Renovate: Update module github.com/distribution/distribution/v3 to v3.1.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/distribution/distribution/v3	v3.0.0 → v3.1.0

GitHub Vulnerability Alerts

CVE-2026-33540

hi guys,

commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 (as-of 2026-01-31)
contact: GitHub Security Advisory (https://github.com/distribution/distribution/security/advisories/new)

summary

in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. the realm URL from a bearer challenge is used without validating that it matches the upstream registry host. as a result, an attacker-controlled upstream (or an attacker with MitM position to the upstream) can cause distribution to send the configured upstream credentials via basic auth to an attacker-controlled realm URL.

this is the same vulnerability class as CVE-2020-15157 (containerd), but in distribution’s pull-through cache proxy auth flow.

severity

HIGH

note: the baseline impact is credential disclosure of the configured upstream credentials. if a deployment uses broader credentials for upstream auth (for example cloud iam credentials), the downstream impact can be higher; i am not claiming this as default for all deployments.

impact

credential exfiltration of the upstream authentication material configured for the pull-through cache.

attacker starting positions that make this realistic:

• supply chain / configuration: an operator configures a proxy cache to use an upstream that becomes attacker-controlled (compromised registry, stale domain, or a malicious mirror)
• network: MitM on the upstream connection in environments where the upstream is reachable over insecure transport or a compromised network path

affected components

• registry/proxy/proxyauth.go:66-81 (getAuthURLs): extracts bearer realm from upstream WWW-Authenticate without validating destination
• internal/client/auth/session.go:485-510 (fetchToken): uses the realm URL directly for token fetch
• internal/client/auth/session.go:429-434 (fetchTokenWithBasicAuth): sends credentials via basic auth to the realm URL

reproduction

attachment: poc.zip (local harness) with canonical and control runs.

the harness is local and does not contact a real registry: it uses two local HTTP servers (upstream + attacker token service) to demonstrate whether basic auth is sent to an attacker-chosen realm.

unzip -q -o poc.zip -d poc
cd poc
make canonical
make control

expected output (excerpt):

[CALLSITE_HIT]: getAuthURLs::configureAuth
[PROOF_MARKER]: basic_auth_sent=true realm_host=127.0.0.1 account_param=user authorization_prefix=Basic

control output (excerpt):

[CALLSITE_HIT]: getAuthURLs::configureAuth
[NC_MARKER]: realm_validation=PASS basic_auth_sent=false

suggested remediation

validate that the token realm destination is within the intended trust boundary before associating credentials with it or sending any authentication to it. one conservative option is strict same-host binding: only accept a realm whose host matches the configured upstream host.

fix accepted when

• distribution does not send configured upstream credentials to an attacker-chosen realm URL
• a regression test covers the canonical and blocked cases

addendum.md
poc.zip
PR_DESCRIPTION.md
RUNNABLE_POC.md

best,
oleh

CVE-2026-35172

summary:

distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. the delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again.

Severity

HIGH

justification: this is a repo-local authorization bypass after explicit delete, with concrete confidentiality impact and no requirement for write access after the delete event. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5). CWE-284.

affected version

• repository: https://github.com/distribution/distribution
• commit: ab67ffa0bda3712991194841d0fde727464feeb9
• affected versions: <= 3.0.x, <= 2.8.x when redis blob descriptor cache and delete are both enabled
• affected file:
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/cache/redis/redis.go#L212-L226
• related callsites:
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/cache/cachedblobdescriptorstore.go#L66-L76
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/linkedblobstore.go#L218-L224
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/linkedblobstore.go#L396-L403

details

the backend access model is repository-link based: once repo a deletes its blob link, later reads from repo a should continue returning ErrBlobUnknown even if the same digest remains linked in repo b.

the issue is the split invalidation path in the redis cache backend:

1. linkedBlobStore.Delete calls blobAccessController.Clear during repository delete handling.
2. cachedBlobStatter.Clear forwards that invalidation into the cache layer.
3. repositoryScopedRedisBlobDescriptorService.Clear checks that the digest is a member of repo a, but then only calls upstream.Clear.
4. upstream.Clear deletes the shared digest descriptor and does not remove the digest from the repository membership set for repo a.
5. when repo b later stats or gets the same digest, the shared descriptor is recreated.
6. repositoryScopedRedisBlobDescriptorService.Stat for repo a accepts the stale membership and now trusts the repopulated shared descriptor, restoring access in the repository that already deleted its link.

this creates a revocation gap at the repository boundary. the blob is briefly inaccessible from repo a right after delete, which confirms the backend link was removed, and then becomes accessible again only because stale redis membership survived while a peer repository repopulated the shared descriptor.

attack scenario

1. an operator runs distribution with storage.cache.blobdescriptor: redis and storage.delete.enabled: true.
2. the same digest exists in both repo a and repo b.
3. the operator deletes the blob from repo a and expects repository-local access to be revoked.
4. repo a correctly returns blob unknown immediately after the delete.
5. an anonymous or unprivileged user requests the same digest from repo b, which still legitimately owns it and repopulates the shared descriptor.
6. a later request for the digest from repo a succeeds again because stale repo-a membership was never revoked from redis.

PoC

attachment: poc.zip

the attached PoC is a deterministic integration harness using miniredis and the pinned distribution source tree.

steps to reproduce

canonical:

unzip -q -o poc.zip -d poc
cd poc
make canonical

expected output:

[CALLSITE_HIT]: repositoryScopedRedisBlobDescriptorService.Clear->upstream.Clear->repositoryScopedRedisBlobDescriptorService.Stat
[PROOF_MARKER]: repo_a_access_restored=true repo_a_delete_miss=true repo_b_peer_warm=true
[IMPACT_MARKER]: repo_a_post_delete_read=true confidentiality_boundary_broken=true

control:

unzip -q -o poc.zip -d poc
cd poc
make control

expected control output:

[CALLSITE_HIT]: repositoryScopedRedisBlobDescriptorService.Clear->repositoryScopedRedisBlobDescriptorService.Stat
[NC_MARKER]: repo_a_access_restored=false repo_b_peer_warm=true

expected vs actual

• expected: after repo a deletes its blob link, later reads from repo a should keep returning blob unknown even if repo b still references the same digest and warms cache state.
• actual: repo a first returns blob unknown, then repo b repopulates the shared descriptor, and repo a serves the deleted digest again through stale repo-scoped redis membership.

impact

the confirmed impact is repository-local confidentiality failure after explicit delete. an operator can remove sensitive content from repo a, observe revocation working immediately after the delete, and still have the same content become readable from repo a again as soon as repo b refreshes the shared descriptor for that digest.

this is not a claim about global blob deletion. the bounded claim is that repository-local revocation fails, which breaks the expectation that deleting a blob link from one repository prevents further reads from that repository.

remediation

the safest fix is to make redis invalidation revoke repo-scoped state together with the backend link deletion. in practice that means removing the digest from the repository membership set, deleting the repo-scoped descriptor hash, and keeping that cleanup atomic enough that peer-repository warming cannot restore access in the repository that already deleted its link.

poc.zip
PR_DESCRIPTION.md
attack_scenario.md

---

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

CVE-2026-33540 / GHSA-3p65-76g6-3w7r

More information

Details

hi guys,

commit: 40594bd98e6d6ed993b5c6021c93fdf96d2e5851 (as-of 2026-01-31)
contact: GitHub Security Advisory (https://github.com/distribution/distribution/security/advisories/new)

summary

in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. the realm URL from a bearer challenge is used without validating that it matches the upstream registry host. as a result, an attacker-controlled upstream (or an attacker with MitM position to the upstream) can cause distribution to send the configured upstream credentials via basic auth to an attacker-controlled realm URL.

this is the same vulnerability class as CVE-2020-15157 (containerd), but in distribution’s pull-through cache proxy auth flow.

severity

HIGH

note: the baseline impact is credential disclosure of the configured upstream credentials. if a deployment uses broader credentials for upstream auth (for example cloud iam credentials), the downstream impact can be higher; i am not claiming this as default for all deployments.

impact

credential exfiltration of the upstream authentication material configured for the pull-through cache.

attacker starting positions that make this realistic:

• supply chain / configuration: an operator configures a proxy cache to use an upstream that becomes attacker-controlled (compromised registry, stale domain, or a malicious mirror)
• network: MitM on the upstream connection in environments where the upstream is reachable over insecure transport or a compromised network path

affected components

• registry/proxy/proxyauth.go:66-81 (getAuthURLs): extracts bearer realm from upstream WWW-Authenticate without validating destination
• internal/client/auth/session.go:485-510 (fetchToken): uses the realm URL directly for token fetch
• internal/client/auth/session.go:429-434 (fetchTokenWithBasicAuth): sends credentials via basic auth to the realm URL

reproduction

attachment: poc.zip (local harness) with canonical and control runs.

the harness is local and does not contact a real registry: it uses two local HTTP servers (upstream + attacker token service) to demonstrate whether basic auth is sent to an attacker-chosen realm.

unzip -q -o poc.zip -d poc
cd poc
make canonical
make control

expected output (excerpt):

[CALLSITE_HIT]: getAuthURLs::configureAuth
[PROOF_MARKER]: basic_auth_sent=true realm_host=127.0.0.1 account_param=user authorization_prefix=Basic

control output (excerpt):

[CALLSITE_HIT]: getAuthURLs::configureAuth
[NC_MARKER]: realm_validation=PASS basic_auth_sent=false

suggested remediation

validate that the token realm destination is within the intended trust boundary before associating credentials with it or sending any authentication to it. one conservative option is strict same-host binding: only accept a realm whose host matches the configured upstream host.

fix accepted when

• distribution does not send configured upstream credentials to an attacker-chosen realm URL
• a regression test covers the canonical and blocked cases

addendum.md
poc.zip
PR_DESCRIPTION.md
RUNNABLE_POC.md

best,
oleh

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://github.com/distribution/distribution/security/advisories/GHSA-3p65-76g6-3w7r
• https://nvd.nist.gov/vuln/detail/CVE-2026-33540
• https://github.com/distribution/distribution/commit/cc5d5fa4ba02157501e6afa2cc6a903ad0338e7b
• https://github.com/distribution/distribution

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation

CVE-2026-35172 / GHSA-f2g3-hh2r-cwgc

More information

Details

summary:

distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. the delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again.

Severity

HIGH

justification: this is a repo-local authorization bypass after explicit delete, with concrete confidentiality impact and no requirement for write access after the delete event. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5). CWE-284.

affected version

• repository: https://github.com/distribution/distribution
• commit: ab67ffa0bda3712991194841d0fde727464feeb9
• affected versions: <= 3.0.x, <= 2.8.x when redis blob descriptor cache and delete are both enabled
• affected file:
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/cache/redis/redis.go#L212-L226
• related callsites:
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/cache/cachedblobdescriptorstore.go#L66-L76
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/linkedblobstore.go#L218-L224
  • https://github.com/distribution/distribution/blob/ab67ffa0bda3712991194841d0fde727464feeb9/registry/storage/linkedblobstore.go#L396-L403

details

the backend access model is repository-link based: once repo a deletes its blob link, later reads from repo a should continue returning ErrBlobUnknown even if the same digest remains linked in repo b.

the issue is the split invalidation path in the redis cache backend:

1. linkedBlobStore.Delete calls blobAccessController.Clear during repository delete handling.
2. cachedBlobStatter.Clear forwards that invalidation into the cache layer.
3. repositoryScopedRedisBlobDescriptorService.Clear checks that the digest is a member of repo a, but then only calls upstream.Clear.
4. upstream.Clear deletes the shared digest descriptor and does not remove the digest from the repository membership set for repo a.
5. when repo b later stats or gets the same digest, the shared descriptor is recreated.
6. repositoryScopedRedisBlobDescriptorService.Stat for repo a accepts the stale membership and now trusts the repopulated shared descriptor, restoring access in the repository that already deleted its link.

this creates a revocation gap at the repository boundary. the blob is briefly inaccessible from repo a right after delete, which confirms the backend link was removed, and then becomes accessible again only because stale redis membership survived while a peer repository repopulated the shared descriptor.

attack scenario

1. an operator runs distribution with storage.cache.blobdescriptor: redis and storage.delete.enabled: true.
2. the same digest exists in both repo a and repo b.
3. the operator deletes the blob from repo a and expects repository-local access to be revoked.
4. repo a correctly returns blob unknown immediately after the delete.
5. an anonymous or unprivileged user requests the same digest from repo b, which still legitimately owns it and repopulates the shared descriptor.
6. a later request for the digest from repo a succeeds again because stale repo-a membership was never revoked from redis.

PoC

attachment: poc.zip

the attached PoC is a deterministic integration harness using miniredis and the pinned distribution source tree.

steps to reproduce

canonical:

unzip -q -o poc.zip -d poc
cd poc
make canonical

expected output:

[CALLSITE_HIT]: repositoryScopedRedisBlobDescriptorService.Clear->upstream.Clear->repositoryScopedRedisBlobDescriptorService.Stat
[PROOF_MARKER]: repo_a_access_restored=true repo_a_delete_miss=true repo_b_peer_warm=true
[IMPACT_MARKER]: repo_a_post_delete_read=true confidentiality_boundary_broken=true

control:

unzip -q -o poc.zip -d poc
cd poc
make control

expected control output:

[CALLSITE_HIT]: repositoryScopedRedisBlobDescriptorService.Clear->repositoryScopedRedisBlobDescriptorService.Stat
[NC_MARKER]: repo_a_access_restored=false repo_b_peer_warm=true

expected vs actual

• expected: after repo a deletes its blob link, later reads from repo a should keep returning blob unknown even if repo b still references the same digest and warms cache state.
• actual: repo a first returns blob unknown, then repo b repopulates the shared descriptor, and repo a serves the deleted digest again through stale repo-scoped redis membership.

impact

the confirmed impact is repository-local confidentiality failure after explicit delete. an operator can remove sensitive content from repo a, observe revocation working immediately after the delete, and still have the same content become readable from repo a again as soon as repo b refreshes the shared descriptor for that digest.

this is not a claim about global blob deletion. the bounded claim is that repository-local revocation fails, which breaks the expectation that deleting a blob link from one repository prevents further reads from that repository.

remediation

the safest fix is to make redis invalidation revoke repo-scoped state together with the backend link deletion. in practice that means removing the digest from the repository membership set, deleting the repo-scoped descriptor hash, and keeping that cleanup atomic enough that peer-repository warming cannot restore access in the repository that already deleted its link.

poc.zip
PR_DESCRIPTION.md
attack_scenario.md

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc
• https://nvd.nist.gov/vuln/detail/CVE-2026-35172
• https://github.com/distribution/distribution/commit/078b0783f239b4115d1a979e66f08832084e9d1d
• https://github.com/distribution/distribution

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

distribution/distribution (github.com/distribution/distribution/v3)

v3.1.0

Compare Source

Welcome to the v3.1.0 release of registry!

This is a stable release

Please try out the release binaries and report any issues at
https://github.com/distribution/distribution/issues.

Notable Changes

• Fixes CVE-2026-35172
• Fixes CVE-2026-33540
• Adds support for tag pagination (#​4360, #​4353)
• Fixes default credentials in Azure storage provider (#​4619)
• Drops support for go1.23 and go1.24 and updates to go1.25

See the full changelog below for the full list of changes.

What's Changed

• docs: Update to refer to new image tag v3 by @​schanzel in #​4373
• Fix default_credentials in azure storage provider by @​switchboardOp in #​4619
• chore: make function comment match function name by @​closeobserve in #​4622
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory by @​dependabot[bot] in #​4625
• fix: implement JWK thumbprint for Ed25519 public keys by @​zhangyoufu in #​4626
• fix: Annotate code block from validation.indexes configuration docs by @​anzoman in #​4629
• feat: extract redis config to separate struct by @​shanduur in #​4620
• Fix: resolve issue #​4478 by using a temporary file for non-append writes by @​onporat in #​4624
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in #​4645
• docs: Add note about OTEL_TRACES_EXPORTER by @​jcpunk in #​4669
• fix: set OTEL traces to disabled by default by @​jcpunk in #​4671
• Fix markdown syntax for OTEL traces link in docs by @​shantanoo-desai in #​4676
• Switch UUIDs to UUIDv7 by @​binaryfire in #​4666
• refactor: replace map iteration with maps.Copy/Clone by @​whosehang in #​4632
• s3-aws: fix build for 386 by @​ChenQi1989 in #​4642
• docs: Add OpenTelemetry links to quickstart docs (#​4270) by @​dpw13 in #​4640
• Fix S3 driver loglevel param by @​milosgajdos in #​4617
• Fixed data race in TestSchedule test by @​horoshev in #​4647
• Fixes #​4683 - uses X/Y instead of Gx/Gy for thumbprint of ecdsa keys by @​gpgenaiz in #​4684
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​4687
• Fix broken link to Docker Hub fair use policy by @​Klikini in #​4688
• fix(registry/handlers/app): redis CAs by @​ChandonPierre in #​4668
• build(deps): bump actions/labeler from 5 to 6 by @​dependabot[bot] in #​4694
• build(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​4693
• build(deps): bump actions/upload-pages-artifact from 3 to 4 by @​dependabot[bot] in #​4691
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in #​4706
• build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 by @​dependabot[bot] in #​4710
• build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​4714
• chore: labeler: add area/client mapping for internal/client/** by @​artem-tkachuk in #​4716
• client: add Accept headers to Exists() HEAD by @​artem-tkachuk in #​4715
• feat(registry): Make graceful shutdown test robust by @​Sumedhvats in #​4720
• fix(registry): Correct log formatting for upstream challenge by @​Sumedhvats in #​4721
• build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​4722
• build(deps): bump github/codeql-action from 4.30.9 to 4.31.3 by @​dependabot[bot] in #​4735
• refactor: remove redundant variable declarations in for loops by @​efcking in #​4741
• "should" -> "must" regarding redis eviction policy by @​dpedu in #​4742
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​4744
• Incorrect warning hint by @​nkaaf in #​4708
• Add return error when list object by @​tranthang2404 in #​4753
• build(deps): bump actions/checkout from 5.0.1 to 6.0.0 by @​dependabot[bot] in #​4745
• build(deps): bump peter-evans/dockerhub-description from 4 to 5 by @​dependabot[bot] in #​4707
• fix: Logging regression for manifest HEAD requests by @​tcuthbert in #​4756
• Add boolean parsing util by @​1raghavmahajan in #​4763
• Expose useFIPSEndpoint for S3 by @​1raghavmahajan in #​4764
• Add Cloudfleet Container Registry to adopters by @​cloudfleet-tech in #​4765
• fix(ci): Fix broken Azure e2e storage tests by @​milosgajdos in #​4767
• BUG: Fix notification filtering to work with actions when mediatypes is empty by @​acallejaszu in #​4730
• build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​4761
• build(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 by @​dependabot[bot] in #​4760
• build(deps): bump github/codeql-action from 4.31.3 to 4.31.10 by @​dependabot[bot] in #​4766
• build(deps): bump github/codeql-action from 4.31.10 to 4.32.2 by @​dependabot[bot] in #​4778
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​4768
• update golangci-lint to v2.9 and fix linting issues by @​thaJeztah in #​4780
• update to go1.25.7, alpine 3.23, xx v1.9.0 by @​thaJeztah in #​4781
• vendor: github.com/sirupsen/logrus v1.9.4 by @​thaJeztah in #​4783
• vendor: update golang.org/x/* dependencies by @​thaJeztah in #​4782
• vendor: github.com/docker/docker-credential-helpers v0.9.5 by @​thaJeztah in #​4785
• vendor: github.com/opencontainers/image-spec v1.1.1 by @​thaJeztah in #​4786
• vendor: github.com/klauspost/compress v1.18.4 by @​thaJeztah in #​4787
• fix: prefer otel variables over hard coded service name by @​kub3let in #​4771
• vendor: github.com/spf13/cobra v1.10.2 by @​thaJeztah in #​4789
• vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 by @​thaJeztah in #​4788
• fix: sync parent dir to ensure data is reliably stored by @​ningmingxiao in #​4774
• modernize code by @​thaJeztah in #​4784
• vendor: github.com/docker/go-events 6053543 by @​thaJeztah in #​4791
• vendor: github.com/go-jose/go-jose/v4 v4.1.3 by @​thaJeztah in #​4790
• build(deps): bump github/codeql-action from 4.32.2 to 4.32.5 by @​dependabot[bot] in #​4806
• build(deps): bump docker/login-action from 3 to 4 by @​dependabot[bot] in #​4807
• build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @​dependabot[bot] in #​4800
• build(deps): bump docker/setup-buildx-action from 3 to 4 by @​dependabot[bot] in #​4811
• build(deps): bump docker/bake-action from 6 to 7 by @​dependabot[bot] in #​4809
• build(deps): bump docker/metadata-action from 5 to 6 by @​dependabot[bot] in #​4810
• fix: nil-check scheduler in proxyingRegistry.Close() by @​joonas in #​4805
• fix: set MD5 on GCS writer before first Write call in putContent by @​joonas in #​4803
• docs: pull through cache will pull from remote multiple times by @​yiyun-sj in #​4664
• Update s3.md regionendpoint option by @​Alexsandr-Random in #​4534
• chore(deps): Bump Go to latest 1.25 in CI workflows and go.mod by @​milosgajdos in #​4819
• fix: correct Ed25519 JWK thumbprint kty from "OTP" to "OKP" by @​joonas in #​4801
• Update vacuum.go by @​wutongjie23hao in #​4610
• Opt: refector tag list pagination support (stage 1) by @​njucjc in #​4360
• Correctly match environment variables to YAML-inlined structs in configuration by @​evanebb in #​4639
• Enable Redis TLS without client certificates by @​omartrigui in #​4770
• build(deps): bump actions/deploy-pages from 4 to 5 by @​dependabot[bot] in #​4826
• build(deps): bump github/codeql-action from 4.32.5 to 4.34.1 by @​dependabot[bot] in #​4823
• fix(registry/proxy): use detached context when flushing write buffer by @​ChandonPierre in #​4793
• ci: pin actions and apply zizmor auto-fixes by @​thaJeztah in #​4831
• build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in #​4833
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the go_modules group across 1 directory by @​dependabot[bot] in #​4837
• chore(app): warn when partial TLS config is used in Redis by @​milosgajdos in #​4838
• feat(registry): enhance authentication checks in htpasswd implementation by @​mnixry in #​4758
• Opt: refactor tag list pagination support by @​njucjc in #​4353
• build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 by @​dependabot[bot] in #​4836
• build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​4834
• fix(vendor): fix broke vendor validation by @​milosgajdos in #​4839
• chore(ci): Prep for v3.1 release by @​milosgajdos in #​4841

New Contributors

• @​switchboardOp made their first contribution in #​4619
• @​closeobserve made their first contribution in #​4622
• @​zhangyoufu made their first contribution in #​4626
• @​anzoman made their first contribution in #​4629
• @​onporat made their first contribution in #​4624
• @​jcpunk made their first contribution in #​4669
• @​shantanoo-desai made their first contribution in #​4676
• @​binaryfire made their first contribution in #​4666
• @​whosehang made their first contribution in #​4632
• @​ChenQi1989 made their first contribution in #​4642
• @​dpw13 made their first contribution in #​4640
• @​horoshev made their first contribution in #​4647
• @​gpgenaiz made their first contribution in #​4684
• @​Klikini made their first contribution in #​4688
• @​ChandonPierre made their first contribution in #​4668
• @​artem-tkachuk made their first contribution in #​4716
• @​Sumedhvats made their first contribution in #​4720
• @​efcking made their first contribution in #​4741
• @​dpedu made their first contribution in #​4742
• @​nkaaf made their first contribution in #​4708
• @​tranthang2404 made their first contribution in #​4753
• @​tcuthbert made their first contribution in #​4756
• @​1raghavmahajan made their first contribution in #​4763
• @​cloudfleet-tech made their first contribution in #​4765
• @​acallejaszu made their first contribution in #​4730
• @​kub3let made their first contribution in #​4771
• @​ningmingxiao made their first contribution in #​4774
• @​joonas made their first contribution in #​4805
• @​yiyun-sj made their first contribution in #​4664
• @​Alexsandr-Random made their first contribution in #​4534
• @​wutongjie23hao made their first contribution in #​4610
• @​njucjc made their first contribution in #​4360
• @​omartrigui made their first contribution in #​4770
• @​mnixry made their first contribution in #​4758

Full Changelog: distribution/distribution@v3.0.0...v3.1.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 45 additional dependencies were updated

Details:

Package	Change
golang.org/x/sync	v0.18.0 -> v0.19.0
github.com/bshuster-repo/logrus-logstash-hook	v1.0.0 -> v1.1.0
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.5
github.com/docker/go-events	v0.0.0-20190806004212-e31b211e4f1c -> v0.0.0-20250808211157-605354379745
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.2 -> v2.28.0
github.com/klauspost/compress	v1.18.1 -> v1.18.4
github.com/prometheus/common	v0.67.4 -> v0.67.5
github.com/prometheus/otlptranslator	v0.0.2 -> v1.0.0
github.com/prometheus/procfs	v0.17.0 -> v0.20.1
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4
github.com/spf13/cobra	v1.10.1 -> v1.10.2
go.opentelemetry.io/contrib/bridges/prometheus	v0.57.0 -> v0.67.0
go.opentelemetry.io/contrib/exporters/autoexport	v0.57.0 -> v0.67.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.62.0 -> v0.67.0
go.opentelemetry.io/otel	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/prometheus	v0.60.0 -> v0.64.0
go.opentelemetry.io/otel/exporters/stdout/stdoutlog	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/log	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/metric	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/sdk	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/sdk/log	v0.14.0 -> v0.18.0
go.opentelemetry.io/otel/sdk/metric	v1.38.0 -> v1.42.0
go.opentelemetry.io/otel/trace	v1.38.0 -> v1.42.0
go.opentelemetry.io/proto/otlp	v1.7.1 -> v1.9.0
golang.org/x/crypto	v0.45.0 -> v0.48.0
golang.org/x/mod	v0.30.0 -> v0.32.0
golang.org/x/net	v0.47.0 -> v0.51.0
golang.org/x/oauth2	v0.32.0 -> v0.35.0
golang.org/x/sys	v0.38.0 -> v0.41.0
golang.org/x/term	v0.37.0 -> v0.40.0
golang.org/x/text	v0.31.0 -> v0.34.0
golang.org/x/tools	v0.39.0 -> v0.41.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250825161204-c5933d9347a5 -> v0.0.0-20260226221140-a57be14db171
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251022142026-3a174f9686a8 -> v0.0.0-20260226221140-a57be14db171
google.golang.org/grpc	v1.76.0 -> v1.79.3
google.golang.org/protobuf	v1.36.10 -> v1.36.11