diff --git a/.wordlist.txt b/.wordlist.txt index c62e5ff..2ca6dd6 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -172,6 +172,7 @@ onboarding Onboarding onDemand onlySigned +openjdk OpenAPI OpenID oras diff --git a/docs/general/whats-new.md b/docs/general/whats-new.md index a382298..aea2e7c 100644 --- a/docs/general/whats-new.md +++ b/docs/general/whats-new.md @@ -1,5 +1,31 @@ # What's New +## [v2.0.2](https://github.com/project-zot/zot/releases/tag/v2.0.2) + +### CVE Query Enhancements + +It is now possible to bisect CVEs (`zli cve diff`) between two image +tags/versions in the same repository. Furthermore, CVE query for a particular +image tag can return a detailed description of CVEs. + +### Documentation for "Immutable Image Tags" + +A new article has been added to document how image tags can be made +[immutable](../articles/immutable-tags.md). + +### Cross-repo tag search in UI + +You can now search for a tag across all repos by starting your query as +':' in the UI which will return all images that have that tag. + +### Support for [ORAS Artifacts](https://github.com/oras-project/artifacts-spec) removed + +[OCI distribution spec](https://github.com/opencontainers/distribution-spec) +1.1.0 has added support "artifacts" which is likely to gain wider adoption. +ORAS artifacts support is not widely used or supported. + + :warning: Support is removed starting from this version. + ## [v2.0.1](https://github.com/project-zot/zot/releases/tag/v2.0.1) ### Support for hot reloading of LDAP credentials file diff --git a/docs/user-guides/zli.md b/docs/user-guides/zli.md index 46634d9..47d918e 100644 --- a/docs/user-guides/zli.md +++ b/docs/user-guides/zli.md @@ -102,6 +102,16 @@ This example displays a list of all CVEs affecting a specific image: CVE-2015-8540 LOW libpng: underflow read in png_check_keyword() CVE-2017-16826 LOW binutils: Invalid memory access in the coff_s... +This example (--verbose) displays a list of all CVEs affecting a specific image with details: + + $ bin/zli cve list c3/openjdk-dev:0.3.19 --config remote-zot --verbose + LOW 2, UNKNOWN 1, TOTAL 3 + + CVE-2015-8540 + ... + + Note that the details may display the package path in the image when the information is available. + This example displays the detailed CVEs in JSON format: $ bin/zli cve list c3/openjdk-dev:0.3.19 --config remote-zot -f json @@ -148,6 +158,15 @@ This example lists all images on a specific zot server where the CVE has been fi c3/openjdk-dev commit-2674e8a-squashfs b545b8ba 321MB c3/openjdk-dev commit-d5024ec-squashfs cd45f8cf 321MB +This example lists all CVEs has been found in one image and not the other: + + $ bin/zli cve diff c3/openjdk-dev:1.0.0 c3/openjdk-dev:2.0.0 --config remote-zot + + IMAGE NAME TAG DIGEST SIZE + c3/openjdk-dev commit-2674e8a-squashfs b545b8ba 321MB + c3/openjdk-dev commit-d5024ec-squashfs cd45f8cf 321MB + + This query lists all CVEs found in c3/openjdk-dev:1.0.0 but not in c3/openjdk-dev:2.0.0 ### Listing repositories