Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. Red Hat Quay release notes
The following sections detail y and z stream release information.
1.1. RHBA-2025:23549 - Red Hat Quay 3.16.0 release
Issued 2025-12-17
Red Hat Quay release 3 is now available with Clair 4.8. The bug fixes that are included in the update are listed in the RHBA-2025:23549 advisory. For the most recent compatibility matrix, see Quay Enterprise 3.x Tested Integrations. For information on the release cadence of Red Hat Quay, see the Red Hat Quay Life Cycle Policy.
1.1.1. Red Hat Quay documentation changes
The following documentation changes have been made with the Red Hat Quay 3.16 release:
The Deploying Red Hat Quay on OpenShift Container Platform documentation has been refactored. This book is now organized as follows:
- Introduction to the Red Hat Quay Operator
- Installing the Red Hat Quay Operator from the OperatorHub
- Deploying the Red Hat Quay registry
- Creating the first user
- Modifying the QuayRegistry CR after deployment
- Enabling features after deployment
- Deploying Red Hat Quay on infrastructure nodes
- Advanced configuration
- Troubleshooting
This refactor streamlines the process of deploying a registry before introducing more advanced topics.
1.1.2. Red Hat Quay new features and enhancements
The following updates have been made to Red Hat Quay.
1.1.2.1. Red Hat Quay default UI
With this release, the v2, React-based UI is now the default UI. Procedures throughout this documentation have been updated to reflect these changes.
1.1.2.2. Image pull activity tracking
Previously, determining whether an image tag was safe to delete was difficult because usage data was not easily accessible. Although pull events were recorded in audit logs, analyzing that information was often inefficient or impractical.
With this release, Red Hat Quay introduces image pull activity tracking in the v2 UI. This feature provides clear visibility into how often and when image tags are pulled, giving users valuable insight into image usage and popularity across repositories. It can be enabled by setting FEATURE_IMAGE_PULL_STATS: true in your config.yaml file.
For more information, see Managing auto-pruning policies using the Red Hat Quay UI.
1.1.2.3. v2 UI Superuser panel
With this update, a new Superuser panel is available on the Red Hat Quay v2 UI. When you are logged in to the v2 UI as a superuser, this panel is available in the navigation pane.
The following information can be viewed from the Superuser panel:
- Service keys
- Change log
- Usage logs
- Messages
- Build logs
This panel is nearly equivalent to the Superuser Admin Panel on the v1 UI with one exception: Red Hat Quay superusers now create new users from the Organizations page of the v2 UI.
1.1.2.4. Proof Key for Code Exchange support for OIDC authentication
Previously, Red Hat Quay could not authenticate with Proof Key for Code Exchange (PKCE) providers, such as Azure AD or Okta. This led to a loss of service for affected customers.
With this release, PKCE is now supported for OpenID Connect (OIDC) authentication. Red Hat Quay administrators can enable PKCE on a per-OIDC provider basis in their config.yaml file.
For more information, see Configuring OIDC for Red Hat Quay.
1.1.2.5. Global read-only superuser enhancements
With this release, global read-only superusers that are configured through the GLOBAL_READONLY_SUPER_USERS field can now view the following information within the registry:
- All Red Hat Quay API v1 resources
- All Red Hat Quay API v2 resources
- Layers, CVEs, and pull statistics
- All actions on tenant content
- All organization settings, such as storage quota or pull-through proxy cache states
- All information under the Superuser panel on the v2 UI
1.1.3. Red Hat Quay on OpenShift Container Platform new features and enhancements
The following updates have been made to Red Hat Quay on OpenShift Container Platform.
1.1.3.1. Support for optional storage class customization
This update provides the option to specify a custom storageClassName for the managed Postgres and ClairPostgres Persistent Volume Claims (PVCs). It also enhances the Operator’s resilience by adding dedicated PVC health monitoring and event tracking, ensuring faster detection and reporting of storage provisioning failures. Lastly, it streamlines internal component health checks for improved maintainability.
The following example YAML shows you how to set the storageClassName field in your QuayRegistry CR:
The storageClassName field is immutable for a bound PersistentVolumeClaim (PVC). You must define the custom storage class during the initial installation of the component. Changing this value after the component has been created causes the Operator’s reconciliation to fail.
For more information about configuring resource requests for the QuayRegistry CR, see Configuring QuayRegistry CR resources.
1.1.4. Red Hat Quay configuration fields updates and changes
The following configuration fields have been added to Red Hat Quay 3.16.
1.1.4.1. Image pull statistics API endpoints
The following configuration options have been added to track image activities. When enabled, clear visibility into how often and when image tags are pulled are provided in the UI.
| Field | Type | Description |
|---|---|---|
| FEATURE_IMAGE_PULL_STATS | Boolean |
Whether to track and display image pull statistics. |
| REDIS_FLUSH_INTERVAL_SECONDS | Integer |
Interval, in seconds, at which the Redis flush worker clears old data. Shorter intervals keep data fresher and help prevent Redis from bloating, while longer intervals reduce flush frequency. |
| PULL_METRICS_REDIS | Object |
Connection settings for the Redis database used to store image pull metrics. The |
1.1.4.2. Splunk HEC timeout configuration field
A new parameter, timeout, has been added to the splunk_config object for when you configure Splunk HTTP Event Collector (HEC) for Red Hat Quay
| Field | Type | Description |
|---|---|---|
| .timeout | Integer | Timeout in seconds for HTTP requests to Splunk HEC endpoint. Prevents requests from hanging indefinitely when Splunk is unresponsive. |
For more information, see Configuring action log storage for Splunk.
1.1.4.3. Disabling the Red Hat Quay legacy UI completely
The Red Hat Quay v2 UI is now the default UI. Users can toggle between the v1/legacy UI and the v2 UI by clicking their username and the Legacy UI / Current UI toggle when FEATURE_UI_V2: true is set in their config.yaml file.
The following configuration fields are available to completely disable the legacy UI, or to set it as the default UI. However, users and administrators should remain aware that the v1 legacy UI is deprecated and planned for removal in a future version of Red Hat Quay.
| Field | Type | Description |
|---|---|---|
| DISABLE_ANGULAR_UI | Boolean |
Disable legacy Angular UI pages and redirects. Defaults to |
| DEFAULT_UI | String | Allows Red Hat Quay administrators the option to set the default UI to the angular theme (legacy) or react theme (v2 UI). |
1.1.4.4. Enabling PKCE for OIDC authentication
With this release, Proof Key for Code Exchange (PKCE) is now supported for OpenID Connect (OIDC) authentication. Red Hat Quay administrators can enable PKCE with the following configuration fields.
| Field | Type | Description |
|---|---|---|
| USE_PKCE | Boolean |
Whether to enable support for Proof Key for Code Exchange. Defaults to |
| PKCE_METHOD | Integer |
The code challenge method used to generate the |
| PUBLIC_CLIENT | Boolean |
Whether to omit |
For more information, see Configuring OIDC for Red Hat Quay.
1.1.5. API endpoint enhancements
The following API endpoints were added in Red Hat Quay 3.16.
1.1.5.1. Image pull statistics API endpoints
New tag API parameters, getTagPullStatistics and getManifestPullStatistics, have been added to the Red Hat Quay API. With these fields, users can return image pull statistics for tags and manifests. Statistics include the last date that the tag or manifest was pulled, and how many times the tag or manifest has been pulled.
| Name | Description | Schema |
| getTagPullStatistics | Retrieve pull statistics for a specific repository tag. | object |
| getManifestPullStatistics | Retrieve pull statistics for a specific manifest digest in a repository. | object |
See Chapter 22. tag for more information, including example commands.
1.1.5.2. App token API endpoint
A new API parameter, listAllAppTokens, has been added to the Red Hat Quay API. This endpoint enables superusers to manage and audit application-specific tokens.
| Name | Description | Schema |
| listAllAppTokens | List all application tokens across all users in the system. Requires superuser or global read-only superuser privileges. | object |
See Chapter 22. superuser for more information, including example commands.
1.1.6. Notable technical changes
The following section highlights notable technical changes for Red Hat Quay 3.16.
1.1.6.1. Nginx upgrade
Nginx version 1.22 went end-of-life (EOL) in November, 2025. With this update, Nginx references have been upgraded to version 1.24.
1.1.7. Red Hat Quay 3.16 deprecation notices
This section lists features, configuration options, and APIs that are deprecated in Red Hat Quay 3.16. Deprecated functionality remains available for now but is planned for removal in a future release. You should migrate away from these features to ensure compatibility with upcoming versions.
1.1.7.1. v1 UI deprecation notice
With this release, the Red Hat Quay v1 UI (legacy UI or angular UI) is deprecated.
Deprecation serves as an official notice that the v1 UI will be removed in a future release. Customers should begin planning their transition to the v2 UI. The exact version in which the v1 UI will be completely removed has not yet been determined, but it will be after version 3.16.
The new v2 react-based UI is now the default UI. We encourage customers to explore the updated interfaces and workflows in preparation for this transition.
1.1.7.2. Container Security Operator deprecation notice
The Container Security Operator has been deprecated and is planned for removal in a future release of Red Hat Quay and OpenShift Container Platform. The official replacement product of the Container Security Operator is Red Hat Advanced Cluster Security for Kubernetes.
1.1.8. Known issues and limitations
The following sections note known issues and limitations for Red Hat Quay 3.16.
1.1.8.1. Cannot download build logs from the v2 UI
After an image is built successfully when using the Red Hat Quay v2 UI, users are unable to download the build logs. Attempting to click the Download button on the v2 UI results in the following error: 404 Not Found.
As a temporary work around, you can download build logs by using the v1 UI.
1.1.9. Red Hat Quay bug fixes
The following issues were fixed with Red Hat Quay 3.16:
PROJQUAY-6106. Before this update, Red Hat Quay development on newer Macs was blocked due to Rehash library incompatibility with OpenSSL 3.
With this release, Quay now supports OpenSSL 3, resolving compatibility issues on newer Macs and enabling UBI 9 development.
PROJQUAY-9732. Before this update, the bug occurred when configuring remote registry
ghcr.iowithout a valid token, resulting in401or403responses. This prevented users from saving organization config for remote registry.With this release, the fix allows saving proxy config for
ghcr.iowith401or403responses. As a result, end users can now save and configure remote registryghcr.ioduring organization creation.PROJQUAY-9579. Before this update, the Quay new UI image tags management did not display the Cosign icon for signed images, due to a lack of the necessary behavior. As a consequence, users could not see the Cosign tag indication in the Quay new UI, affecting the visibility of signed images.
With this release, the Quay new UI now displays the Cosign-signed tag icon, matching the behavior of the Quay Current UI. As a result, the Quay new UI correctly displays the "Signed by Cosign" icon for images.
PROJQUAY-9525, PROJQUAY-9461. Before this update, the Quay new UI failed to display customized registry titles on the browser tab, causing user recognition issues.
With this release, the browser tab name in the new UI now correctly displays customized registry titles. As a result, the customized registry title is displayed correctly in the Quay new UI browser tab.
PROJQUAY-9272, PROJQUAY-9060. Before this update, the removal of the dropdown option for regular expression search in search fields caused the bug. As a consequence, the regular expression search option was missing from search fields, affecting user experience.
With this release, the search field regular expression option is now functional again. As a result, search regular expression option has been restored, enabling advanced search functionality for users.
-
PROJQUAY-7538. Before this update, repository path with multiple slashes caused unpacking error in
util/jinjautil.py. As a consequence, users received incomplete email notifications for repository updates with slash-separated names. With this release, email notifications for repositories with slashes have been fixed by adjusting the repository path splitting inutil/jinjautil.py. As a result, email notifications for repositories with slashes are now working correctly.
1.1.10. Red Hat Quay feature tracker
New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.
| Feature | Quay 3.16 | Quay 3.15 | Quay 3.14 |
|---|---|---|---|
| General Availability | - | - | |
| v1 UI | Deprecated | Deprecated | General Availability |
| General Availability | General Availability | General Availability | |
| General Availability | Technology Preview | Technology Preview |
1.1.10.1. IBM Power, IBM Z, and IBM® LinuxONE support matrix
| Feature | IBM Power | IBM Z and IBM® LinuxONE |
|---|---|---|
| Allow team synchronization via OIDC on Azure | Not Supported | Not Supported |
| Backing up and restoring on a standalone deployment | Supported | Supported |
| Clair Disconnected | Supported | Supported |
| Geo-Replication (Standalone) | Supported | Supported |
| Geo-Replication (Operator) | Supported | Not Supported |
| IPv6 | Not Supported | Not Supported |
| Migrating a standalone to operator deployment | Supported | Supported |
| Mirror registry | Supported | Supported |
| Quay config editor - mirror, OIDC | Supported | Supported |
| Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise | Not Supported | Not Supported |
| Quay config editor - Red Hat Quay V2 User Interface | Supported | Supported |
| Quay Disconnected | Supported | Supported |
| Repo Mirroring | Supported | Supported |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}