Getting started with SUSE Private Registry|Release notes

Release notes

 

SUSE Private Registry is an on-premises container registry. It is designed for SUSE customers who need a container registry that works well with other SUSE services and products.

This document provides a high-level overview of the features, capabilities and limitations of SUSE Private Registry, and highlights important product updates.

1 Release 1.0.1

 

Security updates:

  • CVE-2025-55198: Helm may panic due to incorrect YAML content.

  • CVE-2025-55199: Helm charts with specific JSON schema values can cause memory exhaustion.

  • CVE-2025-54410: Moby versions before 25.0.13, when firewall reloads, Docker fails to re-create iptables rules isolating bridge networks. This allows any container to access all ports on any other container across different bridge networks on the same host and breaks network segmentation in multi-tenant environments (only --internal networks remain protected).

  • CVE-2025-29923: go-redis allows potential out of order responses when CLIENT SETINFO times out during connection establishment.

  • CVE-2025-54388: Moby versions 28.2.0–28.3.2 fails to re-create iptables rules after a firewall reloads. This exposes containers with localhost-published ports (e.g., 127.0.0.1:8080) to remote access via the Docker bridge, while unpublished ports remain protected; fixed in version 28.3.3.

  • GHSA-2464-8j7c-4cjm: go-viper’s map structure may leak sensitive information in logs when processing malformed data.

  • CVE-2025-8959: HashiCorp go-getter vulnerable to arbitrary read through symlink attack.

  • CVE-2025-58058: github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives.

  • CVE-2025-53547: Helm chart dependency updating with malicious Chart.yaml content and symlink can lead to code execution.

Bugs fixed:

  • Trivy: the correct version is shown when calling trivy version.

Container image updates:

  • Valkey updated from 8.0.2 → 8.0.6.

Upgrade notes:

  • No breaking changes in this release.

2 Release 1.0

 

Key features:

  • SUSE Private Registry is based on Harbor 2.13.2

    • Integration with Model Spec for first-class handling of AI models

    • Enhanced audit logging

  • Predictable release cycle aligned with SUSE Rancher Prime. SUSE Private Registry will be updated every 4 months

  • Each release is supported by SUSE for 18 months from the date of release

    • 6 months of security and bug fix maintenance, followed by

    • 12 months of security-only maintenance

  • Can be used to mirror SUSE Application Collection

  • Supports SUSE Security as an external scanner

SUSE Private Registry includes all the features of Harbor:

  • On-premises private container image and OCI artifact registry

  • Web interface for administration

  • Role-based Access Control

  • Fine-grained project configuration for image and artifact storage

  • Mirroring and pull-through caching of upstream registries' artifacts

  • Image retention and garbage collection controls

  • Scanning images for security vulnerabilities with the Trivy scanner

  • Generate SBOMs for stored images

  • Content trust with Cosign (Notary is not included)