Skip to content

Latest commit

 

History

History
906 lines (736 loc) · 55 KB

CHANGELOG.md

File metadata and controls

906 lines (736 loc) · 55 KB

Upcoming Version

2.4.1

This release consists mostly of bug fixes and upgrades from vulnerable gems. Thank you everyone involved!

  • af08f6211abb db: added index on scan_result
  • a282fff71bd4 Properly show tokens for bots
  • a55c0ec2f827 Upgraded cconfig to fix a configuration issue
  • d3be549af55f Fixed namespace duplication
  • 3591e04ba75c ui: fixed team creation for standard user
  • 52915908e36b ui: fixed repositories performance view issue
  • 69e41ece3f8a Reduced amount of rendered data for repository entity
  • 942f18113fa1 Fixed breaking changes from pagination commit
  • 762c9665bb11 policies: fixed destroy for repositories/tags
  • Upgraded the following gems due to vulnerabilities:
    • 5f90273e0b9a nokogiri
    • 351fc7d27b3e loofah
    • d3be549af55f rack
    • ae62d4c4c0b7 rails

2.4.0

Highlight

Configuration changes

We have introduced quite some configurable options. Some of them are new, and some other are merely additions to existing ones.

First of all, we have expanded the configuration for the mailer. We are now providing more options so administrators have more flexibility in regards to how they manage SSL/TLS. You can read the update documentation of the mailer here.

Moreover, the delete option has now two new options:

  1. You can allow contributors to delete namespaces/repositories/etc. with the delete.contributors option (it's set to false by default).
  2. The background process can now automatically remove images that are older than a certain date, or that match a given tag. This is disabled by default and it's under the delete.garbage_collector option.

You can read more about this here.

LDAP has also seen some updates. First of all, this release includes the changes described in the 2.3.3 release when it comes to encryption, but it also adds the new timeout option, in which you can tune the timeout in seconds for LDAP lookups. You can read more about this here.

We have also expanded the user_permission section, so administrators can further tune what regular users can do. In more details:

  • We have added the create_webhook and the manage_webhook options, in order to restrict webhook management (it is not restricted by default).
  • We have added the push_images option, which accepts three possible values under its policy key:
    • allow-teams: the default policy, which works as how Portus used to work up until now: owners and contributors of teams can push.
    • allow-personal: team policy is removed, non-admin users will only be able to push into their personal namespaces.
    • admin-only: only administrators are allowed to push images.

You can read a summary of the user_permission.push_images option here.

Furthermore, you can now also tune the pagination rule being applied to all UI elements which contain a list (e.g. the list of repositories).

Last but not least, we have increased the default value for the JWT token expiration time, since it has been reported that the default value was just too small.

Moved portusctl into another project

The portusctl tool has been rewritten and moved into its own project. This has allowed us to expand its possibilities, since now it will mainly interact with your Portus instance through the API. The interface of this tool has changed quite a lot, but we kept the ability to execute commands inside of your Portus instance (i.e. the existing exec command). This new tool is already included in Docker images based on this 2.4 version of Portus.

Changes on the API

We have added new endpoints, as you will see on the list below. We would like to highlight the bootstrap endpoint. This endpoint allows an administrator of a Portus instance to create the first admin user of Portus and to fetch an application token that has been created for this same user. This way, you no longer need the UI in order to perform the first steps of your instance.

Besides this, the Portus UI itself is using more and more this API, instead of using a more traditional approach. Last but not least, we have changed existing endpoints with more refined status codes, better response objects, etc. Make sure to visit the API documentation.

Added bots

We have introduced a new concept: bots. Bots are regular users that are created by administrators, but with some subtleties:

  • A bot doesn't own a personal namespace.
  • A bot cannot login via web.
  • A bot can only log in with application tokens (a token is generated automatically when creating a bot).

Namespace deletion

After much delay, we have implemented namespace deletion. You don't have to change anything from your configuration in order to have this enabled (it depends on the same delete.enabled configuration).

Features

  • 20c7e04acdfb Local login form can be disabled (#1603)
  • 23e455516156 webhooks: added the name column (#1581)
  • 53ce8967395b Allow contributors to delete repositories/tags (#1696)
  • 0c0d46b67f6c config: added option to generally disable push access to non-admin users (#1705)
  • f0432d102b49 api: added bootstrap endpoint (#1681)
  • 2fcbeda7edbb api: added update methods for namespaces and teams (#1794)
  • c9e32324a848 Added permissions on webhooks (#1806)
  • bf4e913552b8 config: removed the deprecated ldap.method key (#1821)
  • 7f82a44078c3 Added the possibility to create bots (#1856)
  • 5ee93c4b1b96 background: implemented garbage collector (#1864)
  • 94f78377e699 Implemented namespace deletion (#1938)

Fixes

  • 0b7a651e8114 api: take the relative url root into account (#1610)
  • 7b28926a34b8 api: removed slash duplication from ajax calls (#1628)
  • 57d1f93f9931 health: don't panic on malformed Clair URL (#1665)
  • e85ed519974d Increased the text storage for vulnerabilities (#1670)
  • 02d387363881 sync: rollback if events have happened (#1675)
  • 7e60b7155429 sync: added sync-strategy as a config value (#1675)
  • 459c1953a0f9 security: don't crash on clair timeouts (#1762)
  • 640e48c7b9a4 security: fetch the manifest more safely (#1768)
  • b97636183d0e sync: do not remove repositories on some errors (#1787)
  • 83b4b3a9fa97 ui: fixed hostname copied to clipboard on tags (#1792)
  • 4625761e8ede api: explicitly set 204 status instead of nothing (#1804)
  • ae80df228db8 ldap: fixed a couple of bugs around SSL support (#1817)
  • 4c25b2367349 health: catch all exceptions for registries (#1831)
  • 291b049e1e8d ldap: fixed a crash when search fails (#1834)
  • fc133a48787f user: do not allow the update of the portus user (#1896)
  • cef7f4c506bd passwords: don't allow the portus user to reset (#1896)
  • 67ba269d33ee user: skip validations when creating portus user (#1896)
  • 9af3f2277d7b Restrict deletes into the repository (#1973)

Improvements

  • 9aa3ee218ffd api: added create and update methods to registries (#1663)
  • aa3ccb19132e background: mark failed scans as re-schedulable (#1671)
  • 54dade970964 api: added endpoints for re-scheduling scanning (#1672)
  • cc6e5046a441 background: add the possibility to disable background tasks (#1679)
  • e6683066f3d8 config: make reply_to setting optional (#1699)
  • 07d33f4ad80b policies: added more fine-grained push policies (#1729)
  • 02fec6da7996 teams: improved team creation form with owner (#1776)
  • 10ab3456bc4d security: added a table for vulnerabilities (#1778)
  • ee295ee896e0 ui: added users and registries into the sidebar (#1784)
  • d2d90d424555 ui: splitted repositories into different panels (#1785)
  • 6482ed7522f5 ui: unified admin page with regular page (#1783)
  • 6cd886a4fad0 ui: show external hostname for registries (#1791)
  • 49c6aefd1e76 authentication: use a more fine-grained scope for Github (#1800)
  • c524f37461ff ui: added visibility to namespace edit form (#1826)
  • a80fbaa0e880 ui: added enabled toggle to webhooks edit form (#1827)
  • a6f6035d40b9 health: implemented check for LDAP (#1828)
  • ccdbd31bea78 js: replaced typeahead.js w/ vue-multiselect (#1811)
  • ec6adb71f521 ui: improved and refactored namespace#show page (#1837)
  • 6cd0af5f4b93 js: reduced bundle size (#1891)
  • f777a5effb16 oauth/gitlab: allow to use private gitlab server (#1903)
  • f1e8a103dfa4 oauth/gitlab: be sure to load all groups (#1903)
  • 10cb892b0b24 docker: allow Puma to bind to unix socket also in production (#1880)
  • 4b57ad666846 docker: make it possible to connect to a database socket (#1880)
  • 82199e9ade87 js: splitted into bundles and chunks (#1924)
  • 990a04e36116 config: raise the default puma workers number (#1938)
  • 688cb501f7cf config: expanded the mailer section (#1967)
  • bef0fe19d3a5 config: added pagination options (#1815)
  • 35ba42f2a4f1 config: added LDAP timeout option (#1821)
  • 648450748bed Remind users to login again after password update (#1969)
  • 914cc9ebfdee tasks: added portus:db:configure (#1970)
  • bc28c049bd10 config: raised the value for JWT expiration time (#1979)

Packaging

  • 279de0a3762b Add "js()" to the bundled javascript libs (#1744)
  • 66bcd6a58b28 Including gems as sources (#1948)
  • e3ddaa042154 Require portusctl as a separate package (#1948)
  • a6a3a36b00c6 Add automatic generation of bundled js files (#1948)
  • 89566d7da334 Do not recommend mariadb (#1948)
  • e350e0cae365 Define rb_suffix before its usage in fix_sheb (#1948)
  • 556778b9f3aa Using the cpio strategy for adding/removing gems as sources (#1962)

Other

  • c97663be06cd Removed deprecated code from 2.3 (#1604)
  • 3b912ebd1684 help: point to the API documentation on production (#1647)
  • 190edbaea06c Introduced unit testing for Javascript components (#1592)
  • ecca2d9c6336 js: added unit tests for vue components and utils (#1661)
  • f297fd71618b Re-implemented from scratch integration tests (#1716)
  • d534723aa762 spec: added chrome headless as default js runner (#1866)

2.3.7

  • ad5d649a3344 Upgraded some gems with known vulnerabilities.

2.3.6

  • 81179951f458 Restrict deletes into the repository (#1973)
  • 066f06f4e713 Remind users to login again after password update (#1969)

2.3.5

  • 7755c7201d61 Update sprockets to fix cve-2018-3760

2.3.4

  • ced82ca92149 oauth/gitlab: be sure to load all groups (#1903)
  • 23b7daef71e8 oauth/gitlab: fix for local servers (#1903)
  • f2a3ef0eee62 fixed regression on registries not being created (#1911)
  • 7da007a5e604 portusctl: improved the detection of containerized deployments (#1879)
  • b1c803a70146 user: do not allow the update of the portus user (#1896)
  • 1bd967039787 passwords: don't allow the portus user to reset (#1896)
  • 7b54698625d4 user: skip validations when creating portus user (#1896)
  • 58a2c3bd04dc config: allow Puma to bind to unix socket also in production (#1880)
  • 7ac882a6ebbc config: make it possible to connect to a database socket (#1880)

2.3.3

  • 93df51cce0da ldap: don't crash on search when guessing an email (#1832)
  • 45814babef7e packaging: added new encryption options for LDAP
  • 4892eb1dc5ce ldap: fixed a couple of bugs around SSL support (#1746, #1774, bsc#1073232)
  • dc769adcddfe devise: use a more fine-grained scope for Github (#1790)
  • ae07ec4ca2cd sync: do not remove repositories on some errors (#1293, #1599)
  • 17e82c0791ba lib: be explicit on the exceptions to be rescued
  • 88553b817552 portusctl: added Clair timeout to the options
  • fed2818e8a96 security: fetch the manifest more safely (#1743)
  • 943c7627feab security: don't crash on clair timeouts (#1751)

Words of warning

Commits 45814babef7e and 4892eb1dc5ce introduce some new options for LDAP. In particular, the following options have been added inside of the ldap configuration:

  # Encryption options
  encryption:
    # Available methods: "plain", "simple_tls" and "start_tls".
    method: ""
    options:
      # The CA file to be accepted by the LDAP server. If none is provided, then
      # the default parameters from the host will be sent.
      ca_file: ""

      # Protocol version.
      ssl_version: "TLSv1_2"

Notice that the old ldap.method is getting deprecated and in later versions it will be removed. Thus, you should use these options from now on.

2.3.2

  • Upgraded loofah and rails-html-sanitizer to fix CVE-2018-3741

2.3.1

  • Upgraded loofah rubygem so we avoid hitting CVE-2018-8048.

2.3.0

Highlight

Security scanning

Portus is now able to scan security vulnerabilities on your Docker images. This is done with different backends, where the stable one is CoreOS Clair. You have to enable the desired backends and then Portus will use them to fetch known security vulnerabilities for your images.

Note: this version of Portus supports Clair v2 specifically (current master branch is not supported).

You can read the blog post for more info.

Commits: 4cd875c2aa9f, d3454cfb84f3, f19094b98737.

Background process

One of the main issues for Portus was that sometimes it took too long to complete certain critical tasks. For this release we have moved these tasks into a separate background process. This background process resides in the bin/background.rb file, and it can be enabled for containerized deployments by setting the PORTUS_BACKGROUND environment variable to true.

The following tasks have been moved into this new process:

  • Security scanning: after testing security scanning more in depth, we noticed that sometimes it could block Portus when showing the main page for repositories. This was the first task moved into this new process. Commit: e0f7d53cb2b2.
  • Registry events: before creating this process, we dealt with incoming registry events in the main Portus process. The problem with this was that after getting a push event, for example, Portus had to fetch manifests, which could take quite some time. This meant that Portus got blocked in some deployments. Now Portus will simply log the event, and then the background process will process it right away (by default this process will check for events every 2 seconds). This task can be disabled as documented here. Commit: 6a4f7d7dca60.
  • Registry synchronization: we have removed the crono process in favor of this new process. Hence, the code that was executed in previous releases by crono has been merged as another task of this new process. Moreover, since it can be quite dangerous, we have added some configuration options: it can be disabled; and it can be tuned with a strategy (from a riskier approach to a safer one). All this has been documented in its documentation page. Commit: ced9b46a9064.

Note on deployment: this new background process has to have access to the same database as the main Portus process.

Anonymous browsing

Portus will now allow anonymous users to search for public images. This is a configurable option which is enabled by default. You can read more about this in the documentation.

Commits: 274c0908a83c, 9d6cc25fd0b4.

OAuth & OpenID Connect support

Portus' authentication logic has been extended to allow OAuth & OpenID Connect. For OAuth you are allowed to login through the following adapters: Google, Github, Gitlab and Bitbucket. Check the config/config.yml file for more info on the exact configurable options.

Commit: 0a5fefdd14d9.

Thanks a lot to Vadim Bauer (@Vad1mo) and Andrei Kislichenko (@andrew2net) for working on this!

API

An effort to design and implement an API for Portus has been started. This is useful for CLI tools like portusctl among other user cases. We do not consider the API to be in a stable state, but it is useful already. We will continue this effort in forthcoming releases. Commits: 2129833f27f0, 28f77d3352ea, 5a9437bba42d, 451e508bd86a, 185f18e98638, a9bdab58d150, 8b42887f83a5, fbe7e8d4ef53, 4a79f222f93b, fbe7e8d4ef53.

Thanks a lot to Vadim Bauer (@Vad1mo) and Andrei Kislichenko (@andrew2net) for working on this!

Puma

The deployment of Portus has been simplified as much as possible. For this reason we have removed a lot of clutter on our official Docker image, and we have embraced best practices for deploying Ruby on Rails applications. For this reason we have set Puma as the web server for Portus.

Commits: 09b722f56221, 9fd61ba7bae0, 6a3b8ca74edb, 2488791f8f54.

Production deployment examples

We provide in the source code examples that illustrate how Portus is intended to be deployed on production. These examples reside in the examples directory. Some observations:

  • As stated above, set the PORTUS_BACKGROUND environment variable to true for the background process.
  • You can set RAILS_SERVE_STATIC_FILES to true if you want Portus to serve the assets directly (e.g. if you don't want a load-balancer like NGinx or HAproxy to do this).
  • Use the new PORTUS_DB_ environment variable prefix instead of the old PORTUS_PRODUCTION_ one for database options. Moreover, in the database you can now specify more options like PORTUS_DB_POOL for stating the DB pool.
  • Portus will complain if you provide old environment variables like PORTUS_PRODUCTION_DATABASE, or if you forgot to specify some relevant environment variables for production like PORTUS_MACHINE_FQDN_VALUE. Commit: 06a405c4f5fd.

Commit: ba7b15ed42d0.

Helm Chart

An official Helm Chart for deploying Portus in a Kubernetes cluster is being developed. It is expected to be released soon after this release.

PostgreSQL support

Some tools like CoreOS Clair require PostgreSQL as their database. When developing support for security scanning we noticed that it was quite redundant to have two different databases running. For this reason, we have added PostgreSQL support, so you can use PostgreSQL for both Portus and Clair.

Commit: af1b8b6ca725.

Upgrade to Ruby 2.5

Some features required an upgrade of Ruby. Since SLE 15 and Tumbleweed will most likely have Ruby 2.5 as their default version, we have anticipated this move. So, now Portus is supported for Ruby 2.5. If you try to run Portus on previous versions, it will error out during initialization (commit: ea02cab5c822).

Commits: a2407506ff5c, d86d46c9313c, 46a5a34fda40.

Improvements and small features

Fixes

  • Add core-js pollyfills, so internet access is not needed. Commit: 02cf5212a28c.
  • Fixed performance problems on the activities page. Commit: b5fd93bd9486.
  • Fixed table pagination. Commit: f05aad9e6183.
  • Fixed some issues on activities. Commit: db553f8d0bcc.
  • Honor external_hostname in token generation. Commit: 802bb89b0ec4.
  • Fixed Vagrant setup. Commit: 6ca35b1bc2e7.
  • Read the TZ env variable to display dates correctly. Commit: e2eed1463aaa.
  • LDAP: avoid clashes on emails. Commit: 1a57f0f7f95b.
  • Fixed icons spacing/positioning. Commit: ab34bf9ebc5b.
  • Fixed team name validation behavior. Commit: 86e72f88b20f.
  • Fixed a render error on the search/index page. Commit: d12306daa47b.
  • Fixed the namespace and team name clashes. Commit: eec31da471a7.
  • Properly check SSL requirements. Commit: a86ec03923f8.
  • Fixed tag name uniqueness validation. Commit: 83478b1911b0.
  • Fixed crash on null author of a tag. Commit: 7f84fbc60307.
  • Update tags by digest when scanning. Commit: 46065607fbc1.
  • Fixed crash when vulnerabilities were not found. Commit: a904cef41cb2.
  • Added some checks on mailer configuration to avoid crashes later on. Commit: c3ba1b50ca31.
  • Catch exceptions on password resets creation. Commit: 9d2ba4748693.
  • Registry Client should probe that the /v2/ path reachable and that we accept 200 responses as well. Commit: 2b0bf59a2601.
  • Upgraded jQuery to 3.x to avoid security issues. Commit: 0505c177f5d2.

CVE

This release includes a fix for CVE-2017-14621. Thanks a lot Ricardo Sánchez for reporting this security issue! Commit: c21dfec24cfc.

Development

Upgrading

In this section we want to detail some things that you might want to take into account when upgrading to 2.3:

  • As explained above, Puma is now the HTTP server being used. Make sure to use the PORTUS_PUMA_TLS_KEY and the PORTUS_PUMA_TLS_CERT environment variables to point puma to the right paths for the certificates. Moreover, if you are not using the official Docker image, you will have to use the PORTUS_PUMA_HOST environment variable to tell Puma where to bind itself (in containerized deployments it will bind by default to 0.0.0.0:3000).
  • The database environment variables have changed the prefix from PORTUS_PRODUCTION_ to PORTUS_DB_. Moreover, you will be able now to provide values for the following items: adapter (set it to postgresql for PostgreSQL support), port, pool and timeout. All these values are prefixed by PORTUS_DB_ as well, so for example, to provide a value for the pool you need to set PORTUS_DB_POOL.

Finally, we are not running migrations automatically anymore as we used to do before. This is now to be done by the administrator by executing (on the Portus context in /srv/Portus or simply as part of a docker exec command):

$ portusctl exec rake db:migrate

For more details on this check the commits 7fdfe9634180 and 1c4d2b6cf0e0.

Deprecations

Some configuration options that were soft-deprecated in 2.2 will now raise a DeprecationError. These are:

  • The expiration time of the JWT token can no longer be expressed as a string with a format: x.minutes. You have to provide now an integer representing the minutes for the jwt_expiration_time configurable option. Users that have not touched this option since the 2.1 times will have to change this.
  • The jwt_expiration_time option was moved to registry.jwt_expiration_time in 2.2. Now, if you continue to provide the former rather than the latter, you'll get a DeprecationError exception.

Besides this, Portus will also raise a DeprecationError during initialization in the case you provided the prefix PORTUS_PRODUCTION_ for database configurable options instead of PORTUS_DB_.

Finally, portusctl as provided by Portus is getting deprecated in favor of openSUSE/portusctl. This new portusctl has been built from scratch for the following reasons:

  • Since 2.3 our main focus is the support containerized deployments. Therefore, portusctl's main task to setup the installation didn't make sense anymore.
  • Moreover, from experience we noticed lots of corner cases where the old portusctl was simply not effective.
  • With the introduction of the API, we wanted to re-purpose the tool to be more similar to tools like kubectl for Kubernetes. That is, a CLI interface to the API that administrators can use with ease.

Packaging

Lots of issues regarding packaging were fixed. We want to highlight the following commits:

  • Do not touch the Gemfile anymore. Commit: bd383fba329b.
  • Change how we build dependencies. Commit: 0970b9903af5.
  • Added bundled JS dependencies in the spec file. Commit: f08803be6fbc.
  • Added a script to compare the gems on git and OBS. Commit: 291d172c12e3.

Contributors for this release

Alexander Block, banuchka, Ben Rexin, Diokuz, Fabian Baumanis, Hart Simha, James Maidment, Jordi Massaguer Pla, Lefnui, Maik Hinrichs, Maximilian Meister, Miquel Sabaté Solà, Ricardo Mateus, Robin Müller, Saurabh Surana, Shammah Chancellor, Soedarsono, Thorsten Schifferdecker, Vadim Bauer, Vítor Avelino.

... and many thanks to everyone that has contributed to Portus by leaving comments, sending emails, submitting issues, providing feedback, etc. Thanks!

2.2.0

Fixes

  • Portus will now properly update the image ID when a tag has been pushed. See PR #1054.
  • Fixed how image updates are handled. See PR #1031.
  • Follow a consistent order in the signup form. See PR #1119.
  • Hide passwords stored in webhooks. See PR #1111.
  • Removed reference of missing stylesheets. See PR #1114.
  • Fixed a bunch of issues related to activities. See PR #1144.
  • Fixed the pre-compilation of the cover.js asset. See PR #1157.

Features

  • portusctl: it will show a warning when using the --local-registry flag but the package has not been installed. See PR #1096.
  • Portus now supports Docker Distribution 2.5. See PR #1068.
  • Allow docker-compose users to specify an alternative port. See PR #1094.

Documentation

  • Avoid the confusion on the hostnames to be used. See PR #1056.
  • Clarified how the --local-registry flag works. PR #1052.

2.1.1

Fixes

Improvements

  • Notification messages are now more consistent (see 72e452b1fd20)
  • Order users by username on the admin panel (see e92106cd951b)

2.1

Featured

Improvements and small features

Fixes

Breaking changes

  • Moved the machine FQDN from secrets.yml to config.yml (see 984671662ade)
  • Deprecated the usage of "x.minutes" strings in configuration values. In future versions this syntax will be forbidden (see 53400181e439)

Others

  • All the improvements, features and bug fixes mentioned in the notes of 2.0.x releases.

2.0.5

Improvements

  • The FQDN can now be specified from the configuration too. This is meant to help users to transition from 2.0.x to 2.1. See commit.
  • Portus is now more explicit on the allowed name format. See commit.
  • Portus is now more friendly on errors based on the namespace name. See commit.

portusctl

  • Disable automatic generation of certificates. For this, now there are two new flags: --ssl-gen-self-signed-certs and --ssl-certs-dir <dir>. See commit.
  • Wrap crono with the exec command. See commit.

Misc

  • Some fixes on the generation of the RPM in OBS.

2.0.4

RPM

  • Automate Portus release. See commit.
  • Rename Portus to portus on the RPM. See commit.
  • Refactored RPM. See commit.
  • Wrap crono with the exec command in the RPM. See commit.
  • Require net-tools on the RPM. See commit.

portusctl

  • Use the proper make_admin task. See commit.
  • Don't configure mysql in Docker. See commit.
  • Added the portus:info task. See commit.

Improvements

  • Better Sub-URI handling & configurable config-local.yml path. See PR.
  • Update ruby versions on travis. See commit1 and commit2.

Other fixes

  • Logout button and search repository are now appearing in small devices. See commit.
  • Don't allow access to the hidden global team. See commit.

2.0.3

  • Fixed crono job when a repository could not be found. See commit.
  • Fixed more issues on docker 1.10 and distribution 2.3. See this and this commits.
  • Handle multiple scopes in token requests. See commit.
  • Add optional fields to token response. See commit.

2.0.2

  • Fixed notification events for distribution v2.3. See commit.

2.0.1

2.0.0

  • Portus will now check whether a Registry is reachable or not. See PR #437.
  • Namespaces and teams have a description field. See PR #383.
  • Second UI iteration. See pull requests: #445, #447 and #462.
  • Repositories contained in public namespaces are now pullable even for non-logged in users: PR #468.
  • SUSE RPM: provide portusctl tool to simplify the initial setup of Portus
  • Portus will now lock users' accounts that have failed too many times on login. See PR #330.
  • Added a mechanism of password recovery in case users forget about their password. See PR #325.
  • Set admin user from a rake task and disable first-user is admin. See PR [#314] (SUSE#314)
  • Added a configuration option to specify the expiration time for JWT tokens issued by Portus. See PR 518.
  • Review requirements and provides in the RPM PR #277, PR #278, PR #280, PR #273,
  • Add configure scripts for the RPM and use environment variables for production. See: PR #299, PR #298, PR #281
  • Check run time requirements like ssl, secrets. See PR #297, PR #286
  • Update uglifier gem for fixing a security issue (OSVDB-126747) PR #292
  • Introduced LDAP support. See the initial PR #301. Multiple PRs followed to bring LDAP support to a proper state (see this).
  • Users will not be able to create namespaces without a Registry currently existing.
  • PhantomJS is now being used in the testing infrastructure. See the following pull requests: #193, #194, #213, #216, #219.
  • The namespace page now shows the creation date. See PR #229.
  • There have been some fixes on the search feature. See #223 and #224.
  • Hidden teams are no longer able to create namespaces. See PR #220.
  • Added the pagination feature. See PR #232.
  • Some initial steps have been done towards running Portus inside docker. See PR #212.
  • Added the appliance tests. See PR #208.
  • Star/Unstar repositories. See PR #230 and #294.
  • Now users can be enabled/disabled. See PR #240.
  • Fixed the authentication process for Docker 1.8. See PR #282.
  • Added icons to the following tables: teams and members. See PR #388.
  • And some fixes here and there.

1.0.1

  • Fixed regression where namespaces could not be created from team page (Fixes #165)

1.0.0

  • Initial version