From 958ce2122a2a4a70b8710218bae66a17b3291620 Mon Sep 17 00:00:00 2001 From: Ramkumar Chinchani Date: Wed, 13 Mar 2024 18:45:32 +0000 Subject: [PATCH] docs: update whats-new section for v2.0.2 Add a summary of important changes in release v2.0.2 Signed-off-by: Ramkumar Chinchani --- .wordlist.txt | 1 + docs/general/whats-new.md | 26 ++++++++++++++++++++++++++ docs/user-guides/zli.md | 20 ++++++++++++++++++++ 3 files changed, 47 insertions(+) diff --git a/.wordlist.txt b/.wordlist.txt index c62e5ff..2ca6dd6 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -172,6 +172,7 @@ onboarding Onboarding onDemand onlySigned +openjdk OpenAPI OpenID oras diff --git a/docs/general/whats-new.md b/docs/general/whats-new.md index a382298..3976d4b 100644 --- a/docs/general/whats-new.md +++ b/docs/general/whats-new.md @@ -1,5 +1,31 @@ # What's New +## [v2.0.2](https://github.com/project-zot/zot/releases/tag/v2.0.2) + +### CVE Query Enhancements + +It is now possible to bisect CVEs (`zli cve diff`) between two image +tags/versions in the same repository. Furthermore, a CVE query for a particular +image tag can return a detailed description of CVEs. + +### Documentation for "Immutable Image Tags" + +A new article has been added to document how image tags can be made +[immutable](../articles/immutable-tags.md). + +### Cross-repo tag search in UI + +You can now search for a tag across all repos by starting your query as +':' in the UI, which will return all images that have that tag. + +### Support for [ORAS Artifacts](https://github.com/oras-project/artifacts-spec) removed + +[OCI distribution spec](https://github.com/opencontainers/distribution-spec) +1.1.0 has added support "artifacts" which is likely to gain wider adoption. +ORAS artifacts are not widely used or supported. + + :warning: Support is removed starting from this version. + ## [v2.0.1](https://github.com/project-zot/zot/releases/tag/v2.0.1) ### Support for hot reloading of LDAP credentials file diff --git a/docs/user-guides/zli.md b/docs/user-guides/zli.md index 46634d9..7158f39 100644 --- a/docs/user-guides/zli.md +++ b/docs/user-guides/zli.md @@ -102,6 +102,16 @@ This example displays a list of all CVEs affecting a specific image: CVE-2015-8540 LOW libpng: underflow read in png_check_keyword() CVE-2017-16826 LOW binutils: Invalid memory access in the coff_s... +This example (--verbose) displays a list of all CVEs affecting a specific image with details: + + $ bin/zli cve list c3/openjdk-dev:0.3.19 --config remote-zot --verbose + LOW 2, UNKNOWN 1, TOTAL 3 + + CVE-2015-8540 + ... + + Note that the details may display the package path in the image when the information is available. + This example displays the detailed CVEs in JSON format: $ bin/zli cve list c3/openjdk-dev:0.3.19 --config remote-zot -f json @@ -148,6 +158,16 @@ This example lists all images on a specific zot server where the CVE has been fi c3/openjdk-dev commit-2674e8a-squashfs b545b8ba 321MB c3/openjdk-dev commit-d5024ec-squashfs cd45f8cf 321MB +This example lists all CVEs that have been found in one image and not the other: + + $ bin/zli cve diff c3/openjdk-dev:1.0.0 c3/openjdk-dev:2.0.0 --config remote-zot + + ID SEVERITY TITLE + CVE-2015-8540 LOW libpng: underflow read in png_check_keyword() + CVE-2017-16826 LOW binutils: Invalid memory access in the coff_s... + + For example, the above query lists all CVEs that have been found in + c3/openjdk-dev:1.0.0 but not in c3/openjdk-dev:2.0.0 ### Listing repositories