| CARVIEW |
Select Language
HTTP/2 200
date: Wed, 23 Jul 2025 06:28:57 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"3d2f40bf00b8d065d6336adfc4153a56"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=OLiDEo9njqxK%2B%2BnwEfS5EHYKToTHCODH0TDW8ioNm%2B46x3K51DAPJZnYWiTHd9WLSQjxXtyulnLs8rAZ2TCwCZcAfzu3P%2BiK3NJz4ua0mKK%2FREnOr3Dvf7rjObvNSYMWdcjE1%2F%2F8PBqyjQT0VV9YogKjDKaroHdAphC5pvgElVMe2Ag7%2BOY4kLzw6nL50SaWEY%2FaIzYQyDn0hULyg4uxchcVjAAYCrcKsW0qE32uNnroBjePwYr197pGHfKuXlfi%2FuY49KI5%2FiUrHvqQ3zo8EQ%3D%3D--8a8fm7U45Wl2aUDx--FcU5UsjzDYCUXPPRMfEj9A%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.718468849.1753252136; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 06:28:56 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 06:28:56 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 9E42:1D735C:51C07C:69929C:68808128
Releases · regclient/regclient · GitHub
30 Jun 14:30
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
23 Apr 19:21
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
14 Feb 15:04
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
11 Feb 21:46
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
10 Dec 21:02
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
04 Nov 14:49
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
03 Aug 20:01
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
12 Jul 18:45
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
14 May 13:22
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
24 Mar 18:12
sudo-bmitch
Brandon Mitchell
sudo-bmitch
Brandon Mitchell
Loading
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 102
Releases: regclient/regclient
Releases · regclient/regclient
v0.9.0
v0.9.0
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
ad4e3d9
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.9.0
Breaking:
- Drop support for 3rd Go release because of upstream forced upgrades (see golang/go#69095). (PR 948)
Features:
Fixes:
- Convert docker attestations built with
oci-artifact=true. (PR 949) - Allow duplicate keys in yaml config. (PR 952)
Miscellaneous:
Contributors:
Contributors
sudo-bmitch and JimmyMa
Assets 24
- sha256:0bc06fa5fff5375bc62b8d5e48bd13e85eb34a7495459ad945f71dd12866a7d6
2025-06-30T14:30:59Z - sha256:c2fd5332cc37e3695a99a8127a0dc6c76dd48b1506d2a5de019bcf6abb3f00a1
2025-06-30T14:30:59Z - sha256:5450951f04f4a3f3a0f6e7fbeb00628bcc3a8de8e1990b71ca41c122832fd420
2025-06-30T14:30:59Z - sha256:0093ab4e0cb462fc3720f0c235b3dcf1984ac5796992a2e5e05c00d51d82df21
2025-06-30T14:30:59Z - sha256:6d3f9b4cf5d98a94078d48846556371788c474483c7ae012ce01e8c514e19910
2025-06-30T14:30:59Z - sha256:eb1b2210318d28d542e4381113bc83942429f773d932b442369d3c13619fc36b
2025-06-30T14:30:59Z - sha256:02ca9245394c181de96f97b0c8ae2890f0b0fdc8400471c60b2b2e5cfb55ed41
2025-06-30T14:30:59Z - sha256:3f04118aa03db68a8aca72d9825a1aaf38da13ecceff760b3873474038b5f67a
2025-06-30T14:30:59Z - sha256:fe9f4c84d87e6c9f7c7634a4730d1149df04548b66834092f269b70fcc573b27
2025-06-30T14:30:59Z - sha256:4bb4d22fc546322394593a8a702b2990b22bf57ceb83a103117d81a4ab7bbd16
2025-06-30T14:30:59Z -
2025-06-30T14:25:31Z -
2025-06-30T14:25:31Z - Loading
2 people reacted
v0.8.3
v0.8.3
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
ba184b3
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.8.3
Features:
- Add
ref.AddDigestmethod that does not unset the tag. (PR 910) - Adding a
regctl registry whoamicommand. (PR 912) - Improve
regctl image check-baseoutput. (PR 917) - regsync option to abort on errors. (PR 924)
- Improve fallback tag handling. (PR 925)
- regctl flag to ignore missing images on delete. (PR 930)
Fixes:
Changes:
- Update supported Go releases to 1.22, 1.23, and 1.24. (PR 909)
- Modernize Go to the 1.22 specs. (PR 910)
- Refactor cobra commands. (PR 915)
- Include Docker Hub repository documentation. (PR 918)
- Move documentation pointers to the website. (PR 939)
Contributors:
Contributors
sudo-bmitch
Assets 24
4 people reacted
v0.8.2
v0.8.2
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
e7e5436
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.8.2
This fixes a regression in v0.8.1 for users authenticating using a refresh token.
Fixes:
- Allow authentication with a token. (PR 908)
Contributors:
Contributors
sudo-bmitch
Assets 24
1 person reacted
v0.8.1
v0.8.1
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
80af8a3
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.8.1
Security:
- Go v1.23.6 fixes CVE-2025-22866. (PR 906)
Features:
Fixes:
- Do not request offline refresh token. (PR 893)
- Ignore unsupported entries in docker config. (PR 894)
- Align log levels with slog. (PR 901)
- Interval overrides a default schedule in regsync and regbot. (PR 904)
Miscellaneous:
- Adding a logo. (PR 889)
Contributors:
Contributors
sudo-bmitch and obaibula
Assets 24
2 people reacted
v0.8.0
v0.8.0
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
106f460
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.8.0
Highlights
There are three headline changes in this release: slog support, external referrers, and deprecating legacy packages.
This release switches from logrus to slog.
Migration methods are included to minimize the impact on existing users.
Anyone parsing the logging output from regctl, regsync, and regbot will notice the format has changed.
External referrers allow referrers to be pushed and pulled from a separate repository from the subject image.
This feature requires users to provide the external repository themselves since a registry has no way to communicate this to the user.
An example use case of this feature are third parties, like security scanners, providing attestations of images they do not control.
Legacy packages have been disabled by default and will eventually be removed.
To continue using legacy packages until their removal, you may compile with -tags legacy.
Breaking
- Breaking: Warning handlers switched from
logrustoslogwhich will only impact those with a custom warning handler. (PR 847) - Breaking: Disable legacy packages by default. (PR 852)
Features
- Feat: Refactor logging to use log/slog. (PR 847)
- Feat: Switch regbot to slog. (PR 849)
- Feat: Switch regctl to slog. (PR 850)
- Feat: Switch regsync to slog. (PR 851)
- Feat: Move logrus calls into files excluded by wasm. (PR 853)
- Feat: Allow plus in ocidir path. (PR 856)
- Feat: Support referrers in an external repository. (PR 866)
- Feat: Image mod environment variables. (PR 867)
- Feat: Include source in referrers response. (PR 870)
- Feat: Add external flag to regctl artifact put. (PR 873)
- Feat: Copy image with external referrers. (PR 874)
- Feat: Document community maintained packages. (PR 878)
- Feat: Support external referrers in regsync. (PR 881)
- Feat: Support incomplete subject descriptor. (PR 885)
Fixes
- Fix: Inject release notes by file. (PR 854)
- Fix: Platform test for darwin/macos should not add variant. (PR 879)
- Fix: Handle repeated digest in copy with external referrers. (PR 882)
Chores
- Chore: Improve error message when inspecting artifacts. (PR 862)
- Chore: Remove unused short arg parameters. (PR 877)
Contributors
Contributors
sudo-bmitch
Assets 24
3 people reacted
v0.7.2
v0.7.2
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
6b1f7bd
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.7.2
Breaking Changes:
The breaking changes are to internal methods and undocumented features that should not be encountered by users.
- Update scheme to use pqueue instead of throttle. (PR 803)
- Removes an undocumented API for deleting images from Hub. (PR 803)
config.Host.Throttle()has been removed. Usescheme.Throttlerinstead. (PR 813)
Features:
- Significant refactor of http APIs to speed up image copies. (PR 803)
- Add a priority queue for network requests. (PR 803)
- Move logging into transport and rework backoff. (PR 803)
- Remove default rate limit. (PR 803)
- Add priority queue algorithm and reorder image copy steps. (PR 803)
- Consolidate warnings. (PR 810)
- Limit number of retries for a request. (PR 812)
- Add default host config. (PR 821)
Fixes:
- Update GHA output generating steps. (PR 800)
- Lookup referrers when registry does not give digest with head. (PR 801)
- Support auth on redirect. (PR 805)
- Prevent data race when reading blob and seeking. (PR 814)
- Detect integer overflows on type conversion. (PR 830)
- Add a warning if syft is not installed. (PR 841)
- Race condition in the pqueue tests. (PR 843)
- Dedup warnings on image mod. (PR 846)
Chores:
- Update staticcheck and fix linter warnings for Go 1.23. (PR 804)
- Remove digest calculation from reghttp. (PR 803)
- Remove
ReqPerSecin tests. (PR 806) - Move throttle from
configtoreghttp. (PR 813) - Refactoring to remove globals in regsync. (PR 815)
- Refactor to remove globals in regbot. (PR 816)
- Remove throttle package. (PR 817)
- Update version-bump config for processors. (PR 828)
- Update config to use yaml anchors and aliases (PR 829)
- Do not automatically assign myself to GitHub issues. (PR 831)
- Remove OpenSSF scorecard and best practices. (PR 832)
- Update docker image base filesystem. (PR 837)
Contributors:
Contributors
sudo-bmitch
Assets 24
2 people reacted
v0.7.1
v0.7.1
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
cdfb08e
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.7.1
PR 798 fixes an issue where a malicious registry could return a pinned manifest different from the request.
Commands like regctl manifest get $image@$digest will now verify the digest of the returned manifest matches the request rather than the registry headers.
Security updates:
- Validate the digest of the ref when provided. (PR 798) (GHSA-qv35-3gw6-8q4j)
Features:
- Add a
WithDockerCredsFile() regclient.Opt. (PR 784) - Add
regctl artifact get --configoption to only return the config. (PR 795)
Fixes:
- Detect
amd64variants for--platform local. (PR 782) - Mod tracking of changed manifests. (PR 783)
- Tar path separator should always be a
/. (PR 788)
Other Changes:
- Remove docker build cache in GHA. (PR 780)
Contributors:
Contributors
mmonaco, sudo-bmitch, and stormyyd
Assets 24
2 people reacted
v0.7.0
v0.7.0
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
3e517a0
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.7.0
CVEs:
- CVE-2024-24790 fix included with Go 1.22.4 upgrade. (PR 762)
- CVE-2024-24791 fix included with Go 1.22.5 upgrade. (PR 777)
Breaking:
regctl registry setandregctl registry loginwill return a non-zero if the ping fails. (PR 751)- Removed
WithFSwhich required access to an internal interface to use. (PR 772)
Features:
- Add an experimental
regctl refcommand. (PR 765) - Support digest algorithms beyond sha256. (PR 776)
- Support modifying the digest algorithm on an image. (PR 776)
- Experimental support for pushing tagged manifests with different digest algorithms. (PR 778)
Fixes:
- Prevent panic on interrupted image mod. (PR 746)
- Enable deletion on olareg tests. (PR 758)
- Allow
~(tilde) in ocidir reference paths. (PR 763) - Allow well known architectures as a platform. (PR 771)
- Validate digests before calling methods that could panic. (PR 776)
Other changes:
- Refactor pulling manifests by platform. (PR 768)
- Cleanup Dockerfile linter warnings. (PR 770)
- Enable docker caching of GHA builds. (PR 773)
- Include a contributor list in the readme. (PR 774)
Contributors:
Contributors
sudo-bmitch and thesayyn
Assets 24
4 people reacted
v0.6.1
v0.6.1
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
766ee62
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.6.1
CVEs:
- Go update fixes CVE-2024-24788. (PR 739)
Breaking:
- pkg/archive.Compress no longer decompresses the input. (PR 732)
Features:
- Add the
regclient.ImageConfigmethod. (PR 706) - Add ability to modify the layer compression. (PR 730)
- Add support for zstd compressed layers. (PR 732)
- Add image mod ability to append layers to an image. (PR 736)
regctl image modadd layer from directory. (PR 740)
Fixes:
- Override the Go version used by the OSV Scanner. (PR 691)
- Validate media types on
regctl artifact put. (PR 707) - Use the provided descriptor in the BlobGet/Head to a registry. (PR 724)
- Replace "whitelist" with "known list" for inclusivity. (PR 725)
- Handle nil pointer when config file is a directory. (PR 738)
Chores:
- Limit token permission on the coverage action. (PR 705)
- Clarify
regctl manifest head --platformwill trigger a get request. (PR 713) - Reenable OSV Scanner weekly check in GitHub Actions. (PR 715)
- Add fuzzing tests for compression. (PR 741)
Contributors:
Contributors
sudo-bmitch
Assets 24
4 people reacted
v0.6.0
v0.6.0
This tag was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
9de7397
This commit was signed with the committer’s verified signature.
sudo-bmitch
Brandon Mitchell
Compare
Release v0.6.0
Breaking:
regctl artifact putno longer includes the filename annotation by default. Use--file-titleto include. (PR 659)- Dropping Go 1.19 support (PR 656)
- The platform string for windows images no longer includes the non-standard OS Version value. (PR 685)
Fixes:
- Allow pushing artifacts without an artifactType value. (PR 658)
- Image mod where created image is in a different repository (PR 662)
- Improve returned errors from
regclient.ImageCopy. (PR 663) - Cancel blob uploads on failures. (PR 666)
- Allow ctrl-c on
regctl registry login(PR 671) - Promoting annotations should ignore child manifests that have been removed from the tree. (PR 675)
- Pin base image digest in build scripts to match Dockerfile pins. (PR 678)
- Error wrapping fixed in several locations. (PR 682)
- Platform selection now finds the best match rather than the first compatible match. (PR 685)
- Update registry versions in CI tests. (PR 687)
- Missing lines from diff context. (PR 688)
- Replace
syft packageswithsyft scan. (PR 695) - Image mod can manage the data file on the config descriptor of artifacts. (PR 697)
Features:
- Adding Go 1.22 support (PR 656)
- Add
BlobDeletesupport for ocidir references. (PR 669) - Add
regctl blob deletecommand. (PR 669) - Support formatting output on
regctl registry config. (PR 673) - Add image mod ability to promote common annotations in the child images to the index. (PR 674)
- Specifying windows OS Version now uses a comma separated syntax in the platform string. (PR 685)
- Detect AMD64 variant when looking up local platform. (PR 692)
- Add ability to set the config platform setting with
regctl image mod. (PR 693) - Image mod support for setting the entrypoint and cmd. (PR 694)
Deprecations:
- Errors in
typesare moved to theerrspackage. (PR 686) - MediaTypes in
typesare moved to themediatypepackage. (PR 686) - Descriptor and associated variables in
typesare moved to thedescriptorpackage. (PR 686) github.com/regclient/regclient/regclient(3 levels of regclient) deprecations are now identified by the standard comment to trigger linters. (PR 686)
Other changes:
- Update OSV scanner to monitor for unapproved licenses. (PR 655)
- Include an API example in the Go docs. (PR 657)
- Add examples to regctl help messages. (PR 660)
- Include the Go Report Card badge. (PR 664)
- Document the availability of the GitHub Actions installer for
regctl. (PR 665) - Add examples to regctl help messages. (PR 672)
- Redesign how annotations are added to the regclient images. (PR 676)
- Remove uuid dependency from test code, replace with a random string generator. (PR 677)
- Manage base image annotation with version-bump. (PR 679)
- Use
t.Fatalwhere appropriate. (PR 680) - Remove wraperr package. (PR 681)
- Add links to the GHA workflow badges. (PR 683)
- Include a download count badge. (PR 684)
- Refactoring
typespackage to avoid circular dependency issues. (PR 686) - Cleanup unused parameters on private functions. (PR 698)
- Resume push of SBOMs to Docker Hub. (PR 701)
Contributors:
Contributors
sudo-bmitch
Assets 24
Previous Next
You can’t perform that action at this time.