Release Notes

Artifactory 6.23

发布:2020年10月19日

Feature Enhancements

Changes in Artifactory to Facilitate the New Docker Rate Limit

Following the latestDocker announcementregarding changes to the Docker Rate Limits, Artifactory 6.23 includes several internal improvements to support the usage of remote repositories opposite Docker Hub while taking into account the new rate limits. In order to use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in yourAdvanced Remote Docker Repositories.

Improvements to RubyGems Indexing for Remote Repositories

Added Bundler Compact index support for Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, set theartifactory.gems.compact.index.enabled=truevalue in theartifactory.system.propertiesfile.

Verify Audience Restriction Applied for SAML SSO

As part of JFrog's security enforcement, an additional verification step has been set up opposite the SAML server to validate SAML SSO authentication requests.
TheverifyAudienceRestrictionattribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured. For more information, seeSAML SSO Integration.

Improved Plugin Metadata Calculation for Maven

Maven plugin metadata is now calculated for every deploy or delete action for only Maven plugin files.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.23.1

Released: 2 November, 2020

Feature Enhancements

Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits

Docker Registry functionality is now optimized in Artifactory to accommodate the latest changes to the Rate limits announced by Docker. To prevent being blocked by the Docker hub, we have changed the default Retrieval Cache Period to six hours. Optimized the GET requests to Docker Hub by dramatically reducing the number by introducing HEAD requests and optimizing the usage of GET calls. To assist our Docker users, you will be will now receive a Platform level warning for every unauthenticated Docker remote repository pointing to Docker Hub. In addition to UI Improvements, the Remote Docker Authentication section has been moved to the Basic tab on theRemote Docker Repositoriespage.

Hardened the User Login Messages

User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.23.3

Released: 23 November, 2020

Feature Enhancements

Improvements to RubyGems Indexing for Local Repositories

Added Bundler Compact index support for Local repositories, in addition to the Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.

To use this new capability, in theartifactory.system.propertiesfile, set theartifactory.gems.compact.index.enabled=truevalue.

Resolved Issues

For a complete list of changes, please refer to ourJFrog Release Notes.

Artifactory 6.23.7

Released: 31 December 2020

Resolved Issues

Artifactory 6.23.13

Released: 22 February 2021

Highlights

萎靡不振的安全复位器避免安全风险ies

You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for PyPI and npm packages but will be extended to all the package types in the upcoming releases.

Feature Enhancements

Improvements to RubyGems Indexing for Virtual Repositories

Added Bundler Compact index support for Virtual repositories, in addition to Local and Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in theartifactory.system.propertiesfile, set theartifactory.gems.compact.index.enabled=truevalue.

Enhanced Folder Download Functionality

The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders.

Group REST API Enhancements

From Artifactory 6.23.13, when running theUpdate Group, you can enforce using lower case characters in user names when associating users to groups, by setting thevalidate.lowercase.username.on.group.associationto true. The default is set to false. When set to true, an error will be generated if an upper case character is used in the user name.

Resolved Issues

Artifactory 6.22

Released: September 29, 2020

Resolved Issues

Artifactory 6.21

Released: 11 August, 2020

Feature Enhancements

Improved LDAP Pagination Support Usage

Added the Used Page Results parameter in theLDAPpage to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. For unsupported LDAP servers, admins can disable the LDAP pagination results via the UI or Artifactory's configuration files, thereby improving LDAP performance and calls.

Upgraded Tomcat Version

Tomcat包d with Artifactory has been upgraded to version 8.5.57, solving some security vulnerabilities described inCVE-2020-13935andCVE-2020-13934.

Resolved Issues

Artifactory 6.20

Released: May 25, 2020

Highlights

Xray Block Unscanned Artifacts Timeout Policy

This version includes the capability to define the timeout policy for unscanned artifact download requests. This means that when ablock unscanned artifacts policyis configured in Xray, Artifactory will wait for the predefined time of the policy, to allow Xray to perform the required scan. This will prevent download request failuresthat require Xray scan on the artifacts.

In addition, to improve artifact download performance, Artifactory will now only request Xray scans results for repositories configured with block download policy.

Configurations areavailable here.

**Available with Artifactory version 6.20.x and Xray version 2.12.x.

Support for RHEL 8 AppStream

Artifactory nowsupports Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. An example of this new metadata includes thedata type=modulesmetadata fromrepomd.xml. TheContentin AppStream in RPM is available in one of two formats - the familiar RPM format and an extension to the RPM format called Modules.

As part of the AppStream support in Artifactory, you can:

• Proxy AppStream modules through a remote RPM repository.
• Host and serve AppStream modules according to profiles and streams through a local RPM repository.
• Serve local and remote content through a virtual repository.

For more information, seeDeploying RPM Modules to Your Local Repository.

Feature Enhancements

Upgraded Tomcat Version

Tomcat包d with Artifactory has been upgraded to version 8.5.54.

In this upgrade, theHTTP date headers issuethat existed in Artifactory 6.18.1 (that were bundled with Tomcat 8.5.51) was fixed.

npm Performance Improvements

Introduced performance improvements for the indexing process of npm repositories.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.20.1

Released: July 5, 2020

Feature Enhancements

Upgraded Tomcat Version

Tomcat包d with Artifactory has been upgraded to version 8.5.55, solving some security vulnerabilities described inCVE-2020-9484.

Upgraded Npm Lodash Library

The npm lodash library has been upgraded to version4.17.15, to eliminate two security issues described inCVE-2018-16487andCVE-2019-10744.

Improved Permissions Cache Invalidation

Improved the permissions cache invalidation mechanism by minimizing the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.19

Released: April 14, 2020

Highlights

Go Private GitHub Repositories Support

It is now possible to create a remote Go repository and proxy Go modules from GitHub private repositories.

Additional information on how to configure Artifactory and your Go client to work with GitHub private repositoriescan be found here.

Conda v2 Format

Artifactory now supports the Conda v2 metadata format. You can now useConda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).

As part of this change, Artifactory now supports the.condafile extension to compress packages more effectively and thecurrent_repodata.jsonfile that makes packages search faster.

Feature Enhancements

Reverted Tomcat Version to 8.5.41

Artifactory 6.19.0 version is now bundled with a downgraded Tomcat 8.5.41 version due to anissuefound in Tomcat version 8.5.51 that is currently bundled in Artifactory 6.18.1, 6.17.1, 6.16.2, 6.15.2, 6.14.4 and 6.13.3.

Just a bit of background, Tomcat was previously upgraded to version 8.5.51. Due to aknown issuein Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more detailshere.

This applies only if you are using clients that make use of the "If-Modified-Since" request header in the request to Artifactory, therefore validate that dates are sent in GMT format (according to the HTTP spec mandates).

We recommend upgrading to this version if your clients send dates in a timezone that is different than GMT format.

Docker Installation Includes Upgraded OpenJDK Version 11.0.6

The OpenJDK version that is bundled with the Artifactory Docker image was upgraded to OpenJDK 11.0.6.

Debian InRelease

Added support for Debian InRelease metadata files. Artifactory will now produce anInReleasemetadata file in the repository when working with GPG signing. Downloading a Debian package from Artifactory will now be faster as the client will only download theInReleasefile without downloading theReleaseandRelease.gpgfiles that are heavier.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.19.1

Released Date: 27 April, 2020

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.18

Released: March 1, 2020

Highlights

PAT (Personal Access Token) Support for Remote Repository Authentication

In addition to the basic authentication, with username and password,Artifactory now supports remote repository authentication using Personal Access Tokens (PAT). The big advantage of using PATs is that you can strengthen your Artifactory security practices by using Access Tokens for authentication instead of using your primary credentials. For example, you can configure your remote Docker repository to point to GitHub and authenticate it by using a PAT. You can use PATs for any package type. For more information, seeRemote Credentials.

LDAP Improvements

Artifactory now supports a new type ofActive Directory "Nested Groups" search, enabling performance improvements when working with LDAP. This feature requires that Active Directory runs on Windows Server 2012 R2 version or later. There are no additional requirements for the Active Directory Windows Server side. For more information, seeSupport for Nested Groups.

Write-disabled Mode Supported for Shard Storage Requests

To enhancestorage sharding, Artifactory now supports disabling write-requests to shards.
This is useful, for example, when migrating data from a shard that must be replaced. First the feature is used to write-disable the shard and then the data is migrated to a new shard.
In addition, the feature still allows garbage collection to continue to clean the deleted binaries from the write-disabled shard.

To set the write-disable mode on a shard in Artifactory, see theConfiguring State-Aware Binary Providersection.

Feature Enhancements

Restricting System and Repository Imports

Artifactory allows admin users to import and export data at both the system level and the repository level. For more information, see theImporting and Exportingsection.

Sometimes, however, it is advantageous to restrict imports to avoid causing undesirable results.With this new feature, the system and repository import options can be disabled, thereby preventing specific admin users in the enterprise from performing imports. For example, you can stop an admin from overriding the Release Bundles distributed to an Artifactory Edge, by preventing him from importing the initial Artifactory state. For more information, seeImporting and Exporting.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.18.1

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

Tomcat包d with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. 修正了在某些情况下, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.17

Released: January 12, 2020

Highlights

Docker Improvements

Introduced performance improvements for Docker remote repositories.

Feature Enhancements

Support for Smart Remote Repositories on JCR (with E+)

From version 6.17, JCR supports pulling artifacts using Smart Remote Repositories. This enhancement allows pulling artifacts from other Artifactory instances (ones with Enterprise+ or Edge license), just like any remote repository.

Storage Summary Supports Large Instances

Thestorage summaryfeature (whether invoked from the UI or from the REST API)now uses a cache so it can quickly display the summary data of very large instances, consisting of many repositories with many artifacts. By default, the storage summary is calculated every hour and saved in the cache, but a system parameter allows the administrator to readjust the time and frequency of the calculation. The Storage page in the UI has a Refresh button for manually refreshing the data. The REST API has a new POST method that returns an immediate response and schedules an asynchronous calculation.

npm Virtual Repository Support forSemVer

The external dependency rewrite feature for the npm virtual repository now supports additional SemVer expressions, such as semver:4.x.0.

Now if you encounter SemVer issues, you can revert the changes using the new feature flag,artifactory.npm.semver4j.enabled, by changing its value to false.
In addition, a bug was fixed where Git and GitHub URLs with slashes resulted in an "Unable to determine download URL" error. For example:git://github.com/a/b.git#c/d.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.17.1

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

Tomcat包d with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. 修正了在某些情况下, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.16

Released: December 1, 2019

Highlights

Upgraded the Microsoft Azure Storage SDK version included in Artifactory to V8

Artifactory has been upgraded to support Microsoft Azure Storage SDK for Java v8 enabling users to upload files larger than 12GB in the Azure Blob storage.

Running ‘go get’ commands from Github are Supported for Go Version 1.13 and Above

Artifactory supports serving and caching 'gosumdb' requests from a GoSumDb provider - for example, GoCenter.

Updated ‘Set Me Up’ for PyPI

The ‘Set Me Up’ function for PyPI remote repositories now includes your user credentials, thus allowing you to resolve packages using the ‘pip install ’ request without having to reinsert your Artifactory credentials for each request.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.16.2

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

Tomcat包d with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. 修正了在某些情况下, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.15

Released: November 18, 2019

Highlights

Docker Manifest V2 Schema 2 Support

To align with the码头工人清单V2模式1弃用, Artifactory by default will nowsupport blocking Schema 1 requests. Only Docker images with the latestmanifest V2 Schema 2will be supported for:

• Push requests, for new local repositories.
• Pull requests, for new remote repositories.

Existing local and remote repositories will continue to support both schemas.

Configuration can be changed at any time viaREST API(using theblockPushingSchema1flag) or the UI.

Make sure you are using the latest Docker client versions, which will automatically convert your images accordingly. Artifactory will continue to allow Scheme 1 pull requests.

Cloud Object Storage Supported for Artifactory Pro Licenses

Artifactory Pro now supports using cloud object storage from themajorSaaS providers. Previously an Enterprise-only feature, Artifactory Pro users can now use only - Amazon's S3, Google's Cloud Storage, or Azure's Blob Storage as their binary provider.
An Enterprise license is still required forotherobject storage providers, such as OpenStack Swift,CEPH, or NetApp's StorageGRID.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.15.1

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.15.2

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

Tomcat包d with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. 修正了在某些情况下, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.14

Released: November 3, 2019

Highlights

Significant UI Performance Improvements

Artifactory 6.14 applies server-side pagination in the UI resulting in faster page load performance for the Builds, Permissions and Search pages.

Ubuntu 18.04 Support

Installing Artifactory on Ubuntu 18.04 is now supported.

GoProxy Support

Artifactory now allows you to configure the Golang proxy (proxy.golang.org) as a remote repository in addition toJFrog GoCenter.

Feature Enhancements

Xray Integration Improvements

Added an improved Xray indexing mechanism to support a vast amount of repositories, containing larger numbers of binaries. Artifactory saves every Xray event with a unique constraint according to the package type and component path, thereby resolving the indexing-duplication.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.14.1

Released: November 11, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.14.2

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   
   

Artifactory 6.14.4

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

Tomcat包d with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. 修正了在某些情况下, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.13

Released: October 6, 2019

Highlights

UI performance improvements

Artifactory 6.13 includes performance improvements by introducing server-side pagination, allowing faster loading of data in the UI. This will apply to the following pages:

1. Artifact Repository Browser- the tree browser will now load repositories and their content paginated.
   Note:Due to this change, theFindfunctionality in the tree browser will now only search repositories loaded from the server (i.e. repositories currently visible in the tree view).
2. Home Screen- the repositories list will now be paginated.

Replication Improvements

The replication process of repositories with many files has been enhanced to avoid most unexpected disconnections.This is done by saving a compressed file list of the target repository on the source Artifactory instance. The comparison of the file lists between the source and the target will now be done on the source instance.

API for setting and getting group membership for users

TheGet Group DetailsandUpdate GroupREST APIs have been updated to enable getting or setting users in a specific group.

• Get all users associated with the group
• Add a list of users to the group

Feature Enhancements

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.13.1

Released: October 8, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.13.2

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.13.3

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

Tomcat包d with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. 修正了在某些情况下, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.12

Released: August 18, 2019

Highlights

Support for Smart Remote Repositories on Edge Nodes

From version 6.12,Artifactory Edgesupports pulling artifacts usingSmart Remote Repositories. Previously distributing artifacts to an Edge Node could only be done using Release Bundles. This enhancement allowspulling artifacts from other Artifactory instances(ones with Enterprise+ or Edge licenses), just like any remote repository.

Support for remote repositories (that are not Smart Remote) is not available. For example, creating a remote repository pointing to Docker hub is not supported.

This feature is available as a JFrog Artifactory On-Premise installation and requires a JFrog Enterprise+ or JFrog Artifactory Edge license.

S3 Cloud Storage Provider Using the Official AWS SDK

Artifactory now supports using S3 cloud storage provider using the official AWS SDK. S3 using JetS3t library is still supported, upon upgrade you are not required to make any changes.

To opt-in and use the new S3 template,see here.

Pull Latest Docker Image from Virtual Repository

You can now set yourVirtual Docker repositoriesto pull Docker images according to their modification time in scenarios where two or more aggregated repositories contain the same tag name. For example,busybox:1.1.
Instead of fetching the image that is positioned higher in the resolution order in the virtual repository, Artifactory will return the Docker image last deployed to one of the aggregated repositories in the Virtual repository. Artifactory will first try to fetch the tag from the Local repositories according to the modification time, if not found, it will continue to try to fetch the image from the Remote repositories according to the resolution order.

This functionality is useful for multi-site environments where you create the same image on two different instances.

To configure this, set theresolveDockerTagsByTimestampparameter to true (false by default) whencreating a new repository.

Tomcat Version Upgrade

Tomcat包d with Artifactory has been upgraded toversion 8.5.41.

Feature Enhancements

Concurrent File Download Performance Improvement

Multiple concurrent downloads of the same file will now only be downloaded once from a remote binary provider (for example, S3), improving system performance and decreasing network load.

Checksum validation for files downloaded fromcloud storage

Artifactory现在完成额外的检查um validation when downloading an artifact from cloud storage, such as S3. This is to prevent any potential corruptions or incomplete streams, for example where the checksum value of the file does not match the checksum name of the file.

Garbage collection performance improvement

Improved garbage collection for large scale systems.

Artifactory SAML integration for EncryptedAssertion Support

Artifactory SSO SAML integration now supports Encrypted Assertion, using an X509 public key certificate generated by Artifactory. This enables users encrypt their payloads that includes user data such as name and email, providing an added security layer.

Anonymous access disabled by default

对于新安装,匿名访问将be disabled by default for hardening security.It can be enabled at any time.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.12.1

Released: August 28, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.12.2

Released: September 11, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.12.3

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.11

Released: 25 June, 2019

Highlights

Direct Cloud Storage Download

Get optimized cloud storage when storing your binaries on AWS S3 by downloading your binaries directly from the cloud storage without having to route through Artifactory on the way. Artifactory can now redirect requests from clients (supporting HTTP 302 responses), directly to the cloud storage. As a result, the load on the Artifactory local storage cache is reduced as the large artifacts will be downloaded directly from the cloud. This feature is available as a JFrog Artifactory On-Premise installation and requiresa JFrog Enterprise+ or JFrog Artifactory Edge license.

Direct Cloud Storage Download is available for Docker, Helm, Maven, Npm, Debian (supported from Client version 9), PyPI, Bower, CRAN, Composer, and RubyGems.Support on Google Cloud Storage (GCP) will be added in the forthcoming releases.For more information, seeDirect Cloud Storage Download.

Optimized Repository Replication with Checksum-Based Storage

Artifactory alongside storage solutions offers an additional alternative for binary replication. You can now enable Artifactory to perform replication of the actual binaries directly through the storage layer without routing the data through Aritfactory and from there to the storage. This is recommended if you are already replicating your Artifactory data to another Artifactory cluster using a solution provided by the storage provider. As part of this new capability, Artifactory will continue to replicate the artifacts' metadata and ensure the consistency of the data. In parallel, Artifactory will offload the heavy lifting part of the replication to the storage device, allowing you to only replicate the metadata and make sure the file is available on the target instance. Checksum-Based storage is enabled by adding a feature flag to the Push/Pull Rest API commands and will be available in the UI shortly. Requires an Enterprise+ license. For more information, seeOptimizing Repository Replication with Checksum-Based Storage.

Issues Resolved

1. 固定的一个我ssue whereby, in some cases, Artifactory would not validate the API key authentication for an LDAP user opposite the LDAP server as part of the authentication process opposit Artifactory.
2. 固定的一个我ssue in an HA environment where in some cases, after deleting a group, the group members in the cluster can still perform actions based on the group rights for some time.
3. 固定的一个我ssue with Ruby Gems repositories whereby accessing the /versions API endpoint (e.g. `/api/gems/gems-local/versions`) would fail with the following error: `getWriter() has already been called for this response'.
4. 固定的一个我ssue whereby when running event-based replication, in some cases, the properties were not replicated to the destination instance only once the CRON replication was initiated.
5. 固定的一个我ssue regarding Conda virtual repository performance, whereby Artifactory calculated metadata for every client request.
6. 固定的一个我ssue whereby a remote repository did not display artifacts if the artifact name included special characters and the item was not yet cached.
7. 固定的一个我ssue whereby users could not perform delete operations when the permission targets only included builds with no repositories.
8. 固定的一个我ssue whereby if one of the email addresses of one of the admin users would not be a valid address, email notifications would be sent only to some of the admin users and not all of them.
9. 固定的一个我ssue whereby an exception was thrown when triggering pull replication if the request body was left empty.
10. 固定的一个我ssue whereby an outdated Crowd REST client version in Artifactory caused delayed logins when using an HTTPS-based Crowd server.
11. 固定的一个我ssue whereby Artifactory will attempt to convert NPM packages with non-semver versions to semver instead of automatically rejecting suspected packages.
12. 固定的一个我ssue whereby users were missing the delete permissions for the Promote build plugin endpoint.
13. 固定的一个我ssue whereby only a user with read-only permissions could run the npm dist-tag to update the metadata.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.11.1

Released: June 30, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. 固定的一个我ssue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.
3. 固定的一个我ssue when the ‘password max age’ in the configuration was enabled and set, Artifactory failed to load with a configuration error after restart.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.11.3

Released: July 22, 2019

Mail server with TLS 1.2 connections Support

Artifactory now supports email messages with TLS 1.2.

Fixed Issues

1. 固定的一个我ssue where in some circumstances, users can take actions that should otherwise be permitted only for an Admin user.
   
2. 固定的一个我ssue where in some circumstances Gem artifacts failed to resolve from a virtual repository.

Artifactory 6.11.6

Released: August 13, 2019

Fixed Issues

1. 固定的一个我ssue, whereby under certain circumstances, users experienced performance degradation when searching in the Artifactory UI.

Artifactory 6.11.7

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.10

Released:May 6, 2019

Highlights

Support for Conan Remote and Virtual repositories

In addition to local repositories, Artifactory nowsupports Conan remote and virtual repositories. Remote Conan repositories proxy remote Conan resources and cache downloaded Conan packages to keep you independent of the network and the remote resource. Virtual repositories allow you to aggregate multiple local, remote and virtual Conan repositories under a single endpoint and easily manage the resolution and deployment of all your Conan packages.

Support for npm audit

Artifactory nowsupportsnpm audit, allowing you to get vulnerabilities on your npm projects’ dependencies tree.

审计报告包含信息安全vulnerabilities of dependencies and can help fix a vulnerability by providing npm commands and recommendations for further troubleshooting.

This functionality will be enabled by default on npm virtual repositories that aggregate at least one remote repository that supports npm audit. For example, a remote repository that points tohttps://registry.npmjs.orgor Artifactory Smart Remote repository.

JFrog Xray users with Artifactory Pro X / Enterprise / Enterprise+ license, will get an enhanced audit report that includes security vulnerabilities from Xray's database. When Xray is configured to work with Artifactory, an audit report can be generated from scratch even without connecting to any remote repository.

Java 11 Compatibility

From this version, Artifactory officially supports running with JDK 11 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 11.

Java 8 support end of life is coming up, and Artifactory contains components that require Java to run properly and include Java runtime as part of Artifactory.

Feature Enhancements

New Artifactory User Plugins hooks

The ArtifactoryUser Pluginsnow include two new hooks:

• Upload.beforeUploadRequest,useful for overriding the actual repository path during the Artifactory upload process.
• Download.altAllResponses, used to provide an alternative response during the Artifactory download process, by setting response headers, status code, error message or inputStream and size context variables.

Issues Resolved

1. 固定的一个我ssue where downloading a Docker image from remote repositories did not cache layers that existed on the local drive of the user trying to download the image, resulting in missing layers in the remote cache repository. Artifactory will now search for any missing layers in all repositories the user has permissions for and copy them to the remote cache repository for full image coverage that contains all layers.

2. GoLang repository fixes and enhancements:

   1. Go .mod and .info files can now be viewed from within the Artifactory UI.

   2. Added bothgolang.organdk8s.ioto the default whitelisted Govirtual repositoriesexternal dependencies.

   3. 固定的一个我ssue where a 404 response instead of a 400 response was returned when trying to resolve directly from a remote Go repository REST resource.
   4. 固定的一个我ssue where aNullPointerExceptionwas printed to Artifactory logs, when setting up a remote repository with Artifactory as the module provider and the url asgithub.com, and requesting a mod file.
   5. 固定的一个我ssue when resolving artifacts from a remote Go repository, the go-get.html file was stored instead of the info module. Unused go-get.html files will now be removed.

   6. 固定的一个我ssue where downloading a Go module with a version that contains upper case characters would fail

3. 固定的一个我ssue where virtual Docker repositories composed of aggregated local/remote repositories that had one repository configured with exclude patterns, would return 404 when trying to resolve Docker images. Artifactory will now search for the Docker image in all of the aggregated repositories of the virtual repository.

4. 固定的一个我ssue where using the Gems client to search for packages in a virtual repository did not return any results.

5. 固定的一个我ssue where communication between Artifactory instances in an HA configuration did not work in some cases where the service ID was changed.

6. 固定的一个我ssue in the UI where in Admin > Users > [specific user] > User Permissions table, the same permission target would be listed more than once, based on the number of groups the specific user would be associated with.

7. 固定的一个我ssue in which trying to get the IP address of a user in User Plugins requests would sometimes return null.

8. 固定的一个我ssue in which deploying packages that contain the plus sign character (+) whendeploying multiple fileswould convert the plus sign to spaces.
   

9. 固定的一个我ssue in the UI > Permissions page when using Internet Explorer, where creating a new permission the scroll bar would not work in the Available/Included Repositories/Builds drag and drop components.

10. 固定的一个我ssue in which if the proxy settings being used for the Sumo Logic integration settings in the Log Analytics page are incorrect, Artifactory would try to reach Sumo Logic directly without going through a proxy, causing potential timeouts.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.10.1

Released: May 20, 2019

Issues Resolved

1. 修正了在某些情况下, users could gain access to security APIs that were otherwise exposed only to administrators.
2. 固定的一个我ssue introduced in Artifactory version 6.10, whereby users trying to download an artifact that did not exist from an Artifactory, configured with Azure as the binary provider in Artifactory, would receive a 200 HTTP error code with an empty stream instead of receiving a 404 error.
3. 固定的一个我ssue relatedto the new Conan API v2 introduced in Artifactory 6.9, whereby push replication for Conan local repositories was stopped when running replication from Artifactory 6.9 and above, to a target Artifactory running 6.8 or below.
   Please note that this was intentionally designed to prevent Conan repositories in the target Artifactory from being overwritten if you have not yet upgraded the target to 6.9 or above. After you upgrade the target Artifactory 6.9 or above, the replication process will resume.
4. 固定的一个我ssue whereby promoting a build using the Build Promotion REST API will now only require granting the Deploy permission instead of the Delete+Deploy permission that was the requirement in Artifactory 6.6 to 6.10.0.
   Note that when promoting a build, you will see an entry in the access.log indicating that the build was deleted by a user named _system_.
5. 固定的一个我ssue whereby changing or adding repositories could take up to a few minutes in some scenarios within certain environments in which Artifactory was set behind a proxy.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.10.2

Released: June 3, 2019

Issues Resolved

1. 固定的一个我ssue in which installing Artifactory as a service on Windows while running with Java 11 would fail upon startup.
2. 固定在特定circumstanc的一个问题es, Access Federation would fail to replicate security entities and will not recover automatically.
3. 固定的一个我ssue, where in certain scenarios, creating a remote Maven repository from within the UI created a default value for the Max Unique Snapshots field with the username (e.g. admin). This caused an error when saved.
4. 固定的一个我ssue when working with Azure as the Artifactory binary provider, in some cases would result in timeout errors in the logs.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.10.3

Released: June 11, 2019

Feature Enhancement

Proxying Remote PyPI Repositories Using a Custom Registry Suffix

Artifactory now supportsproxying remote PyPI repositorieswhereby the repository content (i.e. the packages) can reside under different paths in addition to /simple (for example, DevPi repositories).

Issues Resolved

1. 固定的一个我ssue where under certain scenarios, downloading a Debian package from a virtual Debian repository could take a long time, as opposed to downloading the same package from a remote Debian repository that would be served faster.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.10.4

Released: June 19, 2019

Issues Resolved

1. 固定的一个我ssue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.
2. Updated Artifactory Docker base image tofix the following issue.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.10.6

Released: July 1, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. 固定的一个我ssue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

Artifactory 6.10.7

Released: July 22, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.10.9

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.9

Released: March 25, 2019

Highlights

Conan v2 Supports Conan Package Revisions

From Artifactory 6.9.0,Conan API v2is supported and introduces an extension of the binary layout to supportConan Package Revisions. Revisions allow you to change your artifacts while keeping the same Conan reference, allowing immutable binary artifacts whether it be because of changes to the recipe, or minor code changes between revisions (similar to snapshot builds in other languages).

After the upgrade to Artifactory 6.9.0 is complete, your Conan packages will automatically be migrated to the Conan API v2 structure in Artifactory.

Conan API v2 support is backward compatible allowing you to continue using your current Conan client version to work with your Conan repositories from Artifactory 6.9 and above.

For the Conan client to work with the revisions feature, download theConan client 1.13 with Revisions enabled.

Support for Docker Manifest v2, Schema 1

Added support for Docker Manifest v2, Schema 1. Pulling Docker images from local/remote/virtual repositories that are set with Manifest v2 Schema 1 is now supported. For example:kibana:v4.6.1

Added Two New Target Endpoint Rest API Commands

Added two new REST APIs to retrieve the permission targets associated with a specific user or group:

• Get Permission Targets Per User
• Get Permission Targets Per Group

Issues Resolved

1. 固定的一个我ssue whereby modifying a permission target containing an Admin user failed, and displayed the following error: ‘Permission target contains a reference to a non-existing user ’.
   
2. 固定的一个我ssue whereby multiple entries with the following error: 'Couldn't find user named "xray" in ldap' were added to the Artifactory log when JFrog Xray was enabled with LDAP/ Crowd.
3. 固定的一个我ssue, from Artifactory 6.8.0, whereby the Nginx image in the Artifactory Docker image did not contain the cURL utility.
4. 固定的一个我ssue, from Artifactory 6.5.1, wherebyusing the RedHat CDK topull Docker images with a manifest list (i.e. fat manifest) fromhttps://registry.access.redhat.comwould fail.
5. 固定的一个我ssue in PyPI repositories whereby packages containing “>” or “<” characters in the “data-requires-python” section of the package metadata file could not be downloaded.
6. 固定的一个我ssue whereby Artifactory did not find metadata files (PKG-INFO/METADATA)in the root of the archive.
   
7. 固定的一个我ssue whereby npm packages with Emoji characters in the package’s description field could not be downloadedwhen MySQL is set as the database.

8. 固定的一个我ssue whereby the Test Connection button in the Remote repositories wizard in the UI would return a 405 error if the remote repository URL was an Artifactory URL (i.e. Smart Remote Repository).
   
   

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.9.1

发布:2019年4月8日

Feature Enhancements

npm virtual repository performance improvements

Performance improvements when installing an npm package from npm virtual repositories + reducing memory consumption.

Access and Request log improvements

The request.log and access.log files now include the source user ID and the IP address. This applies to users accessing Artifactory via UI, REST API, ‘docker login’ command regardless of whether the authentication was successful (i.e. good credentials) or not (i.e. bad credentials).

Artifactory Docker installation using the Distroless base Docker image

提供一个更小的,更安全的码头工人的形象of our Artifactory Docker distributions (oss, cpp-ce and pro), we have changed the base image used in our Docker files to theJFrog Distroless Docker imagethat includes only required packages. This reduces the image sizes by more than 30%.

Issues Resolved

1. 固定的一个我ssue in Ruby Gems repositories where in some cases, cached dependency requests from a remote repository would not return the latest version.

2. 固定的一个我ssue in Docker repositories where pulling a Docker image from a remote repository pointing to Microsoft/Azure container registry (e.g.mcr.microsoft.com) would fail with “error pulling image configuration: unknown blob”.

3. 固定的一个我ssue in Docker repositories where pushing a Docker image with properties on the layers to one repository and then pushing another image with some shared layers to another repository, the layers in the second new repository would be cloned from the existing layers along with all properties. Only the "sha256" property will be cloned, the other properties will not be cloned.

4. 固定的一个我ssue, relevant to version 6.4.0 and above, in which replicating Maven artifacts from a generic repository to another generic repository would not replicate the metadata, resulting in missing metadata on the target.

5. 固定的一个我ssue in Maven repositories in which, when a client would ask for a snapshot and the snapshot version behaviour was ‘unique’, Artifactory would keep searching for the artifact in all the remote repositories even after the artifact was found.

6. 固定的一个我ssue in which the Debian indexer would try to get artifact properties even in case non-Debian packages would be uploaded, deleted or moved from Artifactory.

7. 固定的一个我ssue in RPM repositories where in some cases Artifactory would fail to parse XML metadata files on certain remote RPM repositories.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.9.2

Released: May 20, 2019

Issues Resolved

1. 修正了在某些情况下, users could gain access to security APIs that were otherwise exposed only to administrators.

Artifactory 6.9.3

Released: June 19, 2019

Issues Resolved

1. 固定的一个我ssue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.

Artifactory 6.9.4

Released: July 1, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. 固定的一个我ssue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.
   

Artifactory 6.9.5

Released: July 22, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.9.6

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.8

Released: February 14, 2019

Highlights

Support Bundle Repository

TheSupport Zonehas been enhanced with a simplified UI flow, which includes the ability to create a support bundle that contains the relevant data (such as system and log files) for a single Artifactory instance or multiple nodes in an HA cluster.Once a support bundle is created, it will be saved to the new defaultjfrog-support-bundlesystem repository for any future reference.

Feature Enhancements

Artifactory Pro Nginx Docker Image Upgrade with TLS v1.3 Support

As part of the Artifactory Pro Docker distribution, theNginx Docker Image(docker.bintray.io/jfrog/nginx-artifactory-pro)is now upgraded to Nginx version 1.15.5, running on top of Ubuntu 18.10 and provides full support for TLS v1.3.

Tomcat Extra Connectors for Artifactory Docker Images Support

You can now add extra Connectors to Artifactory Docker images Tomcat's server.xml, using theSERVER_XML_EXTRA_CONNECTOR environment variable

Improved Performance for Users Managed within a Group

The performance for authentication of users during login that are associated with groups has been enhanced.

Issues Resolved

1. 固定的一个我ssue where in some scenarios of Artifactory HA scenarios, terminating the deploy of an artifact to a repository before the deploy was completed would result in a "Failed to move file from _pre folder to filestore" error in the log.

2. 固定的一个我ssue in which Artifactory would allow creating users and groups using the REST API even if the username or group name included illegal characters (/\:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.

3. Replication fixes:

1. 固定的一个我ssue where a source Artifactory configured to replicate more than one target would only replicate to one of the targets, after restarting the source Artifactory instance.

2. 固定的一个我ssue in which pull event replication in a full-mesh topology would fail in some scenarios, after restarting one of the instances in the topology.

3. 固定的一个我ssue when replicating an artifact that had properties on it while there was an artifact with the same name on the target (but different content), the properties from the source would not be replicated to the target.

4. Fixed 2 issue in Property Sets:

1. In some scenarios adding new properties to a Property Set would not work.

2. In some scenarios changing the value of single-value property would not work.

5. 固定的一个我ssue where the Access config yaml was encrypted when using the JFrog Access encrypt API, causing an issue when trying to restart an Artifactory instance after an Access encrypt was completed.

6. 固定的一个我ssue where using a custom user ID to run Artifactory and Nginx Docker containers custom configurations, caused Nginx to not start and Artifactory to fail setting the custom configurations.

7. 固定的一个我ssue in Opkg repositories, where in some cases the repository indexing caused performance issues.

8. 固定的一个我ssue in which in some scenarios, concurrent requests to a remote Docker repository would hang connections and threads.

9. 固定的一个我ssue where theListDockerRepositoriesrest API would return an empty list and theListDockerTagsrest API would return an error rather than what is stored in cache, while the remote endpoint is unavailable. This fix requires setting theartifactory.docker.catalogs.tags.fallback.fetch.remote.cachesystem property to true (default false).

10. 固定的一个我ssue in which when deploying a Gem to a local Ruby Gems package, the ‘Deployed By’ field would show _system_ instead of the actual username who deployed the package.

11. 固定的一个我ssue in which retrieving the Effective Permissions for a repository or a build would not show the users who have permissions for the resource if the user got the permissions from a Group.

12. 固定的一个我ssue where remote PHP repositories did not support last modified headers, which caused the client to download the same files remotely and not use the client cache.

13. 固定的一个我ssue when deleting/deploying files to Helm or Cran remote repositories, a metadata calculation was unnecessarily triggered.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.1

Released: February 17, 2019

Issues Resolved

1. 固定的一个我ssue where manually starting Artifactory version 6.8 on Windows using theartifactory.batfile or theartifactory.shon RPM and Debian would fail with an 'Application could not be initialized: Timed out waiting for join.key file to be made available aty' error.
2. 固定的一个我ssue where setting theloginBlockDelaysystem property to 0, caused Artifactory to fail to start with the following error: 'Application could not be initialized: / by zero'.
3. 固定的一个我ssue where access tokens created before Artifactory version 5.4 could not be used for authentication and returned a 401 error.
4. Significantly reduced the memory footprint of the global permissions cache held by Artifactory at runtime.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.2

Released: February 19, 2019

Issues Resolved

1. 固定的一个我ssue where creating a new or distributing an existing release bundle would fail, after an upgrade to Artifactory versions 6.8.0 and 6.8.1.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.3

Released: February 26, 2019

Issues Resolved

1. 固定的一个我ssue whereby when pulling a Docker image from a Docker repository, Artifactory would try to fetch the manifest list (i.e. fat manifest) file even if the image did not have a manifest list. This prevented users with Read-only permissions from pulling Docker images that did not have a manifest list.
2. 固定的一个我ssue regarding Mission Control Disaster Recovery, whereby permission targets were not replicated from source to target instances.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.4

Released: March 4, 2019

Issues Resolved

1. 固定的一个我ssue, applicable to Artifactory versions 6.8.0 to 6.8.3, where a user that is associated with a group that is configured with admin privileges and additional non-admin group(s), did not have admin privileges.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.6

Released: March 12, 2019

Issues Resolved

1. 修正了在某些情况下, users could gain access to security APIs that are otherwise exposed only to administrators.
   JFrog would like to thankCipherTechsfor reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.8.7

Released: March 14, 2019

Issues Resolved

1. 固定的一个我ssue whereby performance was degraded when processing a massive Access Control List (ACL).
2. 固定的一个我ssue that applies from Artifactory 6.6 and above, whereby starting Artifactory takes minutes due to index validation in the Oracle database.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.9

Released: April 22, 2019

Feature Enhancement

User authentication loading improvement

Artifactory can be configured to provide asynchronous loading of user/build permissions enhancing authentication of Artifactory's login performance.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.8.12

Released: May 20, 2019

Issues Resolved

1. 固定的一个我ssue wherebyunder certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.

Artifactory 6.8.14

Released: June 19, 2019

Issues Resolved

1. 固定的一个我ssue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.

Artifactory 6.8.15

Released: July 1, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. 固定的一个我ssue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

Artifactory 6.8.16

Released: July 22, 2019

Fixed Issues

1. 固定的一个我ssue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.8.17

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.7

Released: January 22, 2019

Issues Resolved

1. 固定的一个我ssue relevant from Artifactory 6.6.3 / 6.6.5 in which with Artifactory running on a Windows machine, it was not possible to work with RubyGems repositories.

2. 固定的一个我ssue in which for Artifactory instances that were upgraded to version 5.5 (in which SHA-256 checksums were introduced) and above, but whose database was not migrated to SHA-256 checksums, reindexing an entire Debian repository could take a long time.
   
3. 固定的一个我ssue in which indexing of a Debian virtual repository that aggregates a local Debian repository would fail in one of the following scenarios:
   • a user triggers indexing of the local Debian repository using the REST API
   • a user with limited permissions deploys a Debian package into the local Debian repository
4. 固定的一个我ssue in which Artifactory would not clean up temporary metadata files that were created during the Debian metadata calculation.
   
5. 固定的一个我ssue in which under certain circumstances, an Artifactory remote Go repository would cache agoget.htmlfile instead of the corresponding Go module.
6. 固定的一个我ssue whereby anArtifactory remote Go repository pointed to an Artifactory as a module provider (smart remote repository) resulting in the following:
   - Failure to fetch the real zip content by returning an empty zip file.
   - Failure to fetch info, MOD or Zip files if the remote URL contained a trailing slash.
7. 固定的一个我ssue whereby an Artifactory remote Go repository pointed to an Artifactory as the module provider (smart remote repository) resulting in failure to fetch info, mod and zip files if the remote URL had trailing slash.
8. 固定的一个我ssue in which when proxyingGitHub.comin a remote Go repository, Artifactory would not pass credentials toapi.github.com
9. 固定的一个我ssue in which parsing thego-importfrom thego-getmetadata for a Go package would fail if that metadata was spread out over multiple lines.
10. 固定的一个我ssue in which when importing LDAP groups, Artifactory would not display results if a search for existing LDAP groups yielded more than 1000 results.
11. 固定的一个我ssue in which after setting a custom SERVER_XML environment variable as part of a Docker execution command, the Docker container would succeed starting up the first time, but fail starting up from then on.
12. 固定的一个我ssue in which Artifactory would allow creating a repository with a repository key that is longer than 64 characters using the REST API. While creating the repository succeeded, deploying to the repository would fail and the log would display the following error messages:
    
    • Could not acquire lock within 120 seconds
    • Couldn't acquire lock for: 120000 milliseconds
      
    When creating a repository using the REST API, Artifactory will now validate that the repository key is no longer than 64 characters (as is enforced when creating a repository through the UI).
    
13. 固定的一个我ssue in which when deploying the same artifact under two different paths to a NuGet repository, and then deleting it from the first upload path, the NuGet repository would not get reindexed and the artifact would also not be available from its second upload path.
    
14. 固定的一个我ssue in which Artifactory would allow creating a repository through the REST API even if the repository key included illegal characters (/\:|?*"<>). Artifactory now validates that the repository key only includes legal characters as is done when creating a repository through the UI.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.7.1

Released: January 30, 2019

Issues Resolved

1. 固定的一个我ssue with npm in which proxyinghttps://registry.npm.taobao.org/with an npm remote repository would fail.
   

2. 固定的一个我ssue in which editing a Permission Target from the Artifactory UI when running on Internet Explorer would result in a blank screen.
   

3. 固定的一个我ssue with Go remote repositories in which proxying a Go remote repository in another Artifactory instance and clicking测试连接in the UI would fail with a 405 error.
   

4. 固定的一个我ssue in which upgrading from an Artifactory version 5.6 or below to version 6.6.5 or above when Artifactory had MSSQL configured as its database would fail in certain scenarios.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.7.2

Released: February 3, 2019

Issues Resolved

1. 固定一个Artifactory中的一个问题Smart Remote Go repository(即一个指向另一个Artifactory回购itory as its module provider) got a 404 response to get version list requests, instead of the version numbers.

2. 固定的一个我ssue which occurred when using thesynchronizeLdapGroupsuser plugin together with PostgreSQL as the Artifactory database. With this combination, certain circumstances would cause multiple concurrent requests to the JFrog Access REST API resulting in a "duplicate index" error.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.7.3

Released: February 6, 2019

Issues Resolved

1. 固定的一个我ssue in which installing a package from a remote RubyGems repository would fail when using Bundler.

For a complete list of changes, please refer to ourJIRA Release Notes.

For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version ofJFrog Artifactory Pro.

For Artifactory OSS, click to download this latest version ofJFrog Artifactory OSS.

For Artifactory Enterprise+, click to download the latest version ofJFrog Enterprise+.

Artifactory 6.7.5

Released: March 12, 2019

Issues Resolved

1. 修正了在某些情况下, users could gain access to security APIs that are otherwise exposed only to administrators.
   JFrog would like to thankCipherTechsfor reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.7.7

Released: July 22, 2019

Issues Resolved

1. 固定的一个我ssue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.7.8

Released: December 2, 2019

Issue Resolved

1. 修正了在某些情况下, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thankAtredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.6

Released: December 18, 2018

Highlights

Build Info Repository and Permissions Management

This version introduces a new local Build Info repository. This defaultartifactory-build-inforepository will store all build info files uploaded to Artifactory by the different CI server plugins, such as the Artifactory Jenkins Plugin, CLI, and directly through the Build Upload REST API or Artifactory UI.

The same build information will continue to be available through theREST APIand theBuilds pagein the Artifactory UI.

Also, it is now possible to define access to the different build info files withuser and group permissionssuch as read/deploy/delete. This is equivalent to managing permissions on repositories with include/exclude patterns on build info json paths, in the build info repository.

Additional benefits include:

• improvedaccessibilityto the build info json files and overallperformanceof the Builds module
• build info replicationto other instances, since they are stored as artifacts in a repository
  (Available using REST API only. Configuring replication for this repository through the UI will be added in future releases.)

Support for Debian Virtual Repositories

In addition to local and remote repositories, Artifactory now supportsDebian virtual repositories. Virtual repositories allow you to aggregate multiple local, remote and virtual Debian repositories under a single endpoint and easily manage your Debian packages.

This provides additional support for managingArtifactory multi-sites.

Calculate Debian package coordinates from remote repositories

Artifactory now enables you to extract Debian package metadata (i.e. component, distribution and architecture) from remote Debian repositories and assign them as properties on the cached packages. This can be done using theREST APIor from theArtifactory UI.

This enables searching for cached Debian packages in remote repositories, as well as whitelisting remote-cached Debian packages.

Hardened Security for Secrets

Toharden securitywhen providing encrypted data (secrets) such as connection strings to external databases, from this version, when running Artifactory, you canoptionallyprovide secrets in a temporary file. Artifactory will load the parameters specified in a temporary file at startup and then delete the file. Notice that this is an additional recommended functionality that will not change your current behaviour if not used.

Artifactory Edge Uploads Repository

Artifactory Edge nodes now include a default generic repository calledartifactory-edge-uploads, to which you can deploy files.
Note: this is the only repository in an Artifactory Edge node that's available for deploying files to.

SHA 256 Migration Task REST API Endpoints

From this version,Migrating to SHA-256can now also be done using the following two new REST API endpoints. This is in addition to ability to set the SHA-256 migration using the existing system setting configurations in Artifactory'sartifactory.system.propertiesfile.

• Start SHA256 Migration Task
• Stop SHA256 Migration Task
  

Feature Enhancements

1. Thepermission target pagehas been updated with a new view for easier navigation.
2. Artifactory Docker container can beconfigured to run as any user/group id.
3. Improved performance on Microsoft SQL when performing Property Search through UI or REST API.
4. In addition to theREST API, deleting a builddirectly from the Artifactory UIis now supported.

Issues Resolved

1. 固定的一个我ssue in npm repositories where uploading npm packages that contained Emoji symbols in the package.json file would fail with an error.
2. 固定的一个我ssue where Artifactory did not support Go module names that did not have a slash (/) in their names. For example, thego4.orgmodule used bygolang.org/x/build.
3. 固定的一个我ssue where Go Package deployment to ArtifactoryGo repositories, using JFrog CLI, would fail and return a ‘Header Or Cookie Too Large’ error for packages with large mod files.
   This fix requires Artifactory 6.6 and JFrog CLI 1.23.0.
4. 固定的一个我ssue where NuGet repository $batch requests resulted in an error.
5. 固定的一个我ssue in NuGet virtual repositories where if a certain package would exist in more than one of the aggregated repositories, Artifactory would return all of those packages when the NuGet client would ask for the latest version of this package.
6. NuGet存储库中的一个问题,如果固定same NuGet package would exist in two different paths, when deleting the package from one of the paths, the package would not be returned to the client although it did exist in the other path. The only way to get around this was by manually running the recalculate index.

7. 固定的一个我ssue where pip requests would ignore “If-None-Match” and If-Modified-Since” headers used with an /artifactory/api/pypi// endpoint.

8. 固定的一个我ssue where in some cases where a user tried to login to Xray with SSO they received the following error message "Request was blocked. Please refer to access.log".

9. 固定的一个我ssue where in a target HA instance for an event based pull replication, an exception was thrown when trying to propagate replication event between cluster nodes after deploy or delete events.
   
10. 固定的一个我ssue where in some scenarios, remote pull replication did not work for Artifactory Cloud instances.
11. 固定的一个我ssue in HA in which uploading a logo file to Artifactory through one of the nodes would update the logo for this specific node but not for the others node in the cluster.
12. 固定的一个我ssue whereAzure blob storage endpointconfigurationwas not supported. You can now use the defaulthttps://.blob.core.windows.net/端点或定义自己的.
13. 固定的一个我ssue in virtual repositories where in some cases the resolution order was not enforced and packages were not downloaded from the expected repository order list.
14. 固定的一个我ssue in which executing a repository listing request through REST API with an Access Token would fail with a 403 error.
15. 固定的一个我ssue where in some scenarios, remote pull replication did not sync the properties from the source Artifactory instance correctly.
16. 固定的一个我ssue where using a checksum-deploy with push replication between local repositories, did not replicate the following artifact metadata:Last modified,Created,Created ByandModified By.
17. 固定的一个我ssue where pip did not download from its local cache for some packages when using an Artifactory PyPI repository as its custom package index.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.6.1

Released: December 26, 2018

Issues Resolved

1. 固定的一个我ssue that occurred only in Artifactory 6.6, in which if more than one Artifactory schema/catalog combination exists on the same database instance, and the user with which Artifactory connects to the database has permissions to see all of them, theBuild Info Migration from the database to the artifactory-build-info-repositorywould sometimes be completed with an error or a log entry indicating that the migration had failed with no specified reason.

2. 固定的一个我ssue in which when using JFrog CLI to upload a Go module containing upper case characters in the module name, those characters would be converted to lower case characters pre-pended with an exclamation mark.
3. 固定的一个我ssue with HTTP SSO where users working under a proxy would fail to access the Update Profile page.

Note: In version 6.6.1 and above, for Artifactory using MSSQL, an error occurs when the Database name in the configuration does not match the actual Database name. To resolve this issue, update the Database name in thedb.propertiesfile. You can retrieve the exact Database name by running the following command:

SELECT name, database_id, create_date FROM sys.databases;

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.6.3

Released: December 31, 2018

Feature Enhancements

对于Artifactory码头工人图片:Setting the Database Connection Pool Size is Now Supported

For Docker Image Artifactory installations, you canset thepool.max.activeandpool.max.idleparametersin theetc/db.propertiesby setting the following environment variables:

• DB_POOL_MAX_ACTIVE
• DB_POOL_MAX_IDLE

In the following example, we set the maximum active database connection pool to 500:

docker run ...... -e DB_POOL_MAX_ACTIVE=500 -e DB_POOL_MAX_IDLE=50 ....... docker.bintray.io/jfrog/artifactory-pro:6.6.3

For Artifactory Docker Images: Added Support for Environment Variables to Customize Tomcat server.xml Values

Added support for configuring Tomcat server.xml values. Just pass the values as environment variables with your Docker execution command and they will be injected into Tomcat's server.xml. For more information, seeSupported Environment Variables.

Issues Resolved

1. 固定的一个我ssue whereby selecting the 'Remember Me' option to log in to the Artifactory UI did not work as expected. Logging in with 'Remember Me' is now valid for 14 days.
2. 固定的一个我ssue whereby the NuGet API v3 feed for remote NuGet repositories did not get updated with the latest index.json of a package. This resulted in Artifactory not retrieving the metadata from the NuGet feed.
3. 固定的一个我ssue whereby Artifactory instances installed on Windows-based systems would fail to proxy NuGet API v3 feeds.
4. 固定的一个我ssue when searching from a NuGet client (e.g. Visual Studio) for a certain package that had more than 100 versions in a remote NuGet repository, returned only the first 100 versions in the search.
5. 固定的一个我ssue whereby memory consumption was high when calculating the index for the Gems virtual repository.
6. 固定的一个我ssue whereby tagging npm packages did not work properly.

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.6.5

Released: January 8, 2019

Issues Resolved

1. 固定的一个我ssue relevant for version 6.6.0 and above in which in some cases,migration to the artifactory-build-info repositorywould fail with errors in the log.

Artifactory 6.6.8

Released: March 12, 2019

Issues Resolved

1. 修正了在某些情况下, users could gain access to security APIs that are otherwise exposed only to administrators.
   JFrog would like to thankCipherTechsfor reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.6.10

Released: July 22, 2019

Issues Resolved

1. 固定的一个我ssue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.5

Released: October 11, 2018

Highlights

Release Bundle Repository

As part ofthe Distribution flowthat was introduced withEnterprise+, Artifactory now supports release bundle repositories.

TheRelease bundle repository protects the artifacts created in the Artifactory source instance, by copying them into a separate repository where their contents cannot be edited or removed.

Whenever a new release bundle is created and signed, it is copied and saved into an immutablerelease-bundlesrepository in Artifactory. This ensures consistency in the artifacts being distributed among target instances.

*This feature is available when upgrading to both Artifactory 6.5 and Distribution 1.3

Xray Data in Package Native UI

This version adds data fromJFrog Xrayto thePackage Viewer, enriching the information on major package types in Artifactory. Once a specific package is selected in the package viewer, Artifactory will expose data about license and security violations detected by Xray for all of the versions of the selected package.

This critical information helps users choose the right packages and version they would like to use.

Access Tokens Lifecycle Management

This version adds more capabilities for administrators to exercise greater control over the lifecycle of access tokens:

• Previously, expirable tokens could not be revoked. This version moderates this feature in that now, all tokens can be revoked, but with theminimum-revocable-expiryflag set in theaccess.config.ymlfile, you can specify a minimal period of time during which a token cannot be revoked.

JFrog Access User Guide

JFrog Access is the service that manages all aspects of authentication and authorization for all JFrog services under the hood. Run as a separate service that is installed under the same Tomcat with Artifactory, it stores all Users, Groups, Permissions and Access Tokens generated by any connected JFrog service. The features and capabilities of JFrog Access were previously concentrated around theAccess TokensandAccess Federationpages in the JFrog Artifactory User Guide. As the service’s capabilities were extended, and its scope widened to include all JFrog products, its documentation has been moved to a separate space to provide better visibility for its features and easier access to relevant information which now available in theJFrog Access User Guide, and will continue to be maintained and updated there.

Feature Enhancements

Changes have been introduced to improve the performance of Artifactory as a Docker registry while using PostgreSQL as the database.

Issues Resolved

1. 固定的一个我ssue where download requests to a remote RubyGems repository, marked as offline, would respond with a 500 error and the download request would fail.
2. 固定的一个我ssue where in some cases, list browsing in the UI for artifacts path with very long name (For example:/central/org/springframework/boot/spring-boot-starter-cloud-connectors/1.2.0.RELEASE/) would fail with a 404 error.
3. 固定的一个我ssue where new users created by REST API, would not automatically get added todefault groupsmarked with ‘Automatically Join New Users to this Group’.

4. 固定的一个我ssue where downloading an artifact with a name that contains an exclamation mark (i.e. !) would fail.
   Note: due to this fix, whendownloading an artifact from an archiverequires the resource path within the archive to start with a ‘/’
   For example: GEThttp://localhost:8081/artifactory/repo1/folder/a.jar!/META-INF/LICENSE

5. 固定的一个我ssue where deploying a Go build info to Artifactory, the artifacts’ path would not be displayed in the Builds page in the UI. This would happen only when Artifactory was configured behind NGINX.
   Available with JFrog CLI V1.20.2.
6. 固定的一个我ssue in which the ‘Last Login’ field would be updated for REST API calls. The field will now only be updated when logging through the UI.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.5.1

Released: October 18, 2018

Feature Enhancements

Support for Docker Manifest List (Fat Manifests)

Artifactory now supports hosting and proxying Docker images with aManifest List.

Issues Resolved

1. Fixed a UI issue with Xray data in thePackage Viewerin which if the same Docker tag existed in different repositories, the Xray graph would not be displayed.
2. 固定的一个我ssue in which pulling a Docker image from a remote Docker registry, for which "Block Unscanned Artifacts" was checked in Xray, would generate an "Unknown: Forbidden" error.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.5.2

Released: October 21, 2018

Issues Resolved

1. 固定的一个我ssue whereFiltered Resources(for example: username and password in settings.xml files a Maven repository) would not be populated when downloading the Filtered Resources file.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.5.3

Feature Enhancements

Released: September 26, 2018

Feature Enhancements

1. 外国层Artifactory现在可以下载码头工人, from a whitelist defined by an Artifactory administrator, to anArtifactoryDocker Remote Repository. This makes them available from Artifactory for future Docker pulls.
   This functionality is disabled by default, and can beenabled from the UI or usingREST API.
2. During replication, metadata files will be calculated by the target instance repository rather than replicated from the source repository, saving time and bandwidth.
3. Properties being created as a result actions such as replication, restore from trashcan and add,will now triggerthecreate and delete user plugin execution pointsthat can be used for catching the property event on the target Artifactory instance.
   For example: afterPropertyCreate, beforePropertyCreate, afterPropertyDelete and beforePropertyDelete
4. Artifactory now supportsCondaclient versions 4.3.0 and above which requires metadata files in bz2 format.

Issues Resolved

1. 固定的一个我ssue where HA system import failed and caused Artifactory to disconnect from Access. HA import will now work properly without requiring a restart to migrate users/groups/permissions and an additional system import to get the full import working.
2. 固定的一个我ssue where Artifactory became unavailable when runningGarbage Collectionand the Artifactory Trashcan contained an extreme amount of artifacts.
3. 固定的一个我ssue where Artifactory was sometimes unable to connect to Xray if the system default proxy was on.
4. 固定的一个我ssue where REST API requests that resolved Maven jar files, did not contain the Cache-Control header in the response.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.4.1

Released: Oct. 1, 2018

Issues Resolved

1. Fixed in an issue introduced in Artifactory 6.4 in which when configured with AWS S3 as the binary provider, Artifactory would not start up.

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.4.2

Artifactory 6.3

Released: August 22, 2018

Artifactory 6.3.4

Artifactory 6.2

Released: August 8, 2018

Feature Enhancements

Session Management for HA

This version enhances the internal session management between nodes in an Artifactory HA cluster to provide more stability. In previous versions, an HA cluster used a third-party library, Hazelcast, to manage sessions between the cluster nodes. From this version, Artifactory introduces a new mechanism that uses the database which makes session management more robust.

Artifactory集装箱码头工人

TheArtifactory Docker containernow starts and runs under anartifactoryuser and no longer requires root access. Similarly, theArtifactory NGINX Docker containernow starts and runs as usernginx.

Tomcat Version Upgrade

Tomcat包d with Artifactory has been upgraded toversion 8.5.32.

Issues Resolved

1. 固定的一个我ssue which prevented updating propertySets in theYAML configuration file.
2. 固定的一个我ssue in which when Xray Integration was enabled, for all artifacts scanned by Xray, the download counter would increase by one and the "Last Downloaded By" would indicate being downloaded by Xray.
3. 固定的一个我ssue in which upgrading from Artifactory 5.x to Artifactory 6.x would fail if anSSL/TLS certificatewas configured on one or more of the remote repositories.
4. 固定的一个我ssue in which when promoting a Docker tag with the REST API using an existingdockerRepository:tag, the call would deploy a new tag rather than overwrite the existing one resulting in orphaned layers.
5. 固定的一个我ssue in which using the UI to deploy a single artifact from a folder in a repository would sometimes fail with aconstantorg.artifactory.descriptor.repo.RepoType.undefinederror.
6. 固定的一个我ssue in which when reloading user plugins, whether through a scheduled task or on-demand via the REST API, new JARS would be loaded, but existing JARS would not, even if they had been modified.
7. 固定的一个我ssue in which installation of npm packages would fail because parsing the npm repository'spackage.jsonfile would fail when the value of its version field contained a leading "v" or "=" character.
8. 固定的一个我ssue in which downloading an individual file from within a ZIP file, the file would not be cached. This resulted in long resolution times every time you needed to resolve the file (because the file was never cached).
9. Artifactory has been enhanced to correctly manage the new character encoding that the Go client uses for capital letters.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.2.1

Artifactory 6.1

Released: July 1, 2018

Highlights

CRAN Repository Support

Artifactory now natively supportsCRAN repositories for the R language, giving you full control of your deployment and resolve process of CRAN packages.
您可以创建安全的地方凹口回购和私人itories with fine-grained access control. Remote CRAN repositories proxy remote CRAN resources and cache downloaded CRAN packages to keep you independent of the network and the remote resource, and virtual CRAN repositories give you a single URL through which to manage the resolution and deployment of all your CRAN packages.

Cross-Zone Sharding Enhancements

Sharding across multiple zonesallows you to create zones or regions ofshardeddata to provide additional redundancy in case one of your zones becomes unavailable. From 6.1, you can determine theorder in which the data is written between the zonesand can set the method for establishing the free space when writing to the mounts in the neighboring zones.

Feature Enhancements

Direct Access to Xray from the Xray Info tab

Added a link to theXray tabgiving you direct access to Xray from within the Artifactory Artifact tree browser.

Force Authentication on Virtual Maven Repositories

You can force the Maven client to send credentials in order to authenticate against the virtual repository.这意味着,即使启用匿名访问d for the Artifactory instance, a virtual repository configured usingthisfieldor directly in theRepository Configuration JSON,will require the Maven client to send its credentials.This will be enforced even if some of the aggregated local repositories under the virtual repository allow anonymous access.

NuGet Search is Now Case-insensitive

Previously searching for NuGet packages using the ID and version via the NuGet CLI was case-sensitive causing search results to be narrowed down to an accurate result. This was very limiting, especially if you were looking for a specific version. So for example, if I was searching forjunitversion 1.0.2, and therepository package name wasJUnit,I would not get any result.We now have improved the search to be case-insensitive, allowing for bothjunitorJUnitto be displayed in the search.

Build Promotion Timestamp Added to Release History Tab

Whenpromoting a build, under theBuilds > Release Historytab, you can now see thetimestamp of the build promotion.

Issues Resolved

1. 固定的一个我ssue in PyPI repositories in which PyPI packages set with metadata version 2.1 in the METADATA or PKG-INFO files were not indexed by Artifactory and were not available for download.
2. 固定的一个我ssue with npm repositories resulting in improved performance. Deploying a new version of an npm package that already exists in the repository caused Artifactory to calculate the metadata for all the package versions instead of calculating the metadata for the specific deployed package.
3. 固定的一个我ssue with npm repositories. This issue relates to tagging the version of a specific package that is not the ‘highest’ in terms of SemVer. When an npm client was trying to install the ‘latest’ package he would receive the ‘highest’ version instead of the package that was tagged as the "latest'. An example: if I have MyApp-1.0.0, MyApp-1.0.1, MyApp-1.0.2 and I tag 1.0.1 as the latest one (with npm tag command) when trying to install the latest package (e.g. npm install MyApp), MyApp-1.0.2 would be returned.
4. 固定的一个我ssue whereby users with special characters in their password (e.g. colon), tried to access their profile page by entering their password and would be redirected to a page with the following message:
   "You are already logged in. You can go to the home page or log out."
5. 固定的一个我ssue whereby pulling a Docker image caused the "Number of Downloads" counter for the image to be increased by two.
6. 固定的一个我ssue whereby setting thePassword Encryptionto ‘Required’, prevented anonymous users from performing authentication opposite the Docker repositories. A 401 error was generated.
7. 固定的一个我ssue regarding PyPI repositories whereby an Artifactory behind a proxy no longer ignores the "X-Artifactory-Override-Base-Url" header which overrides Artifactory base URL.
8. 固定的一个我ssue in Debian repositories. Artifactory could not extract metadata in Debian packages that contained a control metadata file archived as a ‘control.tar’ or a ‘control.tar.xz.

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.1.4

Artifactory 6.0

Released: May 17, 2018

Highlights

JFrog Enterprise+

Announcing the new Enterprise+ Platform, that provides a complete solution for covering all the steps involved in creating a secure, trustworthy, and traceable software release in a multi-site development environment.

The solution works in conjunction with source version control, continuous integration, and deployment tools.

The JFrog Enterprise+ platform bundle includes:

• JFrog Artifactory:all features available with an Enterprise license as well as Access Federation and the ability to work with Artifactory Edge.
• JFrog Distribution: an on-premise, centralized platform that lets you provision software release distribution.
• JFrog Xray: universal analysis of binary software components at any stage of the application lifecycle providing unprecedented visibility into issues lurking in components anywhere in your organization.

• JFrog Mission Control: all features available in Mission Control with the addition of:

  • the ability to add instances of Jenkins-CI, JFrog Distribution and JFrog Artifactory Edge as services in the system and monitor them

  • Insight and analytics on build processes through as set of metrics on the end to end build process

Enterprise+ Dedicated Features

The following dedicated Enterprise+ features are a part of the Artifactory 6.0.0 release:

• Access Federation
• Replicator
• Artifactory Edge

• JFrog Distribution and Release Bundles
  

  Distribution Release Bundles

  AQL has also been enhanced to support searching for release bundles and release artifacts. For more information, seeArtifactory Query Language.

For more details on the JFrog Enterprise+ platform, please refer to theJFrog Enterprise+ User Guide.

Single Sign-On Support

SSO allows you to log into all your JFrog applications using a single set of user credentials that are stored in the Authentication Provider Artifactory instance. When SSO is applied, the user logs into the JFrog product using a set of predefined credentials and is granted access across the board to the JFrog products. SSO eliminates the need to re-enter the credentials every time a product is accessed. It is automatically enabled for all the JFrog services that use an Authentication Provider for managing security.For more information, seeAuthentication Using Single Sign-On.

NuGet Enhancements

• NuGet API v3 Registry Support
  Artifactory nowsupports NuGet API v3and allows you to proxy remote NuGet API v3 repositories (e.g., theNuGet gallery) and other remote repositories that support API v3. For more information, see theAPI documentation.

• NuGet SemVer 2.0 Packages
  Artifactory now supportsSemVer 2.0 rulesfor NuGet repositories (for both NuGet API v2 and API v3), which means you can now use pre-release numbers with dot notations or add metadata to the version, for example:
  MyApp.3.0.0-build.60, MyApp.1.0+git.52406.
  

  Backward Compatibility for NuGet CLI Versions Lower Than 4.3.0

  NuGet packages with SemVer 2.0 are not available for NuGet clients using NuGet CLI versions lower than 4.3.0. Thisbreaking changeis due to required modifications made to the local repository structure in Artifactory to align with the official global repository behavior.
  To continue using NuGet packages in versions lower than 4.3.0, add theartifactory.nuget.disableSemVer2SearchFilterForLocalRepos = trueproperty to$ARTIFACTORY_HOME/etc/artifactory.system.propertiesand proceed to restart your Artifactory service.

  For more information, seeNuGet SemVer 2.0 Package Support.

Artifactory HA Enhancement

This version enhances the internal locking mechanism in Artifactory HA setups to provide more stability.
Prior to this version, Artifactory HA used the third-party Hazelcast library for distributed locking during concurrent operations. From this version, Artifactory introduces a new locking mechanism relying on the database to provide added robustness and stability.
Important:Since the new mechanism relies on the database and therefore may require additional database connections. For more information, seeDatabase Locks.

IPv6 Support

From Artifactory version 6.0.0, Artifactory supports IPv6-enabled hosts. This version allows users to configure IPv6 for both Artifactory standalone instances and for HA setups where you can configure the different nodes in the cluster to communicate over IPv6. This address is used to connect an Artifactory node to its peers over REST or TCP, when required. For more information, seeIPv6 Support.

Breaking Change

CSRF Protection

CSRF Protection was released in Artifactory 5.11. From Artifactory 6.0.0, CSRF protection is now enabled by default.Artifactory preventsCSRFattacks by using a new custom header - 'X-Requested-With', for internal UI calls.If you are using a proxy server, verify that the proxy does not filter out the 'X-Requested-With' header. For more information, seeCSRF Protection.

Feature Enhancements

Improved Builds Page and New Improved Table Design

TheBuilds pagehas a new look and feel, together with newly designed table provide an improved UI experience.
Also, a new look and feel for all tables in Artifactory.

Issues Resolved

1. (Applies only if you are upgrading from Artifactory versions 5.10.x and 5.11.x.): Fixed an issue whereby API keys were no longer valid when deactivating an Artifactory Key Encryption and then reactivating it.
2. 固定的一个我ssuewhereby Artifactory redirected to an incorrect URL resulting in a 404 error when navigating in PyPI repositories using the Native Browser and browsing a package.

3. 固定的一个我ssue whereby an event based pull replication caused a small thread leak in the subscribed Artifactory. For example, when the source Artifactory from which the target is pulling the artifacts. Additionally, we have capped the maximum number of subscribed Artifactories per repository to 30. You canmodify the maximum number of allowed subscribed Artifactories to the event based pull replication per repo by modifying the artifactory.system.propertiesfile, by adding the following line:

   artifactory.replication.eventbased.maxPullReplicationsPerRepo=
   In addition, we have added a new REST API call toGet Remote Repositories Registered for Replication.
   
4. 固定的一个我ssue whereby a Docker image would exist on two different repositories with the same tag, causing it to fail when distributing it to Bintray using a Distribution repository.
5. 固定的一个我ssue whereby changes made to Distribution repository rules (e.g., when modifying an existing rule), would not take effect and required restarting Artifactory.
6. 固定的一个我ssue in which two Helm charts containing different build metadata but sharing the same version would count as the same version.
7. 固定的一个我ssue whereby packing a Helm package not using the Helm client prevented the charts to be indexed.

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.0.1

Released: May 24, 2018

Issues Resolved

1. 固定的一个我ssue in which when running Artifactory in Microsoft Internet Explorer, several capabilities in the UI did not work: logging out from Artifactory, the Set Me Up window wouldn't close, the Artifacts tab would be blank and theAdvancedoptions under theAdmintab would be missing.

2. 固定的一个我ssue in which when running Artifactory in Microsoft Internet Explorer 11 or Microsoft Edge 15, the contents of the Builds and the Packages tab in the UI would be misplaced.
3. 固定的一个我ssue in which the Distribute build button in the Builds page in the UI was missing.

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.0.2

Released: June 7, 2018

Issues Resolved

1. 固定的一个我ssue related to the JFrog Xray integration in which artifacts could still be downloaded from a remote repository even though it was configured toBlock Unscanned Artifacts.
2. Fixed UI issues in the Builds module.

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.0.3

Released: June 25, 2018

Issues Resolved

1. Removed aremote code execution vulnerability that may have been exploited when a user with Admin permissions used one of the import capabilities in Artifactory.

   JFrog would like to thankJakub Zoczekof Allegro Group for reporting this issue and for working with JFrog to help protect our customers.

For a complete list of changes please refer to ourJIRA Release Notes.

Artifactory 6.0.4