Releases: oras-project/oras-java
Releases Β· oras-project/oras-java
Release list
0.8.0
π₯ Breaking changes
- Avoid inifinite tag or referrers listing (#785) @jonesbusy
- Remove env var support (#774) @jonesbusy
π New features and improvements
- HTTP request retry (#763) @jonesbusy
- Optimize OCI layout push blob to avoid file copy if already exists (#758) @jonesbusy
- Add PushOptions and PullOptions (#757) @jonesbusy
π Bug fixes
- FIx password containings
:(#781) @jonesbusy - Only set latest tag when digest is not specified (#779) @jonesbusy
- Use
copyForNewTransportinstead ofasSecure()/asInsecure()(#777) @jonesbusy - Cannot downgrade to insecure mirror (#775) @jonesbusy
- Handle null tag when digest is set without tag (#771) @jonesbusy
π Documentation updates
- Documentation for users and agents for policies (#778) @jonesbusy
π» Maintenance
- Code cleanup and remove APIs to create polices (accept/reject all) (#788) @jonesbusy
- Avoid inifinite tag or referrers listing (#785) @jonesbusy
- Pull integrity checks (#784) @jonesbusy
- Ensure safe docker credential name (#783) @jonesbusy
- Ensure to check digest when reading blobs from OCI layout (#782) @jonesbusy
- Add copy max recursion (#780) @jonesbusy
- Use
copyForNewTransportinstead ofasSecure()/asInsecure()(#777) @jonesbusy - Cleanup several classes (#772) @jonesbusy
- Sigstore policies (with keys) (#770) @jonesbusy
- Check policies for Registry (only insecure and reject) (#766) @jonesbusy
- Add policy.json model (not used) (#765) @jonesbusy
- Reduce tests jar size (#756) @jonesbusy
π¦ Tests
- Bump zot v2.1.18 (#762) @github-actions[bot]
- Reduce tests jar size (#756) @jonesbusy
π¦ Dependency updates
- Bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 (#786) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.7.0 to 3.8.0 (#776) @dependabot[bot]
- Bump ch.qos.logback:logback-classic from 1.5.36 to 1.5.37 (#769) @dependabot[bot]
- Bump org.spdx:spdx-maven-plugin from 1.0.3 to 1.0.4 (#768) @dependabot[bot]
- Bump org.junit:junit-bom from 6.1.0 to 6.1.1 (#767) @dependabot[bot]
- Bump zot v2.1.18 (#762) @github-actions[bot]
- Bump ch.qos.logback:logback-classic from 1.5.34 to 1.5.36 (#761) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.4.0 to 7.5.1 (#760) @dependabot[bot]
- Bump actions/setup-python from 6.2.0 to 6.3.0 (#759) @dependabot[bot]
0.7.0
π New features and improvements
- Add support for registries config drop-in files (#753) @jonesbusy
- Support for
CONTAINERS_REGISTRIES_CONF(#752) @jonesbusy - Support for
REGISTRY_AUTH_FILE(#751) @jonesbusy - Add support for
mirror-by-digest-onlyandpull-from-mirror(#746) @jonesbusy - Add support for
mirrorsonregistries.conf(#745) @jonesbusy - Partial index copy with Platform filters (#744) @jonesbusy
- Chunk upload (#742) @jonesbusy
- Add support for tar files in OCI Layout in adition of exploded directories (#739) @jonesbusy
π Documentation updates
- Improve README.md with more examples (#755) @jonesbusy
- Add
AGENTS.md(#738) @jonesbusy
π» Maintenance
- Add two constants to running container media type (#734) @jonesbusy
π¦ Tests
- Test reduce flaky tests (#750) @jonesbusy
β Other changes
- Prepare for next release (#754) @jonesbusy
- Garbage collect OCI layout to cleanup non-referenced blobs (#740) @jonesbusy
π¦ Dependency updates
17 changes
- Bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#748) @dependabot[bot]
- Bump actions/checkout from 6.0.3 to 7.0.0 (#747) @dependabot[bot]
- Bump org.sonatype.central:central-publishing-maven-plugin from 0.10.0 to 0.11.0 (#749) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.6.0 to 3.7.0 (#743) @dependabot[bot]
- Bump com.github.luben:zstd-jni from 1.5.7-10 to 1.5.7-11 (#741) @dependabot[bot]
- Bump dev.sigstore:sigstore-maven-plugin from 2.1.0 to 2.2.0 (#737) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.4 to 3.2.0 (#736) @dependabot[bot]
- Bump io.micrometer:micrometer-bom from 1.16.5 to 1.17.0 (#735) @dependabot[bot]
- Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 (#733) @dependabot[bot]
- Bump github/codeql-action from 4.36.1 to 4.36.2 (#732) @dependabot[bot]
- Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#731) @dependabot[bot]
- Bump github/codeql-action from 4.36.0 to 4.36.1 (#727) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.2.0 to 3.3.0 (#728) @dependabot[bot]
- Bump com.github.luben:zstd-jni from 1.5.7-9 to 1.5.7-10 (#729) @dependabot[bot]
- Bump actions/checkout from 6.0.2 to 6.0.3 (#730) @dependabot[bot]
- Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 (#726) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 (#725) @dependabot[bot]
0.6.5
π Bug fixes
- Regression when file already exists when exploding archive (#720) @jonesbusy
π¦ Dependency updates
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6 (#722) @dependabot[bot]
- Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 (#724) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0 (#723) @dependabot[bot]
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 (#721) @dependabot[bot]
0.6.4
β Security
- [GHSA-j6hm-v3x2-qv6j] Symlink-based path traversal in ArchiveUtils.untar / unzip allows arbitrary file write outside extraction directory
π¦ Tests
- Bump zot v2.1.17 (#718) @github-actions[bot]
π¦ Dependency updates
- Bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (#719) @dependabot[bot]
- Bump zot v2.1.17 (#718) @github-actions[bot]
- Bump org.junit:junit-bom from 6.0.3 to 6.1.0 (#716) @dependabot[bot]
- Bump codecov/codecov-action from 6.0.0 to 6.0.1 (#715) @dependabot[bot]
- Bump com.github.luben:zstd-jni from 1.5.7-8 to 1.5.7-9 (#714) @dependabot[bot]
- Bump dev.sigstore:sigstore-maven-plugin from 2.0.0 to 2.1.0 (#713) @dependabot[bot]
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 (#712) @dependabot[bot]
- Bump github/codeql-action from 4.35.5 to 4.36.0 (#717) @dependabot[bot]
- Bump Maven 3.9.16 (#711) @github-actions[bot]
0.6.3
π New features and improvements
- Add YAML utils (#709) @jonesbusy
π» Maintenance
- Add some constants for other CNCF projects (#710) @jonesbusy
- Do not include null on serialized model (#705) @jonesbusy
π¦ Dependency updates
- Bump github/codeql-action from 4.35.4 to 4.35.5 (#707) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.1 (#708) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.1.3 to 3.2.0 (#706) @dependabot[bot]
- Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 (#704) @dependabot[bot]
0.6.2
β Security
- [GHSA-xm96-gfjx-jcrc] Normalize and validate path from org.opencontainers.image.title (#703) @jonesbusy
0.6.1
π Bug fixes
- Use unique metric name for HTTP requests (#702) @jonesbusy
- Make ArchiveUtils work on Windows (#683) @ThomasVitale
π» Maintenance
- Run workflows on Windows to discover to support more platform (#690) @jonesbusy
π¦ Dependency updates
- Bump release-drafter/release-drafter from 7.2.1 to 7.3.0 (#700) @dependabot[bot]
- Bump github/codeql-action from 4.35.3 to 4.35.4 (#701) @dependabot[bot]
- Bump com.github.luben:zstd-jni from 1.5.7-7 to 1.5.7-8 (#695) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.2.0 to 7.2.1 (#697) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 (#696) @dependabot[bot]
- Bump github/codeql-action from 4.35.2 to 4.35.3 (#698) @dependabot[bot]
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.3 to 3.2.4 (#699) @dependabot[bot]
0.6.0
π New features and improvements
- Support configuring custom CA certificates (#687) @ThomasVitale
π Bug fixes
- Fix rewrite of unqualified reference (#692) @jonesbusy
π» Maintenance
- Bump version to 0.6.0-SNAPSHOT (#688) @jonesbusy
- Add missing @OrasModel annotation on CredentialHelperResponse (#685) @ThomasVitale
π¦ Tests
- Bump zot v2.1.16 (#689) @github-actions[bot]
π¦ Dependency updates
- Bump Maven 3.9.15 (#686) @github-actions[bot]
- Bump updatecli/updatecli-action from 3.1.2 to 3.1.3 (#693) @dependabot[bot]
- Bump testcontainer.version from 2.0.4 to 2.0.5 (#694) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.1.1 to 3.1.2 (#691) @dependabot[bot]
- Bump zot v2.1.16 (#689) @github-actions[bot]
0.5.2
π New features and improvements
- Allow to pass auth token to build registry (#677) @jonesbusy
π Bug fixes
- Change JUnit dependency scope from compile to scope (#666) @ThomasVitale
π¦ Tests
- Fix flaky tests (#667) @jonesbusy
π¦ Dependency updates
20 changes
- Bump github/codeql-action from 4.35.1 to 4.35.2 (#680) @dependabot[bot]
- Bump org.bouncycastle:bcprov-jdk18on from 1.83 to 1.84 (#682) @dependabot[bot]
- Bump io.micrometer:micrometer-bom from 1.16.4 to 1.16.5 (#681) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.1.0 to 3.1.1 (#679) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.1 to 3.1.2 (#678) @dependabot[bot]
- Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#676) @dependabot[bot]
- Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#675) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#674) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.0.0 to 3.1.0 (#673) @dependabot[bot]
- Bump s4u/setup-maven-action from 1.19.0 to 1.20.0 (#669) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.0 to 3.1.1 (#661) @dependabot[bot]
- Bump actions/deploy-pages from 4.0.5 to 5.0.0 (#660) @dependabot[bot]
- Bump codecov/codecov-action from 5.5.3 to 6.0.0 (#662) @dependabot[bot]
- Bump github/codeql-action from 4.33.0 to 4.35.1 (#664) @dependabot[bot]
- Bump updatecli/updatecli-action from 2.100.0 to 3.0.0 (#663) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.0.0 to 7.1.1 (#658) @dependabot[bot]
- Bump codecov/codecov-action from 5.5.2 to 5.5.3 (#657) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.3.0 to 3.4.0 (#655) @dependabot[bot]
- Bump testcontainer.version from 2.0.3 to 2.0.4 (#656) @dependabot[bot]
- Bump github/codeql-action from 4.32.6 to 4.33.0 (#654) @dependabot[bot]
0.5.1
π New features and improvements
- Implement blobs mount (#651) @jonesbusy
π Bug fixes
- Fix copy using target tag (#653) @jonesbusy
π» Maintenance
- Fix mount for insecure registry (parameter order) (#652) @jonesbusy
- Implement
canMount(#650) @jonesbusy
π¦ Dependency updates
- Bump release-drafter/release-drafter from 6.4.0 to 7.0.0 (#645) @dependabot[bot]
- Bump Maven 3.9.14 (#649) @github-actions[bot]
- Bump webfactory/ssh-agent from 0.9.1 to 0.10.0 (#646) @dependabot[bot]
- Bump mockito.version from 5.22.0 to 5.23.0 (#647) @dependabot[bot]
- Bump io.micrometer:micrometer-bom from 1.16.3 to 1.16.4 (#644) @dependabot[bot]