TL;DR: Chainguard Libraries for Java and Python will be served from Cloudflare R2 instead of Google Artifact Registry beginning May 29, 2026. Note that Chainguard Libraries for JavaScript are already being served from the same R2 host since Mar 4, 2026. Customers who restrict outbound network access may need to allow traffic from our R2 domain host.
NOTE: If you are already using Chainguard Containers or JavaScript Libraries, the same R2 domain host is already required, and action may not be needed.
| Announcement date | Planned Migration Date |
| May 8, 2026 | May 29, 2026 |
Chainguard is updating how we serve Python and Java Libraries. Beginning on May 29, 2026, Chainguard Libraries for Python and Java will be served from Cloudflare R2 instead of Google Artifact Registry. This change is part of our ongoing investment in performance, scalability, and reliability for Chainguard Libraries customers.
This communication includes the following topics:
What is changing?
We are migrating the hosting and delivery of Chainguard Libraries for Python and Java from Google Artifact Registry to Cloudflare R2. Customers who restrict outbound network access may need to allow traffic from the following third party host:
- Hostname: 9236a389bd48b984df91adc1bc924620.r2.cloudflarestorage.com
- Port: 443
- Protocol: HTTPS
Our documentation on Chainguard Libraries network requirements includes this domain.
Why is Chainguard making this change?
This change is being made to improve the overall customer experience, including:
- Faster pull times and improved performance
- Better load distribution across customers
- Improved scalability and reliability
- Support for upcoming Chainguard Repository features
As adoption of Chainguard Libraries continues to grow, this infrastructure improvement ensures we can deliver consistent performance and reliability at scale.
How will this affect me?
If your organization restricts outbound network access via firewalls, VPNs, and IDS/IPS systems, you will need to add a rule to allow traffic from our R2 domain into your networks. If this domain is not allowlisted, pulls for Python and/or Java Libraries may fail after May 29, 2026.
What do I need to do?
- Review your organization’s firewall or egress policies.
-
Ensure that your firewall allows traffic to and from the following host:
- Hostname: 9236a389bd48b984df91adc1bc924620.r2.cloudflarestorage.com
- Port: 443
- Protocol: HTTPS
- Validate pulls in a staging or non-production environment.
FAQs
-
Are other Chainguard products affected?
The same R2 domain is used across our products including both Chainguard Containers and Chainguard Libraries. -
Where can I find the updated network requirements?
See our updated documentation at https://edu.chainguard.dev/chainguard/libraries/network-requirements
Need help or have questions?
We're here to help - visit our support portal at support.chainguard.dev.
- Chainguard Team
Comments
0 comments
Please sign in to leave a comment.