github/zot

mirror of https://github.com/project-zot/zot.git synced 2026-06-15 11:37:56 +08:00

T

Vishwas Rajashekar c18a4a975d fix(authz): metrics: deny authenticated users not in ACL even with anonymous read (#4131 )

* fix(authz): metrics: reject users not in list even with anonymous read

Even when anonymous reads are enabled for metrics, users not in the
allowed list should not be allowed.

This change also refactors the MetricsAuthzHandler to align better
with this logic.

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

* fix(authz): address review comments

Address comments to pass username when present
to AuthzFail if user is not allowed for metrics.
This changes the response to Forbidden instead of
Unauthorized.

Use isAnonymous() check instead of only checking for
empty username.

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

* fix(authz): fix additional review comments

Fix a few more review comments

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

---------

Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>

2026-06-14 17:29:22 +03:00

chore: fix dependabot alerts (#4126 )

2026-06-11 17:22:15 -07:00

feat(ui): update zui version (#2162 )

2024-01-17 17:22:33 +02:00

chore: fix dependabot alerts (#4048 )

2026-05-11 09:29:05 +03:00

chore: fix dependabot alerts (#4048 )

2026-05-11 09:29:05 +03:00

feat(sync): use regclient for sync extension (#2903 )

2025-04-15 16:58:15 -07:00

swagger: rename 'docs/' to 'swagger/'

2021-10-21 13:46:14 -07:00

feat: config: validate metrics config (#4130 )

2026-06-14 16:00:03 +03:00

feat(metrics): anonymous access when enabled in accessControl config (#4110 )

2026-06-10 10:19:28 +03:00

fix(authz): metrics: deny authenticated users not in ACL even with anonymous read (#4131 )

2026-06-14 17:29:22 +03:00

feat(events): add events extension (#3045 )

2025-05-02 12:30:06 -07:00

fix(security): enhance timeout configurations and body size limits fo… (#3984 )

2026-04-26 22:23:48 +03:00

feat: add trivy-based sbom artifact generation support (#4088 )

2026-05-23 23:24:12 -07:00

.gitattributes

build(deps): bump all dependencies (#2532 )

2024-08-02 14:23:53 -07:00

.gitignore

feat: add trivy-based sbom artifact generation support (#4088 )

2026-05-23 23:24:12 -07:00

.golangci.yaml

fix(lint): silence deprecated gomodguard linter warning (#4070 )

2026-05-16 11:46:40 -07:00

CODE_OF_CONDUCT.md

doc: add a CODE_OF_CONDUCT.md

2020-12-15 11:20:45 -08:00

codecov.yml

refactor(metadb): improve UX by speeding up metadb serialize/deserialize (#1842 )

2023-10-30 13:06:04 -07:00

CODEOWNERS

docs: update maintainers and codeowners info (#3502 )

2025-10-31 12:47:10 -07:00

COMPARISON.md

move references to zotregistry.io and project-zot

2021-12-05 10:52:27 -08:00

CONTRIBUTING.md

build: fix container image targets (#1856 )

2023-10-04 09:12:56 -07:00

go.mod

chore: fix dependabot alerts (#4126 )

2026-06-11 17:22:15 -07:00

go.sum

chore: fix dependabot alerts (#4126 )

2026-06-11 17:22:15 -07:00

LICENSE

fix: license copyright update (#3167 )

2025-05-25 11:57:49 +03:00

MAINTAINERS.md

docs: update maintainers and codeowners info (#3502 )

2025-10-31 12:47:10 -07:00

Makefile

chore: fix dependabot alerts (#4126 )

2026-06-11 17:22:15 -07:00

NOTICE

docs: fix copyright related info for cncf onboarding (#1117 )

2023-01-17 15:43:45 -08:00

README_fuzz.md

Add fuzz tests for storage_fs (#601 )

2022-07-27 20:37:55 +03:00

README.md

fix: migrate to Go module v2 for proper semantic versioning (#3462 )

2025-10-16 22:43:47 -07:00

SECURITY.md

chore: update support matrix

2024-03-14 09:43:42 -07:00

THIRD-PARTY-LICENSES.md

chore: fix dependabot alerts (#2645 )

2024-09-09 18:32:57 -07:00

tools.go

chore: update golangci-lint and fix all issues (#3575 )

2025-11-22 23:36:48 +02:00

zot.go

zot: initial commit

2019-06-21 15:29:19 -07:00

README.md

zot

zot: a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire, that's it!

Documentation for zot is located at: https://zotregistry.dev

Code of conduct details are here.

License