Added 5-star rating form to web UI (ENGDTR-2541, ENGDTR-2540).
MSR now applies a 56-character limit on “namespace/repository” length at creation, and thus eliminates a situation wherein attempts to push tags to repos with too-long names return a 500 Internal Server Error (ENGDTR-2525).
MSR now alerts administrators if the storage back end contents do not match the metadata, or if a new install of MSR uses a storage back end that contains data from a different MSR installation (ENGDTR-2501).
Updated golang to 1.16.3 and kube-linter to 0.2.1 (ENGDTR-2561).
Added activity log type DELETE for TagLimit pruning (ENGDTR-2497).
The MSR UI now includes a horizontal scrollbar (in addition to the existing vertical scrollbar), thus allowing users to better adjust the window dimensions.
enableManifestListssetting is no longer needed and has been removed due to breaking Docker Content Trust (FIELD-2642, FIELD-2644).
Updated the MSR web UI Last updated at trigger for the promotion and mirror policies to include the option to specify
beforea particular time (
afteralready exists) (FIELD-2180).
mirantis/dtr --helpdocumentation no longer recommends using the
--rmoption when invoking commands. Leaving it out preserves containers after they have finished running, thus allowing users to retrieve logs at a later time (FIELD-2204).
Fixed broken links to MSR documentation in the MSR web UI (FIELD-3822).
Fixed “nasa bootstrap” integration test (and emergency repair procedure) (ENGDTR-2433).
Fixed an issue wherein pushing images with previously-pushed layer data that has been deleted from storage caused
unknown bloberrors. Pushing such images now replaces missing layer data. Sweeping image layers with image layer data missing from storage no longer causes garbage collection to error out (FIELD-1836).
MSR is not vulnerable to the following CVEs as a result of the update of
mirantiseng/rethinkdbto Alpine 3.13.5:
Though the version of busybox within the container is not vulnerable,
dtr-rethinkvulnerability scans may present false positives for CVE-2018-1000500 and CVE-2021-28831 in the busybox component (ENGDTR-2571).
Vulnerability scans no longer report CVE-2016-4074 as a result of the 2021.03 scanner update.
A self scan of MSR 2.9.1 reveals five vulnerabilities, however these CVEs are not a threat to MSR:
urllib3 version 1.26.4 and later fixes CVE-2021-28363, however the
dtr-jobrunnercontainer uses Alpine which has yet to release urllib3 1.26.4 in a stable repository.
dtr-jobrunnercontainer does not make any outgoing HTTP requests to containers external to MSR and therefore is not susceptible to CVE-2021-28363 (ENGDTR-2581).
A self-scan can report a false positive for CVE-2021-29482 (ENGDTR-2608).