Release Notes

一个rtifactory 6.23

Released: 19 October 2020

Feature Enhancements

Changes in Artifactory to Facilitate the New Docker Rate Limit

Following the latestDocker announcementregarding changes to the Docker Rate Limits, Artifactory 6.23 includes several internal improvements to support the usage of remote repositories opposite Docker Hub while taking into account the new rate limits. In order to use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in your一个dvanced Remote Docker Repositories.

Improvements to RubyGems Indexing for Remote Repositories

一个dded Bundler Compact index support for Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, set theartifactory.gems.compact.index.enabled=truevalue in theartifactory.system.propertiesfile.

Verify Audience Restriction Applied for SAML SSO

一个s part of JFrog's security enforcement, an additional verification step has been set up opposite the SAML server to validate SAML SSO authentication requests.
TheverifyAudienceRestriction属性SAML SSO摩根富林明的默认设置rog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured. For more information, seeSAML SSO Integration.

Improved Plugin Metadata Calculation for Maven

Maven plugin metadata is now calculated for every deploy or delete action for only Maven plugin files.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.23.1

Released: 2 November, 2020

Feature Enhancements

Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits

Docker Registry functionality is now optimized in Artifactory to accommodate the latest changes to the Rate limits announced by Docker. To prevent being blocked by the Docker hub, we have changed the default Retrieval Cache Period to six hours. Optimized the GET requests to Docker Hub by dramatically reducing the number by introducing HEAD requests and optimizing the usage of GET calls. To assist our Docker users, you will be will now receive a Platform level warning for every unauthenticated Docker remote repository pointing to Docker Hub. In addition to UI Improvements, the Remote Docker Authentication section has been moved to the Basic tab on theRemote Docker Repositoriespage.

Hardened the User Login Messages

User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.23.3

Released: 23 November, 2020

Feature Enhancements

Improvements to RubyGems Indexing for Local Repositories

一个dded Bundler Compact index support for Local repositories, in addition to the Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.

To use this new capability, in theartifactory.system.propertiesfile, set theartifactory.gems.compact.index.enabled=truevalue.

Resolved Issues

For a complete list of changes, please refer to ourJFrog Release Notes.

Artifactory 6.23.7

Released: 31 December 2020

Resolved Issues

一个rtifactory 6.23.13

Released: 22 February 2021

Highlights

一个voiding Security Risks by Flagging Safe Repositories

You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for PyPI and npm packages but will be extended to all the package types in the upcoming releases.

Feature Enhancements

Improvements to RubyGems Indexing for Virtual Repositories

一个dded Bundler Compact index support for Virtual repositories, in addition to Local and Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in theartifactory.system.propertiesfile, set theartifactory.gems.compact.index.enabled=truevalue.

Enhanced Folder Download Functionality

The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders.

Group REST API Enhancements

From Artifactory 6.23.13, when running theUpdate Group, you can enforce using lower case characters in user names when associating users to groups, by setting thevalidate.lowercase.username.on.group.associationto true. The default is set to false. When set to true, an error will be generated if an upper case character is used in the user name.

Database Locking Mechanism Improvements

Improved the database locking mechanism for High Availability environments.

Resolved Issues

一个rtifactory 6.23.15

Released: 4 April 2021

Highlights

Extended Flagging Safe Repositories Support for Docker and RubyGems Packages

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories has been extended to support Docker and RubyGems. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.

Resolved Issues

一个rtifactory 6.23.16

Released: 3 May 2021

Highlights

Extended Flagging Safe Repositories Support for Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget and SBT Packages

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories has been extended to support Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget and SBT Packages. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.

Feature Enhancement

Support for Controlling Signed URL Download Methods

You now have the option to set your signed URL redirects using one of these methods: S3, CloudFront or using a direct download without a signed URL redirect. For more information, seeControlling Your Signed URL Downloads.

Resolved Issues

一个rtifactory 6.23.18

Released: 18 May, 2021

Resolved Issues

一个rtifactory 6.23.19

Released: May 19, 2021

Resolved Issues

一个rtifactory 6.23.21

Released: 3 June, 2021

Feature Enhancements

Extended the Priority Resolution feature to Support Puppet Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field forLocalandRemoterepositories for Puppet packages.

Docker/Conan GetToken Request Improvements

Improved the response time of Docker / Conan getToken requests and reduced the number of DB calls.

Improved Metadata Request Performance for Remote Repositories

You can now configure theMetadata Retrieval Cache Timeout (Sec)parameter in the Remote Repository Cache tabRemote Repository Cache tabto control the Metadata timeout performance. If the timeout is reached, thelocal cached artifact is served andthe previous metadata is returned to the client.

Resolved Issues

一个rtifactory 6.23.23

Released: 27 June, 2021

Resolved Issues

一个rtifactory 6.22

Released: September 29, 2020

Resolved Issues

一个rtifactory 6.22.2

Released: May 23, 2021

Resolved Issues

一个rtifactory 6.21

Released: 11 August, 2020

Feature Enhancements

Improved LDAP Pagination Support Usage

一个dded the Used Page Results parameter in theLDAPpage to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. For unsupported LDAP servers, admins can disable the LDAP pagination results via the UI or Artifactory's configuration files, thereby improving LDAP performance and calls.

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.57, solving some security vulnerabilities described inCVE-2020-13935andCVE-2020-13934.

Resolved Issues

一个rtifactory 6.21.1

Released: May 23, 2021

Resolved Issues

一个rtifactory 6.20

Released: May 25, 2020

Highlights

Xray Block Unscanned Artifacts Timeout Policy

This version includes the capability to define the timeout policy for unscanned artifact download requests. This means that when ablock unscanned artifacts policyis configured in Xray, Artifactory will wait for the predefined time of the policy, to allow Xray to perform the required scan. This will prevent download request failuresthat require Xray scan on the artifacts.

In addition, to improve artifact download performance, Artifactory will now only request Xray scans results for repositories configured with block download policy.

Configurations areavailable here.

**一个vailable with Artifactory version 6.20.x and Xray version 2.12.x.

Support for RHEL 8 AppStream

一个rtifactory nowsupports Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. An example of this new metadata includes thedata type=modulesmetadata fromrepomd.xml. TheContentin AppStream in RPM is available in one of two formats - the familiar RPM format and an extension to the RPM format called Modules.

一个s part of the AppStream support in Artifactory, you can:

• Proxy AppStream modules through a remote RPM repository.
• Host and serve AppStream modules according to profiles and streams through a local RPM repository.
• Serve local and remote content through a virtual repository.

For more information, seeDeploying RPM Modules to Your Local Repository.

Feature Enhancements

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.54.

In this upgrade, theHTTP date headers issuethat existed in Artifactory 6.18.1 (that were bundled with Tomcat 8.5.51) was fixed.

npm Performance Improvements

Introduced performance improvements for the indexing process of npm repositories.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.20.1

Released: July 5, 2020

Feature Enhancements

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.55, solving some security vulnerabilities described inCVE-2020-9484.

Upgraded Npm Lodash Library

The npm lodash library has been upgraded to version4.17.15, to eliminate two security issues described inCVE-2018-16487andCVE-2019-10744.

Improved Permissions Cache Invalidation

Improved the permissions cache invalidation mechanism by minimizing the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.20.4

Released: May 23, 2021

Resolved Issues

一个rtifactory 6.19

Released: April 14, 2020

Highlights

Go Private GitHub Repositories Support

It is now possible to create a remote Go repository and proxy Go modules from GitHub private repositories.

一个dditional information on how to configure Artifactory and your Go client to work with GitHub private repositoriescan be found here.

Conda v2 Format

一个rtifactory now supports the Conda v2 metadata format. You can now useConda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).

一个s part of this change, Artifactory now supports the.condafile extension to compress packages more effectively and thecurrent_repodata.jsonfile that makes packages search faster.

Feature Enhancements

Reverted Tomcat Version to 8.5.41

一个rtifactory 6.19.0 version is now bundled with a downgraded Tomcat 8.5.41 version due to anissuefound in Tomcat version 8.5.51 that is currently bundled in Artifactory 6.18.1, 6.17.1, 6.16.2, 6.15.2, 6.14.4 and 6.13.3.

Just a bit of background, Tomcat was previously upgraded to version 8.5.51. Due to aknown issuein Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more detailshere.

This applies only if you are using clients that make use of the "If-Modified-Since“请求请求头to Artifactory, therefore validate that dates are sent in GMT format (according to the HTTP spec mandates).

We recommend upgrading to this version if your clients send dates in a timezone that is different than GMT format.

Docker Installation Includes Upgraded OpenJDK Version 11.0.6

The OpenJDK version that is bundled with the Artifactory Docker image was upgraded to OpenJDK 11.0.6.

Debian InRelease

一个dded support for Debian InRelease metadata files. Artifactory will now produce anInReleasemetadata file in the repository when working with GPG signing. Downloading a Debian package from Artifactory will now be faster as the client will only download theInReleasefile without downloading theReleaseandRelease.gpgfiles that are heavier.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.19.1

Released Date: 27 April, 2020

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.19.3

Released: May 23, 2021

Resolved Issues

一个rtifactory 6.18

Released: March 1, 2020

Highlights

PAT (Personal Access Token) Support for Remote Repository Authentication

除了基本的身份验证,用户name and password,一个rtifactory now supports remote repository authentication using Personal Access Tokens (PAT). The big advantage of using PATs is that you can strengthen your Artifactory security practices by using Access Tokens for authentication instead of using your primary credentials. For example, you can configure your remote Docker repository to point to GitHub and authenticate it by using a PAT. You can use PATs for any package type. For more information, seeRemote Credentials.

LDAP Improvements

一个rtifactory now supports a new type of一个ctive Directory "Nested Groups" search, enabling performance improvements when working with LDAP. This feature requires that Active Directory runs on Windows Server 2012 R2 version or later. There are no additional requirements for the Active Directory Windows Server side. For more information, seeSupport for Nested Groups.

Write-disabled Mode Supported for Shard Storage Requests

To enhancestorage sharding, Artifactory now supports disabling write-requests to shards.
This is useful, for example, when migrating data from a shard that must be replaced. First the feature is used to write-disable the shard and then the data is migrated to a new shard.
In addition, the feature still allows garbage collection to continue to clean the deleted binaries from the write-disabled shard.

To set the write-disable mode on a shard in Artifactory, see theConfiguring State-Aware Binary Providersection.

Feature Enhancements

Restricting System and Repository Imports

一个rtifactory allows admin users to import and export data at both the system level and the repository level. For more information, see theImporting and Exportingsection.

Sometimes, however, it is advantageous to restrict imports to avoid causing undesirable results.With this new feature, the system and repository import options can be disabled, thereby preventing specific admin users in the enterprise from performing imports. For example, you can stop an admin from overriding the Release Bundles distributed to an Artifactory Edge, by preventing them from importing the initial Artifactory state. For more information, seeImporting and Exporting.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.18.1

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. Fixed an issue whereby under certain circumstances, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

一个rtifactory 6.18.5

Released: May 21, 2021

Resolved Issues

一个rtifactory 6.17

Released: January 12, 2020

Highlights

Docker Improvements

Introduced performance improvements for Docker remote repositories.

Feature Enhancements

Support for Smart Remote Repositories on JCR (with E+)

From version 6.17, JCR supports pulling artifacts using Smart Remote Repositories. This enhancement allows pulling artifacts from other Artifactory instances (ones with Enterprise+ or Edge license), just like any remote repository.

Storage Summary Supports Large Instances

Thestorage summaryfeature (whether invoked from the UI or from the REST API)now uses a cache so it can quickly display the summary data of very large instances, consisting of many repositories with many artifacts. By default, the storage summary is calculated every hour and saved in the cache, but a system parameter allows the administrator to readjust the time and frequency of the calculation. The Storage page in the UI has a Refresh button for manually refreshing the data. The REST API has a new POST method that returns an immediate response and schedules an asynchronous calculation.

npm Virtual Repository Support forSemVer

The external dependency rewrite feature for the npm virtual repository now supports additional SemVer expressions, such as semver:4.x.0.

Now if you encounter SemVer issues, you can revert the changes using the new feature flag,artifactory.npm.semver4j.enabled, by changing its value to false.
In addition, a bug was fixed where Git and GitHub URLs with slashes resulted in an "Unable to determine download URL" error. For example:git://github.com/a/b.git#c/d.

Resolved Issues

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.17.1

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. Fixed an issue whereby under certain circumstances, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

一个rtifactory 6.17.4

Released: May 21, 2021

Resolved Issues

一个rtifactory 6.16

Released: December 1, 2019

Highlights

Upgraded the Microsoft Azure Storage SDK version included in Artifactory to V8

一个rtifactory has been upgraded to support Microsoft Azure Storage SDK for Java v8 enabling users to upload files larger than 12GB in the Azure Blob storage.

Running ‘go get’ commands from Github are Supported for Go Version 1.13 and Above

一个rtifactory supports serving and caching 'gosumdb' requests from a GoSumDb provider - for example, GoCenter.

Updated ‘Set Me Up’ for PyPI

The ‘Set Me Up’ function for PyPI remote repositories now includes your user credentials, thus allowing you to resolve packages using the ‘pip install ’ request without having to reinsert your Artifactory credentials for each request.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.16.2

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. Fixed an issue whereby under certain circumstances, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

Artifactory 6.15

Released: November 18, 2019

Highlights

Docker Manifest V2 Schema 2 Support

To align with theDocker manifest V2 Schema 1 deprecation, Artifactory by default will nowsupport blocking Schema 1 requests. Only Docker images with the latestmanifest V2 Schema 2will be supported for:

• Push requests, for new local repositories.
• Pull requests, for new remote repositories.

Existing local and remote repositories will continue to support both schemas.

Configuration can be changed at any time viaREST API(using theblockPushingSchema1flag) or the UI.

Make sure you are using the latest Docker client versions, which will automatically convert your images accordingly. Artifactory will continue to allow Scheme 1 pull requests.

Cloud Object Storage Supported for Artifactory Pro Licenses

一个rtifactory Pro now supports using cloud object storage from themajorSaaS providers. Previously an Enterprise-only feature, Artifactory Pro users can now use only - Amazon's S3, Google's Cloud Storage, or Azure's Blob Storage as their binary provider.
一个n Enterprise license is still required forotherobject storage providers, such as OpenStack Swift,CEPH, or NetApp's StorageGRID.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

Artifactory 6.15.1

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

Artifactory 6.15.2

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. Fixed an issue whereby under certain circumstances, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

一个rtifactory 6.14

Released: November 3, 2019

Highlights

Significant UI Performance Improvements

一个rtifactory 6.14 applies server-side pagination in the UI resulting in faster page load performance for the Builds, Permissions and Search pages.

Ubuntu 18.04 Support

Installing Artifactory on Ubuntu 18.04 is now supported.

GoProxy Support

一个rtifactory now allows you to configure the Golang proxy (proxy.golang.org) as a remote repository in addition toJFrog GoCenter.

Feature Enhancements

Xray Integration Improvements

一个dded an improved Xray indexing mechanism to support a vast amount of repositories, containing larger numbers of binaries. Artifactory saves every Xray event with a unique constraint according to the package type and component path, thereby resolving the indexing-duplication.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.14.1

Released: November 11, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.14.2

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   
   

一个rtifactory 6.14.4

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. Fixed an issue whereby under certain circumstances, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

一个rtifactory 6.13

Released: October 6, 2019

Highlights

UI performance improvements

一个rtifactory 6.13 includes performance improvements by introducing server-side pagination, allowing faster loading of data in the UI. This will apply to the following pages:

1. 一个rtifact Repository Browser- the tree browser will now load repositories and their content paginated.
   Note:Due to this change, theFindfunctionality in the tree browser will now only search repositories loaded from the server (i.e. repositories currently visible in the tree view).
2. Home Screen- the repositories list will now be paginated.

Replication Improvements

The replication process of repositories with many files has been enhanced to avoid most unexpected disconnections.This is done by saving a compressed file list of the target repository on the source Artifactory instance. The comparison of the file lists between the source and the target will now be done on the source instance.

一个PI for setting and getting group membership for users

TheGet Group DetailsandUpdate GroupREST APIs have been updated to enable getting or setting users in a specific group.

• Get all users associated with the group
• 一个dd a list of users to the group

Feature Enhancements

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.13.1

Released: October 8, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.13.2

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.13.3

Released: March 23, 2020

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issue Resolved

1. Fixed an issue whereby under certain circumstances, authenticated users were able to:
   • Retrieve environment information from Artifactory that normally required administrative rights.
   • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.

一个rtifactory 6.12

Released: August 18, 2019

Highlights

Support for Smart Remote Repositories on Edge Nodes

From version 6.12,一个rtifactory Edgesupports pulling artifacts usingSmart Remote Repositories. Previously distributing artifacts to an Edge Node could only be done using Release Bundles. This enhancement allowspulling artifacts from other Artifactory instances(ones with Enterprise+ or Edge licenses), just like any remote repository.

Support for remote repositories (that are not Smart Remote) is not available. For example, creating a remote repository pointing to Docker hub is not supported.

This feature is available as a JFrog Artifactory On-Premise installation and requires a JFrog Enterprise+ or JFrog Artifactory Edge license.

S3 Cloud Storage Provider Using the Official AWS SDK

一个rtifactory now supports using S3 cloud storage provider using the official AWS SDK. S3 using JetS3t library is still supported, upon upgrade you are not required to make any changes.

To opt-in and use the new S3 template,see here.

Pull Latest Docker Image from Virtual Repository

You can now set yourVirtual Docker repositories根据他们的modificat拉码头工人图像ion time in scenarios where two or more aggregated repositories contain the same tag name. For example,busybox:1.1.
Instead of fetching the image that is positioned higher in the resolution order in the virtual repository, Artifactory will return the Docker image last deployed to one of the aggregated repositories in the Virtual repository. Artifactory will first try to fetch the tag from the Local repositories according to the modification time, if not found, it will continue to try to fetch the image from the Remote repositories according to the resolution order.

This functionality is useful for multi-site environments where you create the same image on two different instances.

To configure this, set theresolveDockerTagsByTimestampparameter to true (false by default) whencreating a new repository.

Tomcat Version Upgrade

The Tomcat bundled with Artifactory has been upgraded toversion 8.5.41.

Feature Enhancements

Concurrent File Download Performance Improvement

Multiple concurrent downloads of the same file will now only be downloaded once from a remote binary provider (for example, S3), improving system performance and decreasing network load.

Checksum validation for files downloaded fromcloud storage

Artifactory现在完成额外的检查um validation when downloading an artifact from cloud storage, such as S3. This is to prevent any potential corruptions or incomplete streams, for example where the checksum value of the file does not match the checksum name of the file.

Garbage collection performance improvement

Improved garbage collection for large scale systems.

EncryptedAssertio Artifactory SAML集成n Support

一个rtifactory SSO SAML integration now supports Encrypted Assertion, using an X509 public key certificate generated by Artifactory. This enables users encrypt their payloads that includes user data such as name and email, providing an added security layer.

一个nonymous access disabled by default

For new installations, anonymous access will now be disabled by default for hardening security.It can be enabled at any time.

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.12.1

Released: August 28, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.12.2

Released: September 11, 2019

Issues Resolved

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.12.3

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.11

Released: 25 June, 2019

Highlights

Direct Cloud Storage Download

Get optimized cloud storage when storing your binaries on AWS S3 by downloading your binaries directly from the cloud storage without having to route through Artifactory on the way. Artifactory can now redirect requests from clients (supporting HTTP 302 responses), directly to the cloud storage. As a result, the load on the Artifactory local storage cache is reduced as the large artifacts will be downloaded directly from the cloud. This feature is available as a JFrog Artifactory On-Premise installation and requiresa JFrog Enterprise+ or JFrog Artifactory Edge license.

Direct Cloud Storage Download is available for Docker, Helm, Maven, Npm, Debian (supported from Client version 9), PyPI, Bower, CRAN, Composer, and RubyGems.Support on Google Cloud Storage (GCP) will be added in the forthcoming releases.For more information, seeDirect Cloud Storage Download.

Optimized Repository Replication with Checksum-Based Storage

一个rtifactory alongside storage solutions offers an additional alternative for binary replication. You can now enable Artifactory to perform replication of the actual binaries directly through the storage layer without routing the data through Aritfactory and from there to the storage. This is recommended if you are already replicating your Artifactory data to another Artifactory cluster using a solution provided by the storage provider. As part of this new capability, Artifactory will continue to replicate the artifacts' metadata and ensure the consistency of the data. In parallel, Artifactory will offload the heavy lifting part of the replication to the storage device, allowing you to only replicate the metadata and make sure the file is available on the target instance. Checksum-Based storage is enabled by adding a feature flag to the Push/Pull Rest API commands and will be available in the UI shortly. Requires an Enterprise+ license. For more information, seeOptimizing Repository Replication with Checksum-Based Storage.

Issues Resolved

1. Fixed an issue whereby, in some cases, Artifactory would not validate the API key authentication for an LDAP user opposite the LDAP server as part of the authentication process opposit Artifactory.
2. 修正了在HA环境在一些地方cases, after deleting a group, the group members in the cluster can still perform actions based on the group rights for some time.
3. Fixed an issue with Ruby Gems repositories whereby accessing the /versions API endpoint (e.g. `/api/gems/gems-local/versions`) would fail with the following error: `getWriter() has already been called for this response'.
4. Fixed an issue whereby when running event-based replication, in some cases, the properties were not replicated to the destination instance only once the CRON replication was initiated.
5. Fixed an issue regarding Conda virtual repository performance, whereby Artifactory calculated metadata for every client request.
6. Fixed an issue whereby a remote repository did not display artifacts if the artifact name included special characters and the item was not yet cached.
7. Fixed an issue whereby users could not perform delete operations when the permission targets only included builds with no repositories.
8. Fixed an issue whereby if one of the email addresses of one of the admin users would not be a valid address, email notifications would be sent only to some of the admin users and not all of them.
9. Fixed an issue whereby an exception was thrown when triggering pull replication if the request body was left empty.
10. Fixed an issue whereby an outdated Crowd REST client version in Artifactory caused delayed logins when using an HTTPS-based Crowd server.
11. Fixed an issue whereby Artifactory will attempt to convert NPM packages with non-semver versions to semver instead of automatically rejecting suspected packages.
12. Fixed an issue whereby users were missing the delete permissions for the Promote build plugin endpoint.
13. Fixed an issue whereby only a user with read-only permissions could run the npm dist-tag to update the metadata.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.11.1

Released: June 30, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.
3. Fixed an issue when the ‘password max age’ in the configuration was enabled and set, Artifactory failed to load with a configuration error after restart.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.11.3

Released: July 22, 2019

Mail server with TLS 1.2 connections Support

一个rtifactory now supports email messages with TLS 1.2.

Fixed Issues

1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only for an Admin user.
   
2. Fixed an issue where in some circumstances Gem artifacts failed to resolve from a virtual repository.

一个rtifactory 6.11.6

Released: August 13, 2019

Fixed Issues

1. Fixed an issue, whereby under certain circumstances, users experienced performance degradation when searching in the Artifactory UI.

一个rtifactory 6.11.7

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.10

Released:May 6, 2019

Highlights

Support for Conan Remote and Virtual repositories

In addition to local repositories, Artifactory nowsupports Conan remote and virtual repositories. Remote Conan repositories proxy remote Conan resources and cache downloaded Conan packages to keep you independent of the network and the remote resource. Virtual repositories allow you to aggregate multiple local, remote and virtual Conan repositories under a single endpoint and easily manage the resolution and deployment of all your Conan packages.

Support for npm audit

一个rtifactory nowsupportsnpm audit, allowing you to get vulnerabilities on your npm projects’ dependencies tree.

一个udit reports contain information about security vulnerabilities of dependencies and can help fix a vulnerability by providing npm commands and recommendations for further troubleshooting.

This functionality will be enabled by default on npm virtual repositories that aggregate at least one remote repository that supports npm audit. For example, a remote repository that points tohttps://registry.npmjs.orgor Artifactory Smart Remote repository.

JFrog Xray users with Artifactory Pro X / Enterprise / Enterprise+ license, will get an enhanced audit report that includes security vulnerabilities from Xray's database. When Xray is configured to work with Artifactory, an audit report can be generated from scratch even without connecting to any remote repository.

Java 11 Compatibility

From this version, Artifactory officially supports running with JDK 11 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 11.

Java 8 support end of life is coming up, and Artifactory contains components that require Java to run properly and include Java runtime as part of Artifactory.

Feature Enhancements

New Artifactory User Plugins hooks

The ArtifactoryUser Pluginsnow include two new hooks:

• Upload.beforeUploadRequest,useful for overriding the actual repository path during the Artifactory upload process.
• Download.altAllResponses, used to provide an alternative response during the Artifactory download process, by setting response headers, status code, error message or inputStream and size context variables.

Issues Resolved

1. Fixed an issue where downloading a Docker image from remote repositories did not cache layers that existed on the local drive of the user trying to download the image, resulting in missing layers in the remote cache repository. Artifactory will now search for any missing layers in all repositories the user has permissions for and copy them to the remote cache repository for full image coverage that contains all layers.

2. GoLang repository fixes and enhancements:

   1. Go .mod and .info files can now be viewed from within the Artifactory UI.

   2. 一个dded bothgolang.organdk8s.ioto the default whitelisted Govirtual repositoriesexternal dependencies.

   3. Fixed an issue where a 404 response instead of a 400 response was returned when trying to resolve directly from a remote Go repository REST resource.
   4. Fixed an issue where aNullPointerExceptionwas printed to Artifactory logs, when setting up a remote repository with Artifactory as the module provider and the url asgithub.com, and requesting a mod file.
   5. Fixed an issue when resolving artifacts from a remote Go repository, the go-get.html file was stored instead of the info module. Unused go-get.html files will now be removed.

   6. Fixed an issue where downloading a Go module with a version that contains upper case characters would fail

3. Fixed an issue where virtual Docker repositories composed of aggregated local/remote repositories that had one repository configured with exclude patterns, would return 404 when trying to resolve Docker images. Artifactory will now search for the Docker image in all of the aggregated repositories of the virtual repository.

4. Fixed an issue where using the Gems client to search for packages in a virtual repository did not return any results.

5. Fixed an issue where communication between Artifactory instances in an HA configuration did not work in some cases where the service ID was changed.

6. Fixed an issue in the UI where in Admin > Users > [specific user] > User Permissions table, the same permission target would be listed more than once, based on the number of groups the specific user would be associated with.

7. Fixed an issue in which trying to get the IP address of a user in User Plugins requests would sometimes return null.

8. Fixed an issue in which deploying packages that contain the plus sign character (+) whendeploying multiple fileswould convert the plus sign to spaces.
   

9. Fixed an issue in the UI > Permissions page when using Internet Explorer, where creating a new permission the scroll bar would not work in the Available/Included Repositories/Builds drag and drop components.

10. Fixed an issue in which if the proxy settings being used for the Sumo Logic integration settings in the Log Analytics page are incorrect, Artifactory would try to reach Sumo Logic directly without going through a proxy, causing potential timeouts.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.10.1

Released: May 20, 2019

Issues Resolved

1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.
2. Fixed an issue introduced in Artifactory version 6.10, whereby users trying to download an artifact that did not exist from an Artifactory, configured with Azure as the binary provider in Artifactory, would receive a 200 HTTP error code with an empty stream instead of receiving a 404 error.
3. Fixed an issue related在Artifactory引入的新的柯南API v26.9, whereby push replication for Conan local repositories was stopped when running replication from Artifactory 6.9 and above, to a target Artifactory running 6.8 or below.
   Please note that this was intentionally designed to prevent Conan repositories in the target Artifactory from being overwritten if you have not yet upgraded the target to 6.9 or above. After you upgrade the target Artifactory 6.9 or above, the replication process will resume.
4. Fixed an issue whereby promoting a build using the Build Promotion REST API will now only require granting the Deploy permission instead of the Delete+Deploy permission that was the requirement in Artifactory 6.6 to 6.10.0.
   Note that when promoting a build, you will see an entry in the access.log indicating that the build was deleted by a user named _system_.
5. Fixed an issue whereby changing or adding repositories could take up to a few minutes in some scenarios within certain environments in which Artifactory was set behind a proxy.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.10.2

Released: June 3, 2019

Issues Resolved

1. Fixed an issue in which installing Artifactory as a service on Windows while running with Java 11 would fail upon startup.
2. Fixed an issue in which under specific circumstances, Access Federation would fail to replicate security entities and will not recover automatically.
3. Fixed an issue, where in certain scenarios, creating a remote Maven repository from within the UI created a default value for the Max Unique Snapshots field with the username (e.g. admin). This caused an error when saved.
4. Fixed an issue when working with Azure as the Artifactory binary provider, in some cases would result in timeout errors in the logs.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.10.3

Released: June 11, 2019

Feature Enhancement

Proxying Remote PyPI Repositories Using a Custom Registry Suffix

一个rtifactory now supportsproxying remote PyPI repositories通过存储库内容(即包)can reside under different paths in addition to /simple (for example, DevPi repositories).

Issues Resolved

1. Fixed an issue where under certain scenarios, downloading a Debian package from a virtual Debian repository could take a long time, as opposed to downloading the same package from a remote Debian repository that would be served faster.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.10.4

Released: June 19, 2019

Issues Resolved

1. Fixed an issue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.
2. Updated Artifactory Docker base image tofix the following issue.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.10.6

Released: July 1, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

一个rtifactory 6.10.7

Released: July 22, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

一个rtifactory 6.10.9

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.9

Released: March 25, 2019

Highlights

Conan v2 Supports Conan Package Revisions

From Artifactory 6.9.0,Conan API v2is supported and introduces an extension of the binary layout to supportConan Package Revisions. Revisions allow you to change your artifacts while keeping the same Conan reference, allowing immutable binary artifacts whether it be because of changes to the recipe, or minor code changes between revisions (similar to snapshot builds in other languages).

一个fter the upgrade to Artifactory 6.9.0 is complete, your Conan packages will automatically be migrated to the Conan API v2 structure in Artifactory.

Conan API v2 support is backward compatible allowing you to continue using your current Conan client version to work with your Conan repositories from Artifactory 6.9 and above.

For the Conan client to work with the revisions feature, download theConan client 1.13 with Revisions enabled.

Support for Docker Manifest v2, Schema 1

一个dded support for Docker Manifest v2, Schema 1. Pulling Docker images from local/remote/virtual repositories that are set with Manifest v2 Schema 1 is now supported. For example:kibana:v4.6.1

一个dded Two New Target Endpoint Rest API Commands

一个dded two new REST APIs to retrieve the permission targets associated with a specific user or group:

• Get Permission Targets Per User
• Get Permission Targets Per Group

Issues Resolved

1. Fixed an issue whereby modifying a permission target containing an Admin user failed, and displayed the following error: ‘Permission target contains a reference to a non-existing user ’.
   
2. Fixed an issue whereby multiple entries with the following error: 'Couldn't find user named "xray" in ldap' were added to the Artifactory log when JFrog Xray was enabled with LDAP/ Crowd.
3. Fixed an issue, from Artifactory 6.8.0, whereby the Nginx image in the Artifactory Docker image did not contain the cURL utility.
4. Fixed an issue, from Artifactory 6.5.1, wherebyusing the RedHat CDK topull Docker images with a manifest list (i.e. fat manifest) fromhttps://registry.access.redhat.comwould fail.
5. Fixed an issue in PyPI repositories whereby packages containing “>” or “<” characters in the “data-requires-python” section of the package metadata file could not be downloaded.
6. Fixed an issue whereby Artifactory did not find metadata files (PKG-INFO/METADATA)in the root of the archive.
   
7. Fixed an issue whereby npm packages with Emoji characters in the package’s description field could not be downloadedwhen MySQL is set as the database.

8. Fixed an issue whereby the Test Connection button in the Remote repositories wizard in the UI would return a 405 error if the remote repository URL was an Artifactory URL (i.e. Smart Remote Repository).
   
   

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.9.1

Released: April 8, 2019

Feature Enhancements

npm virtual repository performance improvements

Performance improvements when installing an npm package from npm virtual repositories + reducing memory consumption.

一个ccess and Request log improvements

The request.log and access.log files now include the source user ID and the IP address. This applies to users accessing Artifactory via UI, REST API, ‘docker login’ command regardless of whether the authentication was successful (i.e. good credentials) or not (i.e. bad credentials).

一个rtifactory Docker installation using the Distroless base Docker image

To provide a smaller, and more secure Docker image of our Artifactory Docker distributions (oss, cpp-ce and pro), we have changed the base image used in our Docker files to theJFrog Distroless Docker imagethat includes only required packages. This reduces the image sizes by more than 30%.

Issues Resolved

1. Fixed an issue in Ruby Gems repositories where in some cases, cached dependency requests from a remote repository would not return the latest version.

2. Fixed an issue in Docker repositories where pulling a Docker image from a remote repository pointing to Microsoft/Azure container registry (e.g.mcr.microsoft.com) would fail with “error pulling image configuration: unknown blob”.

3. Fixed an issue in Docker repositories where pushing a Docker image with properties on the layers to one repository and then pushing another image with some shared layers to another repository, the layers in the second new repository would be cloned from the existing layers along with all properties. Only the "sha256" property will be cloned, the other properties will not be cloned.

4. Fixed an issue, relevant to version 6.4.0 and above, in which replicating Maven artifacts from a generic repository to another generic repository would not replicate the metadata, resulting in missing metadata on the target.

5. Fixed an issue in Maven repositories in which, when a client would ask for a snapshot and the snapshot version behaviour was ‘unique’, Artifactory would keep searching for the artifact in all the remote repositories even after the artifact was found.

6. Fixed an issue in which the Debian indexer would try to get artifact properties even in case non-Debian packages would be uploaded, deleted or moved from Artifactory.

7. Fixed an issue in RPM repositories where in some cases Artifactory would fail to parse XML metadata files on certain remote RPM repositories.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.9.2

Released: May 20, 2019

Issues Resolved

1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.

一个rtifactory 6.9.3

Released: June 19, 2019

Issues Resolved

1. Fixed an issue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.

一个rtifactory 6.9.4

Released: July 1, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.
   

一个rtifactory 6.9.5

Released: July 22, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

一个rtifactory 6.9.6

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.8

Released: February 14, 2019

Highlights

Support Bundle Repository

TheSupport Zonehas been enhanced with a simplified UI flow, which includes the ability to create a support bundle that contains the relevant data (such as system and log files) for a single Artifactory instance or multiple nodes in an HA cluster.Once a support bundle is created, it will be saved to the new defaultjfrog-support-bundlesystem repository for any future reference.

Feature Enhancements

一个rtifactory Pro Nginx Docker Image Upgrade with TLS v1.3 Support

一个s part of the Artifactory Pro Docker distribution, theNginx Docker Image(docker.bintray.io/jfrog/nginx-artifactory-pro)is now upgraded to Nginx version 1.15.5, running on top of Ubuntu 18.10 and provides full support for TLS v1.3.

Tomcat Extra Connectors for Artifactory Docker Images Support

You can now add extra Connectors to Artifactory Docker images Tomcat's server.xml, using theSERVER_XML_EXTRA_CONNECTOR environment variable

Improved Performance for Users Managed within a Group

The performance for authentication of users during login that are associated with groups has been enhanced.

Issues Resolved

1. Fixed an issue where in some scenarios of Artifactory HA scenarios, terminating the deploy of an artifact to a repository before the deploy was completed would result in a "Failed to move file from _pre folder to filestore" error in the log.

2. Fixed an issue in which Artifactory would allow creating users and groups using the REST API even if the username or group name included illegal characters (/\:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.

3. Replication fixes:

1. Fixed an issue where a source Artifactory configured to replicate more than one target would only replicate to one of the targets, after restarting the source Artifactory instance.

2. Fixed an issue in which pull event replication in a full-mesh topology would fail in some scenarios, after restarting one of the instances in the topology.

3. Fixed an issue when replicating an artifact that had properties on it while there was an artifact with the same name on the target (but different content), the properties from the source would not be replicated to the target.

4. Fixed 2 issue in Property Sets:

1. In some scenarios adding new properties to a Property Set would not work.

2. In some scenarios changing the value of single-value property would not work.

5. Fixed an issue where the Access config yaml was encrypted when using the JFrog Access encrypt API, causing an issue when trying to restart an Artifactory instance after an Access encrypt was completed.

6. Fixed an issue where using a custom user ID to run Artifactory and Nginx Docker containers custom configurations, caused Nginx to not start and Artifactory to fail setting the custom configurations.

7. Fixed an issue in Opkg repositories, where in some cases the repository indexing caused performance issues.

8. Fixed an issue in which in some scenarios, concurrent requests to a remote Docker repository would hang connections and threads.

9. Fixed an issue where theListDockerRepositoriesrest API would return an empty list and theListDockerTagsrest API would return an error rather than what is stored in cache, while the remote endpoint is unavailable. This fix requires setting theartifactory.docker.catalogs.tags.fallback.fetch.remote.cachesystem property to true (default false).

10. Fixed an issue in which when deploying a Gem to a local Ruby Gems package, the ‘Deployed By’ field would show _system_ instead of the actual username who deployed the package.

11. Fixed an issue in which retrieving the Effective Permissions for a repository or a build would not show the users who have permissions for the resource if the user got the permissions from a Group.

12. Fixed an issue where remote PHP repositories did not support last modified headers, which caused the client to download the same files remotely and not use the client cache.

13. Fixed an issue when deleting/deploying files to Helm or Cran remote repositories, a metadata calculation was unnecessarily triggered.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.1

Released: February 17, 2019

Issues Resolved

1. Fixed an issue where manually starting Artifactory version 6.8 on Windows using theartifactory.batfile or theartifactory.shon RPM and Debian would fail with an 'Application could not be initialized: Timed out waiting for join.key file to be made available aty' error.
2. Fixed an issue where setting theloginBlockDelaysystem property to 0, caused Artifactory to fail to start with the following error: 'Application could not be initialized: / by zero'.
3. Fixed an issue where access tokens created before Artifactory version 5.4 could not be used for authentication and returned a 401 error.
4. Significantly reduced the memory footprint of the global permissions cache held by Artifactory at runtime.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.2

Released: February 19, 2019

Issues Resolved

1. Fixed an issue where creating a new or distributing an existing release bundle would fail, after an upgrade to Artifactory versions 6.8.0 and 6.8.1.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.3

Released: February 26, 2019

Issues Resolved

1. Fixed an issue whereby when pulling a Docker image from a Docker repository, Artifactory would try to fetch the manifest list (i.e. fat manifest) file even if the image did not have a manifest list. This prevented users with Read-only permissions from pulling Docker images that did not have a manifest list.
2. Fixed an issue regarding Mission Control Disaster Recovery, whereby permission targets were not replicated from source to target instances.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.4

Released: March 4, 2019

Issues Resolved

1. Fixed an issue, applicable to Artifactory versions 6.8.0 to 6.8.3, where a user that is associated with a group that is configured with admin privileges and additional non-admin group(s), did not have admin privileges.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.6

Released: March 12, 2019

Issues Resolved

1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
   JFrog would like to thankCipherTechsfor reporting this issue and for working with JFrog to help protect our customers.

一个rtifactory 6.8.7

Released: March 14, 2019

Issues Resolved

1. Fixed an issue whereby performance was degraded when processing a massive Access Control List (ACL).
2. Fixed an issue that applies from Artifactory 6.6 and above, whereby starting Artifactory takes minutes due to index validation in the Oracle database.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.9

Released: April 22, 2019

Feature Enhancement

User authentication loading improvement

一个rtifactory can be configured to provide asynchronous loading of user/build permissions enhancing authentication of Artifactory's login performance.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.8.12

Released: May 20, 2019

Issues Resolved

1. Fixed an issue wherebyunder certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.

一个rtifactory 6.8.14

Released: June 19, 2019

Issues Resolved

1. Fixed an issue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.

一个rtifactory 6.8.15

Released: July 1, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
   
2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

一个rtifactory 6.8.16

Released: July 22, 2019

Fixed Issues

1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

一个rtifactory 6.8.17

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.7

Released: January 22, 2019

Issues Resolved

1. Fixed an issue relevant from Artifactory 6.6.3 / 6.6.5 in which with Artifactory running on a Windows machine, it was not possible to work with RubyGems repositories.

2. Fixed an issue in which for Artifactory instances that were upgraded to version 5.5 (in which SHA-256 checksums were introduced) and above, but whose database was not migrated to SHA-256 checksums, reindexing an entire Debian repository could take a long time.
   
3. Fixed an issue in which indexing of a Debian virtual repository that aggregates a local Debian repository would fail in one of the following scenarios:
   • a user triggers indexing of the local Debian repository using the REST API
   • a user with limited permissions deploys a Debian package into the local Debian repository
4. Fixed an issue in which Artifactory would not clean up temporary metadata files that were created during the Debian metadata calculation.
   
5. Fixed an issue in which under certain circumstances, an Artifactory remote Go repository would cache agoget.htmlfile instead of the corresponding Go module.
6. Fixed an issue whereby an一个rtifactory remote Go repository pointed to an Artifactory as a module provider (smart remote repository) resulting in the following:
   - Failure to fetch the real zip content by returning an empty zip file.
   - Failure to fetch info, MOD or Zip files if the remote URL contained a trailing slash.
7. 固定的一个问题,一个Artifactory远程再保险pository pointed to an Artifactory as the module provider (smart remote repository) resulting in failure to fetch info, mod and zip files if the remote URL had trailing slash.
8. Fixed an issue in which when proxyingGitHub.comin a remote Go repository, Artifactory would not pass credentials toapi.github.com
9. Fixed an issue in which parsing thego-importfrom thego-getmetadata for a Go package would fail if that metadata was spread out over multiple lines.
10. Fixed an issue in which when importing LDAP groups, Artifactory would not display results if a search for existing LDAP groups yielded more than 1000 results.
11. Fixed an issue in which after setting a custom SERVER_XML environment variable as part of a Docker execution command, the Docker container would succeed starting up the first time, but fail starting up from then on.
12. Fixed an issue in which Artifactory would allow creating a repository with a repository key that is longer than 64 characters using the REST API. While creating the repository succeeded, deploying to the repository would fail and the log would display the following error messages:
    
    • Could not acquire lock within 120 seconds
    • Couldn't acquire lock for: 120000 milliseconds
      
    When creating a repository using the REST API, Artifactory will now validate that the repository key is no longer than 64 characters (as is enforced when creating a repository through the UI).
    
13. Fixed an issue in which when deploying the same artifact under two different paths to a NuGet repository, and then deleting it from the first upload path, the NuGet repository would not get reindexed and the artifact would also not be available from its second upload path.
    
14. Fixed an issue in which Artifactory would allow creating a repository through the REST API even if the repository key included illegal characters (/\:|?*"<>). Artifactory now validates that the repository key only includes legal characters as is done when creating a repository through the UI.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.7.1

Released: January 30, 2019

Issues Resolved

1. Fixed an issue with npm in which proxyinghttps://registry.npm.taobao.org/with an npm remote repository would fail.
   

2. Fixed an issue in which editing a Permission Target from the Artifactory UI when running on Internet Explorer would result in a blank screen.
   

3. Fixed an issue with Go remote repositories in which proxying a Go remote repository in another Artifactory instance and clickingTest Connectionin the UI would fail with a 405 error.
   

4. Fixed an issue in which upgrading from an Artifactory version 5.6 or below to version 6.6.5 or above when Artifactory had MSSQL configured as its database would fail in certain scenarios.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.7.2

Released: February 3, 2019

Issues Resolved

1. Fixed an issue in which an ArtifactorySmart Remote Go repository(i.e. one that points to another Artifactory repository as its module provider) got a 404 response to get version list requests, instead of the version numbers.

2. Fixed an issue which occurred when using thesynchronizeLdapGroupsuser plugin together with PostgreSQL as the Artifactory database. With this combination, certain circumstances would cause multiple concurrent requests to the JFrog Access REST API resulting in a "duplicate index" error.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.7.3

Released: February 6, 2019

Issues Resolved

1. Fixed an issue in which installing a package from a remote RubyGems repository would fail when using Bundler.

For a complete list of changes, please refer to ourJIRA Release Notes.

For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version ofJFrog Artifactory Pro.

For Artifactory OSS, click to download this latest version ofJFrog Artifactory OSS.

For Artifactory Enterprise+, click to download the latest version ofJFrog Enterprise+.

一个rtifactory 6.7.5

Released: March 12, 2019

Issues Resolved

1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
   JFrog would like to thankCipherTechsfor reporting this issue and for working with JFrog to help protect our customers.

一个rtifactory 6.7.7

Released: July 22, 2019

Issues Resolved

1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

一个rtifactory 6.7.8

Released: December 2, 2019

Issue Resolved

1. Fixed an issue whereby under certain circumstances, a user with either Deploy or Annotate permissions could perform remote code executions.
   JFrog would like to thank一个tredis Partnersfor reporting this issue and for working with JFrog to help protect our customers.
   

一个rtifactory 6.6

Released: December 18, 2018

Highlights

构建信息存储库和权限管理

This version introduces a new local Build Info repository. This defaultartifactory-build-inforepository will store all build info files uploaded to Artifactory by the different CI server plugins, such as the Artifactory Jenkins Plugin, CLI, and directly through the Build Upload REST API or Artifactory UI.

The same build information will continue to be available through theREST APIand theBuilds pagein the Artifactory UI.

一个lso, it is now possible to define access to the different build info files withuser and group permissionssuch as read/deploy/delete. This is equivalent to managing permissions on repositories with include/exclude patterns on build info json paths, in the build info repository.

一个dditional benefits include:

• improvedaccessibilityto the build info json files and overallperformanceof the Builds module
• build info replicationto other instances, since they are stored as artifacts in a repository
  (Available using REST API only. Configuring replication for this repository through the UI will be added in future releases.)

Support for Debian Virtual Repositories

In addition to local and remote repositories, Artifactory now supportsDebian virtual repositories. Virtual repositories allow you to aggregate multiple local, remote and virtual Debian repositories under a single endpoint and easily manage your Debian packages.

This provides additional support for managing一个rtifactory multi-sites.

Calculate Debian package coordinates from remote repositories

一个rtifactory now enables you to extract Debian package metadata (i.e. component, distribution and architecture) from remote Debian repositories and assign them as properties on the cached packages. This can be done using theREST APIor from the一个rtifactory UI.

This enables searching for cached Debian packages in remote repositories, as well as whitelisting remote-cached Debian packages.

Hardened Security for Secrets

Toharden securitywhen providing encrypted data (secrets) such as connection strings to external databases, from this version, when running Artifactory, you canoptionallyprovide secrets in a temporary file. Artifactory will load the parameters specified in a temporary file at startup and then delete the file. Notice that this is an additional recommended functionality that will not change your current behaviour if not used.

一个rtifactory Edge Uploads Repository

一个rtifactory Edge nodes now include a default generic repository calledartifactory-edge-uploads, to which you can deploy files.
Note: this is the only repository in an Artifactory Edge node that's available for deploying files to.

SHA 256 Migration Task REST API Endpoints

From this version,Migrating to SHA-256can now also be done using the following two new REST API endpoints. This is in addition to ability to set the SHA-256 migration using the existing system setting configurations in Artifactory'sartifactory.system.propertiesfile.

• Start SHA256 Migration Task
• Stop SHA256 Migration Task
  

Feature Enhancements

1. Thepermission target page已经更新with a new view for easier navigation.
2. 一个rtifactory Docker container can be配置为运行为任何用户/组织p id.
3. 改进的性能在Microsoft SQL执行ing Property Search through UI or REST API.
4. In addition to theREST API, deleting a builddirectly from the Artifactory UIis now supported.

Issues Resolved

1. Fixed an issue in npm repositories where uploading npm packages that contained Emoji symbols in the package.json file would fail with an error.
2. Fixed an issue where Artifactory did not support Go module names that did not have a slash (/) in their names. For example, thego4.orgmodule used bygolang.org/x/build.
3. Fixed an issue where Go Package deployment to ArtifactoryGo repositories, using JFrog CLI, would fail and return a ‘Header Or Cookie Too Large’ error for packages with large mod files.
   This fix requires Artifactory 6.6 and JFrog CLI 1.23.0.
4. Fixed an issue where NuGet repository $batch requests resulted in an error.
5. Fixed an issue in NuGet virtual repositories where if a certain package would exist in more than one of the aggregated repositories, Artifactory would return all of those packages when the NuGet client would ask for the latest version of this package.
6. Fixed an issue in NuGet repositories where if the same NuGet package would exist in two different paths, when deleting the package from one of the paths, the package would not be returned to the client although it did exist in the other path. The only way to get around this was by manually running the recalculate index.

7. Fixed an issue where pip requests would ignore “If-None-Match” and If-Modified-Since” headers used with an /artifactory/api/pypi// endpoint.

8. Fixed an issue where in some cases where a user tried to login to Xray with SSO they received the following error message "Request was blocked. Please refer to access.log".

9. Fixed an issue where in a target HA instance for an event based pull replication, an exception was thrown when trying to propagate replication event between cluster nodes after deploy or delete events.
   
10. Fixed an issue where in some scenarios, remote pull replication did not work for Artifactory Cloud instances.
11. Fixed an issue in HA in which uploading a logo file to Artifactory through one of the nodes would update the logo for this specific node but not for the others node in the cluster.
12. Fixed an issue where一个zure blob storage endpointconfigurationwas not supported. You can now use the defaulthttps://.blob.core.windows.net/endpoint or define your own.
13. Fixed an issue in virtual repositories where in some cases the resolution order was not enforced and packages were not downloaded from the expected repository order list.
14. Fixed an issue in which executing a repository listing request through REST API with an Access Token would fail with a 403 error.
15. Fixed an issue where in some scenarios, remote pull replication did not sync the properties from the source Artifactory instance correctly.
16. Fixed an issue where using a checksum-deploy with push replication between local repositories, did not replicate the following artifact metadata:Last modified,Created,Created ByandModified By.
17. Fixed an issue where pip did not download from its local cache for some packages when using an Artifactory PyPI repository as its custom package index.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.6.1

Released: December 26, 2018

Issues Resolved

1. Fixed an issue that occurred only in Artifactory 6.6, in which if more than one Artifactory schema/catalog combination exists on the same database instance, and the user with which Artifactory connects to the database has permissions to see all of them, theBuild Info Migration from the database to the artifactory-build-info-repositorywould sometimes be completed with an error or a log entry indicating that the migration had failed with no specified reason.

2. Fixed an issue in which when using JFrog CLI to upload a Go module containing upper case characters in the module name, those characters would be converted to lower case characters pre-pended with an exclamation mark.
3. Fixed an issue with HTTP SSO where users working under a proxy would fail to access the Update Profile page.

Note: In version 6.6.1 and above, for Artifactory using MSSQL, an error occurs when the Database name in the configuration does not match the actual Database name. To resolve this issue, update the Database name in thedb.propertiesfile. You can retrieve the exact Database name by running the following command:

SELECT name, database_id, create_date FROM sys.databases;

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.6.3

Released: December 31, 2018

Feature Enhancements

For Artifactory Docker Images: Setting the Database Connection Pool Size is Now Supported

For Docker Image Artifactory installations, you canset thepool.max.activeandpool.max.idleparametersin theetc/db.propertiesby setting the following environment variables:

• DB_POOL_MAX_ACTIVE
• DB_POOL_MAX_IDLE

In the following example, we set the maximum active database connection pool to 500:

docker run ...... -e DB_POOL_MAX_ACTIVE=500 -e DB_POOL_MAX_IDLE=50 ....... docker.bintray.io/jfrog/artifactory-pro:6.6.3

For Artifactory Docker Images: Added Support for Environment Variables to Customize Tomcat server.xml Values

一个dded support for configuring Tomcat server.xml values. Just pass the values as environment variables with your Docker execution command and they will be injected into Tomcat's server.xml. For more information, seeSupported Environment Variables.

Issues Resolved

1. Fixed an issue whereby selecting the 'Remember Me' option to log in to the Artifactory UI did not work as expected. Logging in with 'Remember Me' is now valid for 14 days.
2. Fixed an issue whereby the NuGet API v3 feed for remote NuGet repositories did not get updated with the latest index.json of a package. This resulted in Artifactory not retrieving the metadata from the NuGet feed.
3. Fixed an issue whereby Artifactory instances installed on Windows-based systems would fail to proxy NuGet API v3 feeds.
4. Fixed an issue when searching from a NuGet client (e.g. Visual Studio) for a certain package that had more than 100 versions in a remote NuGet repository, returned only the first 100 versions in the search.
5. Fixed an issue whereby memory consumption was high when calculating the index for the Gems virtual repository.
6. Fixed an issue whereby tagging npm packages did not work properly.

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.6.5

Released: January 8, 2019

Issues Resolved

1. Fixed an issue relevant for version 6.6.0 and above in which in some cases,migration to the artifactory-build-info repositorywould fail with errors in the log.

一个rtifactory 6.6.8

Released: March 12, 2019

Issues Resolved

1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
   JFrog would like to thankCipherTechsfor reporting this issue and for working with JFrog to help protect our customers.

一个rtifactory 6.6.10

Released: July 22, 2019

Issues Resolved

1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

一个rtifactory 6.5

Released: October 11, 2018

Highlights

Release Bundle Repository

一个s part ofthe Distribution flowthat was introduced withEnterprise+, Artifactory now supports release bundle repositories.

TheRelease bundle repository protects the artifacts created in the Artifactory source instance, by copying them into a separate repository where their contents cannot be edited or removed.

Whenever a new release bundle is created and signed, it is copied and saved into an immutablerelease-bundlesrepository in Artifactory. This ensures consistency in the artifacts being distributed among target instances.

*This feature is available when upgrading to both Artifactory 6.5 and Distribution 1.3

Xray Data in Package Native UI

This version adds data fromJFrog Xrayto thePackage Viewer, enriching the information on major package types in Artifactory. Once a specific package is selected in the package viewer, Artifactory will expose data about license and security violations detected by Xray for all of the versions of the selected package.

This critical information helps users choose the right packages and version they would like to use.

一个ccess Tokens Lifecycle Management

This version adds more capabilities for administrators to exercise greater control over the lifecycle of access tokens:

• Previously, expirable tokens could not be revoked. This version moderates this feature in that now, all tokens can be revoked, but with theminimum-revocable-expiryflag set in theaccess.config.ymlfile, you can specify a minimal period of time during which a token cannot be revoked.

JFrog Access User Guide

JFrog Access is the service that manages all aspects of authentication and authorization for all JFrog services under the hood. Run as a separate service that is installed under the same Tomcat with Artifactory, it stores all Users, Groups, Permissions and Access Tokens generated by any connected JFrog service. The features and capabilities of JFrog Access were previously concentrated around the一个ccess Tokensand一个ccess Federationpages in the JFrog Artifactory User Guide. As the service’s capabilities were extended, and its scope widened to include all JFrog products, its documentation has been moved to a separate space to provide better visibility for its features and easier access to relevant information which now available in theJFrog Access User Guide, and will continue to be maintained and updated there.

Feature Enhancements

Changes have been introduced to improve the performance of Artifactory as a Docker registry while using PostgreSQL as the database.

Issues Resolved

1. Fixed an issue where download requests to a remote RubyGems repository, marked as offline, would respond with a 500 error and the download request would fail.
2. Fixed an issue where in some cases, list browsing in the UI for artifacts path with very long name (For example:/central/org/springframework/boot/spring-boot-starter-cloud-connectors/1.2.0.RELEASE/) would fail with a 404 error.
3. Fixed an issue where new users created by REST API, would not automatically get added todefault groupsmarked with ‘Automatically Join New Users to this Group’.

4. Fixed an issue where downloading an artifact with a name that contains an exclamation mark (i.e. !) would fail.
   Note: due to this fix, whendownloading an artifact from an archiverequires the resource path within the archive to start with a ‘/’
   For example: GEThttp://localhost:8081/artifactory/repo1/folder/a.jar!/META-INF/LICENSE

5. Fixed an issue where deploying a Go build info to Artifactory, the artifacts’ path would not be displayed in the Builds page in the UI. This would happen only when Artifactory was configured behind NGINX.
   一个vailable with JFrog CLI V1.20.2.
6. Fixed an issue in which the ‘Last Login’ field would be updated for REST API calls. The field will now only be updated when logging through the UI.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.5.1

Released: October 18, 2018

Feature Enhancements

Support for Docker Manifest List (Fat Manifests)

一个rtifactory now supports hosting and proxying Docker images with aManifest List.

Issues Resolved

1. Fixed a UI issue with Xray data in thePackage Viewerin which if the same Docker tag existed in different repositories, the Xray graph would not be displayed.
2. Fixed an issue in which pulling a Docker image from a remote Docker registry, for which "Block Unscanned Artifacts" was checked in Xray, would generate an "Unknown: Forbidden" error.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.5.2

Released: October 21, 2018

Issues Resolved

1. Fixed an issue whereFiltered Resources(for example: username and password in settings.xml files a Maven repository) would not be populated when downloading the Filtered Resources file.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.5.3

Feature Enhancements

Released: September 26, 2018

Feature Enhancements

1. 一个rtifactory can now download Docker foreign layers, from a whitelist defined by an Artifactory administrator, to an一个rtifactoryDocker Remote Repository. This makes them available from Artifactory for future Docker pulls.
   This functionality is disabled by default, and can beenabled from the UI or usingREST API.
2. During replication, metadata files will be calculated by the target instance repository rather than replicated from the source repository, saving time and bandwidth.
3. Properties being created as a result actions such as replication, restore from trashcan and add,will now triggerthecreate and delete user plugin execution pointsthat can be used for catching the property event on the target Artifactory instance.
   For example: afterPropertyCreate, beforePropertyCreate, afterPropertyDelete and beforePropertyDelete
4. 一个rtifactory now supportsCondaclient versions 4.3.0 and above which requires metadata files in bz2 format.

Issues Resolved

1. Fixed an issue where HA system import failed and caused Artifactory to disconnect from Access. HA import will now work properly without requiring a restart to migrate users/groups/permissions and an additional system import to get the full import working.
2. Fixed an issue where Artifactory became unavailable when runningGarbage Collectionand the Artifactory Trashcan contained an extreme amount of artifacts.
3. Fixed an issue where Artifactory was sometimes unable to connect to Xray if the system default proxy was on.
4. Fixed an issue where REST API requests that resolved Maven jar files, did not contain the Cache-Control header in the response.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.4.1

Released: Oct. 1, 2018

Issues Resolved

1. Fixed in an issue introduced in Artifactory 6.4 in which when configured with AWS S3 as the binary provider, Artifactory would not start up.

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.4.2

一个rtifactory 6.3

Released: August 22, 2018

一个rtifactory 6.3.4

一个rtifactory 6.2

Released: August 8, 2018

Feature Enhancements

Session Management for HA

This version enhances the internal session management between nodes in an Artifactory HA cluster to provide more stability. In previous versions, an HA cluster used a third-party library, Hazelcast, to manage sessions between the cluster nodes. From this version, Artifactory introduces a new mechanism that uses the database which makes session management more robust.

一个rtifactory Docker Container

The一个rtifactory Docker containernow starts and runs under anartifactoryuser and no longer requires root access. Similarly, the一个rtifactory NGINX Docker containernow starts and runs as usernginx.

Tomcat Version Upgrade

The Tomcat bundled with Artifactory has been upgraded toversion 8.5.32.

Issues Resolved

1. Fixed an issue which prevented updating propertySets in theYAML configuration file.
2. Fixed an issue in which when Xray Integration was enabled, for all artifacts scanned by Xray, the download counter would increase by one and the "Last Downloaded By" would indicate being downloaded by Xray.
3. Fixed an issue in which upgrading from Artifactory 5.x to Artifactory 6.x would fail if anSSL/TLS certificatewas configured on one or more of the remote repositories.
4. Fixed an issue in which when promoting a Docker tag with the REST API using an existingdockerRepository:标签,调用将部署一个新的标签,而不是overwrite the existing one resulting in orphaned layers.
5. Fixed an issue in which using the UI to deploy a single artifact from a folder in a repository would sometimes fail with aconstantorg.artifactory.descriptor.repo.RepoType.undefinederror.
6. Fixed an issue in which when reloading user plugins, whether through a scheduled task or on-demand via the REST API, new JARS would be loaded, but existing JARS would not, even if they had been modified.
7. Fixed an issue in which installation of npm packages would fail because parsing the npm repository'spackage.jsonfile would fail when the value of its version field contained a leading "v" or "=" character.
8. Fixed an issue in which downloading an individual file from within a ZIP file, the file would not be cached. This resulted in long resolution times every time you needed to resolve the file (because the file was never cached).
9. 一个rtifactory has been enhanced to correctly manage the new character encoding that the Go client uses for capital letters.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.2.1

一个rtifactory 6.1

Released: July 1, 2018

Highlights

CRAN Repository Support

一个rtifactory now natively supportsCRAN repositories for the R language, giving you full control of your deployment and resolve process of CRAN packages.
You can create secure and private local CRAN repositories with fine-grained access control. Remote CRAN repositories proxy remote CRAN resources and cache downloaded CRAN packages to keep you independent of the network and the remote resource, and virtual CRAN repositories give you a single URL through which to manage the resolution and deployment of all your CRAN packages.

Cross-Zone Sharding Enhancements

Sharding across multiple zonesallows you to create zones or regions ofshardeddata to provide additional redundancy in case one of your zones becomes unavailable. From 6.1, you can determine theorder in which the data is written between the zonesand can set the method for establishing the free space when writing to the mounts in the neighboring zones.

Feature Enhancements

Direct Access to Xray from the Xray Info tab

一个dded a link to theXray tabgiving you direct access to Xray from within the Artifactory Artifact tree browser.

Force Authentication on Virtual Maven Repositories

You can force the Maven client to send credentials in order to authenticate against the virtual repository.This means that even if anonymous access is enabled for the Artifactory instance, a virtual repository configured usingthisfieldor directly in theRepository Configuration JSON,will require the Maven client to send its credentials.This will be enforced even if some of the aggregated local repositories under the virtual repository allow anonymous access.

NuGet Search is Now Case-insensitive

Previously searching for NuGet packages using the ID and version via the NuGet CLI was case-sensitive causing search results to be narrowed down to an accurate result. This was very limiting, especially if you were looking for a specific version. So for example, if I was searching forjunitversion 1.0.2, and therepository package name wasJUnit,I would not get any result.We now have improved the search to be case-insensitive, allowing for bothjunitorJUnitto be displayed in the search.

Build Promotion Timestamp Added to Release History Tab

Whenpromoting a build, under theBuilds > Release Historytab, you can now see thetimestamp of the build promotion.

Issues Resolved

1. Fixed an issue in PyPI repositories in which PyPI packages set with metadata version 2.1 in the METADATA or PKG-INFO files were not indexed by Artifactory and were not available for download.
2. Fixed an issue with npm repositories resulting in improved performance. Deploying a new version of an npm package that already exists in the repository caused Artifactory to calculate the metadata for all the package versions instead of calculating the metadata for the specific deployed package.
3. 修正了npm存储库。这个问题relates to tagging the version of a specific package that is not the ‘highest’ in terms of SemVer. When an npm client was trying to install the ‘latest’ package he would receive the ‘highest’ version instead of the package that was tagged as the "latest'. An example: if I have MyApp-1.0.0, MyApp-1.0.1, MyApp-1.0.2 and I tag 1.0.1 as the latest one (with npm tag command) when trying to install the latest package (e.g. npm install MyApp), MyApp-1.0.2 would be returned.
4. Fixed an issue whereby users with special characters in their password (e.g. colon), tried to access their profile page by entering their password and would be redirected to a page with the following message:
   "You are already logged in. You can go to the home page or log out."
5. Fixed an issue whereby pulling a Docker image caused the "Number of Downloads" counter for the image to be increased by two.
6. Fixed an issue whereby setting thePassword Encryptionto ‘Required’, prevented anonymous users from performing authentication opposite the Docker repositories. A 401 error was generated.
7. Fixed an issue regarding PyPI repositories whereby an Artifactory behind a proxy no longer ignores the "X-Artifactory-Override-Base-Url" header which overrides Artifactory base URL.
8. Fixed an issue in Debian repositories. Artifactory could not extract metadata in Debian packages that contained a control metadata file archived as a ‘control.tar’ or a ‘control.tar.xz.

For a complete list of changes, please refer to ourJIRA Release Notes.

一个rtifactory 6.1.4

一个rtifactory 6.0

Released: May 17, 2018

Highlights

JFrog Enterprise+

一个nnouncing the new Enterprise+ Platform, that provides a complete solution for covering all the steps involved in creating a secure, trustworthy, and traceable software release in a multi-site development environment.

The solution works in conjunction with source version control, continuous integration, and deployment tools.

The JFrog Enterprise+ platform bundle includes:

• JFrog Artifactory:all features available with an Enterprise license as well as Access Federation and the ability to work with Artifactory Edge.
• JFrog Distribution: an on-premise, centralized platform that lets you provision software release distribution.
• JFrog Xray: universal analysis of binary software components at any stage of the application lifecycle providing unprecedented visibility into issues lurking in components anywhere in your organization.

• JFrog Mission Control: all features available in Mission Control with the addition of:

  • the ability to add instances of Jenkins-CI, JFrog Distribution and JFrog Artifactory Edge as services in the system and monitor them

  • Insight and analytics on build processes through as set of metrics on the end to end build process

Enterprise+ Dedicated Features

The following dedicated Enterprise+ features are a part of the Artifactory 6.0.0 release:

• 一个ccess Federation
• Replicator
• 一个rtifactory Edge

• JFrog Distribution and Release Bundles
  

  Distribution Release Bundles

  一个QL has also been enhanced to support searching for release bundles and release artifacts. For more information, see一个rtifactory Query Language.

For more details on the JFrog Enterprise+ platform, please refer to theJFrog Enterprise+ User Guide.

Single Sign-On Support

SSO可以登录所有JFrog众多ions using a single set of user credentials that are stored in the Authentication Provider Artifactory instance. When SSO is applied, the user logs into the JFrog product using a set of predefined credentials and is granted access across the board to the JFrog products. SSO eliminates the need to re-enter the credentials every time a product is accessed. It is automatically enabled for all the JFrog services that use an Authentication Provider for managing security.For more information, see一个uthentication Using Single Sign-On.

NuGet Enhancements

• NuGet API v3 Registry Support
  一个rtifactory nowsupports NuGet API v3and allows you to proxy remote NuGet API v3 repositories (e.g., theNuGet gallery) and other remote repositories that support API v3. For more information, see the一个PI documentation.

• NuGet SemVer 2.0 Packages
  一个rtifactory now supportsSemVer 2.0 rulesfor NuGet repositories (for both NuGet API v2 and API v3), which means you can now use pre-release numbers with dot notations or add metadata to the version, for example:
  MyApp.3.0.0-build.60, MyApp.1.0+git.52406.
  

  Backward Compatibility for NuGet CLI Versions Lower Than 4.3.0

  NuGet packages with SemVer 2.0 are not available for NuGet clients using NuGet CLI versions lower than 4.3.0. Thisbreaking changeis due to required modifications made to the local repository structure in Artifactory to align with the official global repository behavior.
  To continue using NuGet packages in versions lower than 4.3.0, add theartifactory.nuget.disableSemVer2SearchFilterForLocalRepos = trueproperty to$ARTIFACTORY_HOME/etc/artifactory.system.propertiesand proceed to restart your Artifactory service.

  For more information, seeNuGet SemVer 2.0 Package Support.

一个rtifactory HA Enhancement

This version enhances the internal locking mechanism in Artifactory HA setups to provide more stability.
Prior to this version, Artifactory HA used the third-party Hazelcast library for distributed locking during concurrent operations. From this version, Artifactory introduces a new locking mechanism relying on the database to provide added robustness and stability.
Important:Since the new mechanism relies on the database and therefore may require additional database connections. For more information, seeDatabase Locks.

IPv6 Support

From Artifactory version 6.0.0, Artifactory supports IPv6-enabled hosts. This version allows users to configure IPv6 for both Artifactory standalone instances and for HA setups where you can configure the different nodes in the cluster to communicate over IPv6. This address is used to connect an Artifactory node to its peers over REST or TCP, when required. For more information, seeIPv6 Support.

Breaking Change

CSRF Protection

CSRF Protection was released in Artifactory 5.11. From Artifactory 6.0.0, CSRF protection is now enabled by default.一个rtifactory preventsCSRFattacks by using a new custom header - 'X-Requested-With', for internal UI calls.If you are using a proxy server, verify that the proxy does not filter out the 'X-Requested-With' header. For more information, seeCSRF Protection.

Feature Enhancements

Improved Builds Page and New Improved Table Design

TheBuilds pagehas a new look and feel, together with newly designed table provide an improved UI experience.
一个lso, a new look and feel for all tables in Artifactory.

Issues Resolved

1. (Applies only if you are upgrading from Artifactory versions 5.10.x and 5.11.x.): Fixed an issue whereby API keys were no longer valid when deactivating an Artifactory Key Encryption and then reactivating it.
2. Fixed an issuewhereby Artifactory redirected to an incorrect URL resulting in a 404 error when navigating in PyPI repositories using the Native Browser and browsing a package.

3. Fixed an issue whereby an event based pull replication caused a small thread leak in the subscribed Artifactory. For example, when the source Artifactory from which the target is pulling the artifacts. Additionally, we have capped the maximum number of subscribed Artifactories per repository to 30. You can修改的最大允许数已订阅的基于“增大化现实”技术tifactories to the event based pull replication per repo by modifying the artifactory.system.propertiesfile, by adding the following line:

   artifactory.replication.eventbased.maxPullReplicationsPerRepo=
   In addition, we have added a new REST API call toGet Remote Repositories Registered for Replication.
   
4. Fixed an issue whereby a Docker image would exist on two different repositories with the same tag, causing it to fail when distributing it to Bintray using a Distribution repository.
5. Fixed an issue whereby changes made to Distribution repository rules (e.g., when modifying an existing rule), would not take effect and required restarting Artifactory.
6. Fixed an issue in which two Helm charts containing different build metadata but sharing the same version would count as the same version.
7. Fixed an issue whereby packing a Helm package not using the Helm client prevented the charts to be indexed.

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.0.1

Released: May 24, 2018

Issues Resolved

1. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer, several capabilities in the UI did not work: logging out from Artifactory, the Set Me Up window wouldn't close, the Artifacts tab would be blank and the一个dvancedoptions under the一个dmintab would be missing.

2. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer 11 or Microsoft Edge 15, the contents of the Builds and the Packages tab in the UI would be misplaced.
3. Fixed an issue in which the Distribute build button in the Builds page in the UI was missing.

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.0.2

Released: June 7, 2018

Issues Resolved

1. Fixed an issue related to the JFrog Xray integration in which artifacts could still be downloaded from a remote repository even though it was configured toBlock Unscanned Artifacts.
2. Fixed UI issues in the Builds module.

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.0.3

Released: June 25, 2018

Issues Resolved

1. Removed aremote code execution vulnerability that may have been exploited when a user with Admin permissions used one of the import capabilities in Artifactory.

   JFrog would like to thankJakub Zoczekof Allegro Group for reporting this issue and for working with JFrog to help protect our customers.

For a complete list of changes please refer to ourJIRA Release Notes.

一个rtifactory 6.0.4