github/zot

mirror of https://github.com/project-zot/zot.git synced 2026-06-15 11:37:56 +08:00

T

Ramkumar Chinchani bfc59ad120 security: suppress Allow-Credentials on wildcard CORS origin (CORS-1) (#3980 )

fix(security): suppress Allow-Credentials on wildcard CORS origin (CORS-1)

Per CORS spec §3.2, Access-Control-Allow-Credentials must not be
"true" when Access-Control-Allow-Origin is the wildcard "*".

ACHeadersMiddleware (pkg/common/http_server.go) and
getUIHeadersHandler (pkg/api/routes.go) now only emit the
credentials header when an explicit, non-empty AllowOrigin is
configured.  Deployments that leave AllowOrigin blank (default
wildcard) no longer produce a contradictory header pair.

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

2026-04-18 21:14:52 +03:00

fix(ci): pass GITHUB_TOKEN explicitly to oras login in sync-trivy step (#3961 )

2026-04-12 11:17:41 +03:00

feat(ui): update zui version (#2162 )

2024-01-17 17:22:33 +02:00

fix(build): upgrade zot runtime base image to distroless debian13 (#3791 )

2026-02-12 13:22:55 +02:00

feat(zb): list tests, test regex filter, docs update (#3884 )

2026-03-21 11:43:17 +02:00

feat(sync): use regclient for sync extension (#2903 )

2025-04-15 16:58:15 -07:00

swagger: rename 'docs/' to 'swagger/'

2021-10-21 13:46:14 -07:00

feat: support pushing multiple tags for a single manifest (#3885 )

2026-03-29 21:13:24 +03:00

feat(api): add repository quota enforcement middleware (#3923 )

2026-04-13 23:18:34 +03:00

security: suppress Allow-Credentials on wildcard CORS origin (CORS-1) (#3980 )

2026-04-18 21:14:52 +03:00

feat(events): add events extension (#3045 )

2025-05-02 12:30:06 -07:00

fix(security): limit API key creation body to 4 KiB (INPUT-2) (#3978 )

2026-04-18 20:39:08 +03:00

feat(api): add repository quota enforcement middleware (#3923 )

2026-04-13 23:18:34 +03:00

.gitattributes

build(deps): bump all dependencies (#2532 )

2024-08-02 14:23:53 -07:00

.gitignore

fix: migrate from github.com/rs/zerolog to golang-native log/slog (#3405 )

2025-10-03 12:34:03 -07:00

.golangci.yaml

feat: support pushing multiple tags for a single manifest (#3885 )

2026-03-29 21:13:24 +03:00

CODE_OF_CONDUCT.md

doc: add a CODE_OF_CONDUCT.md

2020-12-15 11:20:45 -08:00

codecov.yml

refactor(metadb): improve UX by speeding up metadb serialize/deserialize (#1842 )

2023-10-30 13:06:04 -07:00

CODEOWNERS

docs: update maintainers and codeowners info (#3502 )

2025-10-31 12:47:10 -07:00

COMPARISON.md

move references to zotregistry.io and project-zot

2021-12-05 10:52:27 -08:00

CONTRIBUTING.md

build: fix container image targets (#1856 )

2023-10-04 09:12:56 -07:00

go.mod

chore: fix dependabot alerts (#3971 )

2026-04-17 09:11:32 +03:00

go.sum

chore: fix dependabot alerts (#3971 )

2026-04-17 09:11:32 +03:00

LICENSE

fix: license copyright update (#3167 )

2025-05-25 11:57:49 +03:00

MAINTAINERS.md

docs: update maintainers and codeowners info (#3502 )

2025-10-31 12:47:10 -07:00

Makefile

chore: fix dependabot alerts (#3971 )

2026-04-17 09:11:32 +03:00

NOTICE

docs: fix copyright related info for cncf onboarding (#1117 )

2023-01-17 15:43:45 -08:00

README_fuzz.md

Add fuzz tests for storage_fs (#601 )

2022-07-27 20:37:55 +03:00

README.md

fix: migrate to Go module v2 for proper semantic versioning (#3462 )

2025-10-16 22:43:47 -07:00

SECURITY.md

chore: update support matrix

2024-03-14 09:43:42 -07:00

THIRD-PARTY-LICENSES.md

chore: fix dependabot alerts (#2645 )

2024-09-09 18:32:57 -07:00

tools.go

chore: update golangci-lint and fix all issues (#3575 )

2025-11-22 23:36:48 +02:00

zot.go

zot: initial commit

2019-06-21 15:29:19 -07:00

README.md

zot

zot: a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire, that's it!

Documentation for zot is located at: https://zotregistry.dev

Code of conduct details are here.

License