harbor

v2.14.4 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 23d Artifact Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cloud-native cncf cncf-project container container-management container-registry

+5 more

containers docker helm kubernetes registry

ReleasePort's take

Moderate signal

editorial:auto 13d

Harbor v2.14.4 fixes a distribution instance vulnerability allowing credential-free editing and corrects session TTL renewal during background polling. Test session behavior before production deployment.

Why it matters: Distribution instance editing requires credentials; session renewal behavior prevents unexpected logouts. Deploy after testing session stability with background polling enabled in lower environments.

Summary

AI summary

Fixes session TTL renewal on background polling and scanner API issues.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Background polling no longer renews session TTL Background polling no longer renews session TTL Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Medium	Go runtime bumped to 1.25.9 with updated photon base images Go runtime bumped to 1.25.9 with updated photon base images Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Medium	OpenTelemetry SDK and go-jose dependencies updated OpenTelemetry SDK and go-jose dependencies updated Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	SessionRegenerate save arguments and lifetime handling fixed SessionRegenerate save arguments and lifetime handling fixed Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	DockerHub adapter now uses /v2/auth/token API for bearer tokens DockerHub adapter now uses /v2/auth/token API for bearer tokens Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Distribution instance editing without credentials issue fixed Distribution instance editing without credentials issue fixed Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Scanner API issue fixed Scanner API issue fixed Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

What's Changed

Component updates ⬆️

[CHERRY_PICK] fix(session): fix SessionRegenerate save args and lifetime by @chlins in https://github.com/goharbor/harbor/pull/22882
[CHERRY-PICK] feat(session): prevent background polling from renewing session TTL by @chlins in https://github.com/goharbor/harbor/pull/23098
(cherry-pick) Fix issue related to scanner API by @stonezdj in https://github.com/goharbor/harbor/pull/23109
(cherry-pick) Call /v2/auth/token api to get bearer token for dockerhub adapter by @stonezdj in https://github.com/goharbor/harbor/pull/23208
bump Go to 1.25.9 and use goharbor/photon:5.0 base images by @stonezdj in https://github.com/goharbor/harbor/pull/23204
Bump up the go.opentelemetry.io/otel/sdk and github.com/go-jose/go-jose package by @stonezdj in https://github.com/goharbor/harbor/pull/23215
(cherry-pick) Fix the issue distribution instance edit without creden… by @chlins in https://github.com/goharbor/harbor/pull/23220

Full Changelog: https://github.com/goharbor/harbor/compare/v2.14.3...v2.14.4

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track harbor

Get notified when new releases ship.

About harbor

An open source trusted cloud native registry project that stores, signs, and scans content.

All releases →