes have been made with the Red Hat Quay 3.15 release:
The Configure Red Hat Quay book has been refactored. This book now provides expanded information on the following topics:
- Understanding the Red Hat Quay configuration file
- On premise Red Hat Quay configuration overview
-
Red Hat Quay on OpenShift Container Platform configuration overview, including the
QuayRegistrycustom resource
Additionally, the configuration fields have been re-organized into associated topics. Example YAML snippets are available for each configuration option. Lastly, the configuration options link to an associated procedure when relevant.
1.2. Red Hat Quay new features and enhancements
The following updates have been made to Red Hat Quay.
1.2.1. v2 UI notification drawer
With this release, a notification drawer has been added to the Red Hat Quay v2 UI. Administrators and users can view notifications from any page in the new UI via the navigation bar by clicking the bell icon. After clicking this icon, all notifications are shown in a popup box. Notifications can be cleared by clicking the X button for respective notifications.
Currently, the v2 UI does not support the Red Hat Quay Notification option when selecting a notification method. You can select the Red Hat Quay Notification method by using the v1 UI.
1.2.2. Proxy cache enhancements
Previously, when pulling from a proxied repository, only the layers explicitly requested by the client were cached in the Red Hat Quay registry. This behavior stemmed from Red Hat Quay only caching layers for which it received a request to the v2 blobs endpoint. Consequently, clients with existing layers on their local machines would not re-request those layers, preventing Red Hat Quay from pulling them into the registry. This limitation led to two key issues: Clair was unable to perform complete scans of these partial images due to missing layers, and the images became un-pullable if the upstream registry went down.
With this release, Red Hat Quay now caches all layers when an image is pulled from a proxied repository. This enhancement ensures that Clair can scan all images and that images remain pullable even if the upstream registry becomes unavailable.
1.3. Red Hat Quay configuration fields updates and changes
The following configuration fields have been added to Red Hat Quay 3.15.
1.3.1. Skopeo timeout interval
The SKOPEO_TIMEOUT_INTERVAL configuration field has been added. With this field, Red Hat Quay administrators can adjust the time, in seconds, that a mirroring job runs before it times out. This field is required and defaults to 300 seconds, or 5 minutes. It cannot be set lower than 300 seconds.
| Field | Type | Description |
| SKOPEO_TIMEOUT_INTERVAL | Integer |
Number of seconds mirroring job will run before timing out. |
Skopeo timeout example YAML
# ... SKOPEO_TIMEOUT_INTERVAL: 300 # ...
# ...
SKOPEO_TIMEOUT_INTERVAL: 300
# ...For more information, see Repository mirroring.
1.3.2. Superuser configDump
The FEATURE_SUPERUSER_CONFIGDUMP configuration field has been added. With this field, Red Hat Quay superusers can leverage the configDump API field to return all Flask configuration fields that are set. This can be used to show proof of compliance for various security policies, such as PCI-DSS 4.0. To use this field, superusers must be defined in the config.yaml file via the SUPER_USERS configuration field.
| Field | Type | Description |
| FEATURE_SUPERUSER_CONFIGDUMP | Boolean |
Enables a full config dump of the running Framework, environment and schema for validation. |
Superuser configDump example YAML
# ... FEATURE_SUPERUSER_CONFIGDUMP: true # ...
# ...
FEATURE_SUPERUSER_CONFIGDUMP: true
# ...For more information, see Retrieving the configuration file by using the API.
1.4. API endpoint enhancements
The following API endpoints were added in Red Hat Quay 3.15.
1.4.1. Skopeo timeout interval
A new parameter, SKOPEO_TIMEOUT_INTERVAL, has been added to the createRepoMirrorConfig endpoint. This parameter allows Red Hat Quay administrators to configure the maximum duration (in seconds) that a mirroring job is allowed to run before it times out. The default value is 300 seconds (5 minutes).
| Name | Description | Schema |
| skopeo_timeout_interval | Number of seconds mirroring job will run before timing out | Integer |
See the createRepoMirrorConfig endpoint for more information.
1.4.2. Superuser configDump
A new superuser API parameter, v1/superuser/config, has been added to the Red Hat Quay API. With this field, superusers can return all Flask configuration fields that are set. This can be used to show proof of compliance for various security policies, such as PCI-DSS 4.0.
| Name | Description | Schema |
|---|---|---|
|
configDump |
Returns a structured JSON dump of the current configuration, including values from | object |
For example API commands, see Red Hat Quay API superuser commands.
1.5. Notable technical changes
The following section highlights notable technical changes for Red Hat Quay 3.15.
1.5.1. Model card rendering disabled by default
In Red Hat Quay 3.14, model card rendering was made available on the v2 UI for machine learning models. This feature was enabled by default via the FEATURE_UI_MODELCARD parameter.
With Red Hat Quay 3.15, this feature is now disabled by default. To view model cards on the v2 UI, you must set the FEATURE_UI_MODELCARD field to true. For example:
# ... FEATURE_UI_MODELCARD: true # ...
# ...
FEATURE_UI_MODELCARD: true
# ...This change will be reverted in a future version of Red Hat Quay.
1.6. Known issues and limitations
The following sections note known issues and limitations for Red Hat Quay 3.15.
1.6.1. Repository mirroring known issue
There is a known issue affecting the mirroring feature of Red Hat Quay. When the mirroring process fails, the UI shows a Mirror success report, even though it has failed. This will be fixed in a future version of Red Hat Quay.
1.7. Future deprecations
- The Red Hat Quay v1 UI will be deprecated in Red Hat Quay 3.16.
1.8. Red Hat Quay bug fixes
The following issues were fixed with Red Hat Quay 3.15:
- PROJQUAY-9050. Previously, when in Tag view on the v2 UI, the Pull column was center-aligned while the other columns were left-aligned. With this release, the Pull column is left-aligned.
-
PROJQUAY-6862. Previously, when Red Hat Quay was deployed with Google Cloud Storage (GCS) as its object storage backend, pushing layers greater than 4 GiB would fail and return a
413error. This error occurred because Red Hat Quay’s library, boto, does not support multipart uploads to GCS. This issue has been resolved, and users can now push layers greater than 4 GiB to their registry without interruption. PROJQUAY-8123. Previously, if a Red Hat Quay administrator set up their deployment on a virtual machine (VM) and the administrator created the
config.yamlfile manually, there was a possibility that theTESTINGflag was not included in the configuration. Including theTESTING: truefield in theconfig.yamlfile disables some features, such as sending emails. This is useful for developers who are testing Red Hat Quay and do not want to accidentally send out notifications or other alerts to users. When this field is not set, Red Hat Quay operates normally.With this update, a warning is printed upon startup, notifying the Red Hat Quay administrator that the
TESTINGproperty is either missing from theconfig.yamlfile entirely, or that it is set totrue. This alert is intended to help guide administrators towards intentional configurations for their deployment.- PROJQUAY-8595. Previously, Red Hat Quay would not start if Splunk had an outage. Now, Red Hat Quay pods reconcile appropriately if Splunk has an outage and, as a result, Red Hat Quay starts as intended.
1.9. Red Hat Quay feature tracker
New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.
| Feature | Quay 3.15 | Quay 3.14 | Quay 3.13 |
|---|---|---|---|
| General Availability | General Availability | - | |
| General Availability | General Availability | General Availability | |
| Certificate-based authentication between Red Hat Quay and SQL | General Availability | General Availability | General Availability |
| Technology Preview | Technology Preview | Technology Preview |
1.9.1. IBM Power, IBM Z, and IBM® LinuxONE support matrix
| Feature | IBM Power | IBM Z and IBM® LinuxONE |
|---|---|---|
| Allow team synchronization via OIDC on Azure | Not Supported | Not Supported |
| Backing up and restoring on a standalone deployment | Supported | Supported |
| Clair Disconnected | Supported | Supported |
| Geo-Replication (Standalone) | Supported | Supported |
| Geo-Replication (Operator) | Supported | Not Supported |
| IPv6 | Not Supported | Not Supported |
| Migrating a standalone to operator deployment | Supported | Supported |
| Mirror registry | Supported | Supported |
| Quay config editor - mirror, OIDC | Supported | Supported |
| Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise | Not Supported | Not Supported |
| Quay config editor - Red Hat Quay V2 User Interface | Supported | Supported |
| Quay Disconnected | Supported | Supported |
| Repo Mirroring | Supported | Supported |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}