Pulp-container

Bugfixes

- Taught the Container Registry to accept docker schema2 sub-manifest types in OCI index.
[1231](https://github.com/pulp/pulp_container/issues/1231)

---

Bugfixes

- Fixed re-sync failures after reclaiming disk space.
[1400](https://github.com/pulp/pulp_container/issues/1400)
- Added `application/vnd.docker.distribution.manifest.v1+prettyjws` to the list of accepted
media types retrieved from a remote registry.
[1444](https://github.com/pulp/pulp_container/issues/1444)

---

Bugfixes

- Fixed a security issue that allowed users without sufficient permissions to mount blobs.
[1286](https://github.com/pulp/pulp_container/issues/1286)
- Fixed pulp-to-pulp failing sync with `406 Not Acceptable`.
[1329](https://github.com/pulp/pulp_container/issues/1329)

---

Bugfixes

- Relaxed oci manifest json validation to allow other layer mediaTypes than oci layer type.
[1227](https://github.com/pulp/pulp_container/issues/1227)
- Ensured downloader during the repair task contains accept headers for the
manifests to download.
[1303](https://github.com/pulp/pulp_container/issues/1303)

---

Features

- Added support for automatically creating missing repositories during the import procedure. The
creation is disabled by default. Use `create_repositories=True` to tell Pulp to create missing
repositories when executing the import procedure.
[825](https://github.com/pulp/pulp_container/issues/825)
- Added a check if a manifest already exists locally to decrease the number of downloads from a remote registry when syncing content.
[1047](https://github.com/pulp/pulp_container/issues/1047)
- Enhanced push operation efficiency by implementing the utilization of ephemeral blobs and
manifests, eliminating the need for generating unnecessary repository versions.
[1212](https://github.com/pulp/pulp_container/issues/1212)
- Updated compatibility for pulpcore 3.25 and Django 4.2.
[1277](https://github.com/pulp/pulp_container/issues/1277)

Bugfixes

- Ensured an HTTP 401 response in case a user provides invalid credentials during the login
(e.g., via `podman login`).
[918](https://github.com/pulp/pulp_container/issues/918)
- Translated v1 signed schema media_type into v1 schema instead.
[1045](https://github.com/pulp/pulp_container/issues/1045)
- Fixed content-disposition header which is used in the object storage backends.
[1096](https://github.com/pulp/pulp_container/issues/1096)
- Fixed an issue that caused all staff users to have superuser permissions when accessing the
registry without token authentication enabled.
[1109](https://github.com/pulp/pulp_container/issues/1109)
- Fixed a bug where the Podman client could not verify manifest indices signed with a Pulp signing service.
[1135](https://github.com/pulp/pulp_container/issues/1135)
- Fixed a method for determining the media type of manifests when syncing content.
[1147](https://github.com/pulp/pulp_container/issues/1147)
- Added application/octet-stream as an accepted media_type for docker config objects.
[1156](https://github.com/pulp/pulp_container/issues/1156)
- Fixed signing task that could skip some image signing.
[1209](https://github.com/pulp/pulp_container/issues/1209)
- Started triggering only one mount-blob task per upload after back-off.
[1211](https://github.com/pulp/pulp_container/issues/1211)
- Started sanitizing input data when creating namespaces or distributions.
[1229](https://github.com/pulp/pulp_container/issues/1229)
- Fixed a bug that disallowed users to build images that have artifacts within the same directory.
[1234](https://github.com/pulp/pulp_container/issues/1234)
- Fixed a bug that disallowed users to configure custom authentication classes for the token server.
[1254](https://github.com/pulp/pulp_container/issues/1254)

Misc

- [1093](https://github.com/pulp/pulp_container/issues/1093), [#1154](https://github.com/pulp/pulp_container/issues/1154)

---

No significant changes.

---