fix(registry): preserve username case for ECR compatibility#4647
Merged
Conversation
…4632) Remove .toLowerCase() transform from registryUsernameSchema. AWS ECR requires the username to be exactly 'AWS' (uppercase) for authentication. Docker Hub usernames are case-insensitive for login, so preserving case is safe for all providers. Closes Dokploy#4632
github-actions Bot
pushed a commit
to Bl4ckBl1zZ/dokploy
that referenced
this pull request
Jul 13, 2026
# [0.37.0](v0.36.2...v0.37.0) (2026-07-13) ### Bug Fixes * add docker cleanup toggle to remote server creation ([Dokploy#4559](https://github.com/Bl4ckBl1zZ/dokploy/issues/4559)) ([e6fc3db](e6fc3db)) * add method="post" to auth forms to prevent credential leak in URL ([Dokploy#4683](https://github.com/Bl4ckBl1zZ/dokploy/issues/4683)) ([8b64815](8b64815)) * add tls=true label for domains when certificateType is none ([Dokploy#4018](https://github.com/Bl4ckBl1zZ/dokploy/issues/4018)) ([Dokploy#4474](https://github.com/Bl4ckBl1zZ/dokploy/issues/4474)) ([103e2f7](103e2f7)) * add type="button" to TooltipTrigger in form components to prevent accidental submission ([Dokploy#4422](https://github.com/Bl4ckBl1zZ/dokploy/issues/4422)) ([f6e6e5c](f6e6e5c)) * **ai:** allow configFiles to be null in template generator Details type ([Dokploy#4736](https://github.com/Bl4ckBl1zZ/dokploy/issues/4736)) ([38de9ef](38de9ef)) * **ai:** allow Ollama Cloud API key in AI settings ([Dokploy#4262](https://github.com/Bl4ckBl1zZ/dokploy/issues/4262)) ([ca2708a](ca2708a)) * **ai:** use nullable instead of optional for configFiles in AI suggestion schema ([Dokploy#4732](https://github.com/Bl4ckBl1zZ/dokploy/issues/4732)) ([3e11c0a](3e11c0a)), closes [Dokploy#4267](https://github.com/Bl4ckBl1zZ/dokploy/issues/4267) * allow members with git providers permission to create and delete their own ([Dokploy#4713](https://github.com/Bl4ckBl1zZ/dokploy/issues/4713)) ([aa72091](aa72091)), closes [Dokploy#4695](https://github.com/Bl4ckBl1zZ/dokploy/issues/4695) * allow square brackets in zip path validation for Next.js dynamic routes ([Dokploy#4468](https://github.com/Bl4ckBl1zZ/dokploy/issues/4468)) ([af8072d](af8072d)) * automatically converting username to lowercase both in creation of register, and build for extra. ([Dokploy#4382](https://github.com/Bl4ckBl1zZ/dokploy/issues/4382)) ([6e342ee](6e342ee)) * **backup:** redact S3 credentials from logs and error output ([Dokploy#4648](https://github.com/Bl4ckBl1zZ/dokploy/issues/4648)) ([f8a3561](f8a3561)), closes [Dokploy#4621](https://github.com/Bl4ckBl1zZ/dokploy/issues/4621) [Dokploy#4621](https://github.com/Bl4ckBl1zZ/dokploy/issues/4621) * copy Dokploy server IP when clicking server badge ([Dokploy#4390](https://github.com/Bl4ckBl1zZ/dokploy/issues/4390)) ([8d88a34](8d88a34)) * correct deriveCookieSecret test to validate 16-byte hex secret as per oauth2-proxy requirements ([dfbae18](dfbae18)) * correct git provider access check for existing deploys ([Dokploy#4570](https://github.com/Bl4ckBl1zZ/dokploy/issues/4570)) ([e9a0932](e9a0932)), closes [Dokploy#4469](https://github.com/Bl4ckBl1zZ/dokploy/issues/4469) * **databases:** resolve crash when opening rebuild database dialog ([4e3a6db](4e3a6db)) * **databases:** update default Redis version from 7 to 8 ([Dokploy#4224](https://github.com/Bl4ckBl1zZ/dokploy/issues/4224)) ([475a01c](475a01c)), closes [Dokploy#4172](https://github.com/Bl4ckBl1zZ/dokploy/issues/4172) * **deployment:** resolve schedule to its service before permission check in allByType ([Dokploy#4733](https://github.com/Bl4ckBl1zZ/dokploy/issues/4733)) ([8a0e442](8a0e442)) * **domain:** validate hostname format to reject invalid characters ([Dokploy#4729](https://github.com/Bl4ckBl1zZ/dokploy/issues/4729)) ([b2692cd](b2692cd)), closes [Dokploy#4716](https://github.com/Bl4ckBl1zZ/dokploy/issues/4716) * don't let ssh-keyscan abort SSH git clones ([Dokploy#4605](https://github.com/Bl4ckBl1zZ/dokploy/issues/4605)) ([8d44c6a](8d44c6a)) * enable comment toggle shortcut in env variable editor ([Dokploy#4402](https://github.com/Bl4ckBl1zZ/dokploy/issues/4402)) ([Dokploy#4473](https://github.com/Bl4ckBl1zZ/dokploy/issues/4473)) ([34d38cf](34d38cf)) * enforce docker:read on container start/stop/kill/restart mutations ([Dokploy#4568](https://github.com/Bl4ckBl1zZ/dokploy/issues/4568)) ([a0288f8](a0288f8)) * grant create and delete SSH key permissions when canAccessToSSHKeys is enabled for members ([Dokploy#4512](https://github.com/Bl4ckBl1zZ/dokploy/issues/4512)) ([4ba0f71](4ba0f71)) * **migrate-auth-secret:** exit cleanly when there are no 2FA records ([9f10f0f](9f10f0f)), closes [Dokploy#4392](https://github.com/Bl4ckBl1zZ/dokploy/issues/4392) * preserve HOME in compose deploy so --with-registry-auth can read docker config ([Dokploy#4485](https://github.com/Bl4ckBl1zZ/dokploy/issues/4485)) ([85211af](85211af)), closes [Dokploy#4401](https://github.com/Bl4ckBl1zZ/dokploy/issues/4401) * prevent registry password from appearing in error messages and shell commands ([Dokploy#4579](https://github.com/Bl4ckBl1zZ/dokploy/issues/4579)) ([1f4f940](1f4f940)) * prevent request path truncation in request logs ([Dokploy#4643](https://github.com/Bl4ckBl1zZ/dokploy/issues/4643)) ([1bf661b](1bf661b)), closes [Dokploy#4642](https://github.com/Bl4ckBl1zZ/dokploy/issues/4642) * prevent webhook deploy crash when commit data lacks modified files ([Dokploy#4470](https://github.com/Bl4ckBl1zZ/dokploy/issues/4470)) ([b06138b](b06138b)) * **projects:** make project cards grid fill available width on wide screens ([Dokploy#4731](https://github.com/Bl4ckBl1zZ/dokploy/issues/4731)) ([b96c5e8](b96c5e8)) * refine permission check for privileged static roles in permission service ([95633b4](95633b4)) * **registry:** preserve username case for ECR compatibility ([Dokploy#4632](https://github.com/Bl4ckBl1zZ/dokploy/issues/4632)) ([Dokploy#4647](https://github.com/Bl4ckBl1zZ/dokploy/issues/4647)) ([ec9dd28](ec9dd28)) * **requests:** remove nested ResponsiveContainer breaking chart height ([c9ac723](c9ac723)) * resolve server from parent entity in deployment.readLogs ([Dokploy#4689](https://github.com/Bl4ckBl1zZ/dokploy/issues/4689)) ([b4e2d27](b4e2d27)), closes [Dokploy#4687](https://github.com/Bl4ckBl1zZ/dokploy/issues/4687) * resolve traefik container dynamically in access-log cleanup ([Dokploy#4646](https://github.com/Bl4ckBl1zZ/dokploy/issues/4646)) ([d87229c](d87229c)), closes [Dokploy#4620](https://github.com/Bl4ckBl1zZ/dokploy/issues/4620) * respect gitProviders permissions in git provider UI ([Dokploy#4561](https://github.com/Bl4ckBl1zZ/dokploy/issues/4561)) ([c377be0](c377be0)) * responsive layout ([Dokploy#4391](https://github.com/Bl4ckBl1zZ/dokploy/issues/4391)) ([ef0cf9b](ef0cf9b)) * scope dokploy-server schedules to organization instead of user ([Dokploy#4526](https://github.com/Bl4ckBl1zZ/dokploy/issues/4526)) ([c73632c](c73632c)), closes [Dokploy#4300](https://github.com/Bl4ckBl1zZ/dokploy/issues/4300) * scope dokploy-server schedules to organization instead of user ([Dokploy#4526](https://github.com/Bl4ckBl1zZ/dokploy/issues/4526)) ([6ff2ca0](6ff2ca0)), closes [Dokploy#4300](https://github.com/Bl4ckBl1zZ/dokploy/issues/4300) * **server-setup:** report the installed Docker version in the setup banner ([Dokploy#4723](https://github.com/Bl4ckBl1zZ/dokploy/issues/4723)) ([db0cb66](db0cb66)) * **sso:** apply trusted origin changes without server restart ([b3621bc](b3621bc)) * strip credentials from gitProvider.getAll API response ([Dokploy#4569](https://github.com/Bl4ckBl1zZ/dokploy/issues/4569)) ([6b68fca](6b68fca)) * strip credentials from service-level API responses ([Dokploy#4564](https://github.com/Bl4ckBl1zZ/dokploy/issues/4564)) ([c968a27](c968a27)) * swarm health check fields not resetting to default values ([Dokploy#4558](https://github.com/Bl4ckBl1zZ/dokploy/issues/4558)) ([57ef96a](57ef96a)), closes [Dokploy#4553](https://github.com/Bl4ckBl1zZ/dokploy/issues/4553) * **tag-filter:** update no tags message and improve layout ([8c90040](8c90040)) * **ui:** adjust button container to grid layout to prevent overflow in 2FA screen ([01ac309](01ac309)) * **ui:** enable vertical scroll on collapsed sidebar ([a296407](a296407)) * **ui:** improve select component behavior and styling across various providers ([8db1250](8db1250)) * **ui:** prevent scrollbar layout shift ([71bbbb4](71bbbb4)) * **ui:** resolve CommandDialog crash on ⌘J shortcut ([17fdd64](17fdd64)) * **ui:** update project name display in environment page ([d7b9f01](d7b9f01)) * update deriveCookieSecret to meet oauth2-proxy requirements ([c1c887d](c1c887d)) * update schedule scoping from user to organization ([6a0acd9](6a0acd9)) * use create permission for basic auth delete instead of delete ([Dokploy#4513](https://github.com/Bl4ckBl1zZ/dokploy/issues/4513)) ([d7d6422](d7d6422)) * use github owner login for webhook deploy matching ([Dokploy#4674](https://github.com/Bl4ckBl1zZ/dokploy/issues/4674)) ([f5ded8b](f5ded8b)) * use stop-first update order for all database services ([Dokploy#4560](https://github.com/Bl4ckBl1zZ/dokploy/issues/4560)) ([e944603](e944603)), closes [Dokploy#4550](https://github.com/Bl4ckBl1zZ/dokploy/issues/4550) * use swarm advertise address in docker swarm join command ([Dokploy#4567](https://github.com/Bl4ckBl1zZ/dokploy/issues/4567)) ([4900204](4900204)) * **user:** scope user.get relation columns to reduce SSR payload size ([Dokploy#4730](https://github.com/Bl4ckBl1zZ/dokploy/issues/4730)) ([3e74f9a](3e74f9a)) * **validation:** allow hashtag in git branch names ([Dokploy#4714](https://github.com/Bl4ckBl1zZ/dokploy/issues/4714)) ([6431e9b](6431e9b)), closes [feat#123](https://github.com/feat/issues/123) [feat#123](https://github.com/feat/issues/123) [Dokploy#4585](https://github.com/Bl4ckBl1zZ/dokploy/issues/4585) * wrap long server names and keep actions menu visible ([Dokploy#4434](https://github.com/Bl4ckBl1zZ/dokploy/issues/4434)) ([ad680ae](ad680ae)) ### Features * add claim mapping functionality to OIDC registration dialog ([Dokploy#4712](https://github.com/Bl4ckBl1zZ/dokploy/issues/4712)) ([c2a9587](c2a9587)) * add self-hosted enterprise restrictions (remote-servers-only, enforce-sso) ([Dokploy#4511](https://github.com/Bl4ckBl1zZ/dokploy/issues/4511)) ([8018027](8018027)) * add SQL migration for lucky echo and update foreign key constraints ([aa545ec](aa545ec)) * **ci:** attach install.sh from website repo to each release ([d3e0b10](d3e0b10)) * **ci:** pin install.sh release asset to the released version ([9749d86](9749d86)) * **compose:** add import from base64 in create service dropdown ([754774e](754774e)) * **databases:** add copy button to User and Database Name fields ([Dokploy#4735](https://github.com/Bl4ckBl1zZ/dokploy/issues/4735)) ([cb23d72](cb23d72)), closes [Dokploy#4495](https://github.com/Bl4ckBl1zZ/dokploy/issues/4495) * **deployment:** add readLogs procedure to fetch deployment logs ([558d809](558d809)) * **deployment:** add server access validation for deployment actions ([aff200f](aff200f)) * encrypt environment variables at rest with AES-256-GCM ([1cb9491](1cb9491)) * enhance container dashboard with new features ([1c44141](1c44141)) * enhance TLS certificate selection UI in AddDomain component ([Dokploy#4705](https://github.com/Bl4ckBl1zZ/dokploy/issues/4705)) ([ed0abb2](ed0abb2)) * export full keyring in backup encryption key file ([c04d56b](c04d56b)) * implement forward authentication settings and UI components ([41c09cd](41c09cd)) * make concurrent builds an OSS feature without license gating ([8d0ae19](8d0ae19)) * optionally include encryption key in web server backups ([2e867c5](2e867c5)) * **organization:** prevent inviting users with owner role ([67278d8](67278d8)) * **scim:** implement SCIM 2.0 user provisioning support ([d831607](d831607)) * **settings:** add copy button to server IP in web server settings ([Dokploy#4397](https://github.com/Bl4ckBl1zZ/dokploy/issues/4397)) ([a50f958](a50f958)) * **sidebar:** add enterprise badge for valid license in sidebar ([86f941d](86f941d)) * **user:** implement session cleanup on user update ([1fdbe87](1fdbe87)) * **whitelabeling:** implement public whitelabeling configuration retrieval ([8f9be16](8f9be16)) ### Performance Improvements * share db, docker and auth singletons across duplicated bundles ([7924794](7924794))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Closes #4632
The registry username schema applied a
.toLowerCase()transform, which breaks AWS ECR authentication. ECR requires the username to be exactlyAWS(uppercase). With the current code,AWSbecomesawsand authentication fails.Solution
Removed the
.toLowerCase()transform fromregistryUsernameSchema. The schema now only trims whitespace and validates non-empty.This is safe because:
AWS(uppercase) — now preservedTesting
Added 6 unit tests in
__test__/registry/registry-schema.test.ts:apiTestRegistrytoo