Sourced from github.com/distribution/distribution/v3's releases.

v3.1.0

Welcome to the v3.1.0 release of registry!

This is a stable release

Please try out the release binaries and report any issues at https://github.com/distribution/distribution/issues.

Notable Changes

• Fixes CVE-2026-35172
• Fixes CVE-2026-33540
• Adds support for tag pagination (#4360, #4353)
• Fixes default credentials in Azure storage provider (#4619)
• Drops support for go1.23 and go1.24 and updates to go1.25

See the full changelog below for the full list of changes.

What's Changed

• docs: Update to refer to new image tag v3 by @​schanzel in distribution/distribution#4373
• Fix default_credentials in azure storage provider by @​switchboardOp in distribution/distribution#4619
• chore: make function comment match function name by @​closeobserve in distribution/distribution#4622
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory by @​dependabot[bot] in distribution/distribution#4625
• fix: implement JWK thumbprint for Ed25519 public keys by @​zhangyoufu in distribution/distribution#4626
• fix: Annotate code block from validation.indexes configuration docs by @​anzoman in distribution/distribution#4629
• feat: extract redis config to separate struct by @​shanduur in distribution/distribution#4620
• Fix: resolve issue #4478 by using a temporary file for non-append writes by @​onporat in distribution/distribution#4624
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in distribution/distribution#4645
• docs: Add note about OTEL_TRACES_EXPORTER by @​jcpunk in distribution/distribution#4669
• fix: set OTEL traces to disabled by default by @​jcpunk in distribution/distribution#4671
• Fix markdown syntax for OTEL traces link in docs by @​shantanoo-desai in distribution/distribution#4676
• Switch UUIDs to UUIDv7 by @​binaryfire in distribution/distribution#4666
• refactor: replace map iteration with maps.Copy/Clone by @​whosehang in distribution/distribution#4632
• s3-aws: fix build for 386 by @​ChenQi1989 in distribution/distribution#4642
• docs: Add OpenTelemetry links to quickstart docs (#4270) by @​dpw13 in distribution/distribution#4640
• Fix S3 driver loglevel param by @​milosgajdos in distribution/distribution#4617
• Fixed data race in TestSchedule test by @​horoshev in distribution/distribution#4647
• Fixes #4683 - uses X/Y instead of Gx/Gy for thumbprint of ecdsa keys by @​gpgenaiz in distribution/distribution#4684
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in distribution/distribution#4687
• Fix broken link to Docker Hub fair use policy by @​Klikini in distribution/distribution#4688
• fix(registry/handlers/app): redis CAs by @​ChandonPierre in distribution/distribution#4668
• build(deps): bump actions/labeler from 5 to 6 by @​dependabot[bot] in distribution/distribution#4694
• build(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in distribution/distribution#4693
• build(deps): bump actions/upload-pages-artifact from 3 to 4 by @​dependabot[bot] in distribution/distribution#4691
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in distribution/distribution#4706
• build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 by @​dependabot[bot] in distribution/distribution#4710
• build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in distribution/distribution#4714
• chore: labeler: add area/client mapping for internal/client/** by @​artem-tkachuk in distribution/distribution#4716
• client: add Accept headers to Exists() HEAD by @​artem-tkachuk in distribution/distribution#4715
• feat(registry): Make graceful shutdown test robust by @​Sumedhvats in distribution/distribution#4720

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.