RATATOSKRATATOSK
Sign in

Harbor

v2.14.3Storage & Data
Mar 10, 2026

Harbor v2.14.3 delivers critical security fixes for bearer token validation and updates Trivy scanner to version 0.69.3, focusing on hardening authentication mechanisms and keeping vulnerability detection current.

  • securityUpdate immediately for bearer token fix

    This release patches a security flaw where Harbor accepted bearer tokens issued before project creation. Deploy v2.14.3 immediately if you use token-based authentication, as this could allow unauthorized access to projects.

  • enhancementBenefit from updated Trivy scanning

    Trivy v0.69.3 includes the latest vulnerability database and detection capabilities. Schedule a rescan of your critical images after upgrading to catch newly discovered vulnerabilities that older versions missed.

  • enhancementReview audit log configurations

    Sensitive payload data has been removed from configuration audit logs to prevent credential exposure. Verify your log monitoring tools still capture the security events you need after this change.

Key changes (5)

  • Bearer token security fix preventing acceptance of tokens issued before project creation
  • Trivy vulnerability scanner updated to v0.69.3 with adapter v0.35.1
  • Configuration audit log no longer includes sensitive payload data
  • Base image refresh and Go dependency updates for improved security posture
  • GitHub Actions workflows migrated to ubuntu-latest runners