github/zot

mirror of https://github.com/project-zot/zot.git synced 2026-06-15 20:07:55 +08:00

T

Ramkumar Chinchani aaee0220e4 Merge pull request from GHSA-55r9-5mx9-qq7r

when a client pushes an image zot's inline dedupe
will try to find the blob path corresponding with the blob digest
that it's currently pushed and if it's found in the cache
then zot will make a symbolic link to that cache entry and report
to the client that the blob already exists on the location.

Before this patch authorization was not applied on this process meaning
that a user could copy blobs without having permissions on the source repo.

Added a rule which says that the client should have read permissions on the source repo
before deduping, otherwise just Stat() the blob and return the corresponding status code.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
Co-authored-by: Petu Eusebiu <peusebiu@cisco.com>

2024-07-08 11:35:44 -07:00

chore: fix dependabot alerts (#2504 )

2024-07-01 13:29:39 -07:00

feat(ui): update zui version (#2162 )

2024-01-17 17:22:33 +02:00

ci: add description field to our published images (#2354 )

2024-04-01 08:40:09 -07:00

refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187 )

2024-01-31 20:34:07 -08:00

refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot (#2187 )

2024-01-31 20:34:07 -08:00

swagger: rename 'docs/' to 'swagger/'

2021-10-21 13:46:14 -07:00

fix: additional input validation for CVE graphQL query (#2408 )

2024-04-24 09:23:17 +03:00

feat(cluster): Add support for request proxying for scale out (#2385 )

2024-05-20 09:05:21 -07:00

Merge pull request from GHSA-55r9-5mx9-qq7r

2024-07-08 11:35:44 -07:00

build(go): switch to go 1.21 (#2049 )

2024-02-07 10:54:28 -08:00

fix(oras)!: remove ORAS artifact references support (#2294 )

2024-03-06 12:16:42 -08:00

feat(cluster): Add support for request proxying for scale out (#2385 )

2024-05-20 09:05:21 -07:00

.gitignore

refactor(metadb): improve UX by speeding up metadb serialize/deserialize (#1842 )

2023-10-30 13:06:04 -07:00

CODE_OF_CONDUCT.md

doc: add a CODE_OF_CONDUCT.md

2020-12-15 11:20:45 -08:00

codecov.yml

refactor(metadb): improve UX by speeding up metadb serialize/deserialize (#1842 )

2023-10-30 13:06:04 -07:00

CODEOWNERS

add a CODEOWNERS file

2022-05-04 11:52:28 -07:00

COMPARISON.md

move references to zotregistry.io and project-zot

2021-12-05 10:52:27 -08:00

CONTRIBUTING.md

build: fix container image targets (#1856 )

2023-10-04 09:12:56 -07:00

go.mod

chore: fix dependabot alerts (#2504 )

2024-07-01 13:29:39 -07:00

go.sum

chore: fix dependabot alerts (#2504 )

2024-07-01 13:29:39 -07:00

golangcilint.yaml

chore: fix dependabot alerts (#2352 )

2024-03-26 11:33:25 -07:00

LICENSE

docs: fix copyright related info for cncf onboarding (#1117 )

2023-01-17 15:43:45 -08:00

MAINTAINERS.md

docs: fix CNCF related documentation (#1099 )

2023-01-10 15:52:11 -08:00

Makefile

feat(cluster): Add support for request proxying for scale out (#2385 )

2024-05-20 09:05:21 -07:00

NOTICE

docs: fix copyright related info for cncf onboarding (#1117 )

2023-01-17 15:43:45 -08:00

README_fuzz.md

Add fuzz tests for storage_fs (#601 )

2022-07-27 20:37:55 +03:00

README.md

chore: add ossf scorecard

2024-03-14 09:43:42 -07:00

SECURITY.md

chore: update support matrix

2024-03-14 09:43:42 -07:00

THIRD-PARTY-LICENSES.md

chore: fix dependabot alerts (#2504 )

2024-07-01 13:29:39 -07:00

tools.go

chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage (#1068 )

2023-01-18 08:24:44 -08:00

zot.go

zot: initial commit

2019-06-21 15:29:19 -07:00

README.md

zot

zot: a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire, that's it!

Documentation for zot is located at: https://zotregistry.dev

Code of conduct details are here.