chore(deps): update module github.com/distribution/distribution/v3 to v3.1.1 [security]

[agntcy-automation]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/distribution/distribution/v3	v3.1.0 → v3.1.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Distribution's tag deletion bypasses storage.delete.enabled configuration

CVE-2026-41888 / GHSA-6pjf-3r9x-m592

More information

Details

Summary

Tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion.

Details

When storage.delete.enabled is configured to false, digest-based manifest deletion is correctly rejected by the guard in registry/storage/linkedblobstore.go:212-215.

However, tag deletion takes a separate code path that never checks this setting:

In registry/handlers/manifests.go:439-453, DeleteManifest detects a tag reference, calls tagService.Untag(), returns, never consulting registry.deleteEnabled.

In turn, tagStore.Untag() calls the storage driver directly to delete the tag path without checking whether deletes are enabled.

PoC

Using a paired down Distribution configuration that explicitly disables deletes, such as this one, stored as config.yaml:

version: 0.1
storage:
  delete:
    enabled: false
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000

Start a local Distribution, mounting in the above configuration from the current directory:

docker run -p 5000:5000 -v "$(pwd)/config.yaml":/config.yaml --restart=always --name registry registry:3.1.0 /config.yaml

In a separate terminal session/tab, push alpine:3.23 into the running instance:

docker pull alpine:3.23
docker tag alpine:3.23 localhost:5000/alpine:3.23
docker push localhost:5000/alpine:3.23

Confirm that the tag shows up as expected:

curl 'http://localhost:5000/v2/alpine/tags/list'
{"name":"alpine","tags":["3.23"]}

Issue a delete for the 3.23 tag:

curl -X DELETE 'http://localhost:5000/v2/alpine/manifests/3.23'

Observe that the tag is now gone, despite deletes being disabled:

curl 'http://localhost:5000/v2/alpine/tags/list'
{"name":"alpine","tags":null}

Impact

This is an authorization bypass vulnerability. Any client with network access to the registry can delete tags despite the operator having disabled deletion. This can cause denial of service for consumers pulling by tag and enables supply-chain disruption by removing trusted tags from a registry that the operator and/or users believed to be immutable.

Severity

• CVSS Score: 6.3 / 10 (Medium)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

References

• https://github.com/distribution/distribution/security/advisories/GHSA-6pjf-3r9x-m592
• https://github.com/advisories/GHSA-6pjf-3r9x-m592

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

distribution/distribution (github.com/distribution/distribution/v3)

v3.1.1

Compare Source

Welcome to the v3.1.1 release of registry!

This is a stable release

Please try out the release binaries and report any issues at
https://github.com/distribution/distribution/issues.

Notable Changes

• Fixes CVE-2026-41888
• Bounds-check the file basename in PurgeUploads Walk callback
• Add S3 Express One Zone support to the S3 storage driver (#​4858)
• Fix tag list endpoint in proxy mode (#​4846)
• Clamp oversized n query parameter in proxy mode instead of returning 400 (#​4856)

See the full changelog below for the full list of changes.

What's Changed

• internal/client/auth/challenge: cleanups and minor refactor by @​thaJeztah in #​4832
• build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory by @​dependabot[bot] in #​4843
• build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory by @​dependabot[bot] in #​4850
• build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by @​dependabot[bot] in #​4840
• chore(build): Bump go version to latest by @​milosgajdos in #​4851
• refactor: use slices.Backward to simplify the code by @​chuanshanjida in #​4848
• fix(proxy): fix tag list endpoint in proxy mode by @​njucjc in #​4846
• Update docker-compose structure in deploying.md by @​jdg71nl in #​4855
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @​dependabot[bot] in #​4854
• build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 by @​dependabot[bot] in #​4852
• build(deps): bump docker/login-action from 4.0.0 to 4.1.0 by @​dependabot[bot] in #​4847
• build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 by @​dependabot[bot] in #​4853
• fix(proxy): clamp oversized n query param instead of returning 400 by @​milosgajdos in #​4856
• feat(s3): add express zone one support to S3 driver by @​milosgajdos in #​4858
• fix(storage): bounds-check the file basename in PurgeUploads Walk callback by @​SAY-5 in #​4860
• chore(release): prepare for v3.1.1 release by @​milosgajdos in #​4864

New Contributors

• @​chuanshanjida made their first contribution in #​4848
• @​jdg71nl made their first contribution in #​4855
• @​SAY-5 made their first contribution in #​4860

Full Changelog: distribution/distribution@v3.1.0...v3.1.1

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf CI / verify-proto (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	⏩ skipped	✅ passed	May 5, 2026, 1:17 PM