Update the severity, fixed version and cvss_score_v3 #21915

stonezdj · 2025-04-23T02:50:43Z

fixes #21463
Thank you for contributing to Harbor!

Comprehensive Summary of your change

Issue being fixed

Fixes #(issue)

Please indicate you've done the following:

Well Written Title and Summary of the PR
Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
Accepted the DCO. Commits without the DCO will delay acceptance.
Made sure tests are passing and test coverage is added if needed.
Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

chlins

lgtm

codecov · 2025-04-23T02:54:59Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 46.48%. Comparing base (c8c11b4) to head (ad331ed).
Report is 466 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #21915      +/-   ##
==========================================
+ Coverage   45.36%   46.48%   +1.11%     
==========================================
  Files         244      253       +9     
  Lines       13333    14236     +903     
  Branches     2719     2925     +206     
==========================================
+ Hits         6049     6618     +569     
- Misses       6983     7267     +284     
- Partials      301      351      +50

Flag	Coverage Δ
unittests	`46.48% <ø> (+1.11%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 178 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

wy65701436

lgtm

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of goharbor#21915 Fixes goharbor#21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of #21915 Fixes #21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

* Add 400 code response in swagger.yaml for updateRegistry updateReplicationPolicy and headProject (goharbor#22165) Signed-off-by: yuzhipeng <yuzp1996@gmail.com> * Update FixVersion and ScoreV3 (goharbor#22007) Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of goharbor#21915 Fixes goharbor#21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch> * Add "status" of CVEs to artfact scan report (goharbor#22177) This commit adds the field "status" to the struct of a vulnerability and adds column "status" to vulnerability record table. It makes sure the statuses of CVEs returned by trivy scanner are persisted and can be returned via the vulnerabilities addition API of an artifact. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Improve portal README.md formatting and clarity (goharbor#22173) improving the portal readme file Signed-off-by: rgcr <roger.dev@pm.me> * chore: Updated RELEASE.md by updating Minor Release Support Map (goharbor#22145) Updated the Minor Release Support Matrix to include v2.13 Signed-off-by: Mooneeb Hussain <mooneeb.hussain@gmail.com> * Add status field to the API on secyurityHub (goharbor#22182) This commit makes change to the API GET /api/v2.0/vul to make it include "status" of CVEs in the response. It also makes update in the UI to add the "Status" column to the data grids in security hub and artifact details page. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Set MAX_JOB_DURATION_SECONDS from jobservice config.yml (goharbor#22116) Signed-off-by: stonezdj <stone.zhang@broadcom.com> * clean up project metadata for tag retention policy after deletion (goharbor#22174) Signed-off-by: my036811 <miner.yang@broadcom.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.2 to 3.18.3 in /src (goharbor#22113) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: miner <yminer@vmware.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 in /src (goharbor#22188) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove testcase Open Image Scanners doc page (goharbor#22180) Signed-off-by: stonezdj <stone.zhang@broadcom.com> * Don't always skip vuln check when artifact is not scannable (goharbor#22187) fixes goharbor#22143 This commit makes update to the vulnerable policy middleware. So that it will skip the sheck only when the artifact is not scannable AND it does not have a scan report. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Display download url for BUILD_PACKAGE action (goharbor#22197) Signed-off-by: stonezdj <stone.zhang@broadcom.com> * add the replicaiton adapter whitelist (goharbor#22198) fixes goharbor#21925 According to https://github.com/goharbor/harbor/wiki/Harbor-Replicaiton-Adapter-Owner, some replication adapters are no longer actively maintained by the Harbor community. To address this, a whitelist environment variable is introduced to define the list of actively supported adapters, which will be used by the Harbor portal and API to display and allow usage. If you still wish to view and use the unsupported or inactive adapters, you must manually update the whitelist and include the desired adapter names. For the list of adapter names, refer to https://github.com/goharbor/harbor/blob/main/src/pkg/reg/model/registry.go#L22 Signed-off-by: wang yan <wangyan@vmware.com> * fix: correct the permission of project maintainer role for webhook policy (goharbor#22135) Signed-off-by: chlins <chlins.zhang@gmail.com> * update the orm filter func (goharbor#22208) to extend the enhancement from goharbor#21924 to fuzzy and range match. After the enhance, the orm.ExerSep is not supported in any sort of query keywords. Signed-off-by: wy65701436 <wangyan@vmware.com> * bump golang version (goharbor#22205) to the latest golang version v1.24.5 from v1.24.3 Signed-off-by: wy65701436 <wangyan@vmware.com> * Add HTTP 409 error when creating robot account (goharbor#22201) fixes goharbor#22107 Signed-off-by: stonezdj <stone.zhang@broadcom.com> * feat: support raw format for CNAI model (goharbor#22040) Signed-off-by: chlins <chlins.zhang@gmail.com> * The tag retention job failed with 403 error message (goharbor#22159) fixes goharbor#22141 Signed-off-by: stonezdj <stone.zhang@broadcom.com> * remove extra build_base=false && pull_base_from_dockerhub=false check logic (goharbor#22233) remove extra build_base=false && pull_base_from_dockerhub=false logic we do not block the case using local chached image(docker build --pull=false) while build_base=false However we need gurantee always pull latest image while build package And when there's some rate limit issue in the CICD situation we could set pull_base_from_dockerhub=false Signed-off-by: my036811 <miner.yang@broadcom.com> * chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.19 to 1.1.25 in /src (goharbor#22225) chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.19 to 1.1.25. - [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases) - [Commits](volcengine/volcengine-go-sdk@v1.1.19...v1.1.25) --- updated-dependencies: - dependency-name: github.com/volcengine/volcengine-go-sdk dependency-version: 1.1.25 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: miner <miner.yang@broadcom.com> * Delete local cache if the artifact doesn't exist in upstream registry (goharbor#22175) fixes goharbor#20596 Signed-off-by: stonezdj <stonezdj@gmail.com> * update the support list of proxy cache (goharbor#22237) According to PR goharbor#22198, some inactive adapters have been removed from the default adapter list. This pull request updates PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE accordingly, since the list of proxy cache adapters should be a subset of the replication adapters. Signed-off-by: wy65701436 <wangyan@vmware.com> * bump go version (goharbor#22238) * feat: Single Active Replication (goharbor#21347) feat(replication): add Single Active Replication per policy * Added single_active_replication field to schema & DB table * Updated API, controller & handler to enforce single execution per policy * Added checkbox in UI to enable/disable single_active_replication for a policy * Implemented necessary backend & frontend tests * Prevents parallel runs per policy if single_active_replication is enabled Signed-off-by: bupd <bupdprasanth@gmail.com> * bump base verson for v2.15.0 (goharbor#22241) Signed-off-by: wy65701436 <wangyan@vmware.com> * build base images (goharbor#22249) 1, downgrade the base version to 2.14, and update it whenever we have the release-2.14.0 branch. 2, refresh the base images bses on the latest code. Signed-off-by: wy65701436 <wangyan@vmware.com> * Upload build logs to github artifact (goharbor#22223) Upload log files to github with 5 day retention Signed-off-by: stonezdj <stone.zhang@broadcom.com> * add prepare migration script for 2.14.0 (goharbor#22247) Signed-off-by: my036811 <miner.yang@broadcom.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in /src (goharbor#22258) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.18.4 to 3.18.5. - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.18.4...v3.18.5) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/checkout from 3 to 5 (goharbor#22250) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.25 to 1.1.26 in /src (goharbor#22244) chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.25 to 1.1.26. - [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases) - [Commits](volcengine/volcengine-go-sdk@v1.1.25...v1.1.26) --- updated-dependencies: - dependency-name: github.com/volcengine/volcengine-go-sdk dependency-version: 1.1.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Return the Resport when the scanner is unhealthy (goharbor#22255) This commit fixes goharbor#22254 It updates the "GetReport" function, such that when the scanner is unhealthy, and we can't know the the artifact is supported, we will still try to return the report stored in DB. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Refine the sql to query non empty repositories (goharbor#22269) use exists instead of in condition Signed-off-by: stonezdj <stone.zhang@broadcom.com> * chore(deps): bump github.com/beego/beego/v2 from 2.3.6 to 2.3.8 in /src (goharbor#22282) Bumps [github.com/beego/beego/v2](https://github.com/beego/beego) from 2.3.6 to 2.3.8. - [Release notes](https://github.com/beego/beego/releases) - [Changelog](https://github.com/beego/beego/blob/master/CHANGELOG.md) - [Commits](beego/beego@v2.3.6...v2.3.8) --- updated-dependencies: - dependency-name: github.com/beego/beego/v2 dependency-version: 2.3.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 in /src (goharbor#22283) chore(deps): bump github.com/prometheus/client_model in /src Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.1 to 0.6.2. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](prometheus/client_model@v0.6.1...v0.6.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-version: 0.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.2 to 2.16.1 in /src (goharbor#22281) chore(deps): bump github.com/cloudevents/sdk-go/v2 in /src Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.15.2 to 2.16.1. - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](cloudevents/sdk-go@v2.15.2...v2.16.1) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-version: 2.16.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/go-openapi/swag from 0.23.0 to 0.23.1 in /src (goharbor#22243) chore(deps): bump github.com/go-openapi/swag in /src Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.23.0 to 0.23.1. - [Commits](go-openapi/swag@v0.23.0...v0.23.1) --- updated-dependencies: - dependency-name: github.com/go-openapi/swag dependency-version: 0.23.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.26 to 1.1.29 in /src (goharbor#22284) chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.26 to 1.1.29. - [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases) - [Commits](volcengine/volcengine-go-sdk@v1.1.26...v1.1.29) --- updated-dependencies: - dependency-name: github.com/volcengine/volcengine-go-sdk dependency-version: 1.1.29 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update README.md (#48) Describe whats different in next Signed-off-by: Vadim Bauer <vb@container-registry.com> * Update README.md (#54) Signed-off-by: Vadim Bauer <vb@container-registry.com> * Correct conformance_test GitHub Actions workflow at line 31 (merges into #64) --------- Signed-off-by: yuzhipeng <yuzp1996@gmail.com> Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch> Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> Signed-off-by: rgcr <roger.dev@pm.me> Signed-off-by: Mooneeb Hussain <mooneeb.hussain@gmail.com> Signed-off-by: stonezdj <stone.zhang@broadcom.com> Signed-off-by: my036811 <miner.yang@broadcom.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: wang yan <wangyan@vmware.com> Signed-off-by: chlins <chlins.zhang@gmail.com> Signed-off-by: wy65701436 <wangyan@vmware.com> Signed-off-by: stonezdj <stonezdj@gmail.com> Signed-off-by: bupd <bupdprasanth@gmail.com> Signed-off-by: Vadim Bauer <vb@container-registry.com> Signed-off-by: Prasanth Baskar <bupdprasanth@gmail.com> Co-authored-by: yuzhipeng <yuzp1996@gmail.com> Co-authored-by: Spyros Trigazis <strigazi@gmail.com> Co-authored-by: Daniel Jiang <daniel.jiang@broadcom.com> Co-authored-by: Roger <roger.dev@pm.me> Co-authored-by: Moon <mooneeb@chkk.io> Co-authored-by: stonezdj(Daojun Zhang) <stonezdj@gmail.com> Co-authored-by: miner <miner.yang@broadcom.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: miner <yminer@vmware.com> Co-authored-by: Wang Yan <wangyan@vmware.com> Co-authored-by: Chlins Zhang <chlins.zhang@gmail.com> Co-authored-by: Vadim Bauer <vb@container-registry.com> Co-authored-by: cubic Bot <contact@cubic.dev>

* Add 400 code response in swagger.yaml for updateRegistry updateReplicationPolicy and headProject (goharbor#22165) Signed-off-by: yuzhipeng <yuzp1996@gmail.com> * Update FixVersion and ScoreV3 (goharbor#22007) Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of goharbor#21915 Fixes goharbor#21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch> * Add "status" of CVEs to artfact scan report (goharbor#22177) This commit adds the field "status" to the struct of a vulnerability and adds column "status" to vulnerability record table. It makes sure the statuses of CVEs returned by trivy scanner are persisted and can be returned via the vulnerabilities addition API of an artifact. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Improve portal README.md formatting and clarity (goharbor#22173) improving the portal readme file Signed-off-by: rgcr <roger.dev@pm.me> * chore: Updated RELEASE.md by updating Minor Release Support Map (goharbor#22145) Updated the Minor Release Support Matrix to include v2.13 Signed-off-by: Mooneeb Hussain <mooneeb.hussain@gmail.com> * Add status field to the API on secyurityHub (goharbor#22182) This commit makes change to the API GET /api/v2.0/vul to make it include "status" of CVEs in the response. It also makes update in the UI to add the "Status" column to the data grids in security hub and artifact details page. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Set MAX_JOB_DURATION_SECONDS from jobservice config.yml (goharbor#22116) Signed-off-by: stonezdj <stone.zhang@broadcom.com> * clean up project metadata for tag retention policy after deletion (goharbor#22174) Signed-off-by: my036811 <miner.yang@broadcom.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.2 to 3.18.3 in /src (goharbor#22113) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: miner <yminer@vmware.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 in /src (goharbor#22188) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove testcase Open Image Scanners doc page (goharbor#22180) Signed-off-by: stonezdj <stone.zhang@broadcom.com> * Don't always skip vuln check when artifact is not scannable (goharbor#22187) fixes goharbor#22143 This commit makes update to the vulnerable policy middleware. So that it will skip the sheck only when the artifact is not scannable AND it does not have a scan report. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Display download url for BUILD_PACKAGE action (goharbor#22197) Signed-off-by: stonezdj <stone.zhang@broadcom.com> * add the replicaiton adapter whitelist (goharbor#22198) fixes goharbor#21925 According to https://github.com/goharbor/harbor/wiki/Harbor-Replicaiton-Adapter-Owner, some replication adapters are no longer actively maintained by the Harbor community. To address this, a whitelist environment variable is introduced to define the list of actively supported adapters, which will be used by the Harbor portal and API to display and allow usage. If you still wish to view and use the unsupported or inactive adapters, you must manually update the whitelist and include the desired adapter names. For the list of adapter names, refer to https://github.com/goharbor/harbor/blob/main/src/pkg/reg/model/registry.go#L22 Signed-off-by: wang yan <wangyan@vmware.com> * fix: correct the permission of project maintainer role for webhook policy (goharbor#22135) Signed-off-by: chlins <chlins.zhang@gmail.com> * update the orm filter func (goharbor#22208) to extend the enhancement from goharbor#21924 to fuzzy and range match. After the enhance, the orm.ExerSep is not supported in any sort of query keywords. Signed-off-by: wy65701436 <wangyan@vmware.com> * bump golang version (goharbor#22205) to the latest golang version v1.24.5 from v1.24.3 Signed-off-by: wy65701436 <wangyan@vmware.com> * Add HTTP 409 error when creating robot account (goharbor#22201) fixes goharbor#22107 Signed-off-by: stonezdj <stone.zhang@broadcom.com> * feat: support raw format for CNAI model (goharbor#22040) Signed-off-by: chlins <chlins.zhang@gmail.com> * The tag retention job failed with 403 error message (goharbor#22159) fixes goharbor#22141 Signed-off-by: stonezdj <stone.zhang@broadcom.com> * remove extra build_base=false && pull_base_from_dockerhub=false check logic (goharbor#22233) remove extra build_base=false && pull_base_from_dockerhub=false logic we do not block the case using local chached image(docker build --pull=false) while build_base=false However we need gurantee always pull latest image while build package And when there's some rate limit issue in the CICD situation we could set pull_base_from_dockerhub=false Signed-off-by: my036811 <miner.yang@broadcom.com> * chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.19 to 1.1.25 in /src (goharbor#22225) chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.19 to 1.1.25. - [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases) - [Commits](volcengine/volcengine-go-sdk@v1.1.19...v1.1.25) --- updated-dependencies: - dependency-name: github.com/volcengine/volcengine-go-sdk dependency-version: 1.1.25 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: miner <miner.yang@broadcom.com> * Delete local cache if the artifact doesn't exist in upstream registry (goharbor#22175) fixes goharbor#20596 Signed-off-by: stonezdj <stonezdj@gmail.com> * update the support list of proxy cache (goharbor#22237) According to PR goharbor#22198, some inactive adapters have been removed from the default adapter list. This pull request updates PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE accordingly, since the list of proxy cache adapters should be a subset of the replication adapters. Signed-off-by: wy65701436 <wangyan@vmware.com> * bump go version (goharbor#22238) * feat: Single Active Replication (goharbor#21347) feat(replication): add Single Active Replication per policy * Added single_active_replication field to schema & DB table * Updated API, controller & handler to enforce single execution per policy * Added checkbox in UI to enable/disable single_active_replication for a policy * Implemented necessary backend & frontend tests * Prevents parallel runs per policy if single_active_replication is enabled Signed-off-by: bupd <bupdprasanth@gmail.com> * bump base verson for v2.15.0 (goharbor#22241) Signed-off-by: wy65701436 <wangyan@vmware.com> * build base images (goharbor#22249) 1, downgrade the base version to 2.14, and update it whenever we have the release-2.14.0 branch. 2, refresh the base images bses on the latest code. Signed-off-by: wy65701436 <wangyan@vmware.com> * Upload build logs to github artifact (goharbor#22223) Upload log files to github with 5 day retention Signed-off-by: stonezdj <stone.zhang@broadcom.com> * add prepare migration script for 2.14.0 (goharbor#22247) Signed-off-by: my036811 <miner.yang@broadcom.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in /src (goharbor#22258) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.18.4 to 3.18.5. - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.18.4...v3.18.5) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/checkout from 3 to 5 (goharbor#22250) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.25 to 1.1.26 in /src (goharbor#22244) chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.25 to 1.1.26. - [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases) - [Commits](volcengine/volcengine-go-sdk@v1.1.25...v1.1.26) --- updated-dependencies: - dependency-name: github.com/volcengine/volcengine-go-sdk dependency-version: 1.1.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Return the Resport when the scanner is unhealthy (goharbor#22255) This commit fixes goharbor#22254 It updates the "GetReport" function, such that when the scanner is unhealthy, and we can't know the the artifact is supported, we will still try to return the report stored in DB. Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> * Refine the sql to query non empty repositories (goharbor#22269) use exists instead of in condition Signed-off-by: stonezdj <stone.zhang@broadcom.com> * chore(deps): bump github.com/beego/beego/v2 from 2.3.6 to 2.3.8 in /src (goharbor#22282) Bumps [github.com/beego/beego/v2](https://github.com/beego/beego) from 2.3.6 to 2.3.8. - [Release notes](https://github.com/beego/beego/releases) - [Changelog](https://github.com/beego/beego/blob/master/CHANGELOG.md) - [Commits](beego/beego@v2.3.6...v2.3.8) --- updated-dependencies: - dependency-name: github.com/beego/beego/v2 dependency-version: 2.3.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 in /src (goharbor#22283) chore(deps): bump github.com/prometheus/client_model in /src Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.1 to 0.6.2. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](prometheus/client_model@v0.6.1...v0.6.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-version: 0.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.2 to 2.16.1 in /src (goharbor#22281) chore(deps): bump github.com/cloudevents/sdk-go/v2 in /src Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.15.2 to 2.16.1. - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](cloudevents/sdk-go@v2.15.2...v2.16.1) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-version: 2.16.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/go-openapi/swag from 0.23.0 to 0.23.1 in /src (goharbor#22243) chore(deps): bump github.com/go-openapi/swag in /src Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.23.0 to 0.23.1. - [Commits](go-openapi/swag@v0.23.0...v0.23.1) --- updated-dependencies: - dependency-name: github.com/go-openapi/swag dependency-version: 0.23.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/volcengine/volcengine-go-sdk from 1.1.26 to 1.1.29 in /src (goharbor#22284) chore(deps): bump github.com/volcengine/volcengine-go-sdk in /src Bumps [github.com/volcengine/volcengine-go-sdk](https://github.com/volcengine/volcengine-go-sdk) from 1.1.26 to 1.1.29. - [Release notes](https://github.com/volcengine/volcengine-go-sdk/releases) - [Commits](volcengine/volcengine-go-sdk@v1.1.26...v1.1.29) --- updated-dependencies: - dependency-name: github.com/volcengine/volcengine-go-sdk dependency-version: 1.1.29 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update README.md (#48) Describe whats different in next Signed-off-by: Vadim Bauer <vb@container-registry.com> * Update README.md (#54) Signed-off-by: Vadim Bauer <vb@container-registry.com> * feat: daggerize harbor Signed-off-by: bupd <bupdprasanth@gmail.com> * fix: dagger cmds Signed-off-by: bupd <bupdprasanth@gmail.com> * feat: add publish pipeline with dagger Signed-off-by: bupd <bupdprasanth@gmail.com> * fix: pipeline Signed-off-by: bupd <bupdprasanth@gmail.com> --------- Signed-off-by: yuzhipeng <yuzp1996@gmail.com> Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch> Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com> Signed-off-by: rgcr <roger.dev@pm.me> Signed-off-by: Mooneeb Hussain <mooneeb.hussain@gmail.com> Signed-off-by: stonezdj <stone.zhang@broadcom.com> Signed-off-by: my036811 <miner.yang@broadcom.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: wang yan <wangyan@vmware.com> Signed-off-by: chlins <chlins.zhang@gmail.com> Signed-off-by: wy65701436 <wangyan@vmware.com> Signed-off-by: stonezdj <stonezdj@gmail.com> Signed-off-by: bupd <bupdprasanth@gmail.com> Signed-off-by: Vadim Bauer <vb@container-registry.com> Signed-off-by: Prasanth Baskar <bupdprasanth@gmail.com> Co-authored-by: yuzhipeng <yuzp1996@gmail.com> Co-authored-by: Spyros Trigazis <strigazi@gmail.com> Co-authored-by: Daniel Jiang <daniel.jiang@broadcom.com> Co-authored-by: Roger <roger.dev@pm.me> Co-authored-by: Moon <mooneeb@chkk.io> Co-authored-by: stonezdj(Daojun Zhang) <stonezdj@gmail.com> Co-authored-by: miner <miner.yang@broadcom.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: miner <yminer@vmware.com> Co-authored-by: Wang Yan <wangyan@vmware.com> Co-authored-by: Chlins Zhang <chlins.zhang@gmail.com> Co-authored-by: Vadim Bauer <vb@container-registry.com>

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of goharbor#21915 Fixes goharbor#21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of goharbor#21915 Fixes goharbor#21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

stonezdj requested a review from a team as a code owner April 23, 2025 02:50

github-actions bot assigned chlins, OrlinVasilev and wy65701436 Apr 23, 2025

stonezdj added the release-note/update Update or Fix label Apr 23, 2025

Update the severity, fixed version and cvss_score_v3

778a30c

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

stonezdj force-pushed the 26apr02_update_cve branch from 40a0491 to 778a30c Compare April 23, 2025 02:51

stonezdj enabled auto-merge (squash) April 23, 2025 02:52

chlins approved these changes Apr 23, 2025

View reviewed changes

wy65701436 approved these changes Apr 25, 2025

View reviewed changes

Merge branch 'main' into 26apr02_update_cve

ad331ed

stonezdj merged commit bef6674 into goharbor:main Apr 25, 2025
12 checks passed

wy65701436 pushed a commit to wy65701436/harbor that referenced this pull request May 16, 2025

Update the severity, fixed version and cvss_score_v3 (goharbor#21915)

03d14e8

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

strigazi added a commit to strigazi/harbor that referenced this pull request May 18, 2025

Update FixVersion and ScoreV3 goharbor#21915

ac58a19

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

strigazi mentioned this pull request May 18, 2025

Update FixVersion and ScoreV3 #22007

Merged

reasonerjt pushed a commit that referenced this pull request Jul 15, 2025

Update FixVersion and ScoreV3 (#22007)

6c620dc

Set Fix and CVE3Score in VulnerabilityRecord from VulnerabilityItem. Follow-up of #21915 Fixes #21463 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

OrlinVasilev pushed a commit to OrlinVasilev/harbor that referenced this pull request Oct 29, 2025

Update the severity, fixed version and cvss_score_v3 (goharbor#21915)

b5bc8bc

Signed-off-by: stonezdj <stone.zhang@broadcom.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update the severity, fixed version and cvss_score_v3 #21915

Update the severity, fixed version and cvss_score_v3 #21915

Uh oh!

stonezdj commented Apr 23, 2025 •

edited

Loading

Uh oh!

chlins left a comment

Uh oh!

codecov bot commented Apr 23, 2025 •

edited

Loading

Uh oh!

wy65701436 left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Update the severity, fixed version and cvss_score_v3 #21915

Update the severity, fixed version and cvss_score_v3 #21915

Uh oh!

Conversation

stonezdj commented Apr 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Comprehensive Summary of your change

Issue being fixed

Uh oh!

chlins left a comment

Choose a reason for hiding this comment

Uh oh!

codecov bot commented Apr 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

wy65701436 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

stonezdj commented Apr 23, 2025 •

edited

Loading

codecov bot commented Apr 23, 2025 •

edited

Loading