1# commit to be tagged for new release
2commit = "HEAD"
3
4project_name = "registry"
5github_repo = "distribution/distribution"
6
7# previous release
8previous = "v2.8.1"
9
10pre_release = false
11
12preface = """\
13Welcome to the 2.8.2 release of registry!
14
15The 2.8.2 registry release fixes several security vulnerabilities.
16The Go runtime has been bumped to 1.19.
17
18See the changelog below for full list of changes.
19
20### CI
21
22* Dockerfile: fix filenames of artifacts ([#3911](https://github.com/distribution/distribution/pull/3911))
23
24### Bugfixes
25
26* Fix panic in inmemory driver ([#3815](https://github.com/distribution/distribution/pull/3815))
27* Add code to handle pagination of parts. Fixes max layer size of 10GB bug ([#3893](https://github.com/distribution/distribution/pull/3893))
28* Parse http forbidden as denied ([#3914](https://github.com/distribution/distribution/pull/3914))
29* Revert "registry/client: set Accept: identity header when getting layers ([#3783](https://github.com/distribution/distribution/pull/3783))
30
31### Runtime
32
33* Update to go1.19.9 ([#3908](https://github.com/distribution/distribution/pull/3908))
34* Dockerfile: update xx to v1.2.1 ([#3907](https://github.com/distribution/distribution/pull/3907))
35
36### Security
37
38* Fix [CVE-2022-28391](https://www.cve.org/CVERecord?id=CVE-2022-28391) by bumping alpine from 3.14 to 3.16 ([#3650](https://github.com/distribution/distribution/pull/3650))
39* Fix [CVE-2023-2253](https://www.cve.org/CVERecord?id=CVE-2023-2253) runaway allocation on /v2/_catalog [`521ea3d9`](https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54)
40
41### Dependency Changes
42
43This release has no dependency changes
44
45Previous release can be found at [v2.8.1](https://github.com/distribution/distribution/releases/tag/v2.8.1)
46"""
View as plain text