Overview
This page presents release notes for JFrog Artifactory describing the main fixes and enhancements made to each version as it is released.
If you need release notes for earlier versions of Artifactory, please refer to theRelease Notesin the Artifactory 6.x User Guide.
Before You Get Started!
Download
Click to download the latest Artifactory version.
Installer Name Change!
fFrom Artifactory 7.0, the installer naming convention has been changed to include the installer type.
The following table lists the official installer names.
Installer Type | Installer Syntax |
---|---|
Linux archive | jfrog-artifactory- |
Compose | jfrog-artifactory- |
RPM/Debian | jfrog-artifactory- |
Windows archive | jfrog-artifactory- |
Previous Versions
Previous versions of JFrog Artifactory are available for download in thePrevious Releasespage.
Installation and Upgrade
For installation instructions please refer toInstalling Artifactory.
To upgrade to this release from your current installation, please refer toUpgrading Artifactory.
Known Issues
For a list of known issues in the different versions of Artifactory, please refer toKnown Issues.
Embedded OpenJDK Version
Artifactory uses OpenJDK embedded with the binary package.
The following table lists the Artifactory versions and the corresponding OpenJDK version.
Artifactory Version | OpenJDK Version |
---|---|
7.46.3-7.46.6 | 17.0.3 |
7.39.4-7.41.4 | 11.0.15 |
7.31.10-7.38.7 | 11.0.13 |
7.25.5-7.29.7 | 11.0.11 |
7.15.0-7.25.4 | 11.0.10 |
7.11.0-7.13.9 | 11.0.8 |
7.6.0-7.10.6 | 11.0.7 |
7.4.0-7.5.5 | 11.0.6 |
7.0.0-7.3.2 | 11.0.2 |
Embedded Tomcat Version
Artifactory uses Tomcat embedded with the binary package.
The following table lists the Artifactory versions and the corresponding Tomcat version.
Artifactory Version | Tomcat Version |
---|---|
7.39.4-7.46.6 | 9.0.62 |
7.37.13-7.38.7 | 9.0.58 |
7.31.10-7.35.2 | 8.5.73 |
7.27.3-7.29.9 | 8.5.68 |
7.21.3-7.26.3 | 8.5.66 |
7.17.4-7.19.12 | 8.5.63 |
7.15.3-7.16.6 | 8.5.61 |
7.7.3 -7.12.10 | 8.5.57 |
7.5.7-7.6.3 | 8.5.55 |
7.5.5-7.5.5 | 8.5.54 |
7.4.1-7.4.3 | 8.5.41 |
7.3.2-7.3.2 | 8.5.51 |
7.0.0-7.2.1 | 8.5.41 |
Artifactory 7.46
This section includes all the Artifactory 7.46.x releases.
Artifactory 7.46.11Cloud | Self-Hosted
Released: 4 November 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
RTDEV-28386 | Fixed an issue whereby, the Sumo Logic integration with Artifactory failed. |
Artifactory 7.46.10Cloud | Self-Hosted
Released: 30 October, 2022
Resolved Issues
JIRA Issue |
Description |
---|---|
META-1457 | Fixed an internal issue related to database performance. |
Artifactory 7.46.9Cloud | Self-Hosted
Released: 27 October, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
JA-4056 |
Fixed an issue whereby, modifying an OAuth user prevented the user from logging in to the JFrog Platform. |
ֿArtifactory 7.46.8Cloud | Self-Hosted
Released: 25 October, 2022
Swagger is Disabled in Artifactory
Swagger UI versions from 3.14.1 to 3.38 contain a vulnerability. By default, Swagger is bundled in Artifactory and therefore had been disabled.
A patch will be released shortly to resolve this issue, however, only self-hosted customers who require running theaffected Swagger versioncan do soat their own riskby enabling Swagger in theaccess.config.yml
file.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTDEV-28200 |
Fixed an issue whereby, Artifactory was unresponsive after loading the Docker V2 tags to Remote repositories. |
Artifactory 7.46.7Cloud
Released: 14 October, 2022
Cloud Only
JFrog Artifactory 7.46.7 is available as a Cloud version.
Resolved Issue
JIRA Issue |
Description |
---|---|
JA-3993 |
Fixed an internal issue related to the JFrog Free Trial experience. |
Artifactory 7.46.6Cloud | Self-Hosted
Released: 14 October, 2022
Resolved Issues
JIRA Issue |
Description |
---|---|
RTDEV-28125 |
Fixed theknown issuewhereby, users performing Google authentication to the JFrog Platform received an error. |
RTDEV-28001 |
Fixed an issue whereby, the Terraform Client in version |
Artifactory 7.46.3Cloud | Self-Hosted
Released: 11 October, 2022 (Released to Cloud on 2 October, 2022)
Known Issue in this Version
Affected Audience: Users logging into the JFrog Platform with Google Authentication should refrain from upgrading to this version. For more information, clickhere.
JetS3t Deprecation Announcement - Applies to Self-Hosted Environments Only!
In continuation to the official email sent on the 22 of July 2022, we have officially deprecated the JetS3t library thatwas used in the JFrog Platform to enable an API to AWS S3 and Google Cloud Storage.You should therefore use the s3-storage-v3 instead, whichuses the official, highly-maintained AWS S3 SDK.The transition is seamless between s3 to s3-storage-v3, as most parameters are the same between the two providers. To learn more, seeAmazon S3 Official SDK Template.
Feature Enhancements
Java 17 Compatibility
From this version, Artifactory officially supports running with JDK 17 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 17.
Access Token Scope Added to the WebUI
The scope of a user's access token (also known as a scoped token), has now been added to the JFrog Platform WebUI (in addition to the existing API endpoint) as a new column in the Security page. For more information, seeGenerating Scoped Tokens.
AQL Search Speed Improvements
Improved AQL internal search mechanism to support running faster queries.
Helm Indexing Improvements
Improved the speed when indexing Helm Charts in Helm repositories.
Webhooks WebUI Now Supports Using the Secret for Signing the Payload
When creating Webhooks and defining a secret authentication token, the administrator can determine the way in which the Webhook's secret token should be used:
- As the
X-JFrog-Event-Auth
HTTP header, so that the token can be used by the service that receives the event to authenticate the event emitter. - To sign the events payload- in which case the secret token must not be passed as a header.
To support both options, the backend was updated to also send an HTTP header containing the payload hash value calculated based on the secret token (this hash value should be computed based on SHA1 or SHA256). With this release, the JFrog Platform now supports setting the secret for payload signing through the WebUI.SeeCreating Webhooks in the JFrog Platform.
Native Browser Scrolling Enhancement
Added an option to scroll through your artifacts and view all package contents in the Native browser.
Allow Including/Excluding Patterns for Syncing User Entities with Access Federation
添加了option to define include or exclude patterns for users.
Important
This feature is experimental. We recommend reaching out to JFrog Support for assistance with configuring this, as it may affect other Federation setups.
Cargo Indexing Enhancement
Added support for alternative indexing in Cargo repositories based on the sparse index specifications, instead of jgit server
For more information, seeSetting Up Cargo Indexing Using Sparse Indexing.
User/Group WebUI Enhancements
Enhanced the User/Group WebUI with the following updates:
- Enable sorting users in tables by additional columns
- Enable partial search by name/email in tables
- Improved the loading time of Users in the Groups page
- Improved the loading time of Users/Groups in Permission Targets
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, running theGET binary/providers/info Rest API,triggered an exceptionwhen the binarystore.xml was configured to use the sharding binary-provider with the redundancy value greater than the number of sub-providers. For example,when usingcluster-s3-storage-v3 template with redundancy set to 3. |
|
RTFACT-27321 |
Fixed an issue whereby, the Conan search failed to provide correct results when searching a virtual Conan repository if the indexed files did not exist in Local Conan repositories. |
RTFACT-26816 | Fixed an issue whereby, the Config Descriptor was corrupted due to expired CRON expressions. |
Fixed the issue whereby, deploying two CocoaPods pods to a remote Smart Repository with the same source field caused one of them to be later installed incorrectly |
|
RTFACT-27174 | Fixed an issue whereby, running a Copy or Move using Docker Promote left orphan layers of the Docker image in the target repository. |
Fixed an issue whereby, Docker Catalog tags were not cached according to the Docker repository in the |
|
Fixed an issue whereby, running Docker v2 Tag listing REST API, pagination was not supported and only 50 tags were displayed. |
|
Fixed an issue whereby, Artifactory returned a 500 error message while resolving npm packages with a "relative" path from a virtual repository. |
|
Fixed the following issues relating to npm repositories:
|
|
Fixed an issue whereby, performing a NuGet (V3 protocol) search against thenuget.orgregistry did not return results. |
|
固定一个问题,,在某种情况下s, accessing the Terraform backend repository using Terraform CLI returned a 403 error message even though login was successful. |
|
Fixed an issue whereby, Docker repositories catalogs were not updated automatically for remote repositories. |
|
Fixed an issue whereby, NuGet search queries failed when searching for packages with unencoded characters in the package metadata URL fields. |
|
Fixed an issue whereby, Docker repositories metadata was accessible directly and visible through the JFrog UI, and now they can be accessed only using the REST API. |
|
Fixed an issue whereby, a project admin was not able to create a repository if a Federated repository binding exists. |
|
RTFACT-27016 | Fixed an issue whereby, when the source Artifactory was offline, the cached artifacts on the Artifactory Edge node could not be downloaded. |
RTFACT-27050 | Fixed an issue whereby, modifying the default proxy settings applied the proxy settings to all remote repositories and replications even though no proxy was configured. To prevent auto-updates of a proxy, set the 'No Proxy' property. For more information, seeAdvanced Proxy Settings. |
RTDEV-25657 | Fixed an issue whereby, disabling the Push Replication in the UI did not activate the license after the next Artifactory restart. |
RTDEV-27500 | Fixed an issue whereby, the Edit Properties functionality in the JFrog Platform UI failed to store multiple values separated by a semicolon as expected. |
RTDEV-27266 | Fixed an issue relating to Docker login whereby, the default identity tokens expiration time was too long (30 days), and has now been shortened to a default of 150 minutes. The expiration time can be modified by setting the |
RTDEV-27455 |
固定一个问题,,在某种情况下s,npm install failed if metadata was omitted. |
JA-3154 | Fixed an issue whereby, SAML login failed if the SAML User ID contained special characters. |
RTDEV-6006 |
Fixed an issue whereby, the Support Bundle page in the WebUI did not display any Support Bundles due to a single corrupted |
RTDEV-27702 | Fixed an issue whereby, Helm or Cran Virtual repository cache expiry caused malformed content length in S3 direct storage. |
Artifactory 7.42
This section includes all the Artifactory 7.42.x releases.
Artifactory 7.42.5Cloud
Released: 4 September, 2022
Cloud Only
JFrog Artifactory 7.42.5 is available as a Cloud version.
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue whereby the Conan search failed to providecorrectresults when searching a virtual Conan repository if the indexed files did not exist in Local Conan repositories. |
Artifactory 7.42.3Cloud
Released: 24 August 2022
Cloud Only
JFrog Artifactory 7.42.3 is available as a Cloud version.
Resolved Issues
JIRA Issue |
Description |
---|---|
JFUI-10612 (Reference Only) | Fixed an issue whereby,running Artifactory version 7.39.4 on Windows 2012 or higher with Xray version 3.51 and higher,did not display Xray-related settings in the JFrog Platform webUI. |
Artifactory 7.42.1Cloud
Released: 31 July 2022
Cloud Only
Artifactory 7.42.1 is available as a Cloud version.
Feature Enhancements
Added a Full Broadcast Function to the Access Federation UI
添加了option to trigger a full broadcast from a specific Access Federation source via the Access Federation UI. SeeFull Broadcast.
CRAN Local Repository Improvements
Aligned the CRAN Local repository to follow the CRAN spec when populating the Archive folder by introducing the following enhancements:
添加了
cran.archiveMover.enabled
system property that will allow the storage of the archives in the correct hierarchy.Added a newMove Archives CRAN REST API,which moves the existing archives to the correct location (if the system property is enabled).
Cold Storage UI Improvements
Added a newSkip Trash Can
checkbox allowing you to skip moving items to the trash can when creating or modifying Cold Storage Archive policies in the WebUI.
Property Set/name
Validation Endpoint Changed to /propertyName
Changed the property set endpoint from/Name
to/propertyName
.
Projects Enhancements
Modified the Project Key Name length limitation from three to two characters.
Generate a Non-expiry Admin Token without Changing the Configuration
Admins can now bypass tokens restrictions and can generate a token with any expiry they wish and create refreshable tokens without changing the configuration.The token restrictions will affect non-admin users and they can be set in theAccess YAML Configuration.
Resolved Issues
JIRA Issue | Description |
---|---|
RTFACT-27111 |
Fixed a Cargo package-related issue, whereby a remote Cargo remote repository could not be created without providing the gitRegistryUrl which prevented Artifactory from starting. |
RTFACT-27157 |
Fixed a PyPI-related issue whereby, remote PyPI artifacts yanked from the registry would not be processed by Artifactory if there were no yanked details in the remote repository. |
RTFACT-27048 |
Fixed an issue whereby, submitting repository-related REST API requests without a repository key returned a 500 error instead of a 400 status error. |
RTFACT-27151 | 固定一个问题即,用户无法人群download artifacts via the URL-to-File requests. |
RTFACT-27253 |
Fixed an issue whereby, running the Get LDAP Groups Rest API returned forceAttributeSearch as false even if it was set astrue in theconfig.xml file. |
RTFACT-26347 |
Fixed an issue whereby, when running NuGet-related REST APIs, the NuGet HTTP status code returned a 403 status message instead of a 409 status message for users with write and not overwrite access while trying to upload an already-existing package. |
RTDEV-27108 | Fixed an issue whereby, the contents of a virtual repository could not be listed when there is a broken remote repository. |
JA-3354 | Fixed an issue whereby users with the "Manage Resources" permission granted users access to Admin Settings page. |
RTDEV-26949 | Fixed a Cargo package-related issue, whereby the Cargo search could not find the carte if the carte name contained more than one hyphen. For example,openid-connect-mock . |
RTDEV-26892 |
Fixed an issue whereby, Helm virtual repositories that were set as the target of a Smart remote repository, downloaded new artifacts even if the Change to Parameter Usage for Existing Smart Helm Repositories Users As part of the bug fix, the flag is still set to |
RTDEV-6431 | Fixed an issue whereby, running theCreate RepositoryREST API to create a virtual repository with multiple local repositories with the same name, displayed the local repositories many times in the WebUI. |
RTDEV-2785 | Fixed an issue related to NPM packages whereby, a 404 error message was generated when running NPM Install if the package.json located under the local repo contained an extra slash. |
RTDEV-24786 | 固定一个问题,,在某种情况下s, running a Docker Pull generated an "Unknown Blob" error if the remote cache was deleted and the client had a partial cache. |
RTDEV-26679 | Fixed an issue whereby, when using ECDSA keys for SSH Authentication in Artifactory, the keys stopped to function if Artifactory was rebooted. |
Artifactory 7.41
This section includes all the Artifactory 7.41.x releases.
Artifactory 7.41.14Cloud | Self-Hosted
Released: 30 September, 2022
Resolved Issues
JIRA Issue |
Description |
---|---|
JFUI-10900 | Fixed an issue related to JFrog Platform performance. |
Artifactory 7.41.13Cloud | Self-Hosted
Released: 20 September, 2022
Resolved Issue
- 固定一个问题,,在某种情况下s, the JFrog Platform webUI was unresponsive due to a memory leak.
Artifactory 7.41.12Cloud | Self-Hosted
Released: 31 August, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, the Conan search failed to providecorrectresults when searching a virtual Conan repository if the indexed files did not exist in Local Conan repositories. |
Artifactory 7.41.7Cloud | Self-Hosted
Released: 29 July, 2022
Feature Enhancement
Disabling Proxy for Remote and Federated Repositories Now in the UI
Added a dedicated 'No Proxy' field in the JFrog Platform UI to allow disabling a proxy on the repository level. For more information, seeAdvanced Settings.
Resolved Issue
This patch resolves an issue caused byCVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215, andCVE-2022-32223. For more information, see theFixed Security Vulnerabilitiespage.
Artifactory 7.41.6Cloud | Self-Hosted
Released: 21 July, 2022
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-27298 | Fixed an issue whereby, Artifactory did not include NPM metadata fields that may have caused installations to fail. |
JA-3455 |
Fixed an issue whereby, Artifactory failed to verify Reference tokens federated by Access Federation.
|
RTDEV-27284 | Fixed an issue related to Debian packages, whereby only on rare occasions, errors were displayed even though packages were successfully downloadedfrom a remote Debian repository when redirect was enabled. |
RTDEV-27263 | 固定一个问题,,在某种情况下s, Helm repositories added unnecessary quotation marks to theindex.yaml file. |
Known Issue in this Version
Affected Audience: Users who have run their remote or federated repositories without a proxy and have manually removed the proxy.
Upgrading to the 7.41.6 version automatically populates the default proxy on all repositories that have manually set the proxy field as empty. To learn more, clickhere.
Artifactory 7.41.4Cloud | Self-Hosted
Released: July 11, 2022
Highlights
ARM64 Support
From version 7.41.4,Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.
Swift Registry Supported on Self-Hosted deployment
Swift Registry support has been expanded to support both cloud and self-hosted deployments. For more information, seeSwift Registry
Feature Enhancements
Debian Repository includes Support for Debian Snapshots
From Artifactory 7.41.4, Debian repositories include support for Debian Snapshots andcan be used in the following scenarios:
- As backups, allowing you to easily fall back to previous versions in case of package corruption due to dependency changes.
- For release purposes, whereby the tested Packages file can be immutably saved and served.
For more information, seeWorking with Debian Snapshots
Conan Search Optimization
Performed internal improvements to increase the Conan Search performance.
Updated the Refresh Token Mechanism
To enable refreshing a token without having to provide the old token, a new column has been added to the database that contains the token payload, the token version, and `kid` as a JSON (this is application for refreshable tokens only!). Upon receiving a token request to refresh, the original data is then taken from the new column in the database. SeeRefresh Token.
Maven Snapshot Version Default Behavior Change
Breaking Change
The MavensnapshotVersionBehavior
parameter that was set as 'non-unique
' as the default in earlier Artifactory versions, is now set as 'unique'
. This change affects both local and federated repositories.
Users with Repository Management/Deploy Permission can View/Use the Trash Can Repository
Until the current release, users who did not have Admin permission were unable to view or to use the Trash Can repository, so that only administrators were able to see and interact with the Trash Can. With this release, two changes have been implemented:
- Users who havedeploy or managepermissions to any repository will be able to view the Trash Can and to view files in thatrepository of origin.
- Users who also havedeletepermissions to their repository will now also be able to restore themwithout requiring admin assistance (they will not be able to view or restore any other repositories).
Important
The contents of the Trash Can are filtered based on the repositories to which the user has permissions. This means that the user will not see or restore files from any other repository unless they havepermissions to that repository. For more information, seeTrash Can Settings.
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed the issue, whereby running the Create Virtual repository REST API allowed duplicating the same local repository in the Virtual repository. |
|
RTFACT-26704 |
Fixed an issue whereby, attempting to move files to a virtual repository caused files to disappear. |
RTFACT-26903 | Fixed an issue whereby, creating permission targets using the REST API was faulty. |
RTFACT-26430 | Fixed an issue whereby, NPM Info did not include all the artifact data collected from thepackage.json file. |
RTFACT-27116 | 固定一个问题,,在某种情况下s, NuGet v3 packages containing a version with upper case characters in the 'Prerelease' parameter were omitted from the registration item results if they were in the lower or upper entry of the list. |
RTFACT-27056 | Fixed an issue whereby, converting a local repository to a federated repository removed the repository from the Project. |
Fixed an issue whereby, Helm charts containing annotations with a regex of '[0-9] +e [0-9]' broke the |
|
Fixed an issue whereby, the Npm Info did not include all the artifact metadata that should have been collected from the |
|
RTFACT-26709 | Fixed an issue where |
Fixed an issue whereby, Debian Source packages could not be downloaded if the 'Store Artifacts Locally' option was disabled. |
|
Fixed an issue whereby, uploading Docker images to Federated repositories did not sync to other federated members if the repository name contained more than 34 characters. | |
Fixed an issue whereby, users with the Manage Resources role could not create the permission targets through REST API. | |
RTFACT-27056 |
Fixing an issue whereby, converting local repositories to federated repositories removed the repository from the Project. |
Fixed an issue whereby, the GAVC Search returned artifact versions without the |
|
Fixed an issue relating to npm packages, whereby the npm client configured opposite a virtual repository and the remote repository within this repository is offline, the npm audit command fails. This audit command should return results as Artifactory is connected to Xray and therefore should return the results from Xray. | |
RTDEV-26681 |
固定一个问题,,在某种情况下s, Go Virtual repositories may have returned a 404 response when the remote repository response was 200. |
JA-3299 | Fixed an issue whereby, reference tokens expired earlier than expected. |
Known Issue in this Version
Affected Audience: Users who have run their remote or federated repositories without a proxy and have manually removed the proxy.
Upgrading to the 7.41.4 version automatically populates the default proxy on all repositories that have manually set the proxy field as empty. To learn more, clickhere.
Artifactory 7.39
This section includes all the Artifactory 7.39.x releases.
Artifactory 7.39.10Cloud | Self-Hosted
Released: 29 July, 2022
Resolved Issue
This patch resolves an issue caused byCVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215, andCVE-2022-32223. For more information, see theFixed Security Vulnerabilitiespage.
Artifactory 7.39.6Cloud
Released: June 29, 2022
Artifactory 7.39.6 is a Cloud Version
The JFrog Artifactory 7.39.6 release is available as a Cloud version only.
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue relating to NuGet 3 users, whereby NuGet v3 installations failed if the version name contained upper case characters. |
|
Fixed an issue relating to working with Projects, whereby in the webUI, the repository environment could not be changed from DEV to PROD in a project. | |
JA-3299 | Fixed an issue whereby, reference tokens expired earlier than expected. |
Artifactory 7.39.4Cloud | Self-Hosted
Released: 14 June, 2022
Highlights
Swift Registry Support
Artifactory now natively supports a dedicatedSwiftregistry, giving you full control of your deployment and resolution process of your Swift packages and their dependencies. Today Swift is most widely used as the go-to language for iOS and all the other Apple OS-app development. With the introduction of Swift support by Artifactory, you can create secure and private local Swift repositories, remote Swift repositories to proxy remote Swift dependencies and cache downloaded Swift packages. Virtual Swift repositories give you a single URL through which to manage the resolution and deployment of all your Swift packages. To learn more, seeSwift Registry.
Feature Enhancements
Storage Summary Improvements
The default threshold for updating the Storage Summary page update has been modified from 1 hour to 6 hours. This change is done in order to minimize the load. This value continues to be configurable as before by setting 'update.storage.summary.cron
' value.
Detected Known Issues
This release containsan issue that was initially fixed in 7.38.10 whereby referencetokens expired earlier than expected. For Cloud customers, this issue can be resolved by upgrading to a newer release (7.39.6and above). Self-hosted customers will need to upgrade to release7.41.4and above.Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue whereby,an incorrect message and response status from the Conan Server in case of missing permissions. |
|
RTFACT-25926 | Fixed an issue whereby, publishing an artifact to a Cargo registry with the |
RTFACT-26470 | Fixed an issue whereby, running an AQL query with an Asterix failed to return results. |
Fixed an issue whereby, an SSL/TLS certificate could not be created for an existing remote repository. |
|
Fixed an issue whereby, resolving packages from a remote NuGet repository pointing to thef.feedz.ioremote registry failed. |
|
Fixed an issue whereby, instances with a context prefix other than |
|
固定的一个问题,即虚拟复位器掌舵y resolution order was not applied when multiple local/virtual repositories had the same artifact. |
|
Fixed an issue, whereby resolving a NuGet package located in a local repository opposite a virtual repository, routes the request to the remote repository, and provides a 404 response error. | |
Fixed an issue whereby, PHP Composer packages failed to download files with the Dev version from virtual repositories. |
|
Fixed an issue whereby, more than one HELP text line appeared for a number of HTTP connection metrics. |
|
Fixed an issue whereby,folders downloaded astar.gz or tar files, containing files larger than 8 GB, failed to download. |
|
Fixed an issue whereby, Alpine version 3.16 may have caused a 'package file format error ' when resolving from an Artifactory Alpine repository. |
|
Fixed an issue whereby, accessing for a |
|
Fixed an issue whereby, an internal Cargo token was exposed in the Token Admin page, and thus could be accidentally be revoked. | |
|
Fixed an issue whereby, empty folders of a Release Bundle were not deleted as part of its deletion from both target Repositories and Release Bundles Repository. A new parameter has been added to the Artifactory system.yaml file called |
Fixed an issue whereby, after registering a new instance (Register JPD) and binding it using Cold Storage binding, it would take several minutes for the new instance to be identified in the JFrog Platform as a Cold instance target and not as a source. |
|
Fixed an issue in the JFrog Platform UI, whereby the Show option in the Trash was not functional. |
Artifactory 7.38
This section includes all the the Artifactory 7.38.x releases.
Artifactory 7.38.17Self-Hosted
Released: 11 August 2022
Self-Hosted Version Only
The JFrog Artifactory 7.38.17 release is available as a Self-Hosted version.
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue related to Federated repositories, whereby the internally predefined socket timeout parameter was set to two minutes causing the full sync of large repositories sync between federated sites to fail. As part of the fix, you can now manually increase the socket timeout via the |
Artifactory 7.38.16Cloud | Self-Hosted
Released: 4 August, 2022
Resolved Issue
This patch resolves an issue caused byCVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215, andCVE-2022-32223. For more information, see theFixed Security Vulnerabilitiespage.
Artifactory 7.38.10Cloud | Self-Hosted
Released: 19 May, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
JA-3299 |
Fixed an issue whereby, reference tokens expired earlier than expected. |
Artifactory 7.38.8Cloud | Self-Hosted
Released: 11 May, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue relating to the WebUI, whereby a UI page performed a refresh every few seconds. |
Artifactory 7.38.7Cloud
Released: 8 May, 2022
Artifactory 7.38.7 is Available as a Cloud and Self-Hosted Version
The Artifactory 7.38.7 Self-hosted version contains the same content as the Artifactory 7.38.4. To view the contents of this release, see theArtifactory 7.38.4Release Notes.
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixes an issue relevant to JFrog Xray users, wherebyinstances configured with a custom context prefix, could not perform authentication opposite the JFrog Platform using the Xray REST API. |
Artifactory 7.38.4Cloud
Released: 28 April, 2022
Artifactory 7.38.4 is Available as a Cloud Version
Artifactory 7.38.4 is available as a Cloud version. This JFrog Artifactory 7.38.4 is aligned with the Artifactory 7.38.7 Self-Hosted version.
Highlights
Terraform Package Support
JFrog provides a fully-fledged Terraform repository solution giving you full control of your deployment and resolution process of Terraform Modules, Providers, and Backend packages.
TheTerraform Registryin the JFrog Platform offers the following benefits:
- Secure and private local Terraform Modules registry
- Secure and private local Terraform Providers registry
- Proxy remote Terraform Module and Provider resources with caching to keep you independent of the network and the remote resource.
- Virtual Terraform repositories that support a single URL through which to manage the resolution and deployment of all your Terraform Modules and Providers.
TheTerraform Backend Repositoryin the JFrog Platform offers the following benefits:
- A Remote State Storage Provider
- Support for multiple Workspaces
- Built-in Secure State Encryption storage
- Comprehensive State snapshot history
- State content viewer with advanced search abilities
To learn more about the Terraform repository solution in the JFrog Platform, seeTerraform Repositories.
Feature Enhancements
Enhancements to the JFrog Platform WebUI
From version 7.38.4, we have implemented the first phase of the JFrog Platform WebUI redesign that is intended to provide a more intuitive user experience based on our customer's feedback.
Note that the changes in this phase only include changes to the Tab name changes and do not include changes to the WebUI structure.
Location in the UI | Tab Name (Prior to 7.38) | New Tab Name (from 7.38) |
---|---|---|
Administration | Identity & Access | User Management |
Security | Authentication Providers | |
Platform Deployments | Platform Management |
Authentication of Users using mTLS is Now Supported
From Artifactory 7.38.4, self-hosted customers can authentication users usingmTLS(配置一个反向代理来支持mtl在e Cloud, you will need to contact JFrog Support to set this up for you). This will require you to perform some setup on the front reverse proxy (e.g., Nginx). SeeConfiguring a Reverse Proxy to Support mTLS.
TOKEN ENHANCEMENTS
Scoped Admin Access Tokens
From Artifactory release 7.38.4, JFrog enables companies to create their own Admin-scoped access token without using the JFrog Platform UI or via another token. This Access admin-scoped token is designed to be used for a short time only and its purpose is to start up the system. This provides customers with the option of setting up their JFrog Platform in an automated,fully UI-free setup. SeeCreating an Automatic Admin Token.
Scoped Tokens Now Include Resource Permissions
From Artifactory 7.38.4, scoped tokens also support resource permissions.SeeCreate Tokenendpoints table.
New Identity Token Format and API Key Replacement
Artifactory release 7.38.4, includes a new Identity Token format, also called a参考标记, which can also be used to replace the API Keys that will be deprecated in a future version.
API Key Deprecation Process
The deprecation process of the API Keys will be as follows:
- From Artifactory version 7.41.x, administrators have the option to block the creation of API Keys to all users using the
artifactory.security.apiKey.blockCreate
Artifactory system property. - 即将到来的Artifactory版本将包括option to log users' authentication methods. This will allow administrators to view and warn users using API Keys regarding the upcoming deprecation.
- In a future version (currently planned for H1 2023), the option to block the usage/creation of API Keys will be enabled by default, with the option for admins to change it back to enable API Keys.
- In a later 2023 version, API Keys will be deprecated all together and the option to use them will no longer be available.
The new Reference Token includes an option to create a "shortened," 128-character key, thereby providing an alias for the Identity Token. To learn more about how to generate an identity token, seeIdentity Token.
The new Reference Token is also enabled for Access scoped tokens in the Access Tokens UI, enabling you to generate a scoped access token in the format you prefer - full Identity Token or Reference Token. For more information, seeGenerating Scoped Tokens.
Added PKCE Support for OAuth Integrations
Artifactory supports enabling thePKCEextension over OAuthto gain an additional level of security and serves as an alternative to the basic Secret mechanism. By selecting theEnabled PCKE
field in the OAuth Provider dialog in the UI, you will enable this feature and the Secret option will be automatically disabled. For more information, seeEnabling Authorization Code Flow with PKCE.
Please note that backward compatibility for the authorization Code Flow without PKCE is retained.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-26090 |
Fixed an issue related to Federated repositories, whereby federating artifacts were routed through the system default proxy when performing a full sync. |
RTFACT-26719 |
Fixed an issue, whereby resolving a NuGet package from theDevExpress.comregistry resulted in a timeout. |
Fixed an issue, related to analtered |
|
Fixed an issue whereby,when resolving private NuGet packages from a Virtual repository, Artifactory cached the empty feed in the.nuget folder located under theNuGet-remote-cache repository. |
|
Fixed an issue whereby empty folders of a Release Bundle were not deleted as part of its deletion from both target Repositories and Release Bundles Repository. A new parameter has been added to the Artifactory |
Artifactory 7.37
This section includes all the the Artifactory 7.37.x releases.
Artifactory 7.37.17Cloud | Self-Hosted
Released: 4 August, 2022
Resolved Issue
This patch resolves an issue caused byCVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215, andCVE-2022-32223. For more information, see theFixed Security Vulnerabilitiespage
Artifactory 7.37.16Cloud | Self-Hosted
Released: 6 May 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixes an issue relevant to JFrog Xray users, wherebyinstances configured with a custom context prefix, could not perform authentication opposite the JPD. |
Artifactory 7.37.15Cloud | Self-Hosted
Released: 26 April, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
|
Fixed an issue whereby, Conan tokens expired after one hour. You now have the option to configure the TTL by modifying the artifactory.artifactory.tokens.expiration.timeSecs parameter which is set bydefault for 30 days. |
Artifactory 7.37.14Cloud | Self-Hosted
Released: 17 April, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue related to NuGet packages, wherebyinstalling a NuGet package via V3 failed due to version upper/lower character issues. |
Artifactory 7.37.13Cloud | Self-Hosted
Released: 14 April, 2022
Feature Enhancements
Enforce Internal Dynamic Search of Attributes in LDAP Groups
LDAP gro引入的新功能up dynamic strategy which enforces dynamic internal search of attributes in a group by setting the
in the Config descriptor. For more information, seeEnforcing Dynamic Search of Attributes for LDAP Groups.
Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories
An enhanced Maven Authentication mechanism has been implemented in Artifactory to eliminate the need to perform authentication prior to checking if a package is located in local, remote and virtual repositories. With the new authentication mechanism, when reaching Maven-local-three (which requires authentication), instead of first performing for authentication and next authorization, Artifactory will check if the requested item is located in the repository. If the requested package does exist, it will proceed to perform authentication and authorization. If not, a 404 error message will be triggered.
This feature is disabled by default and can be enabled by adding theartifactory.maven.authentication.nonPreemptive
parameter to theartifactory.system.properties
file. Please note that a reboot of the system is required after adding the flag. For more information, seeForcing Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories.
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 9.0.58, solving some security vulnerabilities described inCVE-2020-9484.
Anonymous Users can be routed to Login Page by Default
To provide Anonymous users in the JFrog Platform with an improved navigation experience, you can set all Anonymous users to be routed to the Login page by enabling the new 'Set the Login page as the start pag
e' on the Anon User page.
GAVC Search REST API Supported on Virtual and Remote Repositories
Maven users can now search by Maven Coordinates (GAVC:GroupID
,ArtifactID
,Version
,Classifier
), on remote and virtual repositories, in addition to the existing support for local repositories. For more information, see the new parameters added to theGAVC SearchREST API.
Added Support for Custom Ports to be Exposed on the NGINX Pod
As part of the alignment of the JFrog Platform with the conventional Kubernetes YAML syntax for container ports, we have added support for comments in the values.yaml file. It is self-explanatory as it is traditional Kubernetes YAML syntax and allows you to pass additional ports other than HTTP and HTTPS port to Nginx deployment and service in the values.yaml file.
New Webhook to Support Pull Replication from Remote Repositories
The newly added 'Cache' webhook event is triggered forPull Replication events occurring opposite remote repositories. Please note that for push replication, you should use this 'Deployed' event. For more information, see theDomain:Artifactsection.
Extended the Priority Resolution feature to Support RPM Packages
You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories for RPM packages.
Integration Service Logs Added to Support Bundle
Theintegration-request.log
and integration-service.log
logs have been added to the Support Bundle.
Release Bundle Webhooks:Enhanced the Exclude and Include Pattern Experience in the WebUI
To prevent confusion when creating the Release Bundle Webhook, the Webhooks WebUI has been improved when setting the include and exclude patterns.
Updated the Refresh Token Mechanism
To enable refreshing a token without having to provide the old token, a new column has been added to the database that contains the token payload, the token version, and `kid` as a JSON (this is an applicable to refreshable tokens only!). Upon receiving a token request to refresh, the original data is then taken from the new column in the database. SeeRefreshToken.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue related to downloading NuGet packages in virtual repositories running JFrog Xray whereby, Artifactory blocked downloads due to an Xray policy, and an incorrect error message was displayed. The error was 404 and has now been replaced 403. | |
RTFACT-26557 |
Fix an issue related to LDAP integration whereby, an increased number of REST calls were sent to the LDAP server during UI browsing. |
RTFACT-26751 |
Fixed an issue whereby, retrieving a version of a Go package from a virtual repository using a REST Command, returned a 500 error (Null Pointer Exception) response. |
RTFACT-26309 | Fixed an issue whereby,deploying files to aYum virtual repository failed to merge metadata related to.xz file extensions. |
RTFACT-26854 |
Fixed an issue whereby, updating a user group by adding a user or one of the user's groups through the CLI, required adding the credentials to the Conan client. |
Fixed an issue related to Conda packages whereby, deploying an attachment package to with stored entries to a local repository could not be extracted. | |
Fixed an issue whereby, tree browser artifacts were not sorted in a chronological list. |
|
Fixed an issue whereby, the Direct Cloud Storage Download field and CDN redirect field in the UI were not displayed, when creating or editing a federated repository. | |
Fixed an issue related to configuring Artifactory with Access TLS enabled using Helm Charts, resulted in incorrectproxy_pass configurations for/artifactory/ in the defaultartifactory.conf file. |
|
Fixed an issue, related to JFrog Distribution, whereby Release Bundles failed to be created froma project-assigned repository. |
Artifactory 7.36
This section includes all the the Artifactory 7.36.x releases.
Artifactory 7.36.2Cloud
Released: 18 March, 2022
Cloud Only
Artifactory 7.36.2 is Available as a Cloud Version
Resolved Issues
JIRA Issue |
Description |
---|---|
Failed an issue whereby, Smart Remote repositories could not be created in Artifactory Edge nodes. |
Artifactory 7.36.1Cloud
Released: 13 March, 2022
Cloud Only
Artifactory 7.36.1 is Available as a Cloud Version
Highlights
Artifactory as Your Symbol Server
A Symbol Server stores the .PDB files and binaries for all your public builds. These are used to enable you to debug any crash or problem that is reported for one of your stored builds. Both Visual Studio and WinDBG know how to access Symbol Servers, and if the binary you are debugging is from a public build, the debugger will get the matching PDB file automatically.
From Artifactory 7.36.1, you can benefit from the following advanced Symbol Server features:
- Publishing while indexing your Symbol packages to Artifactory from your NuGet Client v3 together with your NuGet packages or as separate Symbol packages
- Resolving Symbol files (
.pdb
) from virtual and local repositories in the JFrog Platform - Resolving Symbol files from remote proxies. For example,http://symbols.nuget.org/download/symbols.
- Debugging the Symbol files hosted on Artifactory using the Visual Studio debugger tool.
Note that prior to Artifactory 7.36.1, Symbol Server support was limited to setting Artifactory as a remote Proxy for Symbol files that were hosted as Generic packages in Artifactory.
Resolved Issues
JIRA Issue | Description |
---|---|
RTFACT-26150 |
Fixed an issue whereby, the term 'Federated' was mistakenly displayed in the context of the Summary Storage page and was not relevant to this display view. |
RTFACT-26576 | Fixed an issue whereby, zero milliseconds were not being displayed in the Request log. |
RTFACT-26580 |
Fixed an issue whereby, Copying or moving artifacts to a project set with a limit quota, were blocked if the storage quota limit has been exceeded. |
RTFACT-26754 | Fixed an issue whereby, clicking on the 'Test Mail' Button sent an Incorrect HTML response when a Base URL was configured. |
Fixed an issue, whereby downloads from 'URL to File' on the packages subfolder level failed in the webUI. | |
Fixed an issue whereby, the Storage quota limit was not enforced when using copying or moving content. |
|
Fixed an issue whereby, usersfailed to upload files to Azure Cloud due to a temp file write to an incorrect path in the filesystem where there is no user permission. |
Artifactory 7.35
This section includes all the the Artifactory 7.35.x releases.
Artifactory 7.35.2Self-Hosted
Released: 9 March, 2022
Artifactory 7.35.2 is a Self-Hosted Version
The JFrog Artifactory 7.35.2 release is only available as a Self-Hosted version.
JIRA Issue |
Description |
---|---|
|
Fixed an issue related only to Self-Hosted Enterprise + users: When restarting Artifactory while using MySQL, Oracle, or MSSQL, if the Mission Control microservice is enabled, an SQL error occurs and Artifactory fails to restart. |
Artifactory 7.35.1Cloud | Self-Hosted
Released: 1 March, 2022
Known Issue
For Self-Hosted Enterprise + users: When restarting Artifactory while using MySQL, Oracle, or MSSQL, if the Mission Control microservice is enabled, an SQL error occurs and Artifactory fails to restart.For more information,seeKnown Issues.
This issue was resolved in the Artifactory 7.35.2 release.
CentOS 8 Deprecation Notice
CentOS version 8 Decemb已经走到尽头er 31, 2021. Support for Artifactory installations on CentOS 8 will be deprecated by December 2022.
Feature Enhancements
Build-Info Repositories can be Shared Across Federated Repositories
The Federated repository feature has been expanded to support adding Build-Info repositories as federated members within a Federation using a dedicated
command. For more information, seeConverting a Build-Info Repository to a Federated Repository.
UI Support for Removing Binding Tokens for Federated Repositories
From Artifactory 7.35.1, you can now remove the binding tokens you created between a source JPD and target JPD using the JFrog Platform UI. SeeRemoving Binding Tokens.
Enhanced the AQL Query Performance for Postgres
Performed internal changes to the database indexing mechanism to improve the AQL Query Performance for Postgres.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-26498 | Fixed an issue related to Cargo repositories, under certain circumstances, publishing Cargo packages on a high scale, corrupted the index. |
RTFACT-26495 | Fixed an issue relating mainly to Cargo users, whereby properties defined as an index were trimmed automatically by Artifactory including features, and dependencies. To resolve this, the metadata details that are often very long will be saved in a dedicated JSON file instead of a property. |
Fixed an issue whereby, updating users using the REST API affected the user tokens for Conan requests. |
|
Fixed an issue whereby, users couldbrowse JS files in the JFrog Platform webUI. |
|
Fixed a user whereby, HTTP SSO was redirected incorrectly after logging in to the JFrog Platform, | |
Fixed an issue whereby,a 'no replication' notification was displayed in the UI even though replication was configured. |
|
Fixed an issue whereby, anonymous users were not able to deploy artifacts. | |
Fixed an issue related to the Cold Storage retention policy, whereby the following parameters were set but did not appear in the Edit policy page:Max Execution Duration.Deployed before,Last downloaded before,orPurge Artifacts from Archive. |
|
Fixed an issue related to Cargo repositories, under certain circumstances, publishing Cargo packages on a high scale, corrupted the index. |
Artifactory 7.34
This sectionincludes all of the Artifactory version 7.34.x releases.
Artifactory 7.34.4Cloud
Released: 14 February, 2022
Artifactory 7.34.4 is Available as a Cloud Version
Artifactory 7.34.4 release is available only as a Cloud version.
Feature Enhancements
Improved Pub Package Deploy Experience
From Artifactory 7.34.4, when running thedart pub publish
CLI command, the pub files will automatically be packaged astr.gz
文件和上传to Artifactory.
Resolved Issues
JIRA Issue |
Description |
---|---|
|
Fixed an issue whereby, installing Go projects with major versions higher than 1 failed, if not based on folder compatibility. |
Artifactory 7.33
This sectionincludes all of the Artifactory version 7.33.x releases.
Artifactory 7.33.9Cloud | Self-Hosted
Released: 7 February 2022
Resolved Issues
JIRA Issue |
Description |
---|---|
|
Fixed an issue whereby, distributed Helm Charts were not indexed. |
Artifactory 7.33.8Cloud | Self-Hosted
Released: 3 February, 2022
Highlights
Announcing the Integration Microservice
Released the new Integration microservice (as part of the JFrog platform) responsible for third-party authentication and event registration.
8071 and 8072 are the ports that must be open for the Integration microservice. For more information, see theRequirements Matrix.
Binding Tokens
JFrog introduces a new type of access token called abinding token, which allows trust to bebi-directional. Binding tokens provide a narrowed trust scope for those customers that do not wish to provide full access to the other JPDs, and also full self-service for Cloud Enterprise customers that can build customizable binding to the other JPDs on their own.While binding was available with the older access methods (Circle of Trust, join key, etc.), it has now been implemented as part of theJFrogPlatform Deploymentsfunction in theAdministrationtab.SeeBinding Tokens.
Binding tokens used for cross-JPDs require you to have an enabled Mission Control service.
Federated Repositories Now Supported for Cloud Customers
Federated Repositories require setting up trust between two JPD instances (source and target), which can be achieved using a Circle of Trust. With this release, using the new Binding Tokens, you can set up Federated Repositories in a JFrog Platform Cloud environment without using a Circle of Trust. SeeSetting Up a Federated RepositoryandBinding Tokens for Federated Repositories.
Resolved Issues
JIRA Issue |
Description |
---|---|
|
Fixed an issue whereby,the Bitbucket Cloud integration failed due to an incorrect cloud URL. |
Fixed an issue whereby, the SCIM page was not displayed in the WebUI for users with Edge licenses. |
|
Fixed an issue whereby, the Distribution Release Bundles WebUI page did not load. |
Artifactory 7.33.6Cloud
Released: 1 February, 2022
Artifactory 7.33.6 is Available as a Cloud Version
Artifactory 7.33.6 release is available only as a Cloud version.
Feature Enhancements
Force Authentication is Supported for Conan Repositories
For Conan repositories, you can now enableForce Authentication
on the repository level forcing users to perform authentication as a prerequisite for using the Conan Client opposite the repository. For more information, seeConan Allowing Anonymous. Access
Federated Repository Enhancements
You can control the Federated Repository binary importer number of workers/threads by setting a set of parameters in thebinary.xml
file
Deprecation of the JetS3t
Because the JetS3t library is no longer maintained; therefore,this template will be deprecatedin Artifactory in the second quarter of 2022. You should use the s3-storage-v3 instead, which uses the official, highly-maintained AWS S3 SDK.The transition should be seamless between s3 to s3-storage-v3, as most parameters are the same between the two providers. To learn more, seeAmazon S3 Official SDK Template.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, an error was generated whentrying to download PyPI packages after upgrading the PIP client to version 22.0. | |
固定一个问题,,在某种情况下s, an indexing race condition occurred while deploying Helm Charts. |
|
Fixed an issue whereby, a number of internal access tokens were displayed in the Access Tokens page in the UI. |
|
Fixed an issue whereby, the Build Module ID in the Builds view in webUI displayed a 500 error when the query contains more than 1000 dependencies in one list.(edited) |
|
Fixed an issue whereby, runningtheChecksum SearchREST command without including the repository name, generated an error when searching for a file that existed in a virtual repository. |
|
Fixed an issue whereby, users received an incorrect message when trying to revoke a token in the Profiled Edit page in the JFrog Platform webUI. | |
固定一个问题,,在某种情况下s, changes to theartifactory.config file led to thread leaks. |
Artifactory 7.31
This sectionincludes all of the Artifactory version 7.31.x releases.
Artifactory 7.31.13Cloud | Self-Hosted
Released: January 26, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed a regression that resulted in a significant increase in the number of calls to |
|
Fixed an issue whereby _intransit repository was not cleaned as expected after the release bundles distribution process (required for JFrog Distribution). |
Artifactory 7.31.11Cloud | Self-Hosted
Release: 23 January, 2022
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue when upgrading to Artifactory 7.31.10, whereby JFrog Artifactory failed to start up after performing an upgrade if the system propertyallowExternalConversionScriptswas set totrueand an External Conversion script was not provided. |
Artifactory 7.31.10Cloud | Self-Hosted
Released: 10 January, 2022
Important Notice
当upgrading to Artifactory 7.31.10, Artifactory will fail to start up if the system propertyallowExternalConversionScripts
is set to true and there is no External Conversion script provided.
As a workaround, remove the system propertyallowExternalConversionScripts
or set it tofalse.For more information,Known Issues.
这个问题是解决Artifactory 7.31.11release.
Highlights
JFrog Projects Feature is Available to All JFrog Users
The JFrog Projects feature is now supported on all JFrog Subscriptions.JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. As such, using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. Projectssimplify the onboarding process for new users, createbetter visibility for LOBs and project stakeholders.To learn more, seeProjects.
Number of Projects Supported Per Subscription Type
All JFrog subscription types can create up to three projects in parallel to JFrog supporting extended usage of 30 projects for Enterprise subscriptions, and 300 projects for Enterprise+ subscriptions.
Pub Repository Support (Beta Version)
Artifactory now natively supportsDartpackages, giving you full control of your deployment and resolution process ofFlutter,Angular Dart, and general Dart programs.You can create secure and private local Pub repositories with fine-grained access control. Remote Pub repositories proxy remote Dart resources and cache downloaded Dart packages to keep you independent of the network and the remote resource, and virtual pub repositories give you a single URL through which to manage the resolution and deployment of all your Dart packages. To learn more, seePub Repositories.
S3 with Storage Sharding Support
Artifactory introduces S3 Sharding template (s3-sharding
) that utilizes a new sub-provider,state-aware-s3
, so that you can use multiple S3 buckets with sharding as the Artifactory file store. For more information, seeS3 Sharding.
High Availability in PostgreSQL Database
Artifactory introduces the ability to set up PostgreSQL databases in an HA configuration to be used as the Artifactory database. For more information, seePostgreSQL.
Feature Enhancements
Priority Resolution Supported on Federated Repositories
Added support for setting Priority Resolution on Federated repositories.Setting Priority Resolution takes precedence over the resolution order when resolving Federated repositories and will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.
Garbage Collection Improvements
To improve Garbage Collection performance, you can now disable size-based ordering of the GC query. As a result, artifacts will not necessarily be deleted from largest to smallest. For more information, seeGarbage Collection.
NuGet SetMeUp API v3 Enhancements
The NuGet package Set Me UP page in the JFrog Platform UI has been redesigned to reflect the best practices promoted by NuGet regarding the usage of API v3 over API v2. For more information, seeConfiguring NuGet Repositories.
Introducing npm SHA512 Support
From npm version 5, all npm packages published to Artifactory will support both SHA512 and SHA1 while using the strongest algorithm available, which will result in improved performance, robustness, and enhanced fault-tolerance. For more information, seev500.
Artifactory now supports SHA512 checksum when publishing to Artifactory with npm versions greater than 5 (containing sha512).
Checksum Policy Support for NPM Uploads
Added support for checksum validation on the NPM Tarballs when running the NPM Publish command.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-25909 | Fixed an issue whereby, deployed Helm charts in the virtual Helm repository index could not be found. |
RTFACT-26212 | Fixed an issue whereby, Artifactory prompted for a username and password when accessing a file link in the Native Browser. |
Fixed an issue whereby, builds containing slashes in the name, returned a 404 error message in the UI when using an Apache reverse proxy. | |
RTFACT-26319 | Fixed an issue whereby, the download counter was increased when clicking the PyPI Info tab. |
Fixed an issue, whereby Artifactory could not be used as a BuildKit remote cache. |
|
Fixed an issue, whereby a user with Delete Release Bundle permissions in the Edge node was not able to delete a Release Bundle version. |
|
Fixed the issue, whereby the logging system got stuck on Windows machines |
|
Fixed an issue whereby, retrieving NuGet packages, caused Artifactory to return a 404 error message if the uploaded package contained uppercase letters and the request contained only lowercase characters. | |
RTFACT-26553 | Fixed a bug whereby, using specific prefixes(jfrog- ,artifactory- ) in the repository name, prevent the creation of the repository. |
Fixed an issue whereby, a paginated Docker catalog call was slow due to an exclusion pattern. | |
Fixed an issue whereby, Artifactory stopped working if the first shard in a sharding environment was unavailable. | |
Fixed an issue whereby, performance slowness was detected, during bursts of anonymous requests, due to the ineffectiveness of the RateLimit external library. | |
Fixed an issue whereby, illegal characters in build names caused builds to crash without generating an error message. | |
Fixed an issue whereby, RPM repository type packages were not saved as YUM files. |
|
Fixed an issue whereby, the upgrade process failed if no JFrog license was found. Note: Applies only to Enterprise+ subscriptions |
|
Fixed an issue whereby, empty repositories were getting listed even if the repository didn't allow anonymous access. | |
固定一个问题即Artifactory没有决心e |
|
Fixed an issue whereby, when working with Projects, Project Admins could list all the repositories including those that users could not access. |
|
Distribution removes the properties that were set on the edge node repository. This means that there is a possibility that all the properties set by the customer will be overridden. While this affects Distribution, the fix was in Artifactory. |
|
Fixed an issue whereby, the 'Save as Link ' in the Native Artifactory Browser did not function. A dedicated link was added to resolve this issue and will function as "Save Link As ". |
|
Fixed an issue whereby, Project Admin could list repository names to users without the relevant permissions. |
|
Fixed an issue whereby, the repositories were not displayed in the Storage Summary page in the UI. | |
Fixed an issue whereby, HA licenses were displayed incorrectly as Standalone instances in the Licenses page in the UI. |
|
Fixed an issue whereby, the Build Status page in the UI referred to artifacts from different repositories, and not from that repository that was used to promote the build. |
Artifactory 7.29
This sectionincludes all of the Artifactory version 7.29.x releases.
Artifactory 7.29.9Cloud | Self-Hosted
Released: 11 January, 2021
Resolved Issues
- Fixed a number of issues related to the internal Replicator service within an High Availability (HA) environment.
Artifactory 7.29.8Cloud | Self-Hosted
Released: 15 December, 2021
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, resolving NuGet packages opposite the remote NuGet repo pointing tohttps://www.powershellgallery.com/failed. |
Artifactory 7.29.7Cloud | Self-Hosted
Released: 5 December, 2021
Highlight
New Hybrid Solution Provided through the Distribution Edges
Self-hosted customers who have an existing JFrog Distribution in place may sometimes require the option of adding additional JFrog Artifactory instances in the cloud. This hybrid setup is now supported through the JFrogDistribution Edges Add-on, a commercial offering for On-Prem customers to leverage JFrog SaaS for software distribution. This add-on enables On-Prem customers toadd cloud-based Edge nodes managed by JFrog (software-as-a-service) and fully utilize them for content distribution. SeeConfiguring Distribution Edges Using the Distribution Edges Add-on.
New Integration for JFrog Artifactory with Amazon's Elastic Cloud Kubernetes (EKS) Anywhere
Amazon's Elastic Cloud Kubernetes (EKS) Anywhere is a new deployment option for Amazon EKS, which allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, supported by AWS. Unlike the Bring Your Own License (BYOL) model, which uses a Docker image, the deployment of JFrog Artifactory on Elastic Cloud Kubernetes (EKS), EKS Anywhere uses Helm Charts to leverage the AWS License Manager. SeeArtifactory Integration with Amazon AWS Container Marketplace.
Support for Personal OAuth SSO
JFrog Cloud users (only)can now also join through an invite, and to then log in using Personal OAuth such as Google or GitHub. For more information, seeAdding New Users via Invite.
Master.key Load and Retention in Memory
To improve security around the storage of the master.key, from Artifactory version 7.29.7 JFrog supports loading the master.key at startup and keeping it in memory. This is achieved by removing the master key from the file system by each application, after it was read by the application node during bootstrapping. Customers who wishing to utilize this capability will need to "opt-in" to the master key removal, to fetch the master key and to place it in the correct path on the application's file system whenever a new node is bootstrapped. SeeMaster.key Load and Retention in Memory.
Feature Enhancements
Garbage Collection Performance Improvements
Improved Garbage collection performance by implementing changes to the internal garbage collection batch mechanism.
New Pairing Token UI and API
Added new UI in the JFrog Platform for a pairing token, which establishes trust between different JFrog micro services. The pairing token is an access token that is used for the initial pairing flow. Because the token is a limited access token, it is dedicated to a specific task and short-lived. Once trust is established, the services can continue using the standard token-based authentication for communication.Pairing tokens replace the join.key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not with in a JPD). SeeGenerating Scoped and Pairing Tokens.
NuGet Repository Improvements
As part of the NuGet package improvement initiative, we have added the ability to resolve cached artifacts from remote NuGet repositories in case the remote repository is down.
隐藏Artifactory版本支持在UI中
The Artifactory version in the UI can be hidden by setting theartifactory.standalone.show.detailed.footer=false
to thevar/etc/artifactory/artifactory.system.properties
file.
This feature is applicable only to Artifactory Self-hosted instances.
Conan Search Optimization
Performed internal changes to the Conan search resulting in Conan search optimization.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fix an issue whereby, PowerShell I |
|
Fixed an issue whereby, Docker remote and virtual repositories did not display the correct Xray Blocked message. |
|
RTFACT-26101 | Fixed the issue whereby, a new repository could not be created by the project admin when theExclude New Repo option was enabled in the backup configuration. |
Fixed an issue whereby, the Native UI browser did not list any files under a repository and its subfolders when an "Include Patterns" was configured. |
|
RTFACT-20557 | 添加了ability to resolve cached artifacts from remote NuGet repositories in case the remote repository is down. |
Fixed an issue whereby, offline Artifactory nodes could not be deleted from the Service Status page in the UI. |
|
Fixed an issue whereby, Artifactory pointed to the incorrect remote Conan repository.The Default URL for the remote Conan repository was changed tohttps://center.conan.io | |
Fixed an issue whereby, the Topology page in the UI was not loading. |
|
Fixed an issue whereby, the Graph view located under the Packages page did not load. | |
固定的联合存储库相关的一个问题whereby, remote Federated repositories were not visible in the available Remote Platform deployments. | |
Fixed an issue whereby, the service version was not displayed in the Service Status page in the UI. |
|
Fixed an issue whereby, setting up a star topology between Artifactory Edge nodes did not propagate the permissions from one Edge to another. | |
固定一个问题即,Access Config Backup file was generated even if no changes were made to the configuration. | |
Fixed an issue whereby, performing DB migration from 7.17.x to 7.27.6 failed, if the sql_require_primary_key was enabled. |
|
Fixed an issue whereby, two Mission Control services became available after upgrading from an Artifactory version with Mission Control to an Artifactory with Mission Control set as an internal Artifactory service. | |
Fixed an issue whereby, setting up Federated repositories required setting up a proxy. |
Artifactory 7.28
This sectionincludes all of the Artifactory version 7.28.x releases.
Artifactory 7.28.9Cloud
Released: 19 November, 2021
Artifactory 7.28.9 is Available as a Cloud Version
Artifactory 7.28.9 release is available only as a Cloud version.
Breaking Change for MySQL Users
This breaking change applies only to Artifactory version 7.28.9 for MySQL users. As part of our effort to help our MySQL customers who are planning to migrate to PostgreSQL, we have decided to limit the values ofnode_props.prop_value
to 2400 Bytes in MySQL. This is aligned with an existing limitation in PostgreSQL whereby the index maximum row size is limited to a third of the buffer page (Default 8k).
To verify if you usenode_props.prop_value>2400
, run the following query:
select count(1) from node_props where length(prop_value) > 2400
For this Artifactory version and higher versions, if you are currently using a value higher than 2400, and need to continue maintaining it, please contact JFrog Support.
Feature Enhancements
External ID Added to Support Azure Active Users
To support Azure Active Directory users, the fieldExternal ID
field was added to the group definition and can be set via the group creation UI. SeeCreating and Editing Groups.
New PyPi Public Remote Registry Supported
For PyPi users, Artifactory now supports the public remote registry URL:https://download.pytorch.org/whl/torch_stable.html.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, the tags/list Docker endpoint did not return themanifest.list.json repository tag entries. |
|
固定一个问题,,在某种情况下s, cleanup of overridden Docker tags deleted the wrong tags. | |
Fixed an issue whereby, Artifactory failed to start if a repository key and the reverse proxy key were identical. |
|
RTFACT-26333 | Fixed an issue whereby, running a unique NugetDeploy would fail and generate a Null Pointer exception. |
Fixed an issue whereby, the Artifactory trashcan cleanup process did not remove empty artifact folders. |
|
固定一个问题,,在某种情况下s, auto-direct using SAML did not function correctly. |
|
固定一个问题,,在某种情况下s, users could not log in to Artifactory. | |
Fixed an issue whereby, group permissions were not working when using Azure with SAML. |
|
Fixed an issue whereby, failed to select the 'Filtered' field in the General tab in the Artifact browser. | |
Fixed a Spring circular dependency-related issue whereby Artifactory failed to restart Ubuntu version: 'Ubuntu 18.04.5 LTS ' and/or using the AWS AMI image 'ami-090717c950a5c34d3 '. |
|
Fixed an issue whereby, saving a Property Set erased the predefined values and reset the value type to 'Any Value'. |
Artifactory 7.27
本节包括所有的Artifactory中on 7.27.x releases.
Artifactory 7.27.10Cloud | Self-Hosted
Released: 5 November, 2021
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby,the 'Delete from Archive'associated with the Cold Artifact Storage retention policy may have cleaned archived artifacts prematurely. |
Artifactory 7.27.9Cloud | Self-Hosted
Released: 28 October 2021
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue wherebythe |
|
Fixed an issue whereby, setting up Federated Repositories required setting up a reverse proxy. |
Artifactory 7.27.7Cloud
Released: 20 October, 2021
Artifactory 7.27.7 is Available as a Cloud Version
Artifactory 7.27.7 release is available only as a Cloud version.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, a group of users granted “Manage Resources” permissions could not access the JFrog Pipeline resources. |
Artifactory 7.27.6Cloud | Self-Hosted
Released: 11 October, 2021
7.27.6 Applies to Both Cloud and Self-Hosted
This release applies to both self-hosted and cloud. To view the full scope of all the items included in this Cloud release, please see theArtifactory 7.27.3release notes.
Known Issue
As described in theKnown Issuespage, theSync Deleted Artifacts
feature does not relate to the path prefix of the replication configuration due to an issue described inRTFACT-26448.Therefore, we recommend to disable theSync Deleted Artifacts
option in this release.
This issue has been resolved in Artifactory version 7.27.9.
Feature Enhancements
Push Configuration Updates are Supported for Federated Repositories
You can manually initiate push configuration updates to member federated members in case of network issues using theREST APIor directly in the UI. For more information, seeTroubleshooting Federated Member Out-of-Sync Notifications.
Enabling Log Collection (Cloud Subscriptions)
TheLog Collection Enablement featureenables Cloud customers to collect and download their application logs in adedicated Logs Artifactory System Repository, to improve auditing capabilities. The feature requires an opt-in, and is enabled using a dedicated Artifactory API. The log types collected include Artifactory request and access audit trail.
This feature is available to all Cloud subscriptions.
Important
The data transfer and storage you consume for downloading or storing the logs will apply against your standard cloud usage, and may incur costs.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, after restarting the JFrog Deployment Unit (JPD), the Artifactory EDGE nodes did not reconnect to the JPD. |
|
Fixed an issue, when upgrading from Artifactory version 7.19.4 to 7.21.14, if the |
Artifactory 7.27.3Self-Hosted
Known Issue
As described in theKnown Issuespage, theDelete From Archive
feature on a Cold Artifact Storage retention policy may have cleaned archived artifacts prematurely due to an issue described inRTFACT-26491.Therefore, we recommend to disable theDelete From Archive
option in this release.
This issue has been resolved in Artifactory version 7.27.10.
Artifactory 7.27.3 is a Self-Hosted Version
The JFrog Artifactory 7.27.3 release is only available as a Self-Hosted version.
Released: 30 September, 2021
Highlights
Announcing JFrog Artifactory Cold Artifact Storage Feature
The JFrog Cold Artifact Storage enables organizations to save cost and improve usability and performance by providing the ability to retain unused artifacts that cannot be deleted for several years due to regulatory obligations. Cold Artifact Storage enables you to move these artifacts from one Artifactory instance to another Artifactory instance that is connected to cost-effective storage. Artifacts that are moved to the Cold instance are removed from the Live Artifactory instance, thereby reducing the number of artifacts that require maintenance, which helps to improve the usability, search capabilities, and performance of the Live instance. For more information, seeCold Artifact Storage.
On-Prem only
JFrog冷工件存储只有在prem feature.
PHPComposer Virtual Repositories
As part of our initiative to support PHP Composer versions 1 and 2 and support for downloading Drupal file versions 7 and 8 from remote repositories, we now support PHP Composer virtual repositories version 2 (version 1 is not supported). A virtual repository is a collection of local, remote, and other virtual repositories accessed through a single logical URL. It hides the access details of the underlying repositories letting users work with a single, well-known URL. The underlying participating repositories and their access rules may be changed without requiring any client-side changes. For more information, seePHP Composer Virtual Repositories.
Feature Enhancements
JFrog Mission Control is Now Integrated as a Service in Artifactory
From this version, Mission Control is now a dedicated service in Artifactory and manages the connectivity between the Platform Deployment units. The dashboard and metrics are now part of a new dedicated product called Insight. For more information, seeMigrating Platform Deployments and License Buckets.
Extended the Priority Resolution feature to Support PHP Composer Repositories
You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories for PHP Composer packages.
HELM Remote Repositories Improvements in the UI
Helm Charts requested by the Helm client frequently use external dependencies as defined in theindex.yaml
file. These dependencies may, in turn, need additional dependencies. Therefore, when downloading a chart, you may not have full visibility into the full set of dependencies that your original chart needs (whether directly or transitively). As a result, you are at risk of downloading malicious dependencies from unknown external resources.
To manage this risk, and maintain the best practice of consuming external charts through Artifactory, you may specify a "safe" Allow List from which dependencies may be downloaded, cached in Artifactory, and configured to rewrite the dependencies so that the Helmclient accesses dependencies through a remote repository. For more information, seeAutomatically Rewriting External Dependencies.
Project-related Enhancements
- 添加了ability to share repositories within a Project/s in Read-Only mode to avoid any changes or modifications of the shared content.
- Increased the number of characters supported for a Project key up to 10 chars.
Docker Push Image Performance Improvements
Improved speed when pushing new Docker images to Docker repositories by implementing enhancements to the internal Docker Blob Search mechanism.
Expanded Indexing to Support .ddeb Files for Debian Repositories
Added support for Indexing debug symbols for Debian repositories. For more information, seeDebian Repositories.
Enhanced the Get Reverse Proxy Configuration REST API Permissions
Users running theGet Reverse Proxy ConfigurationREST API can now view proxy information based on their permission set.
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.68, solving some security vulnerabilities described inCVE-2021-33037.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-26126 |
Fixed an issue whereby, the |
RTFACT-26100 | Fixed an issue, whereby Cargo reindexing was not functioning in Windows environments. |
Fixed an issue whereby, Amazon content browsing was regarded as an XML, even if the returned content type was an HTML. |
|
Fixed an issue whereby, when installing Nuget packages with multiple source authors, to a remote Nuget repository pointing to a Proget v3 feed, caused Artifactory to fail and return a 500 internal server error. |
|
RTFACT-7850 |
Fixed an issue whereby, choosing to change the default proxy, would override all remotes with no proxy or the previous default proxy, and added an option to change the proxy without affecting current ones. |
Fixed an issue whereby, theSHA256 migration job failed with errors due to missing SQL conversion files on Artifactory 7.23.3. |
|
固定一个问题,,在某种情况下s, 7Z files could not be expanded a folder in the tree view of Artifactory. |
|
Fixed an issue whereby, running an incorrect block error was generated for a failed Docker Pull, if Xray was unavailable. |
|
Fixed an issue whereby, if Content Browsing is enabled on the repository, clicking on the |
Artifactory 7.26
This sectionincludes all of the Artifactory version 7.26.x releases.
Artifactory 7.26.3Cloud
Released: 9 September, 2021
Artifactory 7.26.3 is Available as a Cloud Version
Artifactory 7.26.3 is available only as a Cloud version.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed a UI-related issue for Docker Federated repositories, whereby making changes to the Docker settings did not change in the UI even after saving the repository settings. |
|
固定一个问题即,将当地的码头工人repository to a Federated repository reset the default |
|
Fixed an issue whereby, clicking the login link did not direct users to the configured SAML login URL. |
Artifactory 7.25
This sectionincludes all of the Artifactory version 7.25.x releases.
Artifactory 7.25.7Cloud | Self-Hosted
Released: 10 September, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-26329 | Fixed an issue whereby, Artifactory version 7.25.6 failed to start due to a circular reference of thesystemRepoFactory . |
Artifactory 7.25.6Cloud | Self-Hosted
Released: 5th September, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, users could not log in to the UI after upgrading to Artifactory version 7.25.4. |
Artifactory 7.25.5Self-Hosted
Released: 2 September, 2021
Artifactory 7.25.5 is Available as a Self-hosted Version
Artifactory 7.25.5 is the Self-hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.25.4 as part of our Cloud-first initiative.
Breaking Change
Artifactory 7.25.5 onwards, includes OpenJDK 11.0.11 or higher. OpenJDK has stopped the out-of-the-box support for TLS 1.0 and 1.1 from version 11.0.11 since these versions of TLS are no longer considered secure. If your database version supports only TLS 1.0 and 1.1, Artifactory fails to start when you upgrade to Artifactory 7.25.5 or higher.
We recommend that you upgrade to a database version that supports TLS 1.2 or later. If you are unable to upgrade the database, you must enable TLS 1.0 and 1.1 in the JDK. For more information, refer toEnabling TLS 1.0 and 1.1.
Feature Enhancements
Artifactory Helm Chart Installation Setup Improvements
Single and cluster license types are both supported in a singleartifactory.cluster.license
file, thereby removing the need to support two separate licenses files. Running two license files is still supported for backward compatibility purposes.
This enhancement was added to the Helm Charts from version 107.27.6 and above.
Artifactory Docker Container Image Uses the Redhat UBI Micro Base Image
In an effort to provide a more secure Artifactory image, Artifactory now uses theRedhat UBI Microbase image. Some of the tools that were available in the Artifactory image are not available in this more secure image. For more information, seeJFrog Products Container Base Image.
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, HTTP SSO was not functioning after upgradingArtifactory versions starting from version 7.23.3 to version 7.24.4. |
Artifactory 7.25.4Cloud
Artifactory 7.25.4 is Available as a Cloud Version
Artifactory 7.25.4 is available as a Cloud version. The JFrog Artifactory 7.25.4is aligned with the Artifactory 7.25.5 Self-Hosted version.
Released: 30 August, 2021
Feature Enhancements
Build Info Supports Aggregated Builds
Aggregated builds are builds that contain multiple steps and can run on multiple machines.聚合构建are now represented by Build Info using the new 'type'
parameter under the module section in the UI.
URL Normalization is Now Prevented for Remote Repositories
Remote repositories are now enabled with the newdisableUrlNormalization
parameter to prevent URL normalization from occurring. This field is s configurable by changing the default settingdisableUrlNormalization
from false to true. For more information, see theRemote Repository JSON.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-18754 | Fixed an issue whereby, Debian packages only displayed the Checksum and File path but not the metadata information. |
Fixed an issue whereby, artifacts with usernames containing more than 64 characters were not uploaded to the JFrog Platform. |
|
RTFACT-26186 | Fixing an issue whereby, deploying CocoaPod artifacts failed due to non-JSON Podspec files not supporting double quotes in the source URL. |
Fixed an issue whereby, converting local Maven repositories to Federated repositories generated an error message. |
|
Fixed an issue whereby, LDAP user profiles could not be edited if both LDAP and Crowd were enabled. |
|
固定一个问题即联合存储库synchronization failed and generated a 503 error message. | |
Fixed an issue related to Maven Federated Repositories whereby, mirroring did not complete due to an infinite loop. |
Artifactory 7.24
This sectionincludes all of the Artifactory version 7.24.x releases.
Artifactory 7.24.7Cloud | Self-Hosted
Released: 15 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.24.6Self-Hosted
Released: 5th September, 2021
Artifactory 7.24.6 is Available as a Self-Hosted Version
Artifactory 7.24.6 is available as a Self-Hosted version only.
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, HTTP SSO was not functioning after upgradingArtifactory version 7.23.3 to version 7.24.3. |
Artifactory 7.24.4Cloud
Released: 19 August 2021
Artifactory 7.24.4 is Available as a Cloud Version
Artifactory 7.24.4 is available as a Cloud version, and the Self-hosted version will be available shortly.
Resolved Issue
- Fixed an issue whereby after distributing Docker images using Release Bundles, the Docker pull was failing.
Artifactory 7.24.3Cloud | Self-Hosted
Artifactory 7.24.3 is Available as a Cloud and On-Premises Version
The Artifactory 7.24.3 release is available as a Self-hosted and Cloud version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.24.1 as part of our Cloud-first initiative.
Released: 11 August, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, copying a Docker Container to a repository was not copied to the correct path. |
|
Fixed an issue whereby, user names could not be configured with spaces. |
Artifactory 7.24.1Cloud
Artifactory 7.24.1 is Available as a Cloud Version
Artifactory 7.24.3is the On-Premises version of the official Cloud version of Artifactory 7.24.1.
Released: 8 August, 2021
Highlights
PHP Composer Repository Highlights
PHP Composer V2 Support
Artifactory supports PHP Composer V2 in addition to V1. From Artifactory 7.24, Local PHP repositories will automatically be created inV2that supports faster download times and enhanced performance.
The PHP Metadata V2 index support for local repositories, and complies with the following rules:
- Your existing Composer repositories will remain unchanged and Composer v1 will be set as the default.
- From this Artifactory version and above, all newly created Composer repositories will be set with Composer version 2. The option to set V1 indexing is disabled by default.
The V1 indexing can be enabled or disabled in the local repository configuration and requires full reindexing after applying changes. For more information, seePHP Composer Local Repositories.
Drupal 7 and 8 Registry Support
You can now upload Drupal version 7 and 8 packages to remote repositories. For more information, seeSetting Remote Repositories to Work Opposite Drupal 7 and 8 Packages.
Feature Enhancements
Added Namespace Support for Helm Virtual Repositories
You can now assign namespaces to local and remote repositories in Helm virtual repositories allowing you to explicitly state which aggregated repository to fetch. In the past, when attempting to fetch a chart from a virtual Helm repository, the first chart that randomly matched the name, was fetched. For more information, seeKubernetes Helm Chart Repositories.
Migration Performance Improvements
Introduced performance improvements when migrating from Artifactory 6.x to Artifactory 7.x.
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, Push replication failed when artifacts containing the semicolon (;) character was included in the file name. |
|
Fixed an issue whereby Pull replications failed if the source contained a colon character in the artifact path. |
|
Fixed an issue whereby, .ddeb package types were not indexed in Debian repositories. |
|
Fixed an issue whereby, a 404 message was generated by Artifactory when the tarball location on NPM remote registries did not comply with the standard. | |
Fixed an issue whereby, a 401 Unauthorized error was generated when resolving the Charts using Helm v3.6.1 |
|
Fixed an issue whereby, for non-SemVer versions, the NuGet v3 search worked only if the?prerelease=true was set to true. |
Artifactory 7.23
This sectionincludes all of the Artifactory version 7.23.x releases.
Artifactory 7.23.8Cloud | Self-Hosted
Released: 15 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.23.7Cloud | Self-Hosted
Released: 5 September, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, HTTP SSO was not functioning after upgradingArtifactory version 7.23.3 to version 7.23.5. |
Artifactory 7.23.5Cloud
Released: 25 August, 2021
Artifactory 7.23.5 is Available as a Cloud Version
Artifactory 7.23.5 is available as a Cloud version only.
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue related to Maven Federated repositories whereby, mirroring did not complete due to an infinite loop. | |
|
Fixed an issue whereby, Federated repository full synchronization failed and generated a 503 error message. |
Fixed an issue whereby, a Federated repository running on a binary provider with sharding experienced broken deployments. | |
Fixed an issue whereby, converting local Maven repositories to Federated repositories generated an 202 error message. |
Artifactory 7.23.4Cloud
Released: 19 August, 2021
Artifactory 7.23.4 is Available as a Cloud Version
Artifactory 7.23.4 is available as a Cloud version; a Self-hosted version will be available shortly.
Resolved Issue
- Fixed an issue whereby after distributing Docker images using Release Bundles, the Docker pull was failing.
Artifactory 7.23.3Cloud | Self-Hosted
Released: 4 August, 2021
Feature Enhancements
Preliminary Release of the JFConnect Service
A newJFConnect
service is now added to Artifactory but is disabled for now. JFConnect will act as the JPD (JFrog Deployment) entitlements service, enabling dynamic entitlement allocation for the connected products, based on account/subscription changes in JFrog’s main Entitlements Server (myJFrog
).
Note that this service uses port 8030 (HTTP listener
) and 8035 (gRPC listener
) but does not require enabling them.
Builds Info REST API Displays the VCS Parameter
TheVCS
property is now displayed inBuildInfoREST API response.
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, when starting the Artifactory upgrade process, the |
|
RTFACT-26144 |
固定一个问题即NuGet V3包一个invalid |
Fixed an issue whereby, the user profile could not be updated when the password started with a colon. |
|
RTFACT-23455 |
Fixed an issue whereby, NPM remote caching prevented packages that were previously downloaded incorrectly, from being pulled correctly at a later stage. |
Fixed an issue whereby, Helm did not support adding the termartifactory to the context path of the base URL. |
|
Expanded the SCIM functionality to allow changing the email of a Platform user in Microsoft Azure. | |
Fixed an issue whereby, a corrupted helm local repository created an |
|
Fixed an issue whereby, the JSP extension was included in the Mime Type mapping. | |
Fixed an issue whereby, a 500 error was generated, when fetching RubyGem non-standard platform files (for example, an |
|
The Username is now displayed in theUserLockInMemoryServiceImpl logs allowing you to detect problematic users. |
|
Fixed an issue whereby, the offline services were not shown in the list in the JFrog Deployments page in the UI. | |
固定一个问题,,在某种情况下s, the SAML login auto-redirect was not functioning. |
|
Fixed an issue whereby, the YUM XML serializer accepted characters that were not supported by YUM. |
|
Fixed an issue whereby, NuGet virtual repositories did not support Include and Exclude patterns when uploading files. |
|
Fixed an issue whereby, the custom AWS S3 endpoint was not supported for Pro subscriptions. | |
Fixed an issue whereby,.import files were saved in the DB mechanism during the upgrade process causing the upgrade process to fail. |
Artifactory 7.21
This sectionincludes all of the Artifactory version 7.21.x releases.
Artifactory 7.21.20Cloud | Self-Hosted
Released: 16 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.21.13Cloud | Self-Hosted
Released: 22 August, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
|
固定一个问题即联合存储库synchronization failed and generated a 503 error message. |
Fixed an issue where, a Federated repository running on a binary provider using sharding experienced broken deployments. | |
Fixed an issue whereby, clicking the login link did not direct users to the configured SAML login URL. | |
Fixed UI-related issues whereby, the Release Bundle tab was not visible in the Xray Indexes Resources page and in the Security & Compliance | Reports page in the JFrog Platform UI. |
Artifactory 7.21.12Cloud | Self-Hosted
Released: 28 July, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue whereby, navigating to the native artifacts browserwas not working properlywhen anonymous access is enabled. | |
Fixed an issue whereby, the Federated Repository full sync and binaries download were using the default proxy instead of the Federated Repository proxy. Additionally, the Federated Repository internal services were not modified if the proxy settings were modified. |
|
Fixed an issue whereby, the Federated repository temporary files were not deleted, causing the disk to run out of space. | |
Fixed an issue whereby, when recreating a Federated Repository that was deleted, artifacts were deleted from the Federated Repositories remote members. |
Artifactory 7.21.8Cloud | Self-Hosted
Released: 19 July, 2021
Resolved Issue
Jira Issue |
Description |
---|---|
Fixed an issue whereby, users could not import LDAP groups in the UI. |
Artifactory 7.21.7Cloud | Self-Hosted
Released: 14 July, 2021
Resolved Issue
Jira Issue |
Description |
---|---|
Fixed an issue whereby, a 500 error message was generated when trying to open a virtual repository in the Artifact Tree Browser. |
Artifactory 7.21.5Cloud | Self-Hosted
Released: July 9th, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue, whereby the 'Admin Password Reset' did not function on Artifactory SaaS instances. |
|
Fixed an issue, whereby upgrading to Artifactory version 7.21.3 was not supported for Windows. |
|
Fixed an issue, whereby deploying Helm Charts with long Description section in theChart.yaml caused indexing issues with virtual and local repositories. |
|
固定的一个问题,即从Artifactory升级version 6.23.X to version Artifactory 7.21.X failed. |
|
固定一个问题,,在某种情况下s, Artifactory failed to restart and displayed the following error in the logs: Duplicate key TopologyStorageServiceImpl.EndpointKey . |
Artifactory 7.21.3Cloud | Self-Hosted
Released: 1 July, 2021
Tomcat Future Breaking Change: Action Required
Towards the end of 2021, JFrog is planning to upgrade the Tomcat version that is bundled with Artifactory from version 8.5 to 9.0.48, in preparation for the upcoming end-of-life of Tomcat version 8.5.From Tomcat version 9.0.48, the Reason-Phrase feature will no longer be supported by this Tomcat version or retrievable as part of the automation responses.More information can be foundhere.
To help you evaluate the impact of this change in advance, and to gain a better understanding of this update's impact on your CI/CD flows, especially if your CI/CD flows rely on responses with Reason-Phrase (versus responses with numeric IDs only),we have released Artifactory 7.21 with Tomcat 8.5 withsendReasonPhrase
set to 'false'
in theArtifactory System YAML.
If this change is affecting your flows, you can reset the value to 'true
'; however, you will need to make the necessary adjustments to your automation so that they work properly without the need to consume the Reason-Phrase. This will mitigate any effect in the future when new versions of Tomcat 9 are released.
Bintray Premium Offering Sunset Announcement
As of July 4th, 2021, JFrog Bintray Premium will no longer be supported and will be replaced with a set of advanced JFrog Cloud hosting solutions that are based on Artifactory's enhanced capabilities, which include a set of dedicated features for managing, controlling, and distributing your software packages. To learn more about migrating to JFrog's Advanced Cloud hosting solutions, see theJFrog Bintray Migration Guide.
Feature Enhancements
Docker Enhancements
As part of our ongoing effort to provide the best Docker-related experience, we have introduced the following enhancements:
- Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.
- Added Docker Buildx support, allowing you to easily build and push multi-architecture images using the D
ocker buildx
CLI. For more information, seePushing Multi-Architecture Docker Images to Artifactory. - Added support for promoting Docker images with a Docker
manifest.list
from one Docker local repository to another.
Announcing a New Outbound Repository Request Log
Announcing the release of the new Outbound Remote Repository Request log, which allows you to track every request initiated by a remote repository including requests related to replication. For more information, seeLogging.
Extended the Priority Resolution feature to Support Puppet Packages
You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories for Puppet packages.
Improved Metadata Request Performance for Remote Repositories
You can now configure theMetadata Retrieval Cache Timeout (Sec)
parameter in the Remote RepositoryCache Settingsto control the Metadata timeout performance. If the timeout is reached, thelocal cached artifact is served andthe previous metadata is returned to the client (the default value is 60 seconds).
Native Artifacts Browser Accessible from the UI
The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu.Authenticated users will not need to re-authenticate to access the native browser.
PowerShell users
Due toKnown Issues, this feature will affect the users that are using PowerShell automation and configuration management program to download the content from JFrog Platform. Please use the suggested workaround until the issue will be addressed.
Expanded Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality
The newSecurity Manager角色允许用户执行交会urity-related project actions such as Manage Xray Data, Manage Reports, Manage Watches and Policies, and Ignore Global Violations. This version also introduces additional functionalities for Xray in Projects, such as generatingGlobal Xray Reportsfor a Project scope and applyingGlobal Watchesto Projects. This expanded role and capabilities require using Xray version 3.27 and above.
Docker/Conan GetToken Request Improvements
Improved the response time of Docker / ConangetToken
requests and reduced the number of DB calls.
Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The JFrog Platform integration with HashiCorp Vault now enables you to configuremultipleexternal vault connectors through the Platform UI. You can see the list of available connectors in the newHashiCorp Vault Connectors window.To learn more, seeVault.
Managing Multiple Signing Keys
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The JFrog Platform now enables you to managemultiple RSA and GPG signing keys through the Keys Management UI and REST API.The JFrog Platform supports managing multiple pairs of GPG signing keys to sign packages for authentication of several package types such as Debian, Opkg, and RPM through the Keys Management UI and REST API. To learn more, seeManaging Signing Keys
Generating an Identity Token through the Profile UI
The user profile now enables users to generateidentity tokens. Any user can create a user identity token for themselves via the UI or via REST API. Identity tokens are scoped tokens, which means that they provide limited and focused permissions, making them more secure and, therefore, preferable to API keys. In addition, when auser is deleted/disabled, their tokens are also revoked.To learn more, seeIdentity Token.
Added Capability to Ignore Download Statistics
The newskipUpdateStats
parameter can now be added to Rest requests, allowing you to ignore statistics generated by 3rd party tools.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25623 | Fixed an issue whereby, running the Docker Promote API failed to promote images using a multiplatform image or against images that included a |
Fixed an issue whereby, Helm Charts containing artifact hub complex annotations disrupted working with Artifactory Helm repositories. |
|
Fixed an issue whereby, uploading artifacts using the REST API in Artifactory version 7.19.4 tagged the URL to the files in the JSON response as ' |
|
Fixed an issue whereby, deploying to Debian local repositories caused the |
|
Fixed an issue whereby, running Docker Pulls from Docker Hub failed due to case-sensitivity HTTP header handling. | |
RTFACT-25936 |
Fixed an issue whereby, running virtual Helm repository indexing returned a |
RTFACT-15802 | Fixed an issue whereby, the time in the UI was displayed incorrectly for certain timezones. |
Fixed an issue whereby, archiving and browsing of executable spring boot JAR/WAR files was permitted. | |
Fixed an issue whereby, performance issues were encountered for RubyGems virtual repositories with the Bundler compact index. | |
Fixed an issue whereby, emails sent by Artifactory 7.x Mail Server integration contained legacy URLs causing incorrect redirects. | |
Fixed an issue whereby, uploading an artifact using the REST API generated errors when null values were retrieved. |
|
Fixed an issue whereby, users that were deleted and then re-created in the same cache period, received a 401 error. |
|
Fixed an issue whereby, Artifactory HA nodes were out of sync. |
|
Fixed an issue whereby, all the requests via a virtual repository were stuck when one of the Docker remote repositories was marked with token authentication that was not supported. |
|
Fixed an issue whereby, pushing images using Docker |
|
Fixed an issue whereby, accessing a repository native browser, triggered a pop-up that constantly requested a username and password even after accessing with a valid user. |
|
Fixed an issue whereby, after upgrading from Artifactory7.12.6 to 7.16.3, the |
|
Fixed an issue whereby, the |
|
Fixed an issue whereby, build promotion failed for Artifactory. |
|
Fixed an issue whereby, RPM consumed part of the metadata by adding a missing condition, causing a number of entries to be filtered out incorrectly. |
Artifactory 7.19
本节包括所有的Artifactory中on 7.19.x releases.
Artifactory 7.19.12Cloud | Self-Hosted
Released: 15 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.19.10Cloud | Self-Hosted
Upgrading from JFrog Artifactory 6.23.21
To upgrade to Artifactory 7.x from version 6.23.21, you will need to upgrade to Artifactory 7.21.3, or to a higher version.
Released: 29 June, 2021
Jira Issue |
Description |
---|---|
固定一个问题,,在某种情况下s, MySQL database performance was impacted. |
Artifactory 7.19.9Cloud | Self-Hosted
Released: June 17, 2021
MySQL Database Users
Users using MySQL database with Artifactory, should refrain from upgrading to this version, and upgrade directly to Artifactory version 7.19.10.
Resolved Issue
Jira Issue |
Description |
---|---|
Fixed an issue whereby, in some cases, when upgrading Artifactory with MySQL, the |
Artifactory 7.19.8Cloud | Self-Hosted
Released: 9 June, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25895 | Fixed an issue, whereby attempting to upgrade Artifactory with MSSQL database from version6.x to 7.xfailed with database conversion-related errors. |
RTFACT-25995 | Fixed an issue, whereby an alternate response structure was returned for uploaded files. This failed TeamCity Artifactory plugin uploads since version 7.19.4.` |
Artifactory 7.19.6Cloud
Released: 25 May, 2021
Artifactory 7.19.6 is Available as a Cloud Version
Artifactory 7.19.6 is available as a Cloud version.
Resolved Issue
Jira Issue |
Description |
---|---|
Fixed an issue regarding an internal licensing issue. |
Artifactory 7.19.4Cloud | Self-Hosted
Released: May 24, 2021
Highlights
Extended Flagging Safe Repositories Support for Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages
Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemote仓库已经扩展为支持高山,Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.
Feature Enhancement
Support for Controlling Signed URL Download Methods
You now have the option to set your signed URL redirects using one of these methods: S3, CloudFront, or using a direct download without a signed URL redirect. For more information, seeControlling Your Signed URL Downloads.
Enhanced the S3 Configuration Template
To reduce the overhead on the Ceph backend, you can now modify the chunk size that was previously fixed at 5 MB by setting themultipartElementSize
tag in theAmazon S3 Official SDK Template. If no tag is specified, the AWS client default of 5 MB will be applied.
UI for the JFrog Platform Vault Integration with HashiCorp Vault
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The JFrog Platform integration with HashiCorp Vault now enables you to configure an external vault connection to use as a centralized secret management tool not only through the APIs but also using the JFrog Platform UI. Using vault allows you to store JFrog Platform GPG keys, RSA keys, and Trusted keys used to sign packages and Release Bundles as secrets in HashiCorp Vault and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, seeVault.
UI for the JFrog Platform SCIM Integration
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
JFrog Platform now enables you to generate a dedicated admin access token for SCIM in the JFrog Platform by going toAdmin|Security|SCIM. The token generated can then be used in theidentity service setup. To learn more, seeSCIM.
Signing Keys Management
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The JFrog Platform now features a centralized dashboard for creating and managing all signing keys. This featureenables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location, which makes it easier for you to manage signing keys throughout your organization.To learn more, seeSecurity Keys Management.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
RTFACT-25683 | Fixed an issue whereby, Installing from a v3 remote repository triggered an NPE if the downloadRemoteRegistrationSpecificVersion failed even if the requested package exists in the other aggregated repositories. |
Fixed an issue whereby, Artifactory could not resolve signed Helm Charts from Artifactory version 7.10 and above. |
|
RTFACT-24627 | Fixed an issue whereby, downloading Helm Charts from Smart Remote repository routed to the remote URL instead of routing through Artifactory. |
Fixed an issue whereby,upgrading JFrog Artifactory version 6.x to 7.x, caused the Metadata Migration process to fail if there was an artifact with a multi-value property and its total number of characters extended 4000 characters. |
|
RTFACT-25065 |
Fix an issue whereby, GitLFS with SSH authentication did not function in Artifactory 7.x when using a base URL of the Platform root (i.e. without |
RTFACT-23590 | Fixed an issue whereby, an offline remote repository failed to serve requests from the cache if the metadata retrieval value was set to zero. |
Fixed an issue whereby, Artifactory cached corrupted Docker layers in remote Docker repositories. | |
Fixed an issue whereby, the latest JFrog Helm charts using the Kubernetes startupProbe failed to launch on Kubernetes clusters. Applies to Charts running Kubernetes versions lower than 1.18, if the feature was not enabled. |
Artifactory 7.18
本节包括所有的Artifactory中on 7.18.x releases.
Artifactory 7.18.11Cloud | Self-Hosted
Released: 15 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.18.9Cloud | Self-Hosted
Released: 28 June, 2021
Resolved Issues
Jira Issues |
Description |
---|---|
固定一个问题,,在某种情况下s, writing to the Config Descriptor failed in an HA environment. |
|
固定一个问题,,在某种情况下s, MySQL database performance was impacted. |
Artifactory 7.18.7Cloud | Self-Hosted
Released: May 19, 2021
MySQL Database Users
Users using MySQL database with Artifactory, should refrain from upgrading to this version, and upgrade directly to Artifactory version 7.18.9.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
Artifactory 7.18.6Cloud | Self-Hosted
Released: 6 May, 2021
Feature Enhancement
Added More Flexibility When Setting SSH Server Security
You can now control ciphers, MACs, signatures, and key exchange algorithms that are accepted by the Artifactory SSH server. For more information, seeArtifactory Security.
Artifactory 7.18.5Cloud | Self-Hosted
Released: 29 April, 2021
Highlights
JFrog Platform Ansible Installer
JFrog’s Ansible Collection includes several Ansible roles that allow you to install the latest JFrog Platform in many different configurations-from simple single server installations to redundant and highly available setups-this collection provides the flexibility for any architecture. To learn more, seeInstalling the JFrog Platform Using Ansible.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25697 | Fixed an issue, whereby Federated members could not be added to a Federation when trying to find the repositories via JFrog Mission Control. |
RTFACT-25145 | 固定的一个问题,即Artifactory返回的URLto the CDN for S3 redirects with CloudFront. As an enhancement, a header was added to manually control signed URL redirects. |
Fixed an issue, whereby artifact properties were not displayed in the Artifact browser details. |
Artifactory 7.18.3Cloud | Self-Hosted
Released: 22 April, 2021
Highlights
Federated Repositories
CLOUD: Enterprise | Enterprise+SELF-HOSTED:Enterprise | Enterprise+
The JFrog Platform enables you to create Federated repositories, whichsupport mirroring repositories and artifacts with JFrog Platform users located on remote JFrog Deployments (JPDs) in a multisite environment. A Federation is a collection of repositories of Federated type in different JPDs that are automatically configured for full bi-directional replication. Once you have created a Federation, changes made to artifacts on one site will be automatically synchronized to the other federated sites using bi-directional mirroring. For more information, seeFederated Repositories.
Feature Enhancements
PostgreSQL Version Support
JFrog products now support PostgreSQL version 13.0. To learn more, seeSystem Requirements.
Improved Large Scale Release Bundle Distribution
改善分配发布包dles at a large scale, resulting in three times faster performance, by implementing internal database optimization.
Extended Docker OCI Support
Extended the ability to serve OCI requests without relying on the accept header. For example, if you have a client namedcontainers/someVersion
, you can assume that all thecontainers
will support OCI (if configured).
SCIM ID Management Support
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise | Enterprise+
JFrog now supports managing both users and groups, and the association between them using the System for Cross-domain Identity Management (SCIM) protocol 2.0. Okta and Azure Active Directory (AD) have used to verify this capability. To learn more, seeSCIM.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25288 | Fixed an issue, whereby a memory leak was occurring inio.opentracing.util.ThreadLocalScope . |
Fixed an issue, whereby requests with duplicate semantics (based on type and path) were sent to the MDS. |
|
RTFACT-25553 | Fixed the Release Bundle Domain field to display "Destination" in the Webhooks Events list in the UI for Edge and Source Artifactory instances. |
Artifactory 7.17
本节包括所有的Artifactory中on 7.17.x releases.
Breaking Change
With the release of the new Native browser in Artifactory 7.17, theui/repos/simple/..
path for each repository has been deprecated and should not be used.
Artifactory 7.17.14Cloud | Self-Hosted
Released: 9 February, 2022
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.17.13Cloud | Self-Hosted
Released: May 23, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
Artifactory 7.17.12Cloud | Self-Hosted
Released: 29 April, 2021
Feature Enhancement
Access Federation REST APIs Now Public
Publicly released theAccess FederationREST APIs and requiresa validadmin-scoped token.
Artifactory 7.17.11Cloud | Self-Hosted
Released: 20 April, 2021
Resolved Issue
Jira Issue |
Description |
---|---|
RTFACT-25601 | Fixed an issue, whereby upgrading JFrog Artifactory to version 7.17.x may have failed due to database issues. |
Artifactory 7.17.9Cloud | Self-Hosted
Released: 14 April, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25582 | Fixed an issue by adding anew Config Descriptor Converter to fix an invalid state for repositories and key pairs. |
RTFACT-25483 | Fixed an issue regarding remote repository concurrent mappings. |
Artifactory 7.17.5Cloud | Self-Hosted
Released: 4 April, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25433 | Fixed an issue, whereby upgrading to Artifactory 7.17.4, failed under certain circumstances, if a public GPG key was installed without a private key. |
Artifactory 7.17.4Cloud | Self-Hosted
Released: 31 March, 2021
Highlights
Announcing Projects in the JFrog Platform
CLOUD: Enterprise | Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. As such, using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. Projectssimplifies the onboarding process for new users, creates better visibility for LOBs and project stakeholders.To learn more, seeProjects.
Cloud-Native High Availability (HA) is Now Supported for Self-Hosted Artifactory Installations
From Artifactory 7.17.4, all nodes in the high availability cluster can perform tasks such as replication, garbage collection, backups, exporting, and importing, removing the need to set up a primary node in the cluster. Instead, every node in the cluster can serve any of the mentioned tasks and if any node goes down, the different nodes in the cluster will be able to perform these tasks instead. By default, when adding a new node (member) to the cluster, it will be able to perform cluster-wide tasks without user intervention. For more information, seeCloud-Native High Availability.
Cargo Packages Support
Artifactory natively supports a Cargo Registry for the Rust language, giving you full control of your deployment and resolve process of Cargo packages. Cargo downloads your Rust package's dependencies, compiles your packages, makes distributable packages, and uploads them tocrates.io, the Rust community’s package registry. You can contribute to this book onGitHub. To learn more, seeCargo Package Registry.
SCIM ID Management Support
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
JFrog介绍initial support for the System for Cross-domain Identity Management (SCIM) protocol 2.0, to enable Enterprise and Enterprise+ customers to create, remove and disable user accounts from their choice of user management tool and automatically update the platform with these changes. Okta and Azure Active Directory (AD) have used to verify this capability. To learn more, seeSCIM.
HashiCorp Vault Integration with the JFrog Platform
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The JFrog Platform integration with HashiCorp Vault enables you to configure an external vault connection to use as a centralized secret management tool. Using vault allows you to store JFrog Platform GPG keys, RSA keys, and Trusted keys used to sign packages and Release Bundles as secrets in HashiCorp Vault and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, seeVault.
PrivateLink for AWS Cloud
CLOUD:Enterprise with Security Pack |Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The MyJFrog Cloud Portal enables customers to establish a secure network connection from their cloud account into their JFrog Cloud instance-without going through a public Internet-by setting establishing a private connection. MyJFrog provides customers with step-by-step instructions on how to set up a PrivateLink connection, in which the source is the customer's own AWS Virtual Private Cloud (VPC) and the target is the JFrog PrivateLink. To learn more, seeSetting up AWS PrivateLinks.
Live Logs
CLOUD:Enterprise+SELF-HOSTED:Enterprise X | Enterprise+
The JFrog Platform now includes an integrated Live Logs plugin, which allows customers to get the JFrog product logs (Artifactory, Xray, Mission Control, Distribution, and Pipelines) using the JFrog CLI Plugin. To learn more, seehttps://github.com/jfrog/live-logs.
Support for User-Provided Certificates for TLS
The Access router now supports using user-provided certificates for the TLS. When setting the TLS certificates and indicating to the Platform which TLS certificate to use, customers may now use provide their own signed certificate. For more information, seeUsing Access as a Certificate Authority.
Feature Enhancements
AQL Search for Remote Repository
Using AQL, you can now search within remote and virtual repositories. For more information, seeWorking with Remote Repositories.
Artifact Browser with More Filters and Advanced SetMeUp
Introducing new filters and improved SetMeUp capabilities in the Artifact Browser available to all new users and those upgrading from previous Artifactory versions. This new view and capabilities are now the default Artifact Browser view in the JFrog Platform.
Peer-to-Peer Consumption Monitoring
The JFrog Platform allows you to monitor your P2P downloads in a Self-Hosted environment within the UI. The page lists the Peers, their status, the number of files download, and the total consumption. For more information, seeMonitoring Peer-to-Peer (P2P) Traffic Consumption.
Resolved Issues
Jira Issue | Description |
---|---|
RTFACT-19598 | Fixed issue, whereby npm could not deserialize tokens of an unpublished repository. |
RTFACT-24106 | Fixed an issue whereby, the 'Docker uploads folder cleanup' job was triggered every 1000 days instead of a single day. To fix this, a new parameterartifactory.docker.cleanup.uploadsTmpFolderJobSecs has been introduced to replace theartifactory.docker.cleanup.uploadsTmpFolderJobMillis . |
RTFACT-24307 | Fixed an issue whereby, trying to run two plugins simultaneously (using Cron), resulted in only one of the plugins running. |
RTFACT-20896 |
Fixed an issue whereby,special characters in Nuget V3 packages were not supported. |
RTFACT-23649 | Fixed an issue when trying to use event-based pull replication, whereby a remote repository pointed to a local repository using HTTPS, caused a read timeout and the remote cache was not updated. |
RTFACT-17058 | Fixed an issue, whereby OAuth secrets containing special characters, caused authentication to fail. |
RTFACT-10141 | Fixed an issue whereby, sending a username containing upper case characters from LDAP, using an API key, caused the response to fail, even if an API key was generated for the username. |
RTFACT-23950 |
Fixed an issue whereby, Smart repositories did not support artifacts containing the plus (' |
RTFACT-24889 | Fixed an issue whereby, browsing virtual repositories containing '_cache ' at the end of the name generated a 500 error. |
Security-related Items | |
Fixed an issue, whereby in certain circumstances, logs displayed private text. |
|
|
Fixed an issue, whereby a potential XXE was detected in p2 XML inputs. |
Artifactory 7.16
本节包括所有的Artifactory中on 7.16.x releases.
Artifactory 7.16.6Cloud | Self-Hosted
Released: May 24, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
Artifactory 7.16.3Cloud | Self-Hosted
Released: March 15, 2021
Highlights
Avoiding Security Risks by Flagging Safe Repositories
You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forforLocalandRemoterepositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for Docker, PyPI, RubyGems, and NPM packages but will be extended to all the package types in the upcoming releases.
P2P Functionality for JFrog SaaS Users
P2P peers can be configured to work opposite JFrog Artifactory and JFrog Artifactory Edge hosted by JFrog SaaS.
Enhancements
Database Locking Mechanism Improvements
Improved the database locking mechanism for High Availability environments.
Resolved Issues
Jira Issue | Description |
---|---|
RTFACT-25211 | Fixed issue whereby, missing dependencies prevented Artifactory to start with the JetS3t binary provider. |
RTFACT-24694 | Fixed an issue whereby, Docker v1 images could not be pulled by digest. |
RTFACT-22667 | Fixed an issue, whereby a 500 error was displayed in the UI when uploading or moving a file to a folder containing the same same. |
RTFACT-24791 | Fixed an issue whereby, the resolution order in Docker virtual repositories was not functioning correctly. |
RTFACT-24852 | Fixed an issue whereby, the Replicator processed Maven artifacts as generic artifacts, which failed the JAR replication. |
RTFACT-15577 | Fixed an issue whereby, Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry. |
RTFACT-24115 | Fixed an issue whereby downloading logs from the Artifactory UI displayed the file name as null. |
Fixed an issue whereby, the Docker Catalog API used incorrect permissions and include/exclude path filtering. | |
RTFACT-24944 | Fixed an issue whereby, Artifactory did not support Docker labels containing spaces. |
RTFACT-20132 | Fixed an issue whereby, PyPI packages were not indexed if there was an emoji in the metadata. |
RTFACT-23838 | Fixed a performance issue whereby, in high-scale environments, repository Cache rebuild was taking too long. |
RTFACT-23706 | Fixed an issue whereby,promoting a Docker V2 image in the same repository, without a re-tag, deleted the image. |
RTFACT-21074 |
Fixing an issue related to virtual NPM repo indexing by removing shadow requests to 3rd party. |
RTFACT-22958 | Fixed an issue whereby, Artifactory generated the RPM primary.xml with a file time that was not aligned with the RPM. spec. It was generated with milliseconds, unlike the build time. |
Fixed an issue,Artifactory generated a 500 error message when resolving Nuget V.3 packages. The fix now parses NuGet packages without dependency version range as "any version". | |
RTFACT-20798 | Fixed an issue, whereby the Update Group REST API only supported adding users and not updating users. |
RTFACT-23209 | Fixed an issue, whereby a blind SSRF was found in the/ui/api/v1/ui/ldap/test/ . |
Artifactory 7.15
本节包括所有的Artifactory中on 7.15.x releases.
Artifactory 7.15.5Cloud | Self-Hosted
Released: May 24, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
Artifactory 7.15.4Cloud | Self-Hosted
Released: March 4, 2021
Resolved Issues
Jira Issue | Description |
---|---|
Fixed an issue whereby, SHA256 was hashed in the PyPI Repository metadata. | |
N/A | Fixed an issue, whereby the Window service installation of Artifactory version 7.15.3 failed. |
N/A | Fixed an issue, whereby under certain circumstances, running theDeploy Artifacts from ArchiveREST API failed when containing files with Chinese characters. |
Artifactory 7.15.3Cloud | Self-Hosted
Released: 18 February 2021
Feature Enhancements
Improvements to RubyGems Indexing for Virtual Repositories
Added Bundler Compact index support for Virtual repositories, in addition to Local and Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in theartifactory.system.properties
file, set theartifactory.gems.compact.index.enabled=true
value.
Enhanced Folder Download Functionality
The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders.
Group REST API Enhancements
From Artifactory 7.15.3, when running theUpdate Group, you can enforce using lower case characters in user names when associating users to groups, by setting thevalidate.lowercase.username.on.group.association
to true. The default is set to false. When set to true, an error will be generated if an upper case character is used in the user name.
Conan Package Improvements
User and channel attributes can be changed when copying and moving Conan artifacts and packages.
Additional Webhooks for Distribution
Added new events forRelease Bundles on Edge Nodes, which enables you to trigger events when a Release Bundle was received on an Edge node, and when a Release Bundle deletion process has started, completed successfully, or failed.
Quick Repository Setup
Admins can now use theQuick Setupto create repositories for selected package types in one go. With a couple of simple steps, admins can create local, remote, and virtual repositories for single or multiple package types.
Access Swagger Security Enhancement
The Access Swagger UI now requires admin token authentication.
Performance Improvements
The archive index is now set to false by default to prevent an overload on database resources.
Resolved Issues
Jira Issue | Description |
---|---|
RTFACT-24596 | Fixed an issue, whereby Support Bundles collected.gz log files that were not included in the time range. |
RTFACT-24305 | Fixed an issue, whereby Docker labels containing special characters that were not supported by Artifactory are now supported and automatically replaced with the hyphen ('-' ) symbol. |
RTFACT-24246 | Fixed an issue whereby, theoptionalIndexCompressionFormats parameter was not included in the payload json of the Debian Virtual Repository using REST API. |
RTFACT-24162 | Fixed an issue, whereby Artifactory did not start if theserverUrl in the Atlassian Crowd setting had timed out. |
RTFACT-24063 | Fixed an issue, whereby running the |
RTFACT-23912 | Fixed an issue, whereby running a docker push, returned a 400 error when trying to overwrite an image tag without having delete or overwrite permissions instead of generating a 403 error. |
RTFACT-23855 | Fixed an issue, whereby theinRelease metadata in virtual repositories was not available when metadata calculations were triggered. |
RTFACT-22155 | Fixed an issue, whereby, under certain circumstances, when deploying an RPM package theprimary.xml.gz file did not contain the 'pre' attribute. |
RTFACT-22019 | Fixed an issue, whereby Helm repositories could not be proxied when running on an Azure Container Registry. |
Fixed an issue, whereby running theDeploy Artifact by Checksum REST command did not validate permissions correctly when performing an overwrite. |
|
RTFACT-18464 | Fixed an issue, whereby resolving Helm Charts through local repositories was not supported. |
RTFACT-13517 |
Fixed an issue, whereby the CocoaPods dependency resolution mechanism failed opposite Remote repositories. |
RTFACT-24335 | Fixed an issue, whereby the SumoLogic dashboard URL could not be accessed, due to invalid credentials, after the initial token expired. |
RTFACT-24220 |
Fixed an issue, whereby the Async converter only converted the first Artifactory upgrade when multiple Artifactory instances were connected to a single PostgreSQL database with multiple schemas. |
RTFACT-19596 |
Fixed an issue, whereby the logs generated during the NuGet metadata calculation process, displayed the timestamp in milliseconds, instead of the period of time it took to calculate the metadata. |
RTFACT-22341 |
Fixed an issue, whereby pinging an npm repository returned an error response. |
RTFACT-21840 |
Fixed an issue, whereby a 500 response was generated, for a session timeout for a CROWD user, instead of a session timeout event. |
Security-Related Resolved Issues | |
Fixed an issue, whereby sensitive information was exposed when running a REST API command. |
|
Fixed an issue, whereby running a UI-related REST API call containing certain characters caused Artifactory performance issues. | |
Fixed a security issue related to the System Import and Export feature. |
Artifactory 7.12
本节包括所有的Artifactory中on 7.12.x releases.
Artifactory 7.12.10Cloud | Self-Hosted
Released: 16 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.12.9Cloud | Self-Hosted
Released: May 24, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
Artifactory 7.12.8Cloud | Self-Hosted
Released: 8 February, 2021
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-24826 |
Fixed an issue whereby, within an HA environment, upgrading Artifactory 7.11.5 to 7.12.5 caused Artifactory to crash. |
RTFACT-24738 | 固定一个问题,,在某种情况下s, common UI calls generated numerous request calls to the Access sever. |
Artifactory 7.12.6Self-Hosted
Released: 10 January, 2021
Artifactory 7.12.6 a Self-Hosted Version
Artifactory 7.12.6 is available as a Self-Hosted version Only.
Resolved Issues
JIRA Number | Description |
---|---|
RTFACT-24549 | 固定的一个问题,即从Artifactory升级6.23.7 to 7.12.5 failed. |
RTFACT-24423 | Fixed an issue, whereby Helm reindexing only re-indexed the last 100 entries. |
Artifactory 7.12.5Self-Hosted
Released: 30 December, 2020
Artifactory 7.12.5 is Available as a Self-Hosted Version
The Artifactory 7.12.5 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in7.12.3as part of our Cloud-first initiative.
Upgrading Artifactory 6.23.7 to 7.x
Upgrading from Artifactory 6.23.7 to 7.12.5 is not supported. Please upgrade to Artifactory 7.12.6 or above.
Feature Enhancements
Central P2P Peer Management in the JFrog Platform
You can now control all the P2P Peer settings centrally by storing the configurations in the JFrog Platform. All that is required is to add your settings to a YAML file and to update the settings using the REST API, directly in the UI, or through the bootstrap from the file system. The next time the Peers connect to the Tracker (Artifactory), they will be populated with the new settings. For more information, see the Central Peer Deployment and Management section inJFrog Peer-to-Peer (P2P) Downloads.
Docker Authentication for Self-Hosted Customers Only
In lieu of the latest rate limitations enforced by Docker,JFrog self-hosted customers are recommended to set up Docker Hub authentication for Remote Docker repositories.
Amazon S3 Official Amazon SDK template is set to use HTTP
As part of JFrog's security policy, HTTP is set by default when using the official S3 Official Amazon S3 Storage template. For more information, seeAmazon S3 Official SDK Template.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-20076 |
Fixed an issue, whereby the |
RTFACT-24225 |
Fixed an issue, whereby downloading an NPM package containing an emoji could not be parsed by MySQL database using UTF-8 encoding. |
RTFACT-23974 |
Fixed an issue, whereby running the Create or Replace Group REST API command returned a success 200 message when an error was generated. |
RTFACT-23514 |
Fixed an issue, whereby Docker Virtual repositories including Smart and regular remote repositories containing the |
RTFACT-23485 |
Fixed an issue, whereby an Archive entry download included an entry path in the filename instead of just the filename. |
固定的一个问题,最后一个“n - 1”啊verridden images in a Docker Registry were stored based on their digest SHA and not according to their tags. |
|
RTFACT-22897 |
Fixed an issue, whereby Docker login and Conan user requests were caching the user without triggering the Realm plugins. |
RTFACT-20188 | Fixed an issue, whereby SumoLogic custom URLs were not supported for existing user accounts. |
Security Issues | |
Fixed an issue, whereby sensitive information was passed in the request URL. |
Artifactory 7.12.3Cloud
Released: 21 December 2020
Artifactory 7.12.3 is Available as a Cloud Version
Artifactory 7.12.3 is Available as a Cloud Version. The JFrog Artifactory 7.12.3is aligned with theArtifactory 7.12.5Self-Hosted version.
Feature Enhancements
Advanced patterns supported for Docker Virtual Repositories
Extended Ignore/include patterns for Docker Virtual Repositories.
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-22689 |
Fixed an issue to improve the Docker Catalog V2 API performance. |
Fixed an issue, whereby under certain circumstances, when multiple LDAP settings were configured, Artifactory did not search and displayed authentication failures. |
|
RTFACT-19741 | Fix an issue to enable the Browse Native API to return a permission challenge message. |
RTFACT-17320 | Fixed an issue, whereby the number of errors populating in the error log file were reduced together with Improving the error logs messaging for Database locking. |
RTFACT-21121 | Fixed an issue, whereby Artifactory Rest API Automatically Supports Spaces in URLs. As part of the Artifactory REST API, A space in the User, Group, and permission names is automatically represented and converted to the Plus symbol ('+'). From 7.12.4, This is the default behavior and is achieved with the newsecurity.api.plus.insteadof.space property which is set by default to true. To use the Plus ("+") symbol and cancel this conversion, set thesecurity.api.plus.insteadof.space 参数错误。 |
Fixed an issue, whereby Artifactory only displayed the deltas in the logs for the Docker cache. After the fix, the full statistics are displayed in the logs. |
|
RTFACT-21570 |
Fixed an issue, whereby unnecessary requests were made to the LDAP server when performing authentication using an API Key. |
RTFACT-20147 |
Fixed an issue, whereby deleting multiple Release Bundles when using a Derby DB sometimes failed and generated a Database deadlock. |
RTFACT-18128 |
Fixed an issue, whereby recalculating the index for Helm repositories did not delete the corrupted entries. |
Fixed an issue, whereby theconsole.log was disabled for Docker and Docker Compose installs by default to prevent performance issues. To enable theconsole.log , set theshared.logging.consoleLog.enabled totrue . |
|
Security Related Issues | |
RTFACT-20379 |
Blocked direct requests with basic authentication to the required URL when SAML SSO is configured. |
Artifactory 7.11
本节包括所有的Artifactory中on 7.11.x releases.
Artifactory 7.11.8Cloud | Self-Hosted
Released: 16 December, 2021
Resolved Issue
This patch resolves the issue caused by CVE-2021-3860. For more information, see theJFrog Security Advisoriespage.
Artifactory 7.11.7Cloud | Self-Hosted
Released: May 24, 2021
Resolved Issues
Jira Issue |
Description |
---|---|
RTFACT-25912 | Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers. |
Artifactory 7.11.5Cloud | Self-Hosted
Released: 1 December, 2020
Resolved Issues
Jira Issue |
Description |
---|---|
Fixed an issue, whereby the Metrics logger did not work after upgrading Artifactory. |
|
|
Fixed an issue, whereby Filebeat failed to start intermittently after restarting Artifactory. |
Artifactory 7.11.2Self-Hosted
Released: 20 November, 2020
Artifactory 7.11.2 is Available as a Self-Hosted Version
The Artifactory 7.11.2 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated inArtifactory 7.11.1as part of our Cloud-first initiative.
Resolved Issues
Jira Issue | Description |
---|---|
|
Fixed an issue, whereby the Replication arcs between JPDs were not shown on the Topology maps in the Dashboard. |
|
Fixed an issue, wherebyReplications were not displayed in the Replication monitoring section and were displayedas failed in the Topology page. |
Artifactory 7.11.1Cloud
Released: 17 November, 2020
Artifactory 7.11.1 is Available as a Cloud Version
The JFrog Artifactory 7.11.1 release is available as a Cloud versionand is aligned with theArtifactory7.11.2Self-Hosted version.
Highlights
Helm V3 Support
Artifactory now supports Helm 3 clients, enabling you to deploy and resolve Helm Charts using Helm V2 and V3 clients.
OCI Support
Artifactory is now OCI compliant and supports OCI clients, providing you with the ability to deploy and resolve OCI images in Docker Registries.
The OCI client Singularity is not supported.
Live System Logs
You can nowview or download essential Platform system log files for each of JFrog's services; Artifactory, Xray, Mission Control, and Pipelines. For more information, seeViewing Log Files from the UI.
Feature Enhancements
Improvements to RubyGems Indexing for Local Repositories
Added Bundler Compact index support for Local repositories, in addition to the Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.
To use this new capability, in theartifactory.system.properties
file, set theartifactory.gems.compact.index.enabled=true
value.
PostgreSQL Database Improvements
Introduced the following improvements:
- PostgreSQL database indexing improvements
- Indexing on
bundle_files
for delete operations
Resolved Issues
Jira Issue | Description |
---|---|
Fixed an issue, whereby under certain circumstances, running Event-based Pull Replication on many files may have caused Artifactory to crash. |
|
固定的一个问题,即寻找Nuget packages using the Tag or PackageId did not work outside of |
|
Fixed an issue, whereby you could not run a single node to process |
|
Fixed an issue, whereby multiple delete events were processed on multiple nodes that led to multiple delete requests for the same resource storing on the Cloud instance. After the fix, only single node processes delete requests. |
|
Fixed an issue, whereby Artifactory returned the PyPi yanked release as the latest version. |
|
RTFACT-17273 |
Fixed an issue, whereby pulling and pushing the same Docker image simultaneously, returned an “unknown blob” error. |
RTFACT-18471 |
Fixed an issue, whereby empty virtual repositories were not listed when running the Get Repositories REST API. |
Fixed an issue, whereby running the |
|
RTFACT-20610 |
Fixed an issue, whereby deleting a Debian repository after copying the contents to a different Debian repository displayed |
RTFACT-23318 |
Fixed an issue, whereby in an HA environment, system export did not export repositories when running on members. |
RTFACT-15797 |
Fixed an issue, whereby users could not name the NPM local repository as |
RTFACT-23665 |
Fixed an issue, whereby a Docker remote repository did not trigger the |
Fixed an issue, whereby the apt-get client failed when the Debian repository was configured with CDN. |
|
Fixed an issue, whereby Artifactory was losing track of the |
|
RTFACT-23816 |
Fixed an issue, whereby a DataSource memory leak occurred when using MySQL. |
Fixed an issue, whereby we now provide release fields content for Debian repositories. |
|
RTFACT-23651 |
Fixed an issue, whereby the |
RTFACT-23275 |
Fixed an issue, whereby the performance of the |
Fixed an issue, wherebyAccess Federation issues were arising between servers of different versions, where the source version was higher than the target version. | |
|
Fixed a |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.10
本节包括所有的Artifactory中on 7.10.x releases.
Upgrading from JFrog Artifactory 7.x to 7.10 or above
当upgrading from any version prior to 7.10, to any version from 7.10 and above, the upgrade process executes an internal DB schema migration which may result in a short downtime.
Artifactory 7.10.6Cloud | Self-Hosted
Released: 8 November, 2020
Feature Enhancements
Removed the hardcoded-Dartifactory.metadata.native.ui=true
flag the from the startup script as it was already set as true by default.
Resolved Issues
JIRA Issue |
Description |
---|---|
|
Fixed an issue whereby, installing Go projects with major versions higher than 1 failed, if not based on folder compatibility. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.10.5Cloud | Self-Hosted
Released: 2 November, 2020
Feature Enhancements
Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits
Docker Registry functionality is now optimized in JFrog Artifactory to accommodate the latest Rate Limit changes announced by Docker. We have changed the default Retrieval Cache Period to six hours and optimized the GET requests to Docker Hubby introducing HEAD requests and optimizing the usage of GET calls. To assist our Docker users, you will be will now receive a Platform level warning for every unauthenticated Docker remote repository pointing to Docker Hub. In addition, the Remote Docker Authentication section has been moved to theRemote Docker Repositories Basic Tab.
Hardened the User Login Messages
User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts.
Resolved Issues
Jira Issue | Description |
---|---|
RTFACT-23563 | Fixed an issue, whereby Conan repositories were not supported in the Free Tier subscription. |
RTFACT-20334 | Fixed an issue, whereby Artifactory indexed Helm Charts with an invalid version number or appVersion number but the Helm repository containing these charts could not be added to the Helm client’s repository. |
Fixed an issue, whereby under certain circumstances, running Docker Pull requests by digest returned an incorrect manifest file due to wrong caching. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.10.2Self-Hosted
Released: 15 October 2020
JFrog Artifactory 7.10.2 is Available as a Self-Hosted Version
The JFrog Artifactory 7.10.2 release is available as a Self-Hosted version and is aligned with the 7.10.1 Cloud Release.
Highlights
新的JFrog平台新员工培训经验
In Artifactory 7.10.2, we have introduced a new self-hosted Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform.
Feature Enhancements
Improvements to RubyGems Indexing for Remote Repositories
Added Bundler Compact index support for Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.
To use this new capability, in theartifactory.system.properties
file, set theartifactory.gems.compact.index.enabled=true
value.
Importing Release Bundle Enhancements for Air Gap
The Air Gap feature has been extended to support importing Release Bundle from an/
import
folder on the server machine inaddition to importing filesfrom the local drive of the user.
API Open Metrics Enhancements
Added more metrics related to JVM, DB connections, and remote HTTP connections in Artifactory. For more information, seeOpen Metrics.
Resolved Issues
Jira Issue | Description |
---|---|
Fixed an issue, whereby in some circumstances Artifactory HA additional node failed to start due to incorrect encryption values. | |
RTFACT-14607 | Fixed an issue, whereby Test connection failed for Smart Docker remote repositories. |
RTFACT-20660 | Improved performance of your artifacts search through the/ui/artifactbuilds that previously caused an extreme overload. |
Fixed an issue, whereby Event-based pull replication did not trigger when properties were added to a folder. 对于这个修正生效,源和target Artifactory instances need to run either on Artifactory version 7.10.2 and higher or on Artifactory version 6.23.0 and higher. Otherwise, the fix will not take effect and the folder properties will not be replicated. |
|
Fixed an issue, whereby Docker push was failing when trying to use the configuration generated from the HTTP settings page (Repository path) in Artifactory 6.20.0. |
|
RTFACT-19247 | Fixed an issue, whereby Smart remote capabilities were broken when the target Artifactory was running without the/artifactory context. |
Fixed an issue, whereby Artifactory generated an InRelease file with the wrong line endings in Windows. | |
RTFACT-23103 | Fixed an issue, whereby Admin users could get user API Keys using the REST API. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.10.1Cloud
Released: 11 October 2020
JFrog Artifactory 7.10.1 is Available as a Cloud Version
The JFrog Artifactory 7.10.1 release is available as a Cloud versionand is aligned with the Artifactory 7.10.2 Self-Hosted version.
Highlights
新的JFrog平台新员工培训经验
In Artifactory 7.10.1, we have introduced a new Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform.
This new Onboarding experience will be rolled out to all users over the next couple of weeks.
Feature Enhancements
Artifactory Supports AWS Secrets for DB Connections
You can now use the AWSSecretsManager
alias in the Artifactorysystem.yaml
allowing Artifactory to automatically retrieve the secret associated with the alias connection.
Verify Audience Restriction Applied for SAML SSO
As part of JFrog's security enforcement, an additional verification step has been set up opposite the SAML server to validate SAML SSO authentication requests. TheverifyAudienceRestriction
attribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured. For more information, seeSAML SSO Configuration.
Improved Maven Plugin Metadata Calculation
Maven plugin metadata is now calculated for every deploy or delete actions.
Resolved Issues
Jira Issue | Description |
---|---|
RTFACT-15577 | Fixed an issue, whereby Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry. |
RTFACT-20334 | Fixed an issue, whereby Artifactory indexed Helm Charts with an invalid version number or appVersion number but the Helm repository containing these charts could not be added to the helm client’s repository. |
Fixed an issue, whereby value updates (add/remove) to Property sets were not reflected in files and directories in the repositories. | |
RTFACT-17512 |
Fixed an issue whereby, Artifactory did not proxy Nexus PyPi repositories. |
RTFACT-20036 | Fixed an issue whereby, the Prune process was consuming a lot of memory when handling a large files list. |
RTFACT-20143 |
Fixed an issue, whereby in a number of cases the CRAN package metadata displayed in the UI was not consistent with the CRAN package info. |
Fixed an issue whereby, checksum mismatch errors and 404 errors occurred when resolving nested Go modules in Artifactory from a virtual repository that included remote pointers to Github. | |
Fixed an issue, whereby the Artifactory CacheLoader returned a null error following LDAP authentication. | |
RTFACT-19109 | Fixed an issue, whereby Conda metadata calculation failed due to a Race condition. |
access.config file. |
|
RTFACT-14226 | Fixed an issue, whereby theTimestampSnapshotComparator compare method that compared two differentsnapshotVersion sections according to timestamps was not compatible withmaven-metadata.xml artifacts that contained a base-revision with more than one element. |
Fixed an issue, whereby in certain instances, Azure guest users were unable to log in to Artifactory. |
|
RTFACT-20226 | Fixed an issue, whereby users without the required permissions could deploy the same package to their Local Cran repository. |
RTFACT-19094 | Fixed an issue, whereby, under certain circumstances, the Helm remote repository URLs were not added correctly to the Artifactory virtual repository index.yaml file. |
RTFACT-22323 | Fixed an issue, whereby Exclude patterns were not applied on Remote Repositories when REST API commands when triggering REST API commands. |
Security-Related Resolved Issues | |
|
Artifactory now will check theAudienceRestriction orSubjectConfirmationData Recipient values in every SAML response. For more information, seeVerify Audience Restriction Applied for SAML SSO. |
|
Hardened the logging process between Artifactory and the Docker Client. |
|
Vulnerable security values are no longer supported when running the Create User command via the REST API. |
|
Vulnerable security values are no longer supported for permission targets. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.9
本节包括所有的Artifactory中on 7.9.x releases.
Artifactory 7.9.2Cloud | Self-Hosted
Released: 20 October, 2020
Resolved Issues
- Fixed an issue occurring in Artifactory version 7.9, whereby when installing or upgrading a JFrog Artifactory HA environment, the HA nodes sometimes failed to start due to a bad hex format for the join key.
- Fixed an issue, whereby missing dependencies caused RPM installs to fail on certain operating systems.
Artifactory 7.9.1Self-Hosted
Released: 5 October 2020
Artifactory 7.9.1 is a Self-Hosted Version
The JFrog Artifactory 7.9.1 release is only available as a Self-Hosted version.
Feature Enhancement
Simplified JFrog Self-Hosted Trial Installer Experience
From JFrog Artifactory 7.9.1 and JFrog Xray 3.9.1, the Self-Hosted Trial installation experience has undergone major improvements to support the easy installation of Artifactory and the option of installing Artifactory together with Xray. The new installers are not intended for Production but remove the need to manually establish connectivity between Artifactory and Xray.
Artifactory 7.9.0Cloud | Self-Hosted
Released: 29 September, 2020
Highlights
Peer-to-Peer (P2P) Download
The new Peer-to-Peer (P2P) Download feature allows hosts to download artifacts from local, remote, and virtual repositories through a local network of peers in addition to downloading artifacts from JFrog Artifactory.
Downloading files using P2P provides the following benefits:
- Handles bursts of downloads from Artifactory.
- Improves the download speed and decreases bandwidth consumption.
- Promotes the scalability and availability of your artifact downloads while providing a highly secure environment.
P2P download is supported in the JFrog Platform in a self-hosted environment and requires a JFrog Enterprise+ subscription.For more information, seeJFrog Peer-to-Peer (P2P) Downloads.
GraphQL API for the JFrog Platform Metadata
JFrog's Metadata Service public APIs are now enabled allowing you to query the entities from the metadata server with GraphQL. For more information, seeGraphQL.
Log Analytics
JFrog now offers tools that enable a real-time view of the platform’s operation through various analytics and visualization tools. For more information, seeLog Analytics.
Feature Enhancements
Changes in Artifactory to Facilitate the New Docker Rate Limit
Following the latestDocker announcementregarding changes to the Docker Rate Limits, Artifactory 7.9 includes several internal improvements to support the usage of remote repositories opposite Docker Hub while taking into account the new rate limits. In order to use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in yourAdvanced Remote Docker Repositories.
Docker Remote Repository Improvements
Docker Schema 2 is now fetched from the remote registryif no header was sent. This improves the Docker experience when the metadata expires.
Docker Pull Performance Improvements
Greatly improved the performance of Docker pull requests by digest and by tag. From 7.9, Artifactory will use more efficient queries and better utilize the internal caching when serving Docker pull requests.
Viewing and Tracking Non-Revocable Access Tokens
You can view and track non-revocable Access Token in the UI. You can now filter the token view based on the token's revocability and not just its expiry. The behavior for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and therevocable-expiry-threshold
parameter.
Improved the Monitoring JFrog Microservices Status Page in the UI
TheService Statuses pagein the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines.
Improved Artifactory Installation and Setup Using Oracle Database
When using an external Oracle DB as the Artifactory database, you no longer need to manually install and set up Liabio as it is now bundled into the Artifactory installer.
Database Performance Improvements in HA Environments
Reduced Database lock contention and Database loads in High Availability (HA) environments.
S3 Storage Direct Upload Mechanism
From Artifactory 7.9, you have the option to select theDirect Upload Mechanismwhich serves as an alternative to the existing default Eventual Upload mechanism, whereby the upload is not considered successful until it reaches the S3 storage.
Upgraded AWS SDK Bundled with Artifactory
Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v.1.11.496includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.
Hazelcast is Deprecated
The write-locking method and UI session sharing between the JFrog Platform cluster nodes using Hazelcast is no longer supported. For more information, see theSupport Blog.
Resolved Issues
Jira Issue | Description |
---|---|
Fixed an issue whereby, binding users in Artifactory using Google OAuth did not function correctly. |
|
RTFACT-21955 | Fixed an issue whereby, Helm and Go users failed to create virtual repositories on Artifactory Edge nodes due to the inability to point to remote repositories on the Edge node. |
RTFACT-22023 | Fixed an issue whereby, Support Bundles did not include logs. |
RTFACT-7460 | Fixed an issue whereby, the_temp folder for Debian and RPM repositories was replicated when performing Push replication if event-based replication was enabled. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.8
本节包括所有的Artifactory中on 7.8.x releases.
Artifactory 7.8.1Cloud
Released: 16 September 2020
Artifactory 7.8.1 is Available as a Cloud Version
The JFrog Artifactory 7.8.1 release is available as a Cloud versionand will be available for on-premise shortly.
Supported Docker Strategies for JFrog Cloud Users
From Artifactory 7.8.1, the subdomain resolution method for resolving Docker repositories will not be supported for new Cloud users. This deprecation does not apply to existing Cloud users.
Highlights
GraphQL API for the JFrog Platform Metadata
JFrog's Metadata Service public APIs are now enabled and allows you to query the entities from the metadata server with GraphQL. To learn more see,GraphQL.
Feature Enhancements
Docker Pull Performance Improvements
Greatly improved the performance of Docker Pull requests by digest and by tag. From 7.8.1, Artifactory will use more efficient queries and better utilize the internal caching mechanism when serving Docker Pull requests.
Viewing and Tracking Non-Revokable Access Tokens
You can view and track non-revokable Access Token in the UI.
你现在可以筛选标记视图基于托托en's revocability and not just its expiry. the behaviour for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and therevocable-expiry-threshold
parameter.
Improved the Monitoring JFrog Microservices Status Page in the UI
The Service Status page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines.
Improved Database Performance in HA Environments
Reduced DB lock contention and DB load in HA setups.
Upgraded AWS SDK bundled with Artifactory
Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v.1.11.496includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.
Disable Basic Authentication Method
When using an external authentication method such as LDAP, SAML, etc, the basic authentication method can be disabled for internal users, as described inDisable Basic Authentication Method.
Resolved Issues
Jira Issue | Description |
---|---|
Fixed an issue whereby, Access Tokens created in the UI were not displayed in the UI. | |
Fixed an issue whereby, if Artifactory started with a failed crowd server connection, it did not attempt to connect to the crowd server again. |
|
Fixed an issue whereby, remote NuGet repositories on Azure DevOps were not working. | |
Fixed an issue whereby, the automatic cleanup process did not prune empty folders. | |
Fixed an issue whereby, when replicating Artifactory instances with Artifactory properties replication and event replication enabled, the npm dist-tag was not replicated with npm dist-tag add. | |
Fixed an issue whereby, when refreshing an Access Token, theexpire_in value was not inherited, and the default 3600 is used instead, resulting in the token expiring after only one hour. |
|
固定一个问题即,Artifactory Go remote repository was not proxying requests to the latest URLs. | |
Fixed an issue whereby, removing a HA node from a cluster in Artifactory version 7.x was not working. | |
Fixed an issue whereby, theCreate RepositoryRest API was allowing the creation of a NuGet remote repository without the mandatory parameterdownloadContextPath. |
|
Fixed an issue whereby, when using the Quick Setup to create repositories, the repositories were created without the default proxy configured in Artifacotry. |
|
Fixed an issue whereby, when running an NPM search, and the |
|
Fixed an issue whereby, when a property set with values was added to a repository, and any modification was done, such as addition or deletion of values, to the property set, the new values were not listed. | |
Fixed an issue whereby,Artifactory was using the last update timestamp for local Go repositories when populating the version list causing older versions of dependencies that were pushed to Artifactory using the JFrog CLI to appear as newer versions. | |
Fixed an issue whereby, when adding or editing a user plugin and running the Reload Plugins API in a HA setup, the reload was not propagated to the nodes in a HA cluster. |
|
Fixed an issue whereby, a proxy was used when deploying an artifact to a localhost. | |
Fixed an issue whereby, when deleting a remote repository, in some cases, cached artifacts were not deleted. | |
Fixed an issue whereby, a build appeared without artifacts when the Block Unscanned Artifacts, was enabled in Xray. | |
Fixed an issue whereby,Artifactory was issuing a 500 error instead of 404 for non-existing modules causing a Go builds to fail instead of moving on to the next proxy in the list. | |
Fixed an issue whereby, the SAML SSO login was triggering an unnecessary PATCH user API. |
Artifactory 7.7
本节包括所有的Artifactory中on 7.7.x releases.
Artifactory 7.7.8Cloud | Self-Hosted
Released: 14 September, 2020
Resolved Issue
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, concurrent uploads may result in a null pointer exception. |
Artifactory 7.7.6Cloud
Released: September 4, 2020
Artifactory 7.7.6 is Available as a Cloud Version Only
The Artifactory 7.7.6 release is available only as a Cloud version.
Docker V1 Support
From Artifactory 7.7.6, Docker V1 is no longer supported for new Artifactory SaaS users but maintains backward compatibility of Docker V1 to support existing users.
Feature Enhancements
Performance Enhancements
Implemented a set of internal improvements that will have a direct impact on the overall user Cloud experience.
Artifactory 7.7.3Cloud | Self-Hosted
Released: 13th August, 2020
Artifactory 7.7.3 is Available as a Cloud and On-Premises Version
The Artifactory 7.7.3 release is available as an On-Premises and Cloud version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.7.0 as part of our Cloud-first initiative.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-22952 | Fixed an issue whereby, Release bundle repo mapping caused Xray scanning to not find the files. |
RTFACT-22852 | Fixed an issue whereby, the repository import of zip files containing.pom extensions failed when using the direct AWS s3 template. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.7.0Cloud
Released: 29th July, 2020
Artifactory 7.7 is Available as a Cloud Version
The Artifactory 7.7 release is available as a Cloud version.Artifactory 7.7.3is the On-Premises version and official Cloud Version of Artifactory 7.7.0.
Highlights
Users can be Assigned the Manage Resources Role
Admins can assign users with the Manage Resource role to manage resources including create, edit, and delete permissions on any resource type including Pipeline resources (Integration, Source, and Node Pools).
GraphQL Beta version Released in the JFrog Platform
This version of GraphQL is a beta version and for now, it only has a limited set of capabilities till future additions are made.
JFrog's Metadata Service has now enabled the integration of the metadata server with the GraphQL public API. Currently, only packages are supported, with more GraphQL capabilities coming in the near future. You can use the graphiql to learn about the GraphQL metadata schema and as a playground to test your queries. To access it,
. For more information, seeGraphQL.
Artifactory Open Metrics Support
Artifactory 7.7 has been enhanced to support open metrics.The new APIGet the Open Metrics for ArtifactoryREST API command has been added and returns the following metrics in theOpen Metrics format.The following two new metric-related log files are added to the file system:
artifactory_metrics.log
: Contains system metrics such as:- Total disk space used
- Total disk space free
- Time CPU is used by the process
artifactory_metrics_events.log
: Contains deduplicated metrics related to an event such as a GC run.
For more information, seeOpen Metrics.
Feature Enhancements
Improved LDAP Pagination Support Usage
添加了Used Page Results parameter in theLDAPpage to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. For unsupported LDAP servers, admins can disable the LDAP pagination results via the UI or Artifactory's configuration files, thereby improving LDAP performance and calls.
Persistent Expiry Threshold Token
添加了newpersistent-expiry-threshold
parameter allowing you to set the minimum value of expiry a token in order for the token to be saved in the DB to theAccess YAML Configurationfile.
Indexing Improvements for Npm Packages
Implemented incremental indexing as part of the existing npm indexing mechanism resulting in reduced time to build the package index.
Improved Export and Access Federation Performance in an HA Environment
Minimized the load for the Export and Access Federation processes in an HA environment when using JFrog Distribution.
Artifactory Now Supports MySQL 8 Out-of-the-box
From Artfactory 7.7, MySQL 8 is now supported.
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.57, solving some security vulnerabilities described inCVE-2020-11996,CVE-2020-13934, andCVE-2020-13935.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue where Puppet release names containing a dash "-" in the version-number were not resolved. |
|
RTFACT-21624 | Fixed an issue whereby Event-Based Pull Replication for Docker Repositories did not copy the images to the Target. |
RTFACT-22470 | Fixed an issue whereby Gem artifacts containing a large number of dependencies failed to be resolved from therubygems.orgrepo. |
RTFACT-21554 | Fixed an issue whereby Docker images were not served from cache if the source repository was offline. |
Fixed an issue whereby the Forgot password feature in Artifactory did not take into consideration the "Disable Internal Password" field when the "Can Update Profile" field was also selected. | |
RTFACT-21646 | Fixed an issue whereby a deadlock occurred when pushing the same Docker image with different tags in parallel. |
RTFACT-22686 | Fixed several issues whereby when working with the S3 direct binary provider, connections were not being released from the HTTP connection pool of the S3 client, resulting in HTTP connection leaks. |
RTFACT-22460 | Fixed an issue whereby NuGet searches failed when locks were inserted from the Distributed_locks table. |
Fixed an issue whereby Metadata migration during an upgrade from Artifactory 6.x to 7.x failed. | |
RTFACT-17370 | Changed the default database connection pool to HikariCP to improve database connection handling and potentially improve performance on high concurrency environments. |
RTFACT-19474 | OPKG spec changed - causes packages' resolution failures |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.6
本节包括所有的Artifactory中on 7.6.x releases.
Artifactory 7.6.3Cloud | Self-Hosted
Released: July 12, 2020
Resolved Issues
JIRA Issue | Description |
---|---|
Fixed an issue whereby, when trying to upgrade to Artifactory 7.6.2, dependency errors occurred with CentOS and RedHat version 7.8. | |
Fixed an issue whereby, in some cases, a connection leak occurred when working with an S3 binary provider, whereconnections were not released from the HTTP Connection pool of the S3 client. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.6.2Cloud | Self-Hosted
Released: July 6, 2020
Feature Enhancements
Improved Permissions Cache Invalidation
Improved the permissions cache invalidation mechanism by minimizing the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.
Resolved Issues
JIRA Issue | Description |
---|---|
RTFACT-22590 | Fixed an issue whereby, indexing Conda packages did not work properly when deployed with a user that did not have delete permissions. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.6.1Cloud | Self-Hosted
Released: June 28, 2020
Feature Enhancements
Upgraded JDK Version in Artifactory
OpenJDK Runtime Environment bundled with Artifactory has been upgraded to build 11.0.7+10, which solves the “HIGH” CVSS from the previous version and is the latest JDK published.
Enhancements for Webhooks Events
Introduced a few fixes to Webhooks events, such as adding abuild_started
field to the Build events, additional fixes to Docker events, and improved payload data.
Metadata Service DB Upgraders
The DB schema required for Conan is now enhanced to work better with metadata and optimize the search speed in Artifactory. On upgrade, no downtime is required, however, this enhancement might impact the upgrade time, depending on the amount of artifacts, possibly temporarily increasing the DB load.
Resolved Issues
JIRA Issue | Description |
---|---|
RTFACT-22136 |
Fixed an issue, whereby when performing concurrent requests to the Helm |
RTFACT-21207 |
Fixed an issue, whereby when Artifactory tried to read events on a remote event-base replication and the connection failed, a connection leak occurred. |
Fixed an issue, whereby when trying to resolve remote server information against a non Artifactory instance, a connection leak might occur. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.6.0Cloud
Released: June 23, 2020
Artifactory 7.6 is Available as a Cloud Version
The Artifactory 7.6 release is available only as a Cloud version.
Highlights
Alpine Linux Repository Support
Artifactory now natively supportsAlpine Linuxpackages, giving you full control of your deployment and resolution process of Alpine Linux (*.apk
) packages.
You can create secure and private local Alpine Linux repositories with fine-grained access control. Remote Alpine Linux repositories proxy remote Alpine resources and cache downloaded apk packages to keep you independent of the network and the remote resource, and virtual Alpine Linux repositories give you a single URL through which to manage the resolution and deployment of all your apk packages. To learn more, seeAlpine Linux Repositories.
To support the signing of Alpine Linux package types, Artifactory now supports creating and managing RSA Key Pairs. You upload the RSA Key Pair using theCreate RSA Key Pairor directly in theweb UIand manage the keys directly in the JFrog Platform. Once you have generated the RSA Keys, you can assign the key pair to the Alpine Repository in the Advanced tab of the Alpine Repository configuration. For more information, seeManaging Signing Keys.
JFrog Xray support for scanning Alpine Linux packages will be added in the forthcoming release.
Multi-factor Authentication
For JFrog Platform Cloud (SaaS) users, you can now use an additional layer of security when logging into the JFrog Platform. Administrators can enableMulti-factor Authenticationfor all users, which will require users to provide a verification code from a third-party authentication application every time users log in.
Event-driven Webhooks
The newWebhooksfeature enables you to send important events occurring in Artifactory. You have a number of events that you can select, such as Artifact Deployment or Build Deployment, and send these events to other applications that are configured by setting a URL.
These events are sent through the newEvent Service, which distributes your events to the relevant URLs you set when creating your Webhooks.
Feature Enhancements
PostreSQL Version Support
All JFrog products (excluding Pipelines) now support PostgreSQL version 10.x.
PostgreSQL Version Bundling
All JFrog’s installers bundling PostgreSQL have been updated to use a newer PostgreSQL version 10.13.
Resolved Issues
JIRA Issue | Description |
---|---|
RTFACT-22136 |
Fixed an issue, whereby when performing concurrent requests to the Helm |
RTFACT-21207 |
Fixed an issue, whereby when Artifactory tried to read events on a remote event-based replication and the connection failed, a connection leak occurred. |
Fixed an issue, whereby when trying to resolve remote server information against a non Artifactory instance, a connection leak might occur. | |
Fixed an issue, whereby non-admin users with the manage permissions were unable toUpdate Permission Targetcreated using the Artifactory REST API. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.5
本节包括所有的Artifactory中on 7.5.x releases.
Artifactory 7.5.7Cloud | Self-Hosted
Released: 11 June, 2020
Feature Enhancements
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.55.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, when using JFrog Distribution to distribute artifacts from one Artifactory instance to another, the source Artifactory ignored the proxy configuration and would not distribute through it. |
|
固定一个问题,,在某种情况下s, upgrading to version 7.5.x would fail because of a failing converter. |
Artifactory 7.5.5Self-Hosted
Released: 31 May, 2020
Artifactory 7.5.5 is Available as a Self-Hosted Version
作为一个Se Artifactory 7.5.5版本可用lf-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated inArtifactory 7.5as part of our Cloud-first initiative.
Resolved Issue
- Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters.
Artifactory 7.5.0Cloud
Released: May 19, 2020
Artifactory 7.5 is Available as a Cloud Version
The JFrog Artifactory 7.5 release is available as a Cloud versionand is aligned aligned with theArtifactory 7.5.5Self-Hosted version.
Highlights
Artifactory Cloud with CDN Distribution
Artifactory Cloud Enterprise and Enterprise+ supports a fully integrated advanced CDN solution removing the need to deal with the complexity of setting up a separate external CDN Caching system. JFrog Artifactory Cloud with Amazon's CloudFront CDN solution allows you to manage, control, and distribute high volumes of software distribution across multiple locations.
The CDN solution provided in Artifactory Cloud supports distributing public content via Anonymous Access and Signed URLs, distributing private content using fine-grained permissions and Access Tokens, CNAME/SSL support, and setting IP Whitelisting and Geo Restrictions. To view the list of CDN features supported by the different JFrog subscription types, seeCloud Pricing.
From version 7.5, CDN Distribution is enabled by default for Artifactory Cloud Enterprise and Artifactory Cloud Enterprise+ users and all is that is required is to set CDN support on your repository level. For more information, seeJFrog Cloud.
Support for Signed URLs
Artifactory now supports using signed URLs. Users with administrator or manage permission can generate a signed URL that provides temporary shared access to a specific artifact, using theCreate Signed URLREST API. Using theReplace Signed URL KeyREST API, administrators can replace the key for signing and validating signed URLs, invalidating any signed URLs previously created. This feature issupported for Artifactory Cloud Enterprise and Enterprise+ users.
Xray Block Unscanned Artifacts Timeout Policy
This version includes the capability to define the timeout policy for unscanned artifact download requests. This means that when a block unscanned artifacts policy is configured in Xray, Artifactory will wait for the predefined time of the policy, to allow Xray to perform the required scan. This will prevent download request failures that require Xray scan on the artifacts.
In addition, to improve artifact download performance, Artifactory will now only request Xray scans results for repositories configured with block download policy.
Configurations areavailable here.
** Available with Artifactory version 7.5.x and Xray version 3.4.x.
Support for RHEL 8 AppStream
Artifactory nowsupports Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. An example of this new metadata includes thedata type=modules
metadata fromrepomd.xml
. TheContent在RPM AppStream可用两种mats - the familiar RPM format and an extension to the RPM format called Modules.
As part of the AppStream support in Artifactory, you can:
- Proxy AppStream modules through a remote RPM repository.
- Host and serve AppStream modules according to profiles and streams through a local RPM repository.
- Serve local and remote content through a virtual repository.
For more information, seeDeploying RPM Modules to Your Local Repository.
Feature Enhancements
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.54.
In this upgrade, theHTTP date headers issuethat existed in Artifactory 7.3.2 and 7.4.0 (that were bundled with Tomcat 8.5.51) was fixed.
Generate Maven POM File from Internal Jar or a Default POM File REST API
You can nowGenerate Maven POM Fileusing the Artifactory REST API. To use the POM within the artifact, you can deploy an existing POM, or generate a default POM. Previously available only through the UI,Deploying Maven Artifacts.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, when authenticating a Docker or Conan Packages login with a username and API key of an LDAP user, Artifactory always checked against the LDAP service, even if it was in the cache period. | |
Fixed an issue whereby, when using HTTP SSO and the anonymous mode was enabled, non-cookie-cached requests resulted in a 401 error if an anonymous request was sent beforehand. |
|
Fixed an issue whereby, when event-based pull replication was enabled for a large number of repositories, the target server reached a thread pool exhaustion. | |
Fixed an issue whereby, in Docker repositories, pushing a container using several clients such as containers, did not work properly. |
|
RTFACT-20761 | Fixed an issue whereby, proxying and caching npm packages from GitHub Packages resulted in an error. |
Fixed an issue whereby, in several remote npm repositories, running an npm search that did not return any results and therefore these search requests did not close, caused a pool leak. |
|
RTFACT-20216 | Fixed an issue whereby, in some cases, in Conan smart remote repositories, the pull replication from a distant Artifactory instance did not pull packages from the source Artifactory instance. |
Fixed an issue whereby, in a Debian client, when using your own GPG keys, the initial GPG verification failed when resolving packages from a Debian virtual repository. |
|
Fixed an issue whereby, in a Debian local repository, when running recalculate index to create a Release metadata file, the Component property in the Release file was missing the text before the hyphen in the name of the component. Example: acpu-base appeared just as base. | |
Fixed an issue whereby, when trying to resolve packages from a PyPI remote repository that is connected to a pypiserver, the download did not work due to a malformed download URL. | |
RTFACT-20544 | Fixed an issue whereby, in CRAN remote repositories, downloading and deploying CRAN packages with versions that contained more than 4 octets (e.g. 0.9.800.1.0) failed. |
RTFACT-21319 | Fixed an issue whereby, in CRAN virtual repositories, when trying to resolve packages, the updated packages were not available until the aggregated CRAN remote repository updated its' metadata. |
Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.4
本节包括所有的Artifactory中on 7.4.x releases.
Artifactory 7.4.3Cloud | Self-Hosted
Released Date: 27 April, 2020
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-21835 | 固定的一个问题,即从Artifactory升级6.19.0 to 7.4.1 failed. |
Fixed an issue relevant to NuGet virtual repositories whereby, Artifactory only served the first 80 versions of a NuGet package containing more than 80 versions, while local and remote NuGet repositories returned all of the versions for the package. |
|
RTFACT-21846,RTFACT-21825 | Fixed a permission issue in Docker and NuGet repositories for virtual repositories that aggregated local and remote repositories. If a user had permissions only on a number of the aggregated repositories and tried to download a package from the virtual repository, he would receive an error Unauthorized error message. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.4.1Self-Hosted
Released: 14 April, 2020
Artifactory 7.4.1 is Available as a Self-Hosted Version
的Artifactory 7.4.1 Se版本是可用的lf-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated inArtifactory 7.4as part of our Cloud-first initiative.
Feature Enhancements
Reverted Tomcat Version to 8.5.41
The Tomcat version previously bundled in Artifactory 7.3.2 and 7.4.0 has been reverted back to Tomcat 8.5.41 due to anissuefound in Tomcat version 8.5.51.
Just a bit of background, Tomcat was previously upgraded to version 8.5.51. Due to aknown issuein Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more detailshere.
This applies only if you are using clients that make use of the "If-Modified-Since
" request header in the request to Artifactory, therefore validate that dates are sent in GMT format (according to the HTTP spec mandates).
If your clients send dates in a timezone that is different than GMT format and you are using Artifactory 7.3.2, we recommend upgrading to this version.
An Artifactory version containing an upgraded Tomcat version will be released once making sure the aforementionedissueno longer affects Artifactory.
Setting SSL/TLS for the Artifactory Tomcat Connector via Artifactory system YAML File
You can now enableSSL/TLS for the Artifactory Tomcat connector directly in the Artifactory System YAML file. For more information, seeArtifactory Operational Microservices.
Added Support for Docker Upgrades from Legacy Artifactory Versions
You can upgrade JFrog Artifactory using Docker fromArtifactory version 6.x to 7.xor from7.x to 7.x
Issues Resolved
- Improved performance when running Interactive Installers.
- Fixed an issue whereby stopping a service using the
artifactoryctl stop
command failed in the first attempt if thepidof
command did not exist on the installed server.
Artifactory 7.4.0Cloud
Released:April 6, 2020
Artifactory 7.4 is Available as a Cloud Version
的Artifactory 7.4.1 Se版本是可用的lf-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.4as part of our Cloud-first initiative.
Highlights
Go Private GitHub Repositories Support
It is now possible to create a remote Go repository and proxy Go modules from GitHub private repositories.
Additional information on how to configure Artifactory and your Go client to work with GitHub private repositoriescan be found here.
Conda v2 Format
Artifactory now supports the Conda v2 metadata format. You can now useConda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).
As part of this change, Artifactory now supports the.conda
file extension to compress packages more effectively and thecurrent_repodata.json
file that makes packages search faster.
Create Admin Access Tokens from within the UI
Administrators can nowgenerate admin-scoped access tokens, for any of the services in the JFrog Platform directly from the UI. This is available from the Administration module underIdentity and Access
|Access Tokens
and clickGenerate Admin Token
. Previously available only as aREST API.
Google Cloud Platform Binary Provider Native Client Support
This release introduces support for theGoogle Storage native client binary provider, providing improved securityusing unique private keys.
To opt-in and use the new Google Cloud Storage template,see here.
Feature Enhancements
Improved AQL Performance with MSSQL DB
Significant performance improvement forAQL querieswhen searching artifacts according to build name and number.
Docker Installation Includes Upgraded OpenJDK Version 11.0.6
The OpenJDK version that is bundled with the Artifactory Docker image was upgraded to OpenJDK 11.0.6.
Debian InRelease
Added support for Debian InRelease metadata files. Artifactory will now produce anInRelease
metadata file in the repository when working with GPG signing. Downloading a Debian package from Artifactory will now be faster as the client will only download theInRelease
file without downloading theRelease
andRelease.gpg
files that are heavier.
Resolved Issues
JIRA Issue |
Description |
---|---|
RTFACT-19530 | Improved the performance for thePromote Docker Image |
rtfact - 19381 | Fixed an issue in which the RPM group settings would not be returned when using theGet Repository Configuration API |
RTFACT-16370 | Fixed an issue in npm repositories in which downloading npm packages that contain “.json” (e.g. merge-package.json) as part of the package name would fail. |
RTFACT-8966 | Fixed an issue in Ruby Gems repositories in which downloading packages (e.g. sidekiq-pro) from a remote repository that points togems.contribsys.comwould fail. |
Fixed an issue in NuGet repositories in which virtual repositories indexes would include extra unnecessary pages that would slow packages installation in some cases. This will now improve performance for NuGet virtual repositories. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.3
本节包括所有的Artifactory中on 7.3.x releases.
Artifactory 7.3.2Cloud | Self-Hosted
Released: 23 March, 2020
Tomcat Breaking Change
The Tomcat bundled with Artifactory has been upgraded to version 8.5.51 which introduces a change that might affect your Artifactory instance.
HTTP Date Headers
Due to aknown issuein Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more detailshere.
If you are using clients that make use of the "If-Modified-Since" request header in the request to Artifactory, you need to make sure that dates are sent in GMT format (as the HTTP spec mandates).
If the clients that you use send dates in GMT format, this change will not affect you.
Feature Enhancement
Upgraded Tomcat Version in JFrog Artifactory
The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.
Issues Resolved
JIRA Issue | Description |
---|---|
Fixed an issue whereby under certain circumstances, authenticated users were able to:
|
|
RTFACT-21509 |
Fixed an issue whereby, selecting the Remember Me option in the Login screen to the Artifactory Cloud Web UI, would occasionally return an internal server 500 message if Artifactory was configured behind a reverse proxy using a small proxy buffer size. |
RTFACT-21539 |
固定的一个问题,升级之后Artifactoryto 7.x, the Artifactory logs would not be sent to Sumo Logic in cases where the Sumo Logic integration was enabled. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.3.1Cloud
Released: March 23, 2020
Artifactory 7.3.1 is Available as a Cloud Version
The Artifactory 7.3.1 release is available only as a Cloud version. Artifactory 7.3.2 applies to on-prem and contains all the content from Artifactory 7.3.0 and 7.3.1.
Resolved Issues
JIRA Issue | Description |
---|---|
Fixed an issue whereby during an upgrade from Artifactory 6.x to Artifactory 7.x the admin password was reset. |
|
Fixed an issue whereby Artifactory could not pull artifacts from the Azure Container Registry. |
For a complete list of changes, please refer to ourJira Release Notes.
Artifactory 7.3.0Cloud
Released: 23 March, 2020
Artifactory 7.3 is Available as a Cloud Version
The Artifactory 7.3 release is available only as a Cloud version. Artifactory 7.3.2 applies to on-prem and contains all the resolved issues in Artifactory 7.3.0 and 7.3.1.
Highlights
PAT (Personal Access Token) Support for Remote Repository Authentication
除了基本的authentication, with username and password,Artifactory现在支持远距离e repository authentication using Personal Access Tokens (PAT). The big advantage of using PATs is that you can strengthen your Artifactory security practices by using Access Tokens for authentication instead of using your primary credentials. For example, you can configure your remote Docker repository to point to GitHub and authenticate it by using a PAT. You can use PATs for any package type. For more information, seeRemote Credentials.
LDAPImprovements
Artifactory now supports a new type ofActive Directory "Nested Groups" search, enabling performance improvements when working with LDAP. This feature requires that Active Directory runs on Windows Server 2012 R2 version or later. There are no additional requirements for the Active Directory Windows Server side. For more information, seeSupport for Nested Groups.
Write-disabled Mode Supported for Shard Storage Requests
To enhanceStorage Sharding, Artifactory now supports disabling write-requests to shards.
This is useful, for example, when migrating data from a shard that must be replaced. First, the feature is used to write-disable the shard and then the data is migrated to a new shard.
In addition, the feature still allows garbage collection to continue to clean the deleted binaries from the write-disabled shard.
To set the write-disable mode on a shard in Artifactory, see theConfiguring State-AwareBinary Providersection.
Support for Matrix-params with Conan Repositories
Artifactory now supports matrix parameters for Conan repositories. As a result, the Build Info for Conan packages uploaded to Artifactory SaaS is now available.
Feature Enhancements
Restricting System and Repository Imports
Artifactory allows admin users to import and export data at both the system level and the repository level. For more information, seeImport and Export.
Sometimes, however, it is advantageous to restrict imports to avoid causing undesirable results.有了这个新特性,系统和存储库mport options can be disabled, thereby preventing specific admin users in the enterprise from performing imports. For example, you can stop an admin from overriding the Release Bundles distributed to an Artifactory Edge, by preventing them from importing the initial Artifactory state. For more information, seeImporting and Exporting.
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereArtifactory did not start as a service on RedHat 7.7 and Centos 7.7 when upgrading Artifactory from versions earlier than 6.14.0. | |
Fixed an issue where Docker Image failed to start with Oracle DB because Artifactory's Docker entry point could not get the endpoint of the external Oracle DB. |
|
RTFACT-14848 |
Fixed an issue where, even if the user had Deploy Permissions for the default deployment repository in the virtual repository, Set Me Up would incorrectly issue the following warning message: |
RTFACT-21117 |
Fixed an issue whereby in some cases of a load-balanced remote repository, where two nodes are out-of-sync, a conflict between the metadata of a file and the contents of the file might result. |
RTFACT-20905 |
Fixed an issue where pulling an image from a smart remote Docker repository always causes it to pull themanifest.json file from the source Artifactory. This behavior would cause a failureif the Artifactory source instancewas not reachable. |
RTFACT-18779 |
Fixed an issue where, after a pull replication was executed from a Docker smart remote repository, which was pointing to a Docker remote repository that in turn was pointing to a Docker Hub, Artifactory was not able to serve the artifacts from the local cache when the Docker smart remote repository was set to offline mode. |
RTFACT-20127 |
Fixed an issue where the latest npm package was always being determined by the publish date, regardless of theartifactory.npm.tag.tagLatestByPublish system property value. |
RTFACT-19364 |
Artifactory now supports the new Maven XML tag attributes that were introduced with Maven 3.6.x. |
RTFACT-21189 |
The Go remote GitHub repository can now resolve both incompatible and compatible Go Module v2+ project version formats. |
RTFACT-20160 |
Fixed an issue where the checksum for a Go module that was directly resolved from GitHub differed from the checksum when the module was resolved fromgocenter.io orproxy.golang.org . |
RTFACT-20460 |
Fixed an issue where Debian packages that did not contain control files would cause metadata resolution to fail when the $ apt update command was invoked. |
RTFACT-18399 |
Fixed an issue that resulted in Artifactory generating incorrect metadata for some CRAN package types. |
RTFACT-21088 |
Fixed an issue whereby viewing Docker images stored in a remote-cache displayed a hash symbol instead of a tag. |
RTFACT-21170 |
Fixed an issue whereby the port used for Artifactory authentication in Artifactory 7 (8082) differed to Artifactory 6.0 (8081) causing backward compatibility to fail. |
RTFACT-20988 |
Fixed an issue whereby upgrading to Artifactory 7.x caused the internal Hostname to be set to Artifactory instead of being configured as the IP address of the Artifactory server. |
RTFACT-18414 |
Fixed an issue whereby the SHA256SUMS file was not tracked as an IDK in Debian Remote repositories. |
RTFACT-21395 |
Fixed an issue whereby PyPI redirections did not recognize the value of the |
RTFACT-21388 |
Fixed an issue whereby users (that are not defined as admins) in any group defined as an Admin group could not generate Join Keys. |
Fixed an issue whereby indexing Helm Charts failed during high concurrent indexing. | |
RPG-287 |
Fixed an issue whereby, hijacked sessions caused a memory leak in the JFrog Router service. |
For a complete list of changes, please refer to ourJIRA Release Notes.
Artifactory 7.2
本节包括所有的Artifactory中on 7.2.x releases.
Artifactory 7.2.1Cloud | Self-Hosted
Released: 23 February, 2020
Resolved Issues
JIRA Issue |
Description |
---|---|
Fixed an issue whereby, when upgrading to Artifactory 7.x, an error was generated when trying to log in to the JFrog Platform using OAuth SSO provider authentication and your Artifactory was configured with a context path other than |
Artifactory 7.2.0Cloud | Self-Hosted
Released: February 23, 2020
Highlight
JFrog Container Registry 7.0
JFrog Container Registry 7.0 has been released as part of the Artifactory 7.2 release. The JFrog Container Registry is powered by JFrog Artifactory with a set of features that have been customised to serve the primary purpose of running Docker and Helm packages in a Container Registry.For more information, seeJFrog Container Registry.
Resolved Issues
JIRA Issue | Description |
---|---|
Fixed an issue whereby a metadata server reindex operation resulted in a database connection leak. |
Artifactory 7.1
本节包括所有的Artifactory中on 7.1.x releases.
Artifactory 7.1.0Cloud | Self-Hosted
Released: February 17, 2020
Resolved Issues
- Fixed an issue, whereby S3 CloudFront redirections did not function correctly.
- Fixed an issue, whereby Maven snapshot were not indexed with snapshot versions in the metadata server.
- Fixed an issue, whereby the Virtual repository info tab was displayed incorrectly when sorting by package type.
- Fixed an issue, whereby builds were displayed incorrectly in the Build view when performing multiple promotion steps.
- Fixed an issue, whereby Conan packages were uploaded incorrectly to Artifactory.
Artifactory 7.0
本节包括所有的Artifactory中on 7.0.x releases.
Artifactory 7.0.2Cloud | Self-Hosted
Released: January 15, 2020
Issue Resolved
- Fixed an issue, whereby when performingSAML-based Single Sign-Onto Artifactory, a URL with double slashes (‘//’) was returned causing the redirection requests to break.
Artifactory 7.0.1Cloud | Self-Hosted
Released: January 14, 2020
Issue Resolved
- Fixed an issue whereby the Download stats propagated incorrect information to the Metadata Service, resulting in incorrect data displayed in the UI.
Artifactory 7.0Cloud | Self-Hosted
Released: January 12, 2020
Deprecated Features
Artifactory 7.0 introduces several deprecated features.Learn More >
Also, read about the features that are currently out of scope and will be available in later releases.Learn More >
Breaking Changes
For a list of breaking changes in Artifactory and other services in the JFrog Platform,click here >
REST API Changes
For a list of REST API changes in Artifactory,click here >
Important: The JFrog Platform web UI is now accessed through port 8082 (For example,http://SERVER_HOSTNAME:8082/ui/
). Accessing Artifactory directly for REST API and downloads is still possible through port 8081.Learn More >
Highlights
JFrog Platform
Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:
- Universal package managementwith all majorpackaging formats, build tools, and CI servers.
- Security and Compliancethat's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
- Radically simplified administrationwith all configurations in one place.
- Complete trust in your pipelineall the way from code to production.
- Seamless DevOps experiencefrom on-prem, cloud, hybrid or multi-cloud of your choice.
JFrog Platform New Functionalities
System Architecture
The new Artifactory architecture is more Cloud Native. The Artifactory application has been divided into several microservices.Learn More >
Artifactory system.yaml
This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process.Learn More >
Installation and Upgrade
Artifactory 7.0 comes with a new installer, which affects theInstallationandUpgradeprocedures. The file structure has been improved and is now aligned across all JFrog products.Learn More >
Upgrade process changes
Update reverse proxy and load balancer
当upgrading your Artifactory HA installation from version 6.x to 7.x, make sure to adjust yourreverse proxy settingsand update yourload balancerconfiguration to use the new JFrog Platform URLhttp:// <主机名>:8081
.Complete upgrade instructions here.
Unified User Interface
This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address.Learn More >
Unified Permission Model
This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products.Learn More >
Logging
All JFrog products now follow a standardized logging format and naming convention.Learn More >
Feature Enhancements
Packages page
While previously the Packages page provided information for Docker and npm packages, it is now extended to provide metadata for all package types in your system (excluding Git LFS and Generic repositories).Learn More >
Search Experience
The search experience has been enhanced to enable searching for all resource types, including packages, builds and artifacts from a single search bar. It now also includes advanced capabilities, such askeyword search, simplifying the search experience.Learn More >
Issues Resolved
JIRA Issue |
Description |
---|---|
RTFACT-17343 |
When groups are imported from an LDAP server, groups names containing special characters are blocked and error messages are issued to alert the administrator. |
Fixed an issue where the |
|
RTFACT-20888 |
Fixed an issue where deploying an artifact using basic authentication, such as , or an access token for authentication, would not send an email notification to users following the relevant repository. |
For a complete list of changes, please refer to ourJIRA Release Notes.