Release v0.6.1
CVEs:
- Go update fixes CVE-2024-24788. (PR 739)
Breaking:
- pkg/archive.Compress no longer decompresses the input. (PR 732)
Features:
- Add the
regclient.ImageConfig
method. (PR 706) - Add ability to modify the layer compression. (PR 730)
- Add support for zstd compressed layers. (PR 732)
- Add image mod ability to append layers to an image. (PR 736)
regctl image mod
add layer from directory. (PR 740)
Fixes:
- Override the Go version used by the OSV Scanner. (PR 691)
- Validate media types on
regctl artifact put
. (PR 707) - Use the provided descriptor in the BlobGet/Head to a registry. (PR 724)
- Replace "whitelist" with "known list" for inclusivity. (PR 725)
- Handle nil pointer when config file is a directory. (PR 738)
Chores:
- Limit token permission on the coverage action. (PR 705)
- Clarify
regctl manifest head --platform
will trigger a get request. (PR 713) - Reenable OSV Scanner weekly check in GitHub Actions. (PR 715)
- Add fuzzing tests for compression. (PR 741)
Contributors: