Harbor
v2.13.5Storage & DataHarbor v2.13.5 focuses on security improvements with stricter bearer token validation and removes sensitive configuration data from audit logs.
securityBearer token security enforcement requires review
Harbor now rejects bearer tokens issued before project creation, which could break existing integrations using older tokens. Audit your CI/CD pipelines and automation scripts that authenticate with Harbor to ensure they regenerate tokens after this upgrade.
enhancementAudit log cleanup improves security posture
Configuration payloads are no longer logged in audit trails, reducing exposure of sensitive settings. Review your log monitoring and compliance processes to ensure they still capture necessary security events without relying on configuration data in logs.
enhancementUpdated Trivy brings latest vulnerability definitions
Trivy v0.69.3 includes newer vulnerability databases and detection rules. Schedule a rescan of your container images to identify any newly discovered vulnerabilities that weren't caught in previous scans.
Key changes (5)
- Removed payload from configuration audit logs to prevent sensitive data exposure
- Enhanced bearer token security by rejecting tokens issued before project creation
- Updated Trivy scanner to v0.69.3 and adapter to v0.35.1 for latest vulnerability detection
- Upgraded Go runtime and base container images for security patches
- Fixed CI pipeline compatibility with newer Docker versions