Modularize rns 315 (quay#1445)

stevsmit · Steven Smith · web-flow · commit 4e15daa20324 · 2025-09-24T15:53:28.000-04:00
* modularizes 3.15 release notes

* Modularizes RNs 3.15

---------

Co-authored-by: Steven Smith &lt;stevsmit@stevsmit-thinkpadt14gen4.remote.csb&gt;
diff --git a/modules/bug-fixes-315.adoc b/modules/bug-fixes-315.adoc
@@ -0,0 +1,15 @@
+:_mod-docs-content-type: REFERENCE
+[id="bug-fixes-315"]
+= {productname} bug fixes
+
+The following issues were fixed with {productname} 3.15:
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9050[*PROJQUAY-9050*]. Previously, when in *Tag* view on the v2 UI, the *Pull* column was center-aligned while the other columns were left-aligned. With this release, the *Pull* column is left-aligned.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-6862[*PROJQUAY-6862*]. Previously, when {productname} was deployed with Google Cloud Storage (GCS) as its object storage backend, pushing layers greater than 4 GiB would fail and return a `413` error. This error occurred because {productname}'s library, boto, does not support multipart uploads to GCS. This issue has been resolved, and users can now push layers greater than 4 GiB to their registry without interruption.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-8123[*PROJQUAY-8123*]. Previously, if a {productname} administrator set up their deployment on a virtual machine (VM) and the administrator created the `config.yaml` file manually, there was a possibility that the `TESTING` flag was not included in the configuration. Including the `TESTING: true` field in the `config.yaml` file disables some features, such as sending emails. This is useful for developers who are testing {productname} and do not want to accidentally send out notifications or other alerts to users. When this field is not set, {productname} operates normally. 
++
+With this update, a warning is printed upon startup, notifying the {productname} administrator that the `TESTING` property is either missing from the `config.yaml` file entirely, or that it is set to `True`. This alert is intended to help guide administrators towards intentional configurations for their deployment.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-8595[*PROJQUAY-8595*]. Previously, {productname} would not start if Splunk had an outage. Now, {productname} pods reconcile appropriately if Splunk has an outage and, as a result, {productname} starts as intended.
diff --git a/modules/deprecations-315.adoc b/modules/deprecations-315.adoc
@@ -0,0 +1,5 @@
+:_mod-docs-content-type: REFERENCE
+[id="deprecations-315"]
+= Future deprecations
+
+The {productname} v1 UI will be deprecated in {productname} 3.16.
diff --git a/modules/documentation-changes-315.adoc b/modules/documentation-changes-315.adoc
@@ -0,0 +1,13 @@
+:_mod-docs-content-type: REFERENCE
+[id="documentation-changes-315"]
+= {productname} documentation changes
+
+The following documentation changes have been made with the {productname} 3.15 release:
+
+* The link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html/configure_red_hat_quay[Configure {productname}] book has been refactored. This book now provides expanded information on the following topics:
+
+** Understanding the {productname} configuration file
+** On premise {productname} configuration overview
+** {productname-ocp} configuration overview, including the `QuayRegistry` custom resource
+
+Additionally, the configuration fields have been re-organized into associated topics. Example YAML snippets are available for each configuration option. Lastly, the configuration options link to an associated procedure when relevant.
diff --git a/modules/known-issues-and-limitations-315.adoc b/modules/known-issues-and-limitations-315.adoc
@@ -0,0 +1,10 @@
+:_mod-docs-content-type: REFERENCE
+[id="known-issues-and-limitations-315"]
+= Known issues and limitations
+
+The following sections note known issues and limitations for {productname} 3.15.
+
+[id="repository-mirroring-known-issue"]
+== Repository mirroring known issue
+
+There is a known issue affecting the mirroring feature of {productname}. When the mirroring process fails, the UI shows a *Mirror success* report, even though it has failed. This will be fixed in a future version of {productname}.
diff --git a/modules/new-api-endpoints-315.adoc b/modules/new-api-endpoints-315.adoc
@@ -0,0 +1,32 @@
+:_mod-docs-content-type: REFERENCE
+[id="new-api-endpoints-315"]
+= API endpoint enhancements
+
+The following API endpoints were added in {productname} 3.15.
+
+[id="skopeo-timeout-api-endpoint"]
+== Skopeo timeout interval
+
+A new parameter, `SKOPEO_TIMEOUT_INTERVAL`, has been added to the `createRepoMirrorConfig` endpoint. This parameter allows {productname} administrators to configure the maximum duration (in seconds) that a mirroring job is allowed to run before it times out. The default value is `300` seconds (5 minutes).
+
+|===
+| Name | Description | Schema 
+|*skopeo_timeout_interval* |Number of seconds mirroring job will run before timing out | Integer
+|===
+
+See the link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html/red_hat_quay_api_reference/mirror#createrepomirrorconfig[createRepoMirrorConfig] endpoint for more information.
+
+[id="api-v1-superuser-config"]
+== Superuser configDump
+
+A new superuser API parameter, `v1/superuser/config`, has been added to the {productname} API. With this field, superusers can return all Flask configuration fields that are set. This can be used to show proof of compliance for various security policies, such as PCI-DSS 4.0.
+
+|===
+|Name|Description|Schema
+
+|**configDump** +
+_optional_|Returns a structured JSON dump of the current configuration, including values from `config.yaml` (`.config`), default parameters (`.warning`), environment variables (`.env`), and schema (`.schema`) types. Sensitive fields are obfuscated. Useful for audit/compliance validation (e.g., PCI-DSS 4.0). |object
+
+|===
+
+For example API commands, see link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/red_hat_quay_api_reference/index#superuser[Red Hat Quay API superuser commands].
diff --git a/modules/new-features-and-enhancements-315.adoc b/modules/new-features-and-enhancements-315.adoc
@@ -0,0 +1,22 @@
+:_mod-docs-content-type: REFERENCE
+[id="new-features-and-enhancements-315"]
+= {productname} new features and enhancements
+
+The following updates have been made to {productname}.
+
+[id="v2-ui-notification-drawer"]
+== v2 UI notification drawer
+
+With this release, a _notification drawer_ has been added to the {productname} v2 UI. Administrators and users can view notifications from any page in the new UI via the navigation bar by clicking the _bell_ icon. After clicking this icon, all notifications are shown in a popup box. Notifications can be cleared by clicking the *X* button for respective notifications.
+
+[NOTE]
+====
+Currently, the v2 UI does not support the *{productname} Notification* option when selecting a notification method. You can select the *{productname} Notification* method by using the v1 UI.
+====
+
+[id="proxy-cache-enhancements"]
+== Proxy cache enhancements
+
+Previously, when pulling from a proxied repository, only the layers explicitly requested by the client were cached in the {productname} registry. This behavior stemmed from {productname} only caching layers for which it received a request to the v2 blobs endpoint. Consequently, clients with existing layers on their local machines would not re-request those layers, preventing {productname} from pulling them into the registry. This limitation led to two key issues: Clair was unable to perform complete scans of these partial images due to missing layers, and the images became un-pullable if the upstream registry went down.
+
+With this release, {productname} now caches all layers when an image is pulled from a proxied repository. This enhancement ensures that Clair can scan all images and that images remain pullable even if the upstream registry becomes unavailable.
diff --git a/modules/new-quay-config-fields-315.adoc b/modules/new-quay-config-fields-315.adoc
@@ -0,0 +1,51 @@
+:_mod-docs-content-type: REFERENCE
+[id="new-quay-config-fields-315"]
+= {productname} configuration fields updates and changes
+
+The following configuration fields have been added to {productname} 3.15.
+
+[id="skopeo-timeout-configuration-field"]
+== Skopeo timeout interval
+
+The `SKOPEO_TIMEOUT_INTERVAL` configuration field has been added. With this field, {productname} administrators can adjust the time, in seconds, that a mirroring job runs before it times out. This field is required and defaults to `300` seconds, or 5 minutes. It cannot be set lower than `300` seconds.
+
+.Skopeo timeout configuration field
+|===
+| Field | Type | Description 
+|*SKOPEO_TIMEOUT_INTERVAL* |Integer | Number of seconds mirroring job will run before timing out. +
+ +
+**Default:** `300`
+|===
+
+.Skopeo timeout example YAML
+[source,yaml]
+----
+# ...
+SKOPEO_TIMEOUT_INTERVAL: 300
+# ...
+----
+
+For more information, see link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/manage_red_hat_quay/index#repo-mirroring-in-red-hat-quay[Repository mirroring].
+
+[id="superuser-config-dump"]
+== Superuser configDump
+
+The `FEATURE_SUPERUSER_CONFIGDUMP` configuration field has been added. With this field, {productname} superusers can leverage the `configDump` API field to return all Flask configuration fields that are set. This can be used to show proof of compliance for various security policies, such as PCI-DSS 4.0. To use this field, superusers must be defined in the `config.yaml` file via the `SUPER_USERS` configuration field.
+
+.configDump configuration field
+|===
+| Field | Type | Description 
+|*FEATURE_SUPERUSER_CONFIGDUMP* |Boolean | Enables a full config dump of the running Framework, environment and schema for validation. +
+ +
+**Default:** `False`
+|===
+
+.Superuser configDump example YAML
+[source,yaml]
+----
+# ...
+FEATURE_SUPERUSER_CONFIGDUMP: true
+# ...
+----
+
+For more information, see link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/configure_red_hat_quay/index#retrieving-config-file-api[Retrieving the configuration file by using the API].
diff --git a/modules/notable-technical-changes-315.adoc b/modules/notable-technical-changes-315.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: REFERENCE
+[id="notable-technical-changes-315"]
+= Notable technical changes
+
+The following section highlights notable technical changes for {productname} 3.15.
+
+[id="model-card-disable"]
+== Model card rendering disabled by default
+
+In {productname} 3.14, model card rendering was made available on the v2 UI for machine learning models. This feature was enabled by default via the `FEATURE_UI_MODELCARD` parameter.
+
+With {productname} 3.15, this feature is now disabled by default. To view model cards on the v2 UI, you must set the `FEATURE_UI_MODELCARD` field to `True`. For example:
+
+[source,yaml]
+----
+# ...
+FEATURE_UI_MODELCARD: true
+# ...
+----
+
+This change will be reverted in a future version of {productname}.
diff --git a/modules/quay-feature-tracker.adoc b/modules/quay-feature-tracker.adoc
@@ -0,0 +1,98 @@
+:_mod-docs-content-type: REFERENCE
+
+[id="quay-feature-tracker"]
+= {productname} feature tracker
+
+New features have been added to {productname}, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.
+
+Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in {productname}, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in {productname}, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.
+
+//Remove entries with the same status older than the latest three releases.
+
+.Features tracker
+[cols="4,1,1,1",options="header"]
+|===
+|Feature | Quay 3.15 | Quay 3.14 | Quay 3.13
+
+|link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/use_red_hat_quay/index#viewing-model-card-information[Viewing model card information by using the v2 UI].
+|General Availability
+|General Availability
+|-
+
+|link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/manage_red_hat_quay/index#keyless-authentication-robot-accounts[Keyless authentication with robot accounts]
+|General Availability
+|General Availability
+|General Availability
+
+|link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/securing_red_hat_quay/index#cert-based-auth-quay-sql[Certificate-based authentication between {productname} and SQL]
+|General Availability
+|General Availability
+|General Availability
+
+|link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.8/html-single/configure_red_hat_quay/index#reference-miscellaneous-v2-ui[FEATURE_UI_V2]
+|Technology Preview
+|Technology Preview
+|Technology Preview
+
+|===
+
+[id="ibm-power-z-linuxone-support-matrix"]
+== IBM Power, IBM Z, and IBM® LinuxONE support matrix
+
+.list of supported and unsupported features
+[cols="3,1,1",options="header"]
+|===
+|Feature |IBM Power |IBM Z and IBM(R) LinuxONE
+
+|Allow team synchronization via OIDC on Azure
+|Not Supported
+|Not Supported
+
+|Backing up and restoring on a standalone deployment
+|Supported
+|Supported
+
+|Clair Disconnected
+|Supported
+|Supported
+
+|Geo-Replication (Standalone)
+|Supported
+|Supported
+
+|Geo-Replication (Operator)
+|Supported
+|Not Supported
+
+|IPv6
+|Not Supported
+|Not Supported
+
+|Migrating a standalone to operator deployment
+|Supported
+|Supported
+
+|Mirror registry
+|Supported
+|Supported
+
+|Quay config editor - mirror, OIDC
+|Supported
+|Supported
+
+|Quay config editor - MAG, Kinesis, Keystone, GitHub Enterprise
+|Not Supported
+|Not Supported
+
+|Quay config editor - Red Hat Quay V2 User Interface
+|Supported
+|Supported
+
+|Quay Disconnected
+|Supported
+|Supported
+
+|Repo Mirroring
+|Supported
+|Supported
+|===
diff --git a/modules/rn-3-15-0.adoc b/modules/rn-3-15-0.adoc
@@ -0,0 +1,9 @@
+
+:_mod-docs-content-type: REFERENCE
+
+[id="rn-3-15-0"]
+= RHBA-2025:8408 - {productname} 3.15.0 release
+
+Issued 2025-07-07
+
+{productname} release {producty} is now available with Clair {clairproductminv}. The bug fixes that are included in the update are listed in the link:https://access.redhat.com/errata/RHBA-2025:9240[RHBA-2025:9240] advisory. For the most recent compatibility matrix, see link:https://access.redhat.com/articles/4067991[Quay Enterprise 3.x Tested Integrations]. For information on the release cadence of {productname}, see the link:https://access.redhat.com/support/policy/updates/rhquay/[{productname} Life Cycle Policy].
diff --git a/modules/rn-3-15-1.adoc b/modules/rn-3-15-1.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: REFERENCE
+[id="rn-3-15-1"]
+= RHBA-2025:13256 - {productname} 3.15.1 release
+
+Issued 2025-08-14
+
+{productname} release 3.15.1 is now available with Clair {clairproductminv}. The bug fixes that are included in the update are listed in the link:https://access.redhat.com/errata/RHBA-2025:13256[RHBA-2025:13256] advisory.
+
+[id="rn-315-1-new-features"]
+== {productname} 3.15.1 new features
+
+The following features have been added with {productname} 3.15.1:
+
+* With this update, a *Mirroring* tab has been added to the {productname} v2 UI. Although the *Mirroring* tab exists, it is not functionally ready for use. You should continue using the v1 UI when mirroring a repository.
++
+For more information, see link:https://docs.redhat.com/en/documentation/red_hat_quay/3/html/manage_red_hat_quay/repo-mirroring-in-red-hat-quay[Repository mirroring].
+
+[id="bug-fixes-315-1"]
+== {productname} 3.15.1 bug fixes
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9135[PROJQUAY-9135]. Before this update, Alembic migrations failed to install certificates during run, causing issues with {productname} behind HTTPS proxy due to lack of certificates. Consequently, users experienced migration failure when {productname} was behind an HTTPS proxy. With this release, Alembic migrations no longer require manual certificate installation for {productname} behind HTTPS proxy. As a result, Alembic migrations can now install certs, allowing smooth operation behind HTTPS proxies.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9156[PROJQUAY-9156]. Previously, some `read-only` permissions were missing for `read-only` superusers. This issue has been resolved.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9106[PROJQUAY-9106]. Previously, a bad proxy cache reference occurred due to an oversight. Consequently, users experienced stale cache data. With this release, the proxy cache reference issue is resolved, ensuring smoother performance for end users.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9059[PROJQUAY-9059]. With this release, model card rendering is now enabled on the v2 UI by default. You no longer need to set the `FEATURE_UI_MODELCARD` field to `True`. 
diff --git a/modules/rn-3-15-2.adoc b/modules/rn-3-15-2.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: REFERENCE
+
+[id="rn-3-15-2"]
+= RHBA-2025:15211 - {productname} 3.15.2 release
+
+Issued 2025-09-18
+
+{productname} release 3.15.2 is now available with Clair {clairproductminv}. The bug fixes that are included in the update are listed in the link:https://access.redhat.com/errata/RHBA-2025:15211[RHBA-2025:15211] advisory.
+
+[id="bug-fixes-315-2"]
+== {productname} 3.15.2 bug fixes
+
+* link:https://issues.redhat.com/browse/PROJQUAY-5880[PROJQUAY-5880]. Before this update, {productname} remapping of non-Docker compatible characters in `LDAP_UID_ATTR` caused incorrect LDAP searches for user permissions. As a consequence, user permissions were incorrectly assigned. With this release, the LDAP search query uses the user's LDAP UID instead of the {productname} username. As a result, Quay correctly searches for user info based on LDAP ID, ensuring that information is accurately returned.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-7270[PROJQUAY-7270]. Before this update, the error message for on-premise customer instances incorrectly suggested the Red{nbsp}Hat status page for support. As a consequence, end users were directed to an incorrect support page, causing confusion and potential delay in issue resolution. With this release, the error message no longer recommends navigating to the Red{nbsp}Hat status page, and instead suggests to contact an organization administrator. 
+
+* link:https://issues.redhat.com/browse/PROJQUAY-8879[PROJQUAY-8879]. Before this update, in LDAP {productname} environments, when users would log in for the first time with a username like `u.user`. {productname} automatically suggested and created a namespace in the form of `u_user`. As a consequence, usernames with dots (`.`) could not be found by superusers due to the discrepancy between the username and the namespace name. With this release, Quay now uses the actual LDAP username for user filtering. As a result, the LDAP user filter now correctly queries by actual username, resolving `not found` errors.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9346[PROJQUAY-9346]. Before this update, proxy caching with public repositories were temporarily broken due to an erroneous commit. With this release, proxy caching with public repositories are fixed, and they no longer require a user for blob download.
+
+* link:https://issues.redhat.com/browse/PROJQUAY-9362[PROJQUAY-9362]. With this release, the SQLite driver now supports multiple client access, preventing database locking. As a result, multiple users can access the SQLite database concurrently, improving system efficiency.
diff --git a/modules/rn_3_15_0.adoc b/modules/rn_3_15_0.adoc
diff --git a/modules/rn_overview.adoc b/modules/rn_overview.adoc
diff --git a/release_notes/master.adoc b/release_notes/master.adoc
