Releases: oras-project/oras-java
Releases Β· oras-project/oras-java
0.6.4
β Security
- [GHSA-j6hm-v3x2-qv6j] Symlink-based path traversal in ArchiveUtils.untar / unzip allows arbitrary file write outside extraction directory
π¦ Tests
- Bump zot v2.1.17 (#718) @github-actions[bot]
π¦ Dependency updates
- Bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (#719) @dependabot[bot]
- Bump zot v2.1.17 (#718) @github-actions[bot]
- Bump org.junit:junit-bom from 6.0.3 to 6.1.0 (#716) @dependabot[bot]
- Bump codecov/codecov-action from 6.0.0 to 6.0.1 (#715) @dependabot[bot]
- Bump com.github.luben:zstd-jni from 1.5.7-8 to 1.5.7-9 (#714) @dependabot[bot]
- Bump dev.sigstore:sigstore-maven-plugin from 2.0.0 to 2.1.0 (#713) @dependabot[bot]
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 (#712) @dependabot[bot]
- Bump github/codeql-action from 4.35.5 to 4.36.0 (#717) @dependabot[bot]
- Bump Maven 3.9.16 (#711) @github-actions[bot]
0.6.3
π New features and improvements
- Add YAML utils (#709) @jonesbusy
π» Maintenance
- Add some constants for other CNCF projects (#710) @jonesbusy
- Do not include null on serialized model (#705) @jonesbusy
π¦ Dependency updates
- Bump github/codeql-action from 4.35.4 to 4.35.5 (#707) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.1 (#708) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.1.3 to 3.2.0 (#706) @dependabot[bot]
- Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 (#704) @dependabot[bot]
Contributors
jonesbusy
Assets 5
0.6.2
β Security
- [GHSA-xm96-gfjx-jcrc] Normalize and validate path from org.opencontainers.image.title (#703) @jonesbusy
Contributors
jonesbusy
Assets 5
0.6.1
π Bug fixes
- Use unique metric name for HTTP requests (#702) @jonesbusy
- Make ArchiveUtils work on Windows (#683) @ThomasVitale
π» Maintenance
- Run workflows on Windows to discover to support more platform (#690) @jonesbusy
π¦ Dependency updates
- Bump release-drafter/release-drafter from 7.2.1 to 7.3.0 (#700) @dependabot[bot]
- Bump github/codeql-action from 4.35.3 to 4.35.4 (#701) @dependabot[bot]
- Bump com.github.luben:zstd-jni from 1.5.7-7 to 1.5.7-8 (#695) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.2.0 to 7.2.1 (#697) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 (#696) @dependabot[bot]
- Bump github/codeql-action from 4.35.2 to 4.35.3 (#698) @dependabot[bot]
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.3 to 3.2.4 (#699) @dependabot[bot]
Contributors
jonesbusy and ThomasVitale
Assets 5
0.6.0
π New features and improvements
- Support configuring custom CA certificates (#687) @ThomasVitale
π Bug fixes
- Fix rewrite of unqualified reference (#692) @jonesbusy
π» Maintenance
- Bump version to 0.6.0-SNAPSHOT (#688) @jonesbusy
- Add missing @OrasModel annotation on CredentialHelperResponse (#685) @ThomasVitale
π¦ Tests
- Bump zot v2.1.16 (#689) @github-actions[bot]
π¦ Dependency updates
- Bump Maven 3.9.15 (#686) @github-actions[bot]
- Bump updatecli/updatecli-action from 3.1.2 to 3.1.3 (#693) @dependabot[bot]
- Bump testcontainer.version from 2.0.4 to 2.0.5 (#694) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.1.1 to 3.1.2 (#691) @dependabot[bot]
- Bump zot v2.1.16 (#689) @github-actions[bot]
Contributors
jonesbusy and ThomasVitale
Assets 5
0.5.2
π New features and improvements
- Allow to pass auth token to build registry (#677) @jonesbusy
π Bug fixes
- Change JUnit dependency scope from compile to scope (#666) @ThomasVitale
π¦ Tests
- Fix flaky tests (#667) @jonesbusy
π¦ Dependency updates
20 changes
- Bump github/codeql-action from 4.35.1 to 4.35.2 (#680) @dependabot[bot]
- Bump org.bouncycastle:bcprov-jdk18on from 1.83 to 1.84 (#682) @dependabot[bot]
- Bump io.micrometer:micrometer-bom from 1.16.4 to 1.16.5 (#681) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.1.0 to 3.1.1 (#679) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.1 to 3.1.2 (#678) @dependabot[bot]
- Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#676) @dependabot[bot]
- Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#675) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#674) @dependabot[bot]
- Bump updatecli/updatecli-action from 3.0.0 to 3.1.0 (#673) @dependabot[bot]
- Bump s4u/setup-maven-action from 1.19.0 to 1.20.0 (#669) @dependabot[bot]
- Bump tools.jackson:jackson-bom from 3.1.0 to 3.1.1 (#661) @dependabot[bot]
- Bump actions/deploy-pages from 4.0.5 to 5.0.0 (#660) @dependabot[bot]
- Bump codecov/codecov-action from 5.5.3 to 6.0.0 (#662) @dependabot[bot]
- Bump github/codeql-action from 4.33.0 to 4.35.1 (#664) @dependabot[bot]
- Bump updatecli/updatecli-action from 2.100.0 to 3.0.0 (#663) @dependabot[bot]
- Bump release-drafter/release-drafter from 7.0.0 to 7.1.1 (#658) @dependabot[bot]
- Bump codecov/codecov-action from 5.5.2 to 5.5.3 (#657) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.3.0 to 3.4.0 (#655) @dependabot[bot]
- Bump testcontainer.version from 2.0.3 to 2.0.4 (#656) @dependabot[bot]
- Bump github/codeql-action from 4.32.6 to 4.33.0 (#654) @dependabot[bot]
Contributors
jonesbusy and ThomasVitale
Assets 5
0.5.1
π New features and improvements
- Implement blobs mount (#651) @jonesbusy
π Bug fixes
- Fix copy using target tag (#653) @jonesbusy
π» Maintenance
- Fix mount for insecure registry (parameter order) (#652) @jonesbusy
- Implement
canMount(#650) @jonesbusy
π¦ Dependency updates
- Bump release-drafter/release-drafter from 6.4.0 to 7.0.0 (#645) @dependabot[bot]
- Bump Maven 3.9.14 (#649) @github-actions[bot]
- Bump webfactory/ssh-agent from 0.9.1 to 0.10.0 (#646) @dependabot[bot]
- Bump mockito.version from 5.22.0 to 5.23.0 (#647) @dependabot[bot]
- Bump io.micrometer:micrometer-bom from 1.16.3 to 1.16.4 (#644) @dependabot[bot]
Contributors
jonesbusy
Assets 5
0.5.0
π New features and improvements
- Enable micrometer metrics and add one for token refresh (#639) @copilot-swe-agent[bot]
- Allow consumers to provide their executor service (#637) @jonesbusy
- Concurrency for layer pull and push (#629) @jonesbusy
- Global scopes and look for token with broader scope in the cache (#633) @jonesbusy
- Cache hit with service (#632) @jonesbusy
- Store token into caffeine cache (#631) @jonesbusy
- Tags pagination (#628) @jonesbusy
π Bug fixes
- Ensure to URI escape service name (#623) @jonesbusy
π» Maintenance
- Increase Maven central publication waitMaxTime to 2h (30mn fail too often) (#621) @jonesbusy
π¦ Tests
- Build docker-credential-fake with Go 1.26.1 (#642) @jonesbusy
- Bump zot v2.1.15 (#636) @github-actions[bot]
β Other changes
- Use bom and pass service and realm to token refresh (#641) @jonesbusy
π¦ Dependency updates
- Build docker-credential-fake with Go 1.26.1 (#642) @jonesbusy
- Bump io.micrometer:micrometer-core from 1.15.0 to 1.16.3 (#640) @dependabot[bot]
- Bump zot v2.1.15 (#636) @github-actions[bot]
- Bump release-drafter/release-drafter from 6.3.0 to 6.4.0 (#634) @dependabot[bot]
- Bump Maven 3.9.13 (#625) @github-actions[bot]
- Bump release-drafter/release-drafter from 6.2.0 to 6.3.0 (#627) @dependabot[bot]
- Bump github/codeql-action from 4.32.5 to 4.32.6 (#626) @dependabot[bot]
- Bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0 (#624) @dependabot[bot]
Contributors
jonesbusy
Assets 5
0.4.2
π New features and improvements
- Add CopyOption with
includeReferrersoption and ensure to copy index on index (#610) @jonesbusy - Add optional OS version and feature (#608) @jonesbusy
- Add zip compression for artifact but never unpack it (Not a standard OCI layer mediatype) (#606) @jonesbusy
π Bug fixes
- Fix index serialization when adding manifests (#615) @jonesbusy
π Documentation updates
- Fix javadoc warnings (#620) @jonesbusy
π» Maintenance
- Change order of ensureSafeEntry to satisfy CodeQL (#618) @jonesbusy
- Add utils to remove one descriptor from Index (#614) @jonesbusy
- Better error message when getting legacy manifests (#600) @jonesbusy
π¦ Tests
- Missing OrasModel and ensure we scan all for the tests (#599) @jonesbusy
β Other changes
- [StepSecurity] ci: Harden GitHub Actions (#619) @step-security-bot
π¦ Dependency updates
- Bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 (#613) @dependabot[bot]
- Bump github/codeql-action from 4.32.4 to 4.32.5 (#611) @dependabot[bot]
- Bump com.diffplug.spotless:spotless-maven-plugin from 3.2.1 to 3.3.0 (#612) @dependabot[bot]
- Bump mockito.version from 5.21.0 to 5.22.0 (#605) @dependabot[bot]
- Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#601) @dependabot[bot]
- Bump updatecli/updatecli-action from 2.99.0 to 2.100.0 (#602) @dependabot[bot]
Contributors
jonesbusy and step-security-bot
Assets 5
0.4.1
π New features and improvements
- Add utility method on ManifestDescriptor to construct manifest descriptor with Platform and Annotation from Manifest (#591) @jonesbusy
- Better support for Index artifact type (#594) @jonesbusy
- Add
withArtifactTypefor Index (#590) @jonesbusy - Support hierarchical credentials on AuthStore (per namespace, per repository etc) (#588) @copilot-swe-agent[bot]
π Bug fixes
- Fix invalid scope on push blob (#595) @jonesbusy
- Layer annotations where not added on files during pushArtifact (#583) @jonesbusy
- Do not pull layer without title on pull artifact (#582) @jonesbusy
π¦ Tests
- Update ContainerRef.shouldDetermineEffectiveRegistry test to not be machine dependent (#596) @jonesbusy
- Add utility method on ManifestDescriptor to construct manifest descriptor with Platform and Annotation from Manifest (#591) @jonesbusy
- One more demo/test to push Jenkins library (#581) @jonesbusy
- Update demo/tests for Harbor and different Artifacts (#579) @jonesbusy
- Add test for Nexus (#578) @jonesbusy
- Add few more tests (#577) @jonesbusy
- Add test to package a standard Flux Artifact (#576) @jonesbusy
β Other changes
- Missing
@OrasModelfor reflection access (#573) @jonesbusy
π¦ Dependency updates
- Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 (#585) @dependabot[bot]
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5 (#586) @dependabot[bot]
- Bump github/codeql-action from 4.32.3 to 4.32.4 (#584) @dependabot[bot]
Contributors
jonesbusy