1. Home
  2. Docker Enterprise products
  3. Docker Trusted Registry
  4. DTR release notes

DTR release notes

DTR release notes

Learn about new features, bug fixes, breaking changes, and known issues for each DTR version.

Version 2.6

2.6.16

(2020-11-12)

Bug fixes

  • Fixed issue wherein intermittent scanner failures occurred whenever multiple scanning jobs were running concurrently. Also fixed scanner failures that occurred when scanning certain Go binaries (ENGDTR-2116, ENGDTR-2053).
  • Fixed an issue in which the update_vuln_db (vulnerability database update) job returned success even when a replica failed to update its database (ENGDTR-2039).
  • Fixed an issue wherein the read-only registry banner would remain following a backup/restore, even once the registry was returned to read-write mode. In addition, also fixed an issue in which following a backup/restore the registry could not be set back into read-only mode after it had been unset (ENGDTR-2015, FIELD-2775).
  • Fixed an issue wherein whenever a webhook for repository events was registered, garant would crash when a push created a repository (ENGDTR-2123).

Security

  • Updated images to be built from Go 1.14 (ENGDTR-1989).
  • The following CVEs have been resolved: CVE-2019-15562, WS-2018-0594, CVE-2020-14040 (ENGDTR-2180)

2.6.15

(2020-08-10)

What’s new

  • Starting with this release, we moved the location of our offline bundles for DTR from https://packages.docker.com/caas/ to https://packages.mirantis.com/caas/ for the following versions.

    • DTR 2.8.2
    • DTR 2.7.8
    • DTR 2.6.15

    Offline bundles for other previous versions of DTR will remain on the docker domain.

  • Due to infrastructure changes, licenses will no longer auto-update and the relaged screens in DTR have been removed.

Bug fixes

  • We fixed an issue that caused the system to become unresponsive when using /api/v1/repositories/{namespace}/{reponame}/tags/{reference}/scan
  • We updated help links in the DTR user interface so that the user can see the correct help topics.

Security

  • We upgraded our Synopsis vulnerability scanner to version 2020.03. This will result in improvedvulnerability scanning both by finding more vulnerabilities andsignificantly reducing false positives that may have been previouslyreported.

2.6.12

(2020-01-28)

Bug fixes

  • Fixed the bug that caused the jobrunner logs to flood with unable to cancel request: nil. (docker/dhe-deploy #10805)
  • Update offline license instructions, to direct users to hub.docker.com (and not store.docker.com). (docker/dhe-deploy #10836)
  • Information leak tied to the remote registry endpoint. (ENGDTR-1821)

Security

  • Includes a new version of the security scanner which re-enables daily CVE database updates. Following the patch release upgrade, security scans will fail until a new version of the database is provided (if DTR is configured for online updates, this will occur automatically within 24 hours). To trigger an immediate update, (1) access the DTR UI, (2) go to the Security under System settings, and (3) click the Sync database now button. (docker/dhe-deploy #10847)

    If DTR is configured for offline updates, download CVE Vulnerability Database for DTR version 2.6.12 or higher.

2.6.11

(2019-11-13)

Bug fixes

  • DTR 2.6 will now refuse to accept Docker App pushes, as apps are only available in experimental mode from 2.7 onward. (docker/dhe-deploy #10775)
  • Fixed a bug where UCP pulling image vulnerability summaries from DTR caused excessive CPU load in UCP. (docker/dhe-deploy #10784)

Security

  • Bumped the Golang version for DTR to 1.12.12. (docker/dhe-deploy #10769)

2.6.10

(2019-10-08)

Bug fixes

  • Fixed a bug where the S3 storage driver did not honor HTTP proxy settings. (docker/dhe-deploy #10639)
  • Content Security Policy (CSSP) headers are now on one line to comply with RFC 7230. (docker/dhe-deploy #10594)

2.6.9

(2019-09-03)

Security

  • Updated the Go programming language version for DTR to 1.12.9. (docker/dhe-deploy #10557)

Bug fixes

  • Fixed a bug which can cause scanning jobs to deadlock. (docker/dhe-deploy #10633)

2.6.8

(2019-7-17)

Bug fixes

  • Fixed a bug where non-admin user repository pagination was broken. (docker/dhe-deploy #10464)
  • Fixed a bug where the dockersearch API returned incorrect results when the search query ended in a digit. (docker/dhe-deploy #10434)

Security

  • Bumped the Golang version for DTR to 1.12.7. (docker/dhe-deploy #10460)
  • Bumped the Alpine version of the base images to 3.9.4. (docker/dhe-deploy #10460)

Known issues

  • Web Interface
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.7

(2019-6-27)

Enhancements

  • Added UI support to retain metadata when switching between storage drivers.(docker/dhe-deploy#10340). For more information, see (docker/dhe-deploy #10199) and (docker/dhe-deploy #10181).
  • Added UI support to disable persistent cookies. (docker/dhe-deploy #10353)

Bug fixes

  • Fixed a UI bug where non-admin namespace owners could not create a repository. (docker/dhe-deploy #10371)
  • Fixed a bug where duplicate scan jobs were causing scans to never exit. (docker/dhe-deploy #10316)
  • Fixed a bug where logged in users were unable to pull from public repositories. (docker/dhe-deploy #10343)
  • Fixed a bug where attempts to switch pages to navigate through the list of repositories did not result in an updated list of repositories. (docker/dhe-deploy #10377)
  • Fixed a pagination issue where the number of repositories listed when switching pages was not accurate. (docker/dhe-deploy #10376)

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.6

(2019-5-6)

Security

  • Refer to DTR image vulnerabilities for details regarding actions to be taken, timeline, and any status updates/issues/recommendations.

Enhancements

  • DTR now supports an option to keep your tag metadata when switching storage backends via the API. This is similar to the --storage-migrated option when performing an NFS reconfiguration via docker run docker/dtr reconfigure --nfs-url .... (docker/dhe-deploy#10246)
    • To use this option, first write your current storage settings to a JSON file via curl ... /api/v0/admin/settings/registry > storage.json.
    • Next, add keep_metadata: true as a top-level key in the JSON you just created and modify it to contain your new storage settings.
    • Finally, update your Registry settings with your modified JSON file via curl -X PUT .../api/v0/admin/settings/registry -d @storage.json.

Bug fixes

  • Fixed an issue where replica version was inferred from DTR volume labels. (docker/dhe-deploy#10266)

Security

  • Bumped the Golang version for DTR to 1.12.4. (docker/dhe-deploy#10290)
  • Bumped the Alpine version of the base image to 3.9. (docker/dhe-deploy#10290)

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.5

(2019-4-11)

Bug fixes

  • Fixed a bug where the web interface was not rendering for non-admin users.
  • Removed Users tab from the side navigation #10222

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

:

2.6.4

(2019-3-28)

Enhancements

  • Added --storage-migrated option to reconfigure with migrated content when moving content to a new NFS URL. (ENGDTR-794)
  • Added a job log status filter which allows users to exclude jobs that are not currently running. (docker/dhe-deploy #10077)

Bug fixes

  • If you have a repository in DTR 2.4 with manifest lists enabled, docker pull would fail on images that have been pushed to the repository after you upgrade to 2.5 and opt into garbage collection. This also applied when upgrading from 2.5 to 2.6. The issue has been fixed in DTR 2.6.4. (ENGDTR-330 and docker/dhe-deploy #10105)

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.3

(2019-2-28)

Changelog

  • Bump the Golang version that is used to build DTR to version 1.11.5. (docker/dhe-deploy#10060)

Bug fixes

  • Users with read-only permissions can no longer see the README edit button for a repository. (docker/dhe-deploy#10056)

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
    • Changing your S3 settings through the web interface will lead to erased metadata (ENGDTR-793). See Restore to Cloud Storage for Docker’s recommended recovery strategy.
  • CLI
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.2

(2019-1-29)

Bug fixes

  • Fixed a bug where scanning Windows images were stuck in Pending state. (docker/dhe-deploy #9969)

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Users with read-only permissions to a repository can edit the repository README but their changes will not be saved. Only repository admins should have the ability to edit the description of a repository. (docker/dhe-deploy #9677)
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
    • Changing your S3 settings through the web interface will lead to erased metadata (ENGDTR-793). See Restore to Cloud Storage for Docker’s recommended recovery strategy.
  • CLI
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.1

(2019-01-09)

Bug fixes

  • Fixed a bug where notary signing data was not being backed up properly (docker/dhe-deploy #9862)
  • Allow a cluster to go from 2 replicas to 1 without forcing removal (docker/dhe-deploy #9840)
  • Fixed a race condition in initialization of the scan vulnerability database (docker/dhe-deploy #9907)

Changelog

  • GoLang version bump to 1.11.4.

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Users with read-only permissions to a repository can edit the repository README but their changes will not be saved. Only repository admins should have the ability to edit the description of a repository. (docker/dhe-deploy #9677)
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
    • Changing your S3 settings through the web interface will lead to erased metadata (ENGDTR-793). See Restore to Cloud Storage for Docker’s recommended recovery strategy.
  • CLI
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

2.6.0

(2018-11-08)

New features

  • Web Interface

  • CLI

    • To support NFS v4, users can now pass additional options such as --async-nfs and --nfs-options when installing or reconfiguring NFS for external storage. See docker/dtr install and docker/dtr reconfigure for more details.
    • When installing and restoring DTR from an existing backup, users are now required to specify a storage flag: --dtr-use-default-storage, --dtr-storage-volume, or --nfs-storage-url. This ensures recovery of the configured storage setting when the backup was created. See docker/dtr restore for more details.

  • API

    • Security admins can now export vulnerability scans to CSV via the GET /api/v0/imagescan/scansummary/repositories/{namespace}/{reponame}/ {tag}/export endpoint. Specify text/csv as an Accept request HTTP header.
    • Repository admins can now interact with repository pruning policies using the following endpoints:
    • GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies
    • POST /api/v0/repositories/{namespace}/{reponame}/pruningPolicies
    • GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/test
    • GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/{pruningpolicyid}
    • GET /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/{pruningpolicyid}
    • PUT /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/{pruningpolicyid}
    • DELETE /api/v0/repositories/{namespace}/{reponame}/pruningPolicies/{pruningpolicyid}

    See Docker Trusted Registry API for endpoint details and example usage. Alternatively, you can log in to the DTR web interface and select API from the bottom left navigation pane.

Known issues

  • Docker Engine Enterprise Edition (Docker EE) Upgrade
    • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater. For DTR-specific changes, see 2.5 to 2.6 upgrade.
  • Web Interface
    • Users with read-only permissions to a repository can edit the repository README but their changes will not be saved. Only repository admins should have the ability to edit the description of a repository. (docker/dhe-deploy #9677)
    • Poll mirroring for Docker plugins such as docker/imagefs is currently broken. (docker/dhe-deploy #9490)
    • When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
    • In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the Repository Settings view. (docker/dhe-deploy #9554)
    • Changing your S3 settings through the web interface will lead to erased metadata (ENGDTR-793). See Restore to Cloud Storage for Docker’s recommended recovery strategy.
  • CLI
  • Webhooks
    • When configured for Image promoted from repository events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
    • HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
  • System
    • When upgrading from 2.5 to 2.6, the system will run a metadatastoremigration job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the metadatastoremigration job manually. Learn about manual metadata store migration.

Deprecations

  • API
    • GET /api/v0/imagescan/repositories/{namespace}/{reponame}/{tag} is deprecated in favor of GET /api/v0/imagescan/scansummary/repositories/{namespace}/{reponame}/{tag}.
    • The following endpoints have been removed since online garbage collection will take care of these operations:
      • DELETE /api/v0/accounts/{namespace}/repositories
      • DELETE /api/v0/repositories/{namespace}/{reponame}/manifests/{reference}
    • The enableManifestLists field on the POST /api/v0/repositories/{namespace} endpoint will be removed in DTR 2.7. See Deprecation Notice for more details.
updated: 2023-07-26 11:20