https://github.com/portainer/portainer/releases/tag/1.23.0

安全更新

# 1.23.0

This release introduces a rework of ownership, several improvements to RBAC as well as an overhaul for the registry browse and push/pull functionality (including support for Gitlab registries).

# Breaking Changes
* API version was incremented as part of the ownership rewrite, this is a breaking change of snapshots and offline mode for users who manage any endpoints with a Docker API version < 1.40. If you don't require snapshots & offline mode for any of the endpoints you manage, then it is recommended to upgrade for security improvements included in this release.

* The push/pull rewrite introduces a potential breaking change of the registry management extension & push/pull functionality for users with a Docker API version < 1.28.

_You can find which API version an endpoint has within the Swarm view (for swarm endpoints) or Host view (for non-swarm endpoints)._

## Known issues

If you are on an older API version and are running Portainer as a container, then Portainer may log an API version error each time a snapshot is run (default is every 5 minutes). A workaround is to increase the time between snapshots, this can be adjusted in Portainer settings.

## Security

* Fixed an invalid check with previous mitigation of security issue: https://github.com/portainer/portainer/issues/3224
* Avoid logging password hash when admin password is set: https://github.com/portainer/portainer/issues/2844
* Fixed issue where a non-admin creating volume with same name as an admin-only stack gives them ownership: https://github.com/portainer/portainer/issues/3273

## Ownership, RBAC & Authentication

* Fixed issue where administrator stacks show as limited for RBAC users: https://github.com/portainer/portainer/issues/3348
* Fixed issue where permissions weren't updated on team deletion: https://github.com/portainer/portainer/issues/3298
* Fixed issue where an RBAC user removing a service makes related stack disappear for all RBAC users: https://github.com/portainer/portainer/issues/3351
* Fixed issue where endpoint-admins cannot manage resources restricted to other users: https://github.com/portainer/portainer/issues/3346
* Fixed issue where restricted stack shows assigned to administrators for other non-admin users: https://github.com/portainer/portainer/issues/3352
* Fixed issue where a user in a helpdesk team & standard team results in read-only: https://github.com/portainer/portainer/issues/3366
* Fixed issue where disabling the RBAC extension leaves users with previous role's abilities: https://github.com/portainer/portainer/issues/3344
* Fixed issue where endpoint admin & standard RBAC users can't attach to containers: https://github.com/portainer/portainer/issues/3347
* Fixed issue where RBAC users lose their abilities after a page refresh: https://github.com/portainer/portainer/issues/3338
* Fixed issue where RBAC doesn't assign permissions to newly autoprovisioned users: https://github.com/portainer/portainer/issues/3427
* Clean up browser cache on session expired: https://github.com/portainer/portainer/issues/3300
* Allow setting access control rules via service labels: https://github.com/portainer/portainer/issues/1257

## Registries

* Overhaul of the registry push/pull feature: https://github.com/portainer/portainer/issues/3122
* Introduce debugging for registry management configuration: https://github.com/portainer/portainer/issues/3269
* Support Gitlab registry with registry manager extension: https://github.com/portainer/portainer/issues/2956
* Remove unneeded checkboxes in repositories list when using registry manager: https://github.com/portainer/portainer/issues/2836
* Performance improvement of the registry manager: https://github.com/portainer/portainer/issues/2958
* Fixed issue where Portainer was unable to fetch tags from a local registry: https://github.com/portainer/portainer/issues/2879
* Allow inspect of layers of images in a private registry: https://github.com/portainer/portainer/issues/2808

## Extensions

* Introduce offline extension activation: https://github.com/portainer/portainer/issues/3080
* Automatically update Portainer extensions at startup: https://github.com/portainer/portainer/issues/3340

## Improved User Experience

* Fixed issue where image auto suggest on multinode swarm suggests the same image multiple times: https://github.com/portainer/portainer/issues/3422
* Allow empty labels on containers: https://github.com/portainer/portainer/issues/2646
* Replace volume selector with type-ahead in container app-template form: https://github.com/portainer/portainer/issues/3370
* Render empty env vars correctly on duplicate/edit of a container: https://github.com/portainer/portainer/issues/2112
* Add edge key to edge agent commands in UI: https://github.com/portainer/portainer/issues/3117
* Make the recreate & duplicate/edit buttons unavailable when RBAC enabled: https://github.com/portainer/portainer/issues/3418

## Networks

* Fixed issue where docker network aliases are not persisted on duplicate/edit: https://github.com/portainer/portainer/issues/2118
* Fixed issue where container name from container network not persisted on duplicate/edit: https://github.com/portainer/portainer/issues/2657
* Make system networks public to allow use by non-admins: https://github.com/portainer/portainer/issues/3364

## Stacks

* Fixed issue where an invalid stack name results in 2 unusable stacks: https://github.com/portainer/portainer/issues/2020
* Fixed issue where concurrent stack creation allocated same ID for all stacks: https://github.com/portainer/portainer/issues/2633

## Containers

* Prevent situation where user can try and recreate container that is set to auto-remove: https://github.com/portainer/portainer/issues/3247
* Allow a port range to be specified in container deployment: https://github.com/portainer/portainer/issues/734
* Fixed recreate issue with container image from GCR registry in Portainer: https://github.com/portainer/portainer/issues/1962

## Minor Changes

* Introduce cypress automated testing: https://github.com/portainer/portainer/issues/3304
* Add analytics message to about page: https://github.com/portainer/portainer/pull/3423
* Update font-awesome dependency: https://github.com/portainer/portainer/issues/3130
* Extract isteven-multi-select library from project: https://github.com/portainer/portainer/issues/3254

暂无

暂无

暂无