New features

Support for CVSS Version 3 scanning.


  • Users can now filter through repository tags with a type of either app, image, or plugin.

  • All cron jobs are now included in backups.

  • An alert now displays in the bottom right side of the MSR web interface when a user scans a tag.

  • Improvement to performance on Scan Summary API (POST api/v0/imagescan/ scansummary/ tags)

  • Addition of pagination for promotion policies in the MSR web interface.

  • An option is now availalbe for reducing backup size by not backing up the events table for online backups (offline backups do not have this option). This adds a new flag to MSR CLI for the backup command that is --ignore-events-table.

  • Addition of an Event parameter validation to include parameters for event or object type.

  • Create events for repository permission changes.

  • Addition of a check prior to running MSR remove that determine whether a replica id exists in the cluster. Can be overridden with –force.

  • Improvement to the error messaging for default crons when there is no advance license.

Bug fixes

  • Pull mirroring policies now do a full pull mirror for a repository when the tag limit is increased, a pruning policy is deleted, or when a policy pulls a tag that has just been deleted.

  • Addition of a repository event that will distinguish policy promotions from manual promotions that are done on a single image using the Promote button in the MSR web interface.

  • Fix of an issue that prevented license information from updating after the license is changed in the MSR web interface.

  • Improvements to the MSR web interface for organizations, including the organization list, the organization viewer, the organization repo, and the new organization screen.

  • Fixed an issue where the constituent image platforms was not populated for the /api/v1/repositories/{namespace}/{reponame}/tags and /api/v1/repositories/{namespace}/{reponame}/tags/{reference} API endpoints

  • Fxed an issue with invoking /api/v0/workers/{id}/capacity API with an invalid {id}, which should cause a 404 error but instead returns 200 (OK).

  • Fixed misleading error messaging on immutable repos.

  • Fixed issue where scan summaries were not exporting correctly.

  • Fixed an issue where the repository readme wouldn’t update.

  • Fixed an issue where the repository readme submission wouldn’t show.

  • Fixed pull / push mirroring validation logic.

  • Fixed broken webhook skipTLS button.

  • Fixed issue where scanning information wasn’t being copied over with promotion policies.

  • Fixed issue where notification banners were making part of the UI inaccessible.

  • Fixed a bug where webhook events weren’t being tracked correctly.

  • Fixed a bug where pagination for namespace repositories for a non admin user was not working.

  • Scanning data that corresponds to images and layers marked for deletion is deleted during garbage collection.


  • Fixed problem where storage backend credentials were being returned in API calls to admin/settings.

Known issues

MSR does not yet offer a method for deleting scanned data that has been orphaned following the garbage collection of associated metadata.