Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 1. Red Hat Quay release notes


The following sections detail y and z stream release information.

1.1. RHBA-2024:6047 - Red Hat Quay 3.11.5 release

Issued 2024-09-03

Red Hat Quay release 3.11.5 is now available with Clair 4.7.4. The bug fixes that are included in the update are listed in the RHBA-2024:6047 advisory.

1.2. RHBA-2024:5038 - Red Hat Quay 3.11.4 release

Issued 2024-08-14

Red Hat Quay release 3.11.4 is now available with Clair 4.7.4. The bug fixes that are included in the update are listed in the RHBA-2024:5038 advisory.

1.2.1. Red Hat Quay 3.11.4 new features

With this release, NetApp ONTAP S3 object storage is now supported. For more information, see NetApp ONTAP S3 object storage.

1.2.2. Red Hat Quay 3.11.4 known issues

When using NetApp ONTAP S3 object storage, images with large layer sizes fail to push. This is a known issue and will be fixed in a future version of Red Hat Quay. (PROJQUAY-7462).

1.2.3. Red Hat Quay 3.11.4 bug fixes

  • PROJQUAY-7541. Previously, when setting a user as a global read-only superuser, some API endpoints failed. This update resolves those issues, and the API endpoints now work as expected.
  • PROJQUAY-7544. Previously, global read-only superusers could not obtain resources from a normal user’s organization when using the API. This issue has been resolved, and global read-only superusers can now obtain resources from a normal user’s organization.
  • PROJQUAY-7548. Previously, global read-only superusers could not obtain information when using the API listrepos endpoints. This issue has been resolved.
  • PROJQUAY-7578. On the 3.11.4 UI, the release notes pointed to Red Hat Quay’s 3.7 release. This has been fixed, and they now point to the current version.

1.3. RHBA-2024:4710 - Red Hat Quay 3.11.3 release

Issued 2024-07-29

Red Hat Quay release 3.11.3 is now available with Clair 4.7.4. The bug fixes that are included in the update are listed in the RHBA-2024:4710 advisory.

1.4. RHBA-2024:3938 - Red Hat Quay 3.11.2 release

Issued 2024-07-15

Red Hat Quay release 3.11.2 is now available with Clair 4.7.4. The bug fixes that are included in the update are listed in the RHBA-2024:3938 advisory.

1.4.1. Red Hat Quay 3.11.2 bug fixes

  • PROJQUAY-7182. Upgrade from 3.8 to 3.9, postgresql data lost
  • PROJQUAY-7307. Resolve related bugs (redhat-3.11)
  • PROJQUAY-7314. Update quay codebase to support Sqlite db
  • PROJQUAY-7134. listOrgLogs api with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7135. getAggregateOrgLogs api with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7136. exportOrgLogs api with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7138. changeOrganizationDetails API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7139. deleteAdminedOrganization api with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7147. getOrganizationMember API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7148. removeOrganizationMember API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7149. listOrganizationQuotaLimit API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7150. getOrganizationQuotaLimit API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7151. createRepo API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7153. getOrganizationTeamPermissions API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7154. deleteOrganizationTeamMember API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7155. getOrganizationTeamMembers API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7157. getOrganizationPrototypePermissions API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7158. listRepositoryAutoPrunePolicies API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7159. getRepositoryAutoPrunePolicy API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7160. createRepositoryAutoPrunePolicy API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7161. updateRepositoryAutoPrunePolicy API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-7162. deleteRepositoryAutoPrunePolicy API with super user token doesn’t work when enable FEATURE_SUPERUSERS_FULL_ACCESS

1.5. RHBA-2024:2926 - Red Hat Quay 3.11.1 release

Issued 2024-05-23

Red Hat Quay release 3.11.1 is now available with Clair 4.7.4. The bug fixes that are included in the update are listed in the RHBA-2024:2926 advisory.

1.5.1. Red Hat Quay 3.11.1 bug fixes

  • PROJQUAY-6762. Previously, the new UI did not report an error when team syncing from an OIDC server. Now, an alert is reported.
  • PROJQUAY-6831. Previously, the new UI did not show the Invited tab when the team synchronization was configured from an OIDC group. Now, the new UI shows the Invited tab.
  • PROJQUAY-6917. The new UI now asks users to input the Group Object ID when the target group is Azure Entra ID.
  • PROJQUAY-6831. The old Red Hat Quay UI did not previously have an option to send a recovery email to users. This option has been fixed.

1.6. RHBA-2024:1475 - Red Hat Quay 3.11.0 release

Issued 2024-04-02

Red Hat Quay release 3.11 is now available with Clair 4.7.4. Version 3.11 offers Extended Update Support (EUS) Term 2, which means that Red Hat provides an addition twelve months of support to this version, including backports of critical and important impact security updates. For more information, see Extended Update Support Term 2.

The bug fixes that are included in the update are listed in the RHBA-2024:1475 advisory. For the most recent compatibility matrix, see Quay Enterprise 3.x Tested Integrations.

1.7. Red Hat Quay release cadence

With the release of Red Hat Quay 3.10, the product has begun to align its release cadence and lifecycle with OpenShift Container Platform. As a result, Red Hat Quay releases are now generally available (GA) within approximately four weeks of the most recent version of OpenShift Container Platform. Customers can not expect the support lifecycle phases of Red Hat Quay to align with OpenShift Container Platform releases.

For more information, see the Red Hat Quay Life Cycle Policy.

1.8. Red Hat Quay documentation changes

The Red Hat Quay configuration tool has been deprecated since version 3.10. With this release, references and procedures that use the configuration tool have been, or will be, removed. These procedures will remain in older versions of Red Hat Quay.

1.9. Red Hat Quay new features and enhancements

The following updates have been made to Red Hat Quay.

1.9.1. Support for AWS STS on Red Hat Quay

Support for Amazon Web Services (AWS) Security Token Service (STS) is now offered for Red Hat Quay. AWS STS is a web service for requesting temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users and for users that you authenticate, or federated users. This feature is useful for clusters using Amazon S3 as an object storage, allowing Red Hat Quay to use STS protocols to authenticate with Amazon S3, which can enhance the overall security of the cluster and help to ensure that access to sensitive data is properly authenticated and authorized. This feature is also available for OpenShift Container Platform deployments.

For more information about configuring AWS STS for standalone Red Hat Quay deployments, see Configuring AWS STS for Red Hat Quay

1.9.2. Red Hat Quay auto-pruning enhancements

With the release of Red Hat Quay 3.10, a new auto-pruning feature was released. With that feature, Red Hat Quay administrators could set up auto-pruning policies on namespaces for both users and organizations.

With this release, auto-pruning policies can now be set up on specified repositories. This feature allows for image tags to be automatically deleted within a repository based on specified criteria. Additionally, Red Hat Quay administrators can set auto-pruning policies on repositories that they have admin privileges for.

For more information, see Red Hat Quay auto-pruning overview.

1.9.3. Red Hat Quay v2 UI enhancements

In Red Hat Quay 3.8, a new UI was introduced as a technology preview feature. With Red Hat Quay 3.11, the following enhancements have been made to the v2 UI.

1.9.3.1. Red Hat Quay v2 UI usage logs

Red Hat Quay 3.11 adds functionality for usage logs when using the v2 UI. Usage logs provide the following information about your Red Hat Quay deployment:

  • Monitoring of team activities. Allows administrators to view team activities, such as team creation, membership changes, and role assignments.
  • Auditing of tag history actions. Allows security auditors to audit tag history actions, including tag creations, updates, and deletions.
  • Tracking of repository label changes. Allows repository owners to track changes to labels, including additions, modifications, and removals.
  • Monitoring of expiration settings. Allows engineers to monitor actions related to tag expiration settings, such as setting expiration dates or disabling expiration for specific tags.

Logs can be exported to an email address or to a callback URL, and are available at the Organization, repository, and namespace levels.

For more information, see Viewing usage logs on the Red Hat Quay v2 UI.

1.9.3.2. Red Hat Quay v2 UI dark mode

Red Hat Quay 3.11 offers users the ability to switch between light and dark modes when using the v2 UI. This feature also includes an automatic mode selection, which chooses between light or dark modes depending on the user’s browser preference.

For more information, see Selecting color theme preference on the Red Hat Quay v2 UI.

1.9.3.3. Builds support on Red Hat Quay v2 UI

Red Hat Quay Builds are now supported when using the v2 UI. This feature must be enabled prior to building container images by setting FEATURE_BUILD_SUPPORT: true in your config.yaml file.

For more information, see Creating a new build.

1.9.3.4. Auto-pruning repositories v2 UI

Red Hat Quay 3.11 offers users the ability to create auto-pruning policies using the v2 UI.

For more information, see Red Hat Quay auto-pruning overview.

1.9.4. Team synchronization support via Red Hat Quay OIDC

This release allows administrators to leverage an OpenID Connect (OIDC) identity provider to synchronization team, or group, settings, so long as their OIDC provider supports the retrieval of group information from ID token or the /userinfo endpoint. Administrators can easily apply repository permissions to sets of users without having to manually create and sync group definitions between Red Hat Quay and the OIDC group, which is not scalable.

For more information, see Team synchronization for Red Hat Quay OIDC deployments

1.10. Red Hat Quay Operator updates

The following updates have been made to the Red Hat Quay Operator:

1.10.1. Configurable resource requests for Red Hat Quay on OpenShift Container Platform managed components

With this release, users can manually adjust the resource requests on Red Hat Quay on OpenShift Container Platform for the following components that have pods running:

  • quay
  • clair
  • mirroring
  • clairpostgres
  • postgres

This feature allows users to run smaller test clusters, or to request more resources upfront in order to avoid partially degraded Quay pods.

For more information, see Configuring resources for managed components on OpenShift Container Platform

1.10.2. Support for AWS STS on Red Hat Quay on OpenShift Container Platform

Support for Amazon Web Services (AWS) Security Token Service (STS) is now offered for Red Hat Quay deployments on OpenShift Container Platform. AWS STS is a web service for requesting temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users and for users that you authenticate, or federated users. This feature is useful for clusters using Amazon S3 as an object storage, allowing Red Hat Quay to use STS protocols to authenticate with Amazon S3, which can enhance the overall security of the cluster and help to ensure that access to sensitive data is properly authenticated and authorized.

For more information about AWS STS for Red Hat Quay on OpenShift Container Platform, see Configuring AWS STS for Red Hat Quay on OpenShift Container Platform

1.11. New Red Hat Quay configuration fields

The following configuration fields have been added to Red Hat Quay 3.11.

1.11.1. Configuration fields for AWS S3 STS deployments

The following configuration fields have been added when configuring AWS STS for Red Hat Quay. These fields are used when configuring AWS S3 storage for your deployment.

  • .sts_role_arn. The unique Amazon Resource Name (ARN) required when configuring AWS STS for Red Hat Quay.
  • .sts_user_access_key. The generated AWS S3 user access key required when configuring AWS STS for Red Hat Quay.
  • .sts_user_secret_key. The generated AWS S3 user secret key required when configuring AWS STS for Red Hat Quay.

For more information, see AWS STS S3 storage.

1.11.2. Team synchronization configuration field

The following configuration field has been added for the team synchronization via OIDC feature:

  • PREFERRED_GROUP_CLAIM_NAME: The key name within the OIDC token payload that holds information about the user’s group memberships.

1.12. New API endpoints

The following API endpoints have been added to Red Hat Quay 3.11:

1.12.1. Repository auto-pruning policy endpoints:

The repository auto-pruning policy feature introduces the following API endpoint:

  • */api/v1/repository/<organization_or_user_name>/<repository_name>/autoprunepolicy/

    This API endpoint can be used with POST, GET, and DELETE calls to create, see, and delete auto-pruning policies on a repository for specific users in your organization. Note that you must have admin privileges on the repository that you are creating the policy for when using these commands.

1.13. Red Hat Quay 3.11 known issues and limitations

The following sections note known issues and limitations for Red Hat Quay 3.11.

1.13.1. Red Hat Quay OIDC team synchronization known issues

1.13.1.1. Unable to set user passwords via the User Settings page

There is a known issue when Red Hat Quay uses OIDC as the authentication type with Microsoft Entra ID (previously Azure Active Directory).

After logging in to Red Hat Quay, users are unable to set a password via the User Settings page. This is necessary for authentication when using Docker/Podman CLI to perform image push or pull operations to the registry.

As a workaround, you can use Docker CLI and App Token as credentials when authenticating via OIDC. These tokens, alongside robot tokens, serve as an alternative to passwords and are considered the prescribed method for providing access to Red Hat Quay when authenticating via OIDC.

For more information, see PROJQUAY-6754.

1.13.1.2. Unable to sync change when OIDC user is removed from OIDC

Currently, when an OIDC user is removed from their OIDC provider, the user is not removed from the team on Red Hat Quay. They are still able to use the robot account token and app token to push and pull images from the registry. This is the expected behavior, however this behavior will be changed in a future version of Red Hat Quay. (PROJQUAY-6842)

1.13.1.3. Object ID must be used when OIDC provider is Microsoft Entra ID

When using Microsoft Entra ID as your OIDC provider, Red Hat Quay administrators must input the Object ID of the OIDC group instead of the group name. The v2 UI does not currently alert users that Microsoft Entra ID users must input the Object ID of the OIDC group. This is a known issue and will be fixed in a future version of Red Hat Quay. (PROJQUAY-6917)

1.13.2. STS S3 storage known issue

When using Amazon Web Services (AWS) Security Token Service (STS) with proxy storage enabled, users are unable to pull images and the following error is returned: Error: copying system image from manifest list: parsing image configuration: fetching blob: received unexpected HTTP status: 502 Bad Gateway. This is a known issue and will be fixed in a future version of Red Hat Quay.

1.13.3. Upgrading Red Hat Quay on OpenShift Container Platform 3.8 directly to 3.11 limitation

Upgrading Red Hat Quay on OpenShift Container Platform from 3.8 to 3.11 does not work. Users must upgrade from Red Hat Quay on OpenShift Container Platform from 3.8 to 3.9 or 3.10, and then proceed with the upgrade to 3.11.

For more information, see Upgrade Red Hat Quay.

1.13.4. Configurable resource request limitation

Attempting to set resource limitations for the Quay pod too low results in the pod being unable to boot up with the following statuses returned: OOMKILLED and CrashLoopBackOff. Resource limitations can not be set lower than the minimum requirement, which can be found on the Configuring resources for managed components on OpenShift Container Platform page.

1.13.5. Red Hat Quay v2 UI known issues

The Red Hat Quay team is aware of the following known issues on the v2 UI:

  • PROJQUAY-6910. The new UI can’t group and stack the chart on usage logs
  • PROJQUAY-6909. The new UI can’t toggle the visibility of the chart on usage log
  • PROJQUAY-6904. "Permanently delete" tag should not be restored on new UI
  • PROJQUAY-6899. The normal user can not delete organization in new UI when enable FEATURE_SUPERUSERS_FULL_ACCESS
  • PROJQUAY-6892. The new UI should not invoke not required stripe and status page
  • PROJQUAY-6884. The new UI should show the tip of slack Webhook URL when creating slack notification
  • PROJQUAY-6882. The new UI global readonly super user can’t see all organizations and image repos
  • PROJQUAY-6881. The new UI can’t show all operation types in the logs chart
  • PROJQUAY-6861. The new UI "Last Modified" of organization always show N/A after target organization’s setting is updated
  • PROJQUAY-6860. The new UI update the time machine configuration of organization show NULL in usage logs
  • PROJQUAY-6859. Thenew UI remove image repo permission show "undefined" for organization name in audit logs
  • PROJQUAY-6854. "Device-based theme" doesn’t work as design in Firefox
  • PROJQUAY-6852. "Tag manifest with the branch or tag name" option in build trigger setup wizard should be checked by default.
  • PROJQUAY-6832. The new UI should validate the OIDC group name when enable OIDC Directory Sync
  • PROJQUAY-6831. The new UI should not show invited tab when the team is configured sync from OIDC group
  • PROJQUAY-6830. The new UI should show the sync icon when the team is configured sync team members from OIDC Group
  • PROJQUAY-6829. The new UI team member added to team sync from OIDC group should be audited in Organization logs page
  • PROJQUAY-6825. Build cancel operation log can not be displayed correctly in new UI
  • PROJQUAY-6812. The new UI the "performer by" is NULL of build image in logs page
  • PROJQUAY-6810. The new UI should highlight the tag name with tag icon in logs page
  • PROJQUAY-6808. The new UI can’t click the robot account to show credentials in logs page
  • PROJQUAY-6807. The new UI can’t see the operations types in log page when quay is in dark mode
  • PROJQUAY-6770. The new UI build image by uploading Docker file should support .tar.gz or .zip
  • PROJQUAY-6769. The new UI should not display message "Trigger setup has already been completed" after build trigger setup completed
  • PROJQUAY-6768. The new UI can’t navigate back to current image repo from image build
  • PROJQUAY-6767. The new UI can’t download build logs
  • PROJQUAY-6758. The new UI should display correct operation number when hover over different operation type
  • PROJQUAY-6757. The new UI usage log should display the tag expiration time as date format

1.13.5.1. Red Hat Quay v2 UI dark mode known issue

If you are using the the automatic mode selection, which chooses between light or dark modes depending on the user’s browser preference, your operating system appearance is overridden by the browser website appearance setting. If you find that the device-based theme is not working as expect, check your browser appearance setting. This is a known issue and will be fixed in a future version of Red Hat Quay. (PROJQUAY-6903)

1.14. Notable technical changes

The following technical changes have been made to Red Hat Quay in 3.11.

1.14.1. Removal of support for PgBouncer

Red Hat Quay 3.11 does not support PgBouncer.

1.14.2. IBM Power, IBM Z, and IBM® LinuxONE support matrix changes

Support has changed for some IBM Power, IBM Z, and IBM® LinuxONE features. For more information, see the "IBM Power, IBM Z, and IBM® LinuxONE support matrix" table.

1.15. Red Hat Quay bug fixes

The following issues were fixed with Red Hat Quay 3.11:

  • PROJQUAY-6586. Big layer upload fails on Ceph/RADOS driver.
  • PROJQUAY-6648. Application token Docker/Podman login command fails on windows.
  • PROJQUAY-6673. Apply IGNORE_UNKNOWN_MEDIATYPE to child manifests in manifest lists.
  • PROJQUAY-6619. Duplicate scrollbars in various UI screens.
  • PROJQUAY-6235. mirror and readonly repositories should not be pruned.
  • PROJQUAY-6243. Unable to edit repository description on Quay.io.
  • PROJQUAY-5793. Next page button in tags view does not work correctly when the repo contains manifests and manifests lists.
  • PROJQUAY-6442. new ui: Breadcrumb for teams page.
  • PROJQUAY-6247. [New UI] Menu item naming convention doesn’t follow "First Letter Capital" style.
  • PROJQUAY-6261. Throw Robot Account exist error when entering existing robot account.
  • PROJQUAY-6577. Quay operator does not render proper Clair config.yaml if customization is applied.
  • PROJQUAY-6699. Broken links in Red hat Quay operator description.
  • PROJQUAY-6841. Unable to upload dockerfile for build with 405.

1.16. Red Hat Quay feature tracker

New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.

Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.

Table 1.1. New features tracker
FeatureQuay 3.11Quay 3.10Quay 3.9

Team synchronization for Red Hat Quay OIDC deployments

General Availability

-

-

Configuring resources for managed components on OpenShift Container Platform

General Availability

-

-

Configuring AWS STS for Red Hat Quay, Configuring AWS STS for Red Hat Quay on OpenShift Container Platform

General Availability

-

-

Red Hat Quay repository auto-pruning

General Availability

-

-

Configuring dark mode on the Red Hat Quay v2 UI

General Availability

-

-

Disabling robot accounts

General Availability

General Availability

-

Red Hat Quay namespace auto-pruning

General Availability

General Availability

-

Single site geo-replication removal

General Availability

General Availability

General Availability

Splunk log forwarding

General Availability

General Availability

General Availability

Nutanix Object Storage

General Availability

General Availability

General Availability

FEATURE_UI_V2

Technology Preview

Technology Preview

Technology Preview

Java scanning with Clair

Technology Preview

Technology Preview

Technology Preview

1.16.1. IBM Power, IBM Z, and IBM® LinuxONE support matrix

Table 1.2. list of supported and unsupported features
FeatureIBM PowerIBM Z and IBM® LinuxONE

Allow team synchronization via OIDC on Azure

Not Supported

Not Supported

Backing up and restoring on a standalone deployment

Supported

Supported

Geo-Replication (Standalone)

Not Supported

Supported

Geo-Replication (Operator)

Not Supported

Not Supported

IPv6

Not Supported

Not Supported

Migrating a standalone to operator deployment

Supported

Supported

Mirror registry

Not Supported

Not Supported

PostgreSQL connection pooling via pgBouncer

Supported

Supported

Quay config editor - mirror, OIDC

Supported

Supported

Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise

Not Supported

Not Supported

Quay config editor - Red Hat Quay V2 User Interface

Supported

Supported

Repo Mirroring

Supported

Supported

Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.