Pulp-container

Latest version: v2.24.1

Safety actively analyzes 714815 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 24

2.20.0

Features

- Updated the Manifest model to no longer rely on artifacts, storing all manifest data internally
within the database. This change dissociates the manifest from external files on the storage
backend.
[1288](https://github.com/pulp/pulp_container/issues/1288)

Bugfixes

- Resolved circular import errors raised when using pulp-container as a library.
[1561](https://github.com/pulp/pulp_container/issues/1561)
- Fixed hande-image-data command to skip content that has labels/annotations already populated.
[1573](https://github.com/pulp/pulp_container/issues/1573)
- Fixed handle-image-data command to update all entries in one run.
[1575](https://github.com/pulp/pulp_container/issues/1575)
- Fixed a bug that disallowed users from leveraging the remote authentication.
[1577](https://github.com/pulp/pulp_container/issues/1577)
- Fixed a bug that caused the registry to not accept requests from anonymous users when token
authentication was disabled.
[1605](https://github.com/pulp/pulp_container/issues/1605)

Deprecations and Removals

- Removed the deprecated ADDITIONAL_OCI_ARTIFACT_TYPES setting.
[1537](https://github.com/pulp/pulp_container/issues/1537)

Misc

-

---

2.19.4

Bugfixes {: 2.19.4-bugfix }

- Added ``application/vnd.docker.distribution.manifest.v1+prettyjws`` to the list of accepted
media types retrieved from a remote registry.
[1444](https://github.com/pulp/pulp_container/issues/1444)
- Fixed sync failure due to ignored certs during registry signature extentions API check.
[1552](https://github.com/pulp/pulp_container/issues/1552)
- Fixed a bug that disallowed users from leveraging the remote authentication.
[1577](https://github.com/pulp/pulp_container/issues/1577)
- Fixed a bug that caused the registry to not accept requests from anonymous users when token
authentication was disabled.
[1605](https://github.com/pulp/pulp_container/issues/1605)
- Fixed the long accept header limit exceed during sync.
[1696](https://github.com/pulp/pulp_container/issues/1696)
- Fixed a bug where the authentication scheme in the authorization header
was not being parsed correctly.
[1812](https://github.com/pulp/pulp_container/issues/1812)
- Fixed an issue in `DOCKER_MANIFEST_V1_SCHEMA` definition where the optional `jwk` header parameter
was defined as required.
[1874](https://github.com/pulp/pulp_container/issues/1874)

---

2.19.3

Bugfixes

- Fixed hande-image-data command to skip content that has labels/annotations already populated.
[1573](https://github.com/pulp/pulp_container/issues/1573)
- Fixed handle-image-data command to update all entries in one run.
[1575](https://github.com/pulp/pulp_container/issues/1575)
- Fixed a bug that disallowed users from leveraging the remote authentication.
[1577](https://github.com/pulp/pulp_container/issues/1577)

---

2.19.2

No significant changes.

---

2.19.1

Bugfixes

- Resolved circular import errors raised when using pulp-container as a library.
[1561](https://github.com/pulp/pulp_container/issues/1561)

---

2.19.0

Features

- Incorporated a notion of container images' characteristics. Users can now filter manifests by their
nature using the `is_flatpak` or `is_bootable` field on the corresponding Manifest endpoint.
In addition to that, manifest's annotations and configuration labels were exposed on the same
endpoint too.
[1437](https://github.com/pulp/pulp_container/issues/1437)
- Updated the OCI manifest schema validation to comply with the changes from the OCI Image Manifest
Specification.
[1494](https://github.com/pulp/pulp_container/issues/1494)

Bugfixes

- Fixed sync failure due to ignored certs during registry signature extentions API check.
[1552](https://github.com/pulp/pulp_container/issues/1552)

Improved Documentation

- Migrated the whole documentation to staging. The documentation should be now consumed from the
unified docs site.
[1517](https://github.com/pulp/pulp_container/issues/1517)

Deprecations and Removals

- Removed the optional "kid" parameter stored inside the signatures' payload generated during
docker manifest v2 schema 1 conversion. This change also removes the `ecdsa` dependency,
which is vulnerable to Minevra timing attacks.
[1485](https://github.com/pulp/pulp_container/issues/1485)
- Removed the manifest schema conversion machinery. If the manifest is stored locally in the newer
format and old clients request v2 schema1 manifest they will receive 404. v2 schema1 manifest is
still going to be mirrored from remote source during sync if available and passed to the old clients
on the request.
[1509](https://github.com/pulp/pulp_container/issues/1509)
- Deprecated `ADDITIONAL_OCI_ARTIFACT_TYPES` setting in favour of the relaxed validation.
[1494](https://github.com/pulp/pulp_container/issues/1494)

---

Page 3 of 24

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.