Release v2.2.0-rc1 · goharbor/harbor

What's New

System Level Robot Account
- Introduce system-level robot accounts to enable them to access multiple projects.
- Support for Aqua CSP Scanner
- selective API access for robot accounts
- $sign removed from robot accounts names
Metrics & Observability
Enable Harbor to expose performance & system information indicators to provide observability.
OIDC Admin Group
Allows specifying a special privileged admin group for OIDC auth, achieving parity with LDAP auth
Additional Features
- Migrate GC/Scan all/Tag Retention and Replication to task manager/scheduler.
- Enhance the proxy cache to support Google Container Registry(GCR), Elastic Container Registry(ECR), Azure Container Registry(Azure), Quay.io.
- Support Dell EMC ECS s3.
- Bump up Trivy 0.14, support pluggable scanner spec v1.1.(https://github.com/goharbor/pluggable-scanner-spec)
- Refine project manage & robot API to support both project ID & Name as indicator.
- Golang v1.15.6. Harbor is now built using Golang v1.15.6 as of this release.

Certificate Impact: Since Harbor is compiled by Golang v1.15.6, the certificates may need to be updated. Go 1.15.0 introduced changes to SSL/TLS connection validation which requires certificates to include a SAN. This field was not included in older certificates are generated by Harbor prepare script. For more information, see Go GitHub issue golang/go#39568.

Deprecate built-in Clair. Users still have the option to install Clair in out-of-tree fashion by pairing with Harbor through its interrogation services framework.
The ChartMuseum is scheduled to be deprecated in a future v2.4.0 release.

API: The /systeminfo API now displays less information when the request is triggered by an unauthenticated user. For details please refer to the following issue comment:
#9149 (comment)
Scan Report: After upgrading to v2.2, all scan reports in the previous version have been deleted due to changes in the vulnerability database scheme. Please rescan the artifacts to obtain the reports.