github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 12:58:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3bc5f97b5100c2efa82fb22d531555be5b6eddd8
zot/pkg
T
History
Andrei Aaron 7ceb01dcff fix(auth): add workaround for Docker client auth with mixed anonymous policies (#3868) 
* fix(auth): add workaround for Docker client auth with mixed anonymous policies

Docker client fails to authenticate to protected repositories when basic auth
(htpasswd/LDAP) is used with mixed access policies (some repos anonymous,
some requiring auth). This happens because Docker determines whether to send
credentials based on the /v2/ response - if it returns 200, Docker assumes
no auth is needed anywhere.

Add `forceDockerClientAuth` config option that, when enabled, forces 401 on
/v2/ for Docker clients, triggering Docker's authentication flow.

This workaround only affects Docker clients (detected via User-Agent).
Podman and other OCI-compliant clients are unaffected.

Refs: https://github.com/opencontainers/wg-auth/blob/main/docs/implementations/moby.md

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* feat: remove ForceDockerClientAuth flag and use only authz policies to determine the docker specific behavior

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

---------

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
2026-04-17 09:10:02 +03:00
..
api
fix(auth): add workaround for Docker client auth with mixed anonymous policies (#3868)
2026-04-17 09:10:02 +03:00
cel
Introduce support for OIDC workload identity federation (#3711)
2026-01-24 21:03:53 -08:00
cli
feat: Add TrivyConfig.VulnSeveritySources (Trivy's --vuln-severity-source) (#3943)
2026-04-08 09:39:26 +03:00
cluster
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
common
fix(meta): fixes for LastUpdated and TaggedTimestamp (#3754)
2026-02-03 21:10:35 +02:00
compat
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
compliance
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
debug
fix: graphql playground documentation was hardcoded to an unrelated example (#3721)
2026-01-21 09:28:49 +02:00
exporter
chore: Enable Go jsonv2 experiment and update the trivy dependency (v0.67.2) (#3572)
2025-11-27 09:58:37 +02:00
extensions
feat: Add TrivyConfig.VulnSeveritySources (Trivy's --vuln-severity-source) (#3943)
2026-04-08 09:39:26 +03:00
log
fix: make sure the function and caller information are added to log messages emitted by 3rd party libraries using slog directly. (#3659)
2025-12-19 07:32:13 +02:00
meta
feat(api): add repository quota enforcement middleware (#3923)
2026-04-13 23:18:34 +03:00
regexp
feat: support pushing multiple tags for a single manifest (#3885)
2026-03-29 21:13:24 +03:00
requestcontext
chore: update golangci-lint and fix all issues (#3575)
2025-11-22 23:36:48 +02:00
retention
fix: prevent nil pointer dereference in RemoveImageFromRepoMeta (#3658)
2025-12-17 11:44:51 +02:00
scheduler
refactor(test): new apis for creating temporary files (#3605)
2025-12-05 09:54:38 +02:00
storage
fix: Updating a repository should not result in a corrupted index.json file if disk is full (#3963)
2026-04-14 08:59:25 +03:00
test
feat(api): add repository quota enforcement middleware (#3923)
2026-04-13 23:18:34 +03:00