Release Notes

Artifactory 5.3

Released: May 11, 2017

Due to a critical issue, if you are upgrading from a version below 4.4.1 directly to version 5.3, Artifactory will fail to start up. A patch has been released, and if your current version is below 4.4.1 you should upgrade toArtifactory 5.3.1．

Highlights

Grant Admin Privileges to a Group of Users

Artifactory now supports granting Admin privileges to a group of users which greatly improves the user experience since previously you could only provide Admin privileges to users individually.

This allows you to import a group from your LDAP or Crowd server andgrant Admin privilegesto the whole group in a single action.

Automatically Associate a SAML SSO User to an Artifactory Group

Artifactory will now accept a custom SAML attribute that can be mapped to existing groups (including imported LDAP groups). If a SAML user has the custom SAML attribute he will now inherit the permission specified in the corresponding group in Artifactory for the current login session.

Feature Enhancements

1. Performance of displaying data in theBuildsmodule in Artifactory UI has been significantly improved. This creates a much better user experience, especially for Artifactory instances with many builds or when viewing a project with many builds.
2. When importing users via SAML SSO, the users' email addresses are now also fetched and populate the corresponding field in their Artifactory user profile.
3. The installation script that installs Artifactory as a service has been enhanced to usesystemdon Linux distributions that support it. The script will automatically detect ifsystemdis supported, and if not, will useinit.das currently implemented.
4. In the Tree Browser, when selecting theEffective Permissionstab for the selected repository, you may now view the permission targets associated with that repository.
5. Previously, virtual repositories would only provide aGeneraltab with basic information about selected artifacts. Now, virtual repositories provide additional tabs that show all data about artifacts selected similar to the data that is provided when selecting the artifacts directly from the aggregated local or remote repositories.

Issues Resolved

1. Fixed an issue that prevented using Git LFS client v2.x withGit LFS repositoriesin Artifactory when using SSH.

2. Fixed a resource leak that was introduced when "Enable Dependency Rewrite" was enabled invirtual NPM repositories．This issue may have caused depletion of different resources such as open file handles, database connections and storage streams.

3. Fixed an issue that prevented pushing or pulling Docker images that had foreign layers when the image also had a "history" field in itsconfig.jsonfile.

4. Fixed an issue that caused a login failure when the "List Contents" permission in Active Directory was enabled for an Admin, but not for the user that was attempting to log in.

5. Fixed an issue related to Maven repositories in which the wrong artifact may have been retrieved for a download request since Artifactory did not consider the full path beyond the GAV coordinates.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.3.1

Released: May 24, 2017

Highlights

This is a patch that fixes a critical issue that was discovered in version 5.3.0 in which after upgrading from a versionbelowArtifactory 4.4.1 directly to Artifactory 5.3.0, Artifactory failed to start up.

Note that this issue didnotaffect upgrades from Artifactory 4.4.1 and above.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.3.2

Released: June 7, 2017

Issues Resolved

1. Fixed an issue in which, when upgrading an Artifactory HA cluster with 2 or more nodes, from version 5.x to version 5.3.x, Artifactory would throw a HazelcastSerializationException when displaying the UI. In the process of upgrading the cluster, you will still encounter this issue from nodes that have not yet been upgraded.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.2

Released: March 28, 2017

Main Updates

1. Improved the performance of property search when using PostgreSQL.
   This will significantly improve Docker operations on Artifactory Docker registries as the property search mechanism is used upon searching for Docker layers.

2. Improved the performance of Docker layers search mechanism on Artifactory Docker registries. This will be mostly significant when working with Docker layers that are being used by thousands of Docker images.
3. The Tomcat bundled with Artifactory has been upgraded to version 8.0.41.
   
4. Artifactory now regards thecontent.xml.xzand theartifacts.xml.xzfiles on a remote P2 repository as expirable resources, so whenever there is a metadata change in one of these files, Artifactory will use the updated file instead of the expired one.
5. When working with Conan repositories, Artifactory now supports variables with multiple values in theconanfile.txtfile. This enables Artifactory to fully extract[env]variables with multiple values and assign all those values to the corresponding property annotating the package in Artifactory.
6. Fixed an issue in which deploying multiple files to a virtual repository through the UI would fail.
7. Fixed a bug related to remote Docker registries in Artifactory that left connections and input streams open following docker pull operations.
   
8. Fixed an issue related to Debian repositories. Artifactory now adds an empty line at the end of thePackagesfile to fully support Debian tools such asdebootstrap．
9. Fixed an issue related to Debian repositories in which theComponentssection in the generatedReleasefile was named "Component" when there was indeed only one component. This has been fixed by naming the section "Components", regardless of the number of components.Following the fix, Artifactory now fully support tools such asdebootstrap．
10. Fixed an issue occurring in Artifactory HA clusters. When a node was stopped for any reason, its state as reported by the UI remained asRunning．This has now been fixed so the state for a stopped node is displayed asUnavailable．
    

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.2.1

Released: April 13, 2017

Highlights

Access Tokens

Authentication usingaccess tokenshas undergone two significant enhancements.

1. Any valid user in Artifactory can now create access tokens for personal use whereas previously only an Artifactory admin could create access tokens. This removes the burden of creating and managing access tokens for all users from the admin's shoulder, and gives non-admin users more freedom to operate within their ecosystem.
2. An Artifactory administrator can now create access tokens with admin privileges whereas previously, access privileges were specified by inclusion in different groups. This enhances the integration of external applications which may need admin privileges to work seamlessly with Artifactory.

Feature Enhancements

1. When upgrading an Artifactory HA installation from version 4.x to version 5.x, managing thebootstrap bundlehas been improved to become an automatic and seamless process. Artifactory will now create thebootstrap bundleon the primary node automatically, and extract it to the secondary nodes, so there is no longer any need to create and copy the bootstrap bundle manually.

2. Control Build Retention:允许您指定一个新的REST端点parameters for build retention has been added. Previously build retention could only be specified when uploading new build info. This enhancement provides an easy way to configure cleanup procedures for different jobs, and reduces the risk of timing out when deploying heavy build info.

3. By default, the "latest" version of an NPM package is the one with the highest SemVer version number. NPM repositories have now been enhanced so you can override the default behavior by setting a system property to assign a"latest" tagto the package that was most recently uploaded.
4. TheArtifactory Docker imagenow comes with the PostgreSQL driver built in, so there is no need to mount it separately or build it into a separate Docker image.

Issues Resolved

1. Artifactory is now aligned with the Docker spec and returns an authentication challenge for each Docker endpoint (even when anonymous access is enabled). This means that when using internal Artifactory Docker endpoints, you must first retrieve an authentication token which must then be used for all subsequent calls by your Docker client.
   

2. Fixed an issue in which NuGet virtual repositories that aggregated more than one local or remote repository may have omitted results when searching for a package.

3. When an Artifactory user with no "Delete" permissions was trying to deploy a build while specifying build retention, Artifactory would try and delete old builds and return a 500 error. This has now been fixed, and Artifactory will, instead, return a 403 error.

4. Fixed an issue in which Artifactory failed to pull a Docker image according to the digest of the manifest file from a remote Docker registry.
5. Fixed an issue in which aborting a download of a folder as an archive could leave open connections that were not closed which in turn would prevent further download of folders.
   This has now been fixed so download slots are freed and the connection is closed properly.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.1

Released: February 21, 2017

Configuration Management with Chef

Artifactory满足DevOps添加完整的核心support for configuration management with Chef. Share and distribute proprietary Cookbooks in local Chef Cookbook repositories, and proxy remote Chef supermarkets and cache remote cookbooks locally with remote repositories. Virtual Cookbook repositories let you access multiple Cookbook repositories through a single URL overcoming the limitation of the Knife client that can only access one repository at a time.

Configuration Management with Puppet

Artifactory now also fully supports configuration management with Puppet. Use local Puppet repositories to share and distribute proprietary Puppet modules, and use remote Puppet repositories to proxy and cache Puppet Forge and other remote Puppet resources. Use a virtual Puppet repository so the Puppet client can access multiple repositories from a single URL.

Main Updates

1. Support configuration management with Chef throughChef Cookbook repositories．Artifactory fully supports the Knife client for authenticated access, and also supports Berkshelf for anonymous access. Authenticated access for Berkshelf will be added in a forthcoming release.
2. Support configuration management with Puppet throughPuppet repositories．Full support for Puppet command line along with local, remote and virtual repositories for hosting and provisioning Puppet modules.
3. For Artifactory administrators, a list of common actions is available from thetop ribbonin the Artifactory UI for quick and easy access. This makes it easy to do things like creating repositories, adding users, adding groups and more.
4. Artifactory can now be run as a standalone instance in a Kubernetes cluster. For details, please refer toJFrog's examples using Docker on GitHub．
5. Artifactory now supports disabling UI access (i.e. the user may only access Artifactory through the REST API) through the addition of thedisableUIAccesselement in theSecurity Configuration JSON．
6. The default order of repository types in the tree browser has been changed to show virtual and distribution repositories first, as these are accessed more frequently, and then local and remote repositories.
7. ModifiedNGINX reverse proxy configuration generated by Artifactoryto enable using NPM scoped packages.
8. A performance issue with the login and logout procedure has been fixed, so the time to login or logout is now significantly reduced.
9. A bug in which duplicate files simultaneously uploaded to a sharded filestore occasionally caused deletion of the files, was fixed.
10. A bug in permissions management that disabled the Admin module after removing the default "Anything" and "Anonymous" permissions, was fixed.
11. Fixed an issue when upgrading Artifactory 4.x to 5.x in which the IAM role settings for S3 object storage in thebinarystore.xmlwere not correctly migrated to the upgrade has been fixed.

For a complete list of changes please refer to ourJIRA Release Notes

Artifactory 5.1.2

Released: March 8, 2017

Note: Due to a critical issue found when uploading files larger than 100MB to S3 compatible storage, this version has been removed fromJFrog Bintray．

Main Updates

1. Fixed a performance issue related to the "Most Downloaded Artifacts" widget on the Artifactory Home Page which, when refreshed, could cause the Artifactory database to stall on instances with a large number of artifacts.

2. Added support for Conan client v0.20.0 which includes a new section in the conanfile to allow adding environment variables and custom properties. These are indexed in Artifactory as properties and can be used in searches.

3. Improved performance of queries for artifacts which include an underscore character ("_") in their name. This is especially important for resolution of Docker images since all Docker layers include an underscore in the layer name.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.1.3

Released: March 9, 2017

Main Updates

1. Fixed issue related to uploading files larger than 100MB to S3 bucket.

2. Fixed issue causing display wrong information in “Most Downloaded Artifacts” when working with OraleDB.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.1.4

Released: March 19, 2017

Main Updates

1. Fixed an issue preventing Artifactory from starting up following an upgrade to version 5.x on Windows when Artifactory is configured with aKeystore．

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.0

Released: January 31, 2017

Improvements in Artifactory HA

• Cloud Native Storage:Artifactory HA infrastructure has undergone significant changes and now fully supports cloud native storage. We have completely removed the requirement for using a Network File System (NFS).This release introduces a new type of binary provider that manages distribution of files and configuration across the cluster nodes.This new functionality supports scaling out your storage by relying on object storage solutions or using the nodes' filesystem without the limitations of a traditional NFS, while enjoying other benefits such as distributed storage and redundancy.
• Removal of Sticky Sessions:Artifactory no longer requires that the load balancer used in the Artifactory HA network configuration support session affinity (sticky sessions). You may need to change or remove NGINX configurations that related to sticky sessions.
• Cluster License Management:Managing licenses for an Artifactory HA cluster is much simpler in Artifactory 5.x. Instead of registering a license per node, just upload all your cluster license keys to any cluster node, and Artifactory will transparently allocate them as new nodes are added to and removed from the cluster. Thisallows automatic provisioning of cluster nodes without the need to deal withmanually assigning a license for each node.

Compatibility with JFrog Mission Control

If you are managing your Artifactory licenses through JFrog Mission Control, Cluster License Management will also be supported in Mission Control, starting from version 1.8, scheduled for release with the next release of Artifactory which is scheduled for February 2017.

To perform a clean installation of Artifactory HA, please refer toHA Installation and Setup．

To upgrade your current installation of Artifactory HA, please refer toUpgrading Artifactory HA．

Running Artifactory as a Docker Container

Installing and running theArtifactory Docker imagehas been greatly simplified. Essentially it is now a matter of runningdocker pulland thendocker run, while passing in mounted volumes to maintain persistence.

Access Tokens

Artifactory 5.0 introducesaccess tokensas a new and flexible means of authentication allowing cross-instance authentication, authenticating both users and non-users, providing time-based access control and group-level access control.

Enriched and Simplified Onboarding Experience

When starting up for the first time, Artifactory presents two new ways to get you through basic setup and configuration so you can get started immediately. The first is theOnboarding Wizardthat creates default repositories for package types you select, sets up a reverse proxy, sets the Admin password and more. The second is aYAML Configuration Filein which you can configure the same parameters that the wizard is used for. For example, once you have configured your first instance of Artifactory through the Onboarding Wizard, you can generate the YAML Configuration File from it and use that to spin up additional instances with the same initial configuration.

New Home Screen

The ArtifactoryHome Screenhas been completely redesigned in version 5.0. The new Home Screen provides quick and easy access to some of the most common actions taken by users including searching for artifacts using any of the search methods available, creating new repositories, displaying the "Set Me Up" dialog for any repository, showing information on the latest builds and downloaded artifacts and more.

Breaking Changes

Artifactory HA Infrastructure has Undergone Several Changes

• Removal of NFS requirement:Previously, Artifactory HA required setting up a mount that was used by the$CLUSTER_HOME folderto synchronize configuration and binary files between the cluster nodes. This requirement is now removed. Configuration files are maintained in the database, and binaries may be stored on alternative storage such as local storage on each node or on a cloud storage provider. To learn how to migrate your filestore from NFS to alternative storage, please refer toMigrating Data from NFS．
• Bootstrap Bundle:When setting up an HA cluster, you need to create abootstrap bundleon the primary node, and then copy it to each secondary node you add to the cluster before starting it up.
• License Management:Artifactory HA licenses are now fully managed through theCluster License Manager．
• Unlicensed Nodes:When adding and starting up a node, if a valid license is not available to the Cluster License Manager, the node will continue to run, but will remain unlicensed and return a 503 error to any requests it receives. To keep your HA cluster running until the node is licensed, you can modify your reverse proxy configuration to redirect requests to the next upstream if a 503 error is received by adding
  proxy_next_upstream http_503 non_idempotent;．
  
  Please refer toConfiguring a Reverse Proxywhere you cangeneratea new Reverse Proxy Configuration that includes the modification needed.

Black Duck Code Center Integration Deprecated

Artifactory's direct integration with Black Duck Code Center has been deprecated. To continue using the Black Duck service, you can connect Artifactory to JFrog Xray which hasintegrated with Black Duckas an external provider of issues and vulnerabilities.

Global /repo Repository Deprecated

The Artifactory/reporepository endpoint is being deprecated. As part of the deprecation, any requests to the global/reporepositorywill no longer be valid,regardless to the value of theartifactory.repo.global.disabledsystem property. If you believe this deprecation will affect existing build jobs or scripts that are referencing the global repo, due to the deprecation, you will now be able to create your own standard Virtual Repository and call it “repo”, since the name will no longer be reserved.

Change in Startup and Shutdown Scripts

The startup and shutdown scripts have changed in Artifactory 5.0. Previously, these scripts used to create the "Artifactory" user as a standard user. To improve security, the user is now created without a login shell and the execution scripts use "su -s" (instead of "su -l") which means that the Artifactory user will not be available for any purpose other than for startup and shutdown.

Set Item Properties REST API Endpoint Changed

The version of Tomcat used in Artifactory 5.0 has been upgraded to8.0.39．这个版本的Tomcat不再支持unencoded URLs, so the REST API endpoints which used a pipe character ("|") as a separator have undergone corresponding changes so you can use a semicolon (";") as a separator instead, or use escaping to represent a pipe as %7C. Any scripts that use these endpoints may have to be changed to support the new specification. For details, please refer toSet Item Propertiesas an example.

Session ID Cookie Changed

你现在Artifactory会话ID存储在一个seSION cookie (instead of a JSESSIONID cookie).

Main Updates

1. Artifactory can now be installed in aHigh Availability configurationwithout needing an NFS.
2. Cluster License Managerfor Artifactory HA installations automatically manages licensing for your cluster nodes. This will also be supported by JFrog Mission Control in its forthcoming release.
3. Greatly simplified ArtifactoryDocker image installation．
4. Authentication usingAccess Tokens．
5. Greatly simplified onboardingusing either a UI wizard or a YAML file.
6. Home Screenhas been redesigned with a new look and feel for easy access to common actions and a rich user experience.
7. Searchhas been redesigned and is now available as a separate module for easy access from anywhere.
8. UI notifications in Artifactory have been improved for clarity.
9. Monitoring Storageis updated with a new look and feel.
10. 删除了要求在th会话关联e load balancer used in an Artifactory HA cluster.
11. Direct integration with Black Duck has been deprecated. You may continue usingBlack Duck through JFrog Xray．
12. Global/reporepository has been deprecated.
13. Artifactory Tomcat version was upgraded to 8.0.39.
14. From version 5, the YUM package type is replaced with RPM. i.e. what used to be a YUM repository is now referred to as anRPM repository．YUM will continue to be supported as a package type when creating repositories through the REST API for backward compatibility.
15. Users who are logged in through aSAMLserver can be associated withLDAP groupsthrough the use of a user plugin. Usethis user pluginas a reference as an example of a user plugin.
16. LDAP login performance was improved by narrowing Arifactory's search filter so it only searches through groups that have been imported to Artifactory rather than the full set of LDAP groups.
17. Added support forDocker manifestto reference remote layers by URL that will be pulled by the Docker engine before running the image.
18. Added metadata validation for Debian packages to ensureDebian repositoriesare not corrupted by malformed packages.
19. Fixed an issue in whichDocker imageswhich were imported to Artifactory and then exported sometimes failed to produce the correct schema.
20. Fixed an issue regarding email notifications for backups so that now, a notification is sent for both manual and automatic scheduled backups if the backup fails.
21. Fixed an issue in which downloading from a virtualGit LFS repositorywould fail if the file would not exist in the first positioned repository in the list.
22. Fixed an issue in which YUM metadata GPG signing was skipped if the passwords in Artifactory were encrypted.
23. Fixed an issue in whichGit LFS repositoriesthat require authentication will fail push requests when Anonymous Access is enabled.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 5.0.1

Released: February 7, 2017

Main Updates

1. A memory leak that was discovered in the newcluster license managerimplementation has been fixed. This issue may have caused Artifactory to stop responding and is now resolved.

2. A limitation in Artifactory HA, that potentially prevented you from accessing large support bundles, and prevented Artifactory from starting up, has been removed. Now, you can access the support bundle for any node in an HA cluster regardless of its size.

3. An issue preventing Artifactory from starting up when using IBM JDK 8 has been fixed.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.16

Released: January 16, 2017

Support for Xray CI/CD Integration

As a critical link between JFrog Xray and Jenkins CI (more CI servers will be added in future releases), Artifactory adds support for Xray's CI/CD integration allowing you to fail build jobs if vulnerabilities are found in the build. Artifactory acts as an intermediary between Jenkins and JFrog Xray.

You can configure the Jenkins Pipeline to send a synchronous request to Xray to scan a build that has been uploaded to Artifactory. Artifactory passes the request on to Xray which scans the builds in accordance with Watches you defined, and respond with an indication to fail the build job if an alert is triggered.

Xray CI/CD integration is supported from Artifactory 4.16, JFrog Xray 1.6 and Jenkins Artifactory Plugin 2.9.0.

Main Updates

1. Add support for JFrog Xray CI/CD integration allowing you to fail build jobs if the build scan triggered an alert.

2. Fix a bug that caused a memory leak related to JFrog Mission Control DR configuration.

3. Fix an issue in whichcreatedByandmodifiedByfields were missing after running an import.

4. When a build is deleted, whether through the UI, via REST API or due to a build retention policy, Artifactory now sends a corresponding event to Xray so it can remove that build from its database and avoid triggering alerts for deleted builds.
5. A fix has been put in place to prevent a security vulnerability (CVE-2016-10036) that may have been exploited through a web UI API endpoint, which potentially allowed unauthorized uploading of files to unexposed locations in the Artifactory host.
   JFrog would like to thankAlessio Sergiof Verizon Enterprise Solutions forreporting this issue and for working with JFrog to help protect our customers.

Artifactory 4.16.1

Released: March 15, 2017

Main Updates

1. The Tomcat bundled with Artifactory has been upgraded to version 8.0.41.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.15

Released: December 13, 2016

Conan Repositories

Artifactory brings binary repositories to the world of C/C++ development with support forConan repositories．By supporting the Conan client, Artifactory offers enterprise grade repository management supporting high-availability, fine-grained access control, multi-site development, CI integration and more. Providing an in-house local repository for C/C++ binaries, Artifactory is a secure, robust source of dependencies and a target to efficiently upload packages built through Conan. C/C++ development will never be the same again.

Main Updates

1. Add support forConan repositories．
2. Significantly improved performance in Artifactory installations serving thousands of users related to the intensive permission validation process. For example, this should solve slow NuGet search issues in these Artifactory installations.
3. Fixed an issue in which changing the severity specified fordownload blockingfor a repository, or removing it altogether, did not update Xray correctly and the change was not registered.
4. Fixed an issue in which the JSON returned fromGet Repository Replication Configurationwas not always compatible with REST API endpoints used to set repository replication configuration.
   
   

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.14

Released: October 20, 2016

PHP Composer Repositories

Artifactory now supports development with PHP as a fully-fledged PHP Composer repository. Create local repositories to host your internal PHP packages, or proxy remote resources that host PHP index files or PHP binary packages.

Main Updates

1. SupportPHP Composerlocal and remote repositories.
2. Artifactory can now issue a warning before running a backup if there isinsufficient disk space．
3. Performance when simultaneously calculating Debian metadata for multiple distributions in multiple repositories has been improved.

Known Issues

1. In case DR instance is manage by JFrog Mission Control there is a risk of a memory leak which may cause the Artifactory service to stop responding.
   Related issues areRTFACT-12854,RTFACT-13358．

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.14.1

Released: November 1, 2016

Main Updates

1. Fixed an issue related to clean up of YUM metadata index files.
2. Fixed a distribution issue related to packages with special characters (e.g. ':') in the package or version name.

Known Issues

1. In case DR instance is manage by JFrog Mission Control there is a risk of a memory leak which may cause the Artifactory service to stop responding.
   Related issues areRTFACT-12854,RTFACT-13358．

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.14.2

Released: November 27, 2016

Main Updates

1. LDAP login performance improved

   Login performance has now been improved by only searching attributes that have been configured in the LDAP Group setting rather than for the entire set of attributes. This is especially noticeable when user belongs to many groups.
   
   

2. Npm search issue fix

   Due to breaking changes in npm client behavior, from version 4.0 of the Npm client, searching through Artifactory was failing. This was because the client could not parse the response with the "_updated" field of searches that used "since" . This has now been fixed by removing the field from the response for partial searches.
   
   

3. NuGet search issue fix

   When the results of NuGet package search required pagination, several results were omitted. This was due to a mismatch between how Artifactory returned each page of the results (using a "$skip" parameter), and how the NuGet client expected the result (based on the "$top" parameter. This has now been fixed by aligning Artifactory with the NuGet client so no results are omitted.
   
   

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.14.3

Released: December 7, 2016

Using Previous Encryption Keys

If Artifactory is unable to decrypt data with the current Master Key (the contents of theartifactory.keyfile), you can now set theartifactory.security.master.key.numOfFallbackKeysproperty in theartifactory.system.propertiesfile which specifies the number of previous keys Artifactory should try and use to decrypt data .

Main Updates

1. Enable Artifactory to use previous Master Keys keys to decrypt data.

Known Issues

1. In case DR instance is manage by JFrog Mission Control there is a risk of a memory leak which may cause the Artifactory service to stop responding.
   Related issues areRTFACT-12854,RTFACT-13358．

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.13

Released: September 21, 2016

Xray Enhancements

Artifactory 4.13.1

Released: October 13, 2016

Main Updates

1. An issue, in which Bower packages downloaded from virtual repositories were returned "flat" rather than in their original structure, has been fixed.

2. Thesystem logsare refreshed periodically. An administrator can now pause the countdown to refresh the system log.

3. The order in which different repository types aresorted in the tree browsercan now be set by a system property.

4. Performance when managing Groups and Users for permission targets has been improved.

Known Issues

1. In case DR instance is manage by JFrog Mission Control there is a risk of a memory leak which may cause the Artifactory service to stop responding.
   Related issues areRTFACT-12854,RTFACT-13358．

For a complete list of changes please refer to ourJIRA Release Notes．

Known Issues

1. RubyGems dependency query might cause unexpected DB behavior when working with a very large sets of artifacts.
   Related issue isRTFACT-12480, fixed in version 4.12.2.

Artifactory 4.7.6

Released: May 9, 2016

Main Updates

1. Significantly improved performance of Maven metadata calculation on path which contains a large number of versions.

2. Disable the/reporepository for new Artifactory SaaS instances provisioned.
   NOTE: For existing customers this change will take effect next time theartifactory.system.propertiesis re-created. This can happen when an Artifactory server is migrated to another region, or during certain maintenance operations.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.6.1

Released: March 21, 2016

Main Updates

1. A fix, to accommodate a change in the Docker client, that enables re-pushing existing layers when working with Docker 1.10.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.5

Released: February 14, 2016

CocoaPods repositories

Manage your dependencies for Apple OS development through Artifactory. Artifactory supports CocoaPods with local and remote repositories.

Main Updates

1. CocoaPods Repositories．

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.5.1

Released: February 18, 2016

OAuth Security Fix

This release fixes a security vulnerability related to OAuth.

YUM performance

YUM memory management had undergone additional tuning to further improve performance.

Main Updates

1. OAuth security fix.
2. YUM performance tuning.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.5.2

Released: February 28, 2016

This is a minor update that provides several bug fixes.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.4 brings more advancements to security capabilities including:

• Preventing brute force attacks at identity theft with increasingly delayed responses to repeated failed attempts at authentication, and locking out users after repeated failed login attempts.
• SSH Authentication for Git LFS and Artifactory CLI
• OAuth support for Docker client

Opkg Repositories

Artifactory is now a fully fledged Opkg repository, and generates index files that are fully compliant with the Opkg client. Create local repositories for your internal ipk packages, or proxy remote Opkg repositories. Provide GPG signatures for use with the Opkg client, and manage them using the UI or through REST API.

Trash Can

Artifactory now provides a trash can that prevents accidental deletion of important artifacts from the system. All items deleted are now stored for a specified period of time configured by the Artifactory administrator, before being permanently removed.

Main Updates

1. Local and remoteOpkg repositories．
2. Deletion protection with aTrash Can．
3. SSH Authentication forGit LFSandArtifactory CLI．
4. OAuth authentication for theDocker Client．In addition, users can be granted access to their profile page usingOAuthinstead of having to type in their passwords.
5. Scan RubyGems toextract their licensesand display them as properties.
6. To combat unauthorized logins that use brute force, an administrator can configureuser locking．In addition, Artifactory also implementstemporary login suspensionfor unauthorized REST API access.
7. Extract Docker labels and create correspondingpropertieson the image's manifest.json file.
8. Support for Virtual Repositories andInserting User Credentialsin Set Me Up dialogs.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.4.1

Released: January 13, 2016

Password Expiration Policy

An Artifactory administrator can now force all users to change their password periodically by enabling a password expiration policy.

Externally Authenticated Users

An Artifactory administrator can now enable users, who are authenticated using external means such as SAML SSO, OAuth or HTTP SSO, to access their profile and generate an API Key or modify their password.

Apache Reverse Proxy Configuration

In addition to NGINX, Artifactory now also provides you with the code snippet you need to configure Apache as your reverse proxy. Just feed in your reverse proxy settings, including your handling of Docker repositories, and Artifactory will generate the configuration script you can just plug into your Apache reverse proxy server.

Main Updates

1. Password expiration policy
2. Allow users authenticated bySAML SSO,OAuth, orHTTP SSOto access their profile and generate an API Key or modify their password.
3. Reverse proxy configuration for Apache．

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.4.2

In addition to several bug fixes, this minor update fixes an issue with backward compatibility for S3 Object Store when upgrading to Artifactory v4.3 and above.

This version also presents a significant improvement in download performance.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.4.3

Basic Authentication

You can now use your API key as your password for basic authentication. This means that clients that cannot provide the API key in a header, can still be authenticated with the API key by including it instead of the password in the basic authentication credentials.

List Docker images

Using the List Docker Images REST API, you can get a list of images in your Docker repositories.

YUM Performance Improvements

Major improvements in performance when working with YUM repositories, showing up to 300% faster indexing of RPM packages.

Main Updates

This release includes the following main updates:

1. Compatibility with Docker v1.10 and the Docker Manifest v2 schema.
2. Major improvements in performance when working with YUM repositories.
3. Use your API key forbasic authentication．
4. API key headerchanged to X-JFrog-Art-Api.
5. REST API toenable or disable replication任务。
6. When authenticated externally, an admin can allow you toaccess your API key, Bintray credentials and SSH public keywithout having to unlock your profile.
7. REST API tolist Docker repositoriesusing /_catalog end point.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.3

API Keys

You may now authenticate REST API calls with anAPI keythat you can create and manage through your profile page or through theREST API．

Package Search

Run a search based on a specific packaging format with dedicated search parameters for the selected format. Performance is improved since search is restricted to repositories with the specified format only.

Support Zone

Generate the information that our support team needs to provide the quickest resolution for your support tickets.

Dependency rewrite for Bower and NPM

Remove the dependence on external artifact resources for Bower and Npm. When downloading a Bower or Npm package, Artifactory will analyze the package metadata to evaluate if it needs external dependencies. If so, Artifactory will download the dependencies, host them in a remote repository cache, and then rewrite the dependency specification in the original package's metadata and point it to the new location within Artifactory.

Improved support for S3 object store

JFrog S3 object store now supports S3 version 4 allowing you to sign AWS with Signature v4. Multi-part upload and very large files over 5 GB in size are now also supported.

Main Updates

1. Authentication usingAPI keys．
2. Package search．
3. ConvenientSupport Zonepage for submitting support requests.
4. Improved support forS3 object storewith support for S3 version 4.
5. Automatic rewrite of external dependencies forNpmandBowerrepositories.
6. HTTP request object is now accessible fromRealmsclosures in user plugins (RTFACT-8514).
7. REST API todownload a complete releasefrom VCS repositories.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.3.1

Reverse Proxy

Artifactory now provides a mechanism to generatereverse proxyconfiguration for NGNIX. This is very helpful when using clients, like Docker, that require a reverse proxy.

Support Google Cloud Storage (GCS)

Artifactory now supports GCS as a storage provider for you Artifactory instance.

Git LFS Batch API

Artifactory now supports batch calls from the Git LFS client allowing batch multiple file uploads.

Main Updates

1. Reverse proxy configuration generator
2. Google Cloud Storage
3. Batch file uploads forGit LFS repositories

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.3.2

Artifactory 4.2

In addition to implementing several bug fixes and minor improvements, this release introduces a Debian Artifactory installation and Deploy to Virtual repositories .

Debian Installation

Artifactory can now be installed as a Debian package.

Deploy to Virtual

Artifactory now supports deploying artifacts to a virtual repository via REST API. All you need to do is specify a local repository aggregated within the virtual repository that will be the deploy target.

OAuth Login

Artifactory now supports login and authentication using OAuth providers. Currently, Google, Open ID and GitHub Enterprise are supported.

Artifactory Query Language (AQL)

AQL has been greatly extended to include several additional domains, including Build and Archive.Entry as primary domains, giving you much more flexibility in building queries.

Main Updates

1. Artifactory installation as aDebian package
2. Deploy artifacts to avirtual repository
3. Authentication using OAuth providers
4. AQLhas been extended to include additional domains
5. Improvements toSmart Remote Repositories
6. REST API to retrievestorage information
7. Overwrite NuGet pre-release packages without delete permissions
8. Pushing Docker images to Bintray is now also supported for Docker V2 repositories
9. Several minor improvements to the UI

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.2.1

OAuth Provider

Cloud Foundry UAA is now supported as anOAuth provider．

SHA256

In addition to SHA1 and MD5,SHA2checksums are now supported also.

Main Updates

1. Artifactory now supports Cloud Foundry UAA forOAuth authentication．
2. Since Artifactory now fully supports the Bower client, support forolder versions of Bower(below v1.5) that were using bower-art-resolver beta version is now deprecated.
3. Internet Explorer compatibility issues have been fixed.
4. Artifactory's HTTP client has been upgraded to version 4.5.
5. Automatic license analysis is now also triggered whendeploying RPMs．
6. SHA256 calculation is now available, on demand via theUIor viaREST API．
7. Several minor improvements to the UI.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.2.2

Artifactory 4.1

In addition to implementing several bug fixes and minor improvements, this release introduces Smart Remote Repositories and Virtual Docker Repositories.

Smart Remote Repositories

Define a repository in a remote Artifactory instance as your remote repository and enjoy advanced features such as automatic detection, synchronized properties and delete indications.

Virtual Docker Repositories

Aggregate all of your Docker repositories under a single Virtual Docker Repository, and access all of your Docker images through a single URL.

Main Updates

Artifactory 4.1.2

This is a minor update that provides a fix for clients, such as Maven, that do not use preemptive authentication.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.1.3

This is a minor update that provides a fix for Docker Login with anonymous access.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.0

New User Interface

JFrog-Artifactory's user interface has been rebuilt from scratch to provide the following benefits:

• Intuitive:Configuration wizards for easy repository management
• Fresh and modern:New look and feel providing a rich user experience
• Set Me Up:Convenient code snippets to support simple copy/paste integration with software clients and CI tools
• Context-focused repositories:Repositories are optimized to calculate metadata for single package types
• Easy access control:Easily implement your access policies with intuitive user, group and permission management
• Smart tables:Group and filter any data that is presented in tables

Groovy 2.4 for User Plugins

JFrog Artifactory 4 supports Groovy 2.4 letting you enjoy the latest Groovy language features when writingUser Plugins．

We strongly recommend you verify that all of your current User Plugins continue to work seamlessly with this version of Groovy.

Tomcat 8 as the Container

JFrog Artifactory 4.0only supports Tomcat 8 as its container for both RPM and standalone versions. If you are currently using a different container (e.g. Websphere, Weblogic or JBoss), please refer toUpgrading When Using External Servlet Containersfor instructions on how to migrate to Tomcat 8.

System Requirements

Java

JFrog Artifactory 4.0requiresJava 8

Browsers

JFrog Artifactory 4. 0 has been tested with the latest versions of Google Chrome, Firefox, Internet Explorer and Safari.

Breaking Changes

User Plugins

Some features of Groovy 2.4 are not backward compatible with Groovy 1.8. As a result, plugins based on Groovy 1.8 may need to be upgraded to support Groovy 2.4.

Multiple Package Type Repositories

JFrog Artifactory 4.0要求您指定一个如果ngle package type for each repository. For the specified package type, Artifactory will calculate metadata and work seamlessly with the corresponding package format client. For example, a repository specified as Docker will calculate metadata for Docker images and work transparently with the Docker client.

Artifactory will not prevent you from uploading packages of a different format to any repository, however, metadata for those packages will not be calculated, and the corresponding client for those packages will not recognize the repository. For example, if you upload a Debian package to a NuGet repository, Debian metadata will not be calculated for that package, and the Debian client will not recognize the NuGet repository.

You may specify a repository as Generic and upload packages of any type, however, for this type of repository, Artifactory will not calculate any metadata and will effectively behave as a simple file system. These repositories are not recognized by clients of any packaging format.

If your system currently includes repositories that support several package types, please referSingle Package Type Repositoriesto learn how to migrate them to single package type repositories.

Artifactory 4.0.1

This is a minor update that provides significant enhancements to our support for Docker, additional UI improvements as well as several bug fixes.

For a complete list of changes please refer to ourJIRA Release Notes．

Artifactory 4.0.2

This is a minor update that provides support for the latest Docker client 1.8.

For a complete list of changes please refer to ourJIRA Release Notes．

Previous Release Notes

For release notes of previous versions of JFrog Artifactory, please refer toRelease Notesunder the Artifactory 3.x User Guide