Artifactory Release Notes

Overview

This page presents release notes for JFrog Artifactory describing the main fixes and enhancements made to each version as it is released. 

If you need release notes for earlier versions of Artifactory, please refer to the Release Notes in the Artifactory 6.x User Guide.

Download 

Click to download the latest Artifactory version.

Previous Versions

Previous versions of JFrog Artifactory are available for download in the Previous Releases page.

Installation and Upgrade

For installation instructions please refer to Installing Artifactory.

To upgrade to this release from your current installation, please refer to Upgrading Artifactory.

Known Issues

For a list of known issues in the different versions of Artifactory, please refer to Known Issues.

Embedded OpenJDK Version

Artifactory uses OpenJDK embedded with the binary package.

The following table lists the Artifactory versions and the corresponding OpenJDK version.

JDK 11 is no longer supported from Artifactory version 7.46.3.

Embedded Tomcat Version

Artifactory uses Tomcat embedded with the binary package.

The following table lists the Artifactory versions and the corresponding Tomcat version.

Artifactory 7.52

This section includes all the Artifactory 7.52.x releases.

Artifactory 7.52.0 ^Cloud

Released: January 24, 2023

Feature Enhancements

npm Login Method has been Updated RTFACT-29293 

The Web Login method for npm is now supported. For more information, see npm Login. 

Conan Metadata Calculation has been Optimized RTFACT-27133

The time required to calculate metadata for Conan has been reduced by up to half. 

Resolved Issues

Artifactory 7.50

This section includes all the Artifactory 7.50.x releases.

Artifactory 7.50.5 ^Cloud

Released: January 23, 2023

Resolved Issues

Artifactory 7.50.3 ^Cloud

Released: January 11, 2023

Highlights

Custom Webhooks

Custom Webhooks are Webhooks whose HTTP request headers and payload can be fully customized to adapt to any target service, such as GitHub actions, Gitlab pipelines, Jenkins jobs, Slack, and more. Custom Webhooks trigger events with the format expected by the vendor. For more information, see Custom Webhooks.

Feature Enhancements

Edit the Live Logs Buffer Size 

You can now set the Live Logs buffer size using the Artifactory System YAML configuration readBlockSizeKB. For more information, see Live Logs.

Support to Select Whether an Access Token Gets the "force revocable" Flag in the Access REST API 

The "force revocable" flag in the tokens has been removed as a default setting and is now a Boolean parameter called "force_revocable" in the Create Token API. When the "force_revocable" param is set to true, we will add the "force_revocable" flag to the token's extension. In addition, a new configuration has been added that sets the default for setting the "force_revocable" default when creating a new token - the default of this configuration will be "false" to ensure that the Circle of Trust remains in place.

Resolved Issues

Artifactory 7.49

This section includes all the Artifactory 7.49.x releases.

Artifactory 7.49.5 ^Self-Hosted

Released: 11 January, 2023

Resolved Issues

Artifactory 7.49.3 ^{Cloud | Self-Hosted}

Released: 28 December, 2022

Breaking Change - Security Hardening When Distributing to a Remote JPD

As part of a JFrog Distribution security enhancement, the following changes have been implemented in the core Artifactory:

• The “_intransit” repository is now a system repository; the “_intransit” repository will no longer be visible as a repository in an Artifactory/Edge, and the user will not have access to this repository (even an admin).
• The “_intransit” repository can contain only artifacts that are part of a distributed Release Bundle. The option “allow only artifacts that are part of a bundle” is always enabled.
• Uploading artifacts and manipulation of the “_intransit” repository is allowed only for the Distribution service (no other users, including admins, will be able to perform this upload).

NuGet V2 APIs Deprecation Notice

With the decision by NuGet for EoL/EoS for Nuget V2 and transition to V3, and JFrog's emphasis on keeping its code up-to-date, the following two NuGet APIs will be deprecated towards the end of Q1, 2023:
        /GetUpdates()
        /GetUpdates()/$count

If you continue to use NuGet V2, you can use the /search API instead.

Feature Enhancements 

This release features a number of important performance improvements.

After upgrading to Artifactory 7.49.3, there is a one-time database optimization process. The time required to complete this process will vary depending on the database size and type/version, but it can take several hours. The indexing process may have a minor impact on database performance. 

Federated Repository Multi-Version Support 

Artifactory 7.49.3 introduces multi-version support, which enables the members of a Federation to run different versions of Artifactory, even if the version at one site includes configuration features and values that are not supported on the versions running at other sites. Thanks to multi-version support, future upgrades after 7.49.3 can be performed on one site at a time, eliminating the need for simultaneous upgrades across all locations.

Whenever an instance with a new Artifactory version is introduced to the Federation, the configurations of the other members are retrieved and a negotiation process checks for new and upgraded features that are not supported on the older versions. If there are new features that older versions do not support, the new feature is disabled. For upgraded features, a default value is chosen that is supported on all member versions. 

Multi-version support requires Artifactory 7.49.3 and above. Therefore, it is a prerequisite of this feature to upgrade all Federated repository members to Artifactory 7.49.3. After this has been done, multi-version support is enabled for all versions going forward. 

Federated Repository Monitoring 

This new feature enables you to monitor the status of Federated repositories using a set of dedicated REST APIs. Use these APIs to get the status of the Federation for a specific repository, including task status, pending event status, server lag time, and the number of fully (binary and metadata) and artificially (metadata only) replicated artifacts. In addition, you can use these APIs to get a list of Federation mirror lag times and a list of unsynchronized mirrors.

For more details, see Monitor Federated Repositories.

The new monitoring features become available after the one-time database optimization process (which is part of the upgrade to this version) is complete.

New Platform Security APIs 

These new Security APIs replace the previous Security APIs, which are planned to be deprecated at a later stage. The new APIs address aspects of JFrog Platform security and access, such as users, groups, permissions, tokens, and more. For more information, see Security REST APIs.

Platform-specific REST APIs Moved to a Dedicated Page

All REST APIs that are not specific to Artifactory - but are relevant to the JFrog Platform as a whole - have been moved to their own documentation page called JFrog Platform REST API. Here you will find all the APIs that were previously on the Artifactory page, including Security, System and Configuration, Support, Access, Projects, Router, and Webhooks. You will also find links from the existing Artifactory API page to the relevant sections in the new page.

npm Package Enhancements

• Support for npm-audit bulk REST API RTFACT-26435
  Added support for npm-audit bulk REST API commands in order to support npm-audit fix.
• npm Deprecation Flow Improvements 
  Simplified the npm deprecation handling. Now, npm deprecations will be reflected in the package.json file, and the npm client will return an appropriate error in the case of lacking permissions. 
  Note: If you have a large number of deprecated npm packages, upgrading Artifactory will cause Artifactory to start with a few seconds delay.

New RubyGems API RTFACT-26494

The new RubyGems REST API endpoint returns the list of versions for a given RubyGems package. For more information, see Get RubyGem Version List.

New Zap Cache API 

The new API endpoint allows you to zap cache for an artifact or repository. For more information, see Zap Cache.

Renaming Projects 

Project names can now be edited.

Updates to the Swift Repository SetMeUp 

The Swift SetMeUp in the JFrog Platform UI now includes instructions for enabling support for HTTP. For more information, see Swift Registry.

Project Key Minimum Length Changed RTFACT-26881 

The minimum length for a project key was reduced from 3 characters to 2.

Repositories Configuration 

From this version, Repository Configuration changes are done via REST API and not via the Global Configuration Descriptor. This change will improve performance for JFrog instances with a large number of repositories and will shorten the time needed to make configuration changes. For more information, see Repositories Configuration.

Quick Search DB Improvements RTFACT-21652 

Improved performance for Quick Search in the PostgreSQL database by approximately 70%, decreasing the loading time from five minutes to around 30 seconds. 

• For Self-Hosted instances: before upgrading, make sure that you have created your PostgreSQL Artifactory database user with appropriate permissions. For more information, see Creating the PostgreSQL Database.

Resolved Issues

Artifactory 7.47

This section includes all the Artifactory 7.47.x releases.

Artifactory 7.47.15 ^{Cloud | Self-Hosted}

Released: 6 January, 2023

Resolved Issue

Artifactory 7.47.14 ^Self-Hosted

Released: 20 December, 2022

Resolved Issues

Artifactory 7.47.12 ^{Cloud | Self-Hosted}

Released: 9 December, 2022

Resolved Issues

Artifactory 7.47.11 ^{Cloud | Self-Hosted}

Released: 7 December, 2022

Resolved Issues

Artifactory 7.47.10 ^{Cloud | Self-Hosted}

Released: 1 December, 2022

Highlights

JFrog API Key Deprecation Process

With the release of Artifactory 7.47.10, JFrog introduced a new method that supports Platform administrators with the deprecation process of the API Key feature. With this new process, admins can identify Platform users who still use API Keys for their authentication, thus helping to migrate those users to alternative means of authentication. JFrog is officially beginning the countdown to fully discontinuing its support for this feature. While you can continue to use it in the meantime, in Q2 2023, the API Key will reach its end-of-life.

The API Key will be deprecated in the following stages for Self-hosted customers (Cloud customers will receive additional instructions):

1. Artifactory version 7.47.10 includes the option to log users' authentication methods. This will allow administrators to view and warn users using API Keys regarding the upcoming deprecation. 
2. In a future version (scheduled for end of Q3, 2023), the option to block the usage/creation of API Keys will be enabled by default, with the option for admins to change it back to enable API Keys.
3. In a later 2023 version, API Keys will be deprecated altogether and the option to use them will no longer be available.

The complete process of the deprecation plan, as well as an explanation on how to use the API Key User Collection feature in 7.47.10, is detailed in the User Profile page.

Resolved Issues

Artifactory 7.47.7 ^Cloud

Released: 20 November, 2022

Resolved Issues

Artifactory 7.46

This section includes all the Artifactory 7.46.x releases.

Artifactory 7.46.22 ^Self-Hosted

Released: January 17, 2023

Resolved Issues

Artifactory 7.46.21 ^{Cloud | Self-Hosted}

Released: 5 January, 2023

Resolved Issue

Artifactory 7.46.20 ^{Cloud | Self-Hosted}

Released: December 19, 2022

Resolved Issues

Artifactory 7.46.17 ^Self-Hosted

Released: 29 November 2022

Resolved Issues

Artifactory 7.46.13 ^Cloud

Released: 16 November 2022

Resolved Issues

Artifactory 7.46.12 ^Cloud

Released: 13 November, 2022

Resolved Issues

Artifactory 7.46.11 ^{Cloud | Self-Hosted}

Released: 4 November 2022

Resolved Issue

Artifactory 7.46.10 ^{Cloud | Self-Hosted}

Released: 30 October, 2022

Resolved Issues

Artifactory 7.46.9 ^{Cloud | Self-Hosted}

Released: 27 October, 2022

Resolved Issue

ֿArtifactory 7.46.8 ^{Cloud | Self-Hosted}

Released: 25 October, 2022

Resolved Issues

Artifactory 7.46.7 ^Cloud

Released: 14 October, 2022 

Resolved Issue

Artifactory 7.46.6 ^{Cloud | Self-Hosted}

Released: 14 October, 2022

Resolved Issues

Artifactory 7.46.3 ^{Cloud | Self-Hosted}

Released: 11 October, 2022 (Released to Cloud on 2 October, 2022)

Feature Enhancements

Java 17 Compatibility 

From this version, Artifactory officially supports running with JDK 17 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 17.

Access Token Scope Added to the WebUI 

The scope of a user's access token (also known as a scoped token), has now been added to the JFrog Platform WebUI (in addition to the existing API endpoint) as a new column in the Security page. For more information, see Generating Scoped Tokens.

AQL Search Speed Improvements 

Improved AQL internal search mechanism to support running faster queries. 

Helm Indexing Improvements

Improved the speed when indexing Helm Charts in Helm repositories.

Webhooks WebUI Now Supports Using the Secret for Signing the Payload 

When creating Webhooks and defining a secret authentication token, the administrator can determine the way in which the Webhook's secret token should be used:

• As the X-JFrog-Event-Auth HTTP header, so that the token can be used by the service that receives the event to authenticate the event emitter.
• To sign the events payload- in which case the secret token must not be passed as a header.

To support both options, the backend was updated to also send an HTTP header containing the payload hash value calculated based on the secret token (this hash value should be computed based on SHA1 or SHA256). With this release, the JFrog Platform now supports setting the secret for payload signing through the WebUI. See Creating Webhooks in the JFrog Platform. 

Allow Including/Excluding Patterns for Syncing User Entities with Access Federation

Added the option to define include or exclude patterns for users.

Cargo Indexing Enhancement 

Added support for alternative indexing in Cargo repositories based on the sparse index specifications, instead of jgit server

For more information, see Setting Up Cargo Indexing Using Sparse Indexing.

User/Group WebUI Enhancements

Enhanced the User/Group WebUI with the following updates:

• Enable sorting users in tables by additional columns 
• Enable partial search by name/email in tables
• Improved the loading time of Users in the Groups page
• Improved the loading time of Users/Groups in Permission Targets

Resolved Issues

Artifactory 7.42

This section includes all the Artifactory 7.42.x releases.

Artifactory 7.42.5 ^Cloud

Released: 4 September, 2022

Resolved Issue

Artifactory 7.42.3 ^Cloud

Released: 24 August 2022

Resolved Issues

Artifactory 7.42.1 ^Cloud

Released: 31 July 2022

Feature Enhancements

Added a Full Broadcast Function to the Access Federation UI

Added the option to trigger a full broadcast from a specific Access Federation source via the Access Federation UI. See Full Broadcast.

CRAN Local Repository Improvements

Aligned the CRAN Local repository to follow the CRAN spec when populating the Archive folder by introducing the following enhancements:

• Added the cran.archiveMover.enabled system property that will allow the storage of the archives in the correct hierarchy.

• Added a new Move Archives CRAN REST API,  which moves the existing archives to the correct location (if the system property is enabled). 

Cold Storage UI Improvements

Added a new Skip Trash Can checkbox allowing you to skip moving items to the trash can when creating or modifying Cold Storage Archive policies in the WebUI.

Property Set /name Validation Endpoint Changed to /propertyName

Changed the property set endpoint from /Name to /propertyName.

Projects Enhancements

Modified the Project Key Name length limitation from three to two characters.

Generate a Non-expiry Admin Token without Changing the Configuration

Admins can now bypass tokens restrictions and can generate a token with any expiry they wish and create refreshable tokens without changing the configuration. The token restrictions will affect non-admin users and they can be set in the Access YAML Configuration.

Resolved Issues

Artifactory 7.41

This section includes all the Artifactory 7.41.x releases.

Artifactory 7.41.14 ^{Cloud | Self-Hosted}

Released: 30 September, 2022

Resolved Issues

Artifactory 7.41.13 ^{Cloud | Self-Hosted}

Released: 20 September, 2022

Resolved Issue

• Fixed an issue whereby, under certain circumstances, the JFrog Platform webUI was unresponsive due to a memory leak.

Artifactory 7.41.12 ^{Cloud | Self-Hosted}

Released: 31 August, 2022

Resolved Issue

Artifactory 7.41.7 ^{Cloud | Self-Hosted}

Released: 29 July, 2022

Feature Enhancement

Disabling Proxy for Remote and Federated Repositories Now in the UI

Added a dedicated 'No Proxy' field in the JFrog Platform UI to allow disabling a proxy on the repository level. For more information, see Advanced Settings.

Resolved Issue

This patch resolves an issue caused by CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, and CVE-2022-32223. For more information, see the Fixed Security Vulnerabilities page.

Artifactory 7.41.6 ^{Cloud | Self-Hosted}

Released: 21 July, 2022

Resolved Issues

Known Issue in this Version

Affected Audience: Users who have run their remote or federated repositories without a proxy and have manually removed the proxy.

Upgrading to the 7.41.6 version automatically populates the default proxy on all repositories that have manually set the proxy field as empty. To learn more, click here.

Artifactory 7.41.4 ^{Cloud | Self-Hosted}

Released: July 11, 2022

Highlights

ARM64 Support

From version 7.41.4, Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.

Swift Registry Supported on Self-Hosted deployment

Swift Registry support has been expanded to support both cloud and self-hosted deployments. For more information, see Swift Registry 

Feature Enhancements

Debian Repository includes Support for Debian Snapshots 

From Artifactory 7.41.4, Debian repositories include support for Debian Snapshots and can be used in the following scenarios:

• As backups, allowing you to easily fall back to previous versions in case of package corruption due to dependency changes. 
• For release purposes, whereby the tested Packages file can be immutably saved and served.

For more information, see Working with Debian Snapshots

Conan Search Optimization

Performed internal improvements to increase the Conan Search performance.

Updated the Refresh Token Mechanism

To enable refreshing a token without having to provide the old token, a new column has been added to the database that contains the token payload, the token version, and `kid` as a JSON (this is application for refreshable tokens only!). Upon receiving a token request to refresh, the original data is then taken from the new column in the database. See Refresh Token.

Maven Snapshot Version Default Behavior Change 

Users with Repository Management/Deploy Permission can View/Use the Trash Can Repository 

Until the current release, users who did not have Admin permission were unable to view or to use the Trash Can repository, so that only administrators were able to see and interact with the Trash Can. With this release, two changes have been implemented:

• Users who have deploy or manage permissions to any repository will be able to view the Trash Can and to view files in that repository of origin. 
• Users who also have delete permissions to their repository will now also be able to restore them without requiring admin assistance (they will not be able to view or restore any other repositories). 

Resolved Issue

Known Issue in this Version

Affected Audience: Users who have run their remote or federated repositories without a proxy and have manually removed the proxy.
Upgrading to the 7.41.4 version automatically populates the default proxy on all repositories that have manually set the proxy field as empty. To learn more, click here.

Artifactory 7.39

This section includes all the Artifactory 7.39.x releases.

Artifactory 7.39.10 ^{Cloud | Self-Hosted}

Released: 29 July, 2022

Resolved Issue

This patch resolves an issue caused by CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, and CVE-2022-32223. For more information, see the Fixed Security Vulnerabilities page.

Artifactory 7.39.6 ^Cloud

Released: June 29, 2022

Resolved Issues

Artifactory 7.39.4 ^{Cloud | Self-Hosted}

Released: 14 June, 2022

Highlights

Swift Registry Support

Artifactory now natively supports a dedicated Swift registry, giving you full control of your deployment and resolution process of your Swift packages and their dependencies. Today Swift is most widely used as the go-to language for iOS and all the other Apple OS-app development. With the introduction of Swift support by Artifactory, you can create secure and private local Swift repositories, remote Swift repositories to proxy remote Swift dependencies and cache downloaded Swift packages. Virtual Swift repositories give you a single URL through which to manage the resolution and deployment of all your Swift packages. To learn more, see Swift Registry.

Feature Enhancements

Storage Summary Improvements

The default threshold for updating the Storage Summary page update has been modified from 1 hour to 6 hours. This change is done in order to minimize the load. This value continues to be configurable as before by setting 'update.storage.summary.cron' value.

Detected Known Issues

Resolved Issue

Artifactory 7.38

This section includes all the the Artifactory 7.38.x releases.

Artifactory 7.38.17 ^Self-Hosted

Released: 11 August 2022

Resolved Issue

Artifactory 7.38.16 ^{Cloud | Self-Hosted}

Released: 4 August, 2022

Resolved Issue

This patch resolves an issue caused by CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, and CVE-2022-32223. For more information, see the Fixed Security Vulnerabilities page.

Artifactory 7.38.10 ^{Cloud | Self-Hosted}

Released: 19 May, 2022

Resolved Issue

Artifactory 7.38.8 ^{Cloud | Self-Hosted}

Released: 11 May, 2022

Resolved Issue

Artifactory 7.38.7 ^Cloud

Released: 8 May, 2022

Resolved Issue

Artifactory 7.38.4 ^Cloud

Released: 28 April, 2022

Highlights

Terraform Package Support

JFrog provides a fully-fledged Terraform repository solution giving you full control of your deployment and resolution process of Terraform Modules, Providers, and Backend packages.

The Terraform Registry in the JFrog Platform offers the following benefits:

• Secure and private local Terraform Modules registry
• Secure and private local Terraform Providers registry
• Proxy remote Terraform Module and Provider resources with caching to keep you independent of the network and the remote resource.
• Virtual Terraform repositories that support a single URL through which to manage the resolution and deployment of all your Terraform Modules and Providers.

The Terraform Backend Repository in the JFrog Platform offers the following benefits:

• A Remote State Storage Provider
• Support for multiple Workspaces
• Built-in Secure State Encryption storage
• Comprehensive State snapshot history
• State content viewer with advanced search abilities

To learn more about the Terraform repository solution in the JFrog Platform, see Terraform Repositories.

Feature Enhancements

Enhancements to the JFrog Platform WebUI

From version 7.38.4, we have implemented the first phase of the JFrog Platform WebUI redesign that is intended to provide a more intuitive user experience based on our customer's feedback. 

Note that the changes in this phase only include changes to the Tab name changes and do not include changes to the WebUI structure.

Authentication of Users using mTLS is Now Supported

From Artifactory 7.38.4, self-hosted customers can authentication users using mTLS (to configure a reverse proxy to support mTLS in the Cloud, you will need to contact JFrog Support to set this up for you). This will require you to perform some setup on the front reverse proxy (e.g., Nginx). See Configuring a Reverse Proxy to Support mTLS.

TOKEN ENHANCEMENTS

Scoped Admin Access Tokens 

From Artifactory release 7.38.4, JFrog enables companies to create their own Admin-scoped access token without using the JFrog Platform UI or via another token. This Access admin-scoped token is designed to be used for a short time only and its purpose is to start up the system. This provides customers with the option of setting up their JFrog Platform in an automated, fully UI-free setup. See Creating an Automatic Admin Token.

Scoped Tokens Now Include Resource Permissions

From Artifactory 7.38.4, scoped tokens also support resource permissions. See Create Token endpoints table.

New Identity Token Format and API Key Replacement  

Artifactory release 7.38.4, includes a new Identity Token format, also called a Reference Token, which can also be used to replace the API Keys that will be deprecated in a future version.

The new Reference Token includes an option to create a "shortened," 128-character key, thereby providing an alias for the Identity Token. To learn more about how to generate an identity token, see Identity Token.

The new Reference Token is also enabled for Access scoped tokens in the Access Tokens UI, enabling you to generate a scoped access token in the format you prefer - full Identity Token or Reference Token. For more information, see Generating Scoped Tokens.

Added PKCE Support for OAuth Integrations

Artifactory supports enabling the PKCE extension over OAuth to gain an additional level of security and serves as an alternative to the basic Secret mechanism. By selecting the Enabled PCKE field in the OAuth Provider dialog in the UI,  you will enable this feature and the Secret option will be automatically disabled. For more information, see Enabling Authorization Code Flow with PKCE.

Please note that backward compatibility for the authorization Code Flow without PKCE is retained.

Resolved Issues

Artifactory 7.37

This section includes all the the Artifactory 7.37.x releases.

Artifactory 7.37.17 ^{Cloud | Self-Hosted}

Released: 4 August, 2022

Resolved Issue

This patch resolves an issue caused by CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, and CVE-2022-32223. For more information, see the Fixed Security Vulnerabilities page

Artifactory 7.37.16 ^{Cloud | Self-Hosted}

Released: 6 May 2022

Resolved Issue

Artifactory 7.37.15 ^{Cloud | Self-Hosted}

Released: 26 April, 2022

Resolved Issue

Artifactory 7.37.14 ^{Cloud | Self-Hosted}

Released: 17 April, 2022

Resolved Issue

Artifactory 7.37.13 ^{Cloud | Self-Hosted}

Released: 14 April, 2022

Feature Enhancements

Enforce Internal Dynamic Search of Attributes in LDAP Groups 

Introducing the new functionality for the LDAP group dynamic strategy which enforces dynamic internal search of attributes in a group by setting the <forceAttributeSearch>true</forceAttributeSearch> in the Config descriptor. For more information, see Enforcing Dynamic Search of Attributes for LDAP Groups. 

Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories

An enhanced Maven Authentication mechanism has been implemented in Artifactory to eliminate the need to perform authentication prior to checking if a package is located in local, remote and virtual repositories. With the new authentication mechanism, when reaching Maven-local-three (which requires authentication), instead of first performing for authentication and next authorization, Artifactory will check if the requested item is located in the repository. If the requested package does exist, it will proceed to perform authentication and authorization. If not, a 404 error message will be triggered.

This feature is disabled by default and can be enabled by adding the artifactory.maven.authentication.nonPreemptive parameter to the artifactory.system.properties file. Please note that a reboot of the system is required after adding the flag. For more information, see Forcing Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories.

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 9.0.58, solving some security vulnerabilities described in CVE-2020-9484.

Anonymous Users can be routed to Login Page by Default

To provide Anonymous users in the JFrog Platform with an improved navigation experience, you can set all Anonymous users to be routed to the Login page by enabling the new 'Set the Login page as the start page' on the Anon User page.

GAVC Search REST API Supported on Virtual and Remote Repositories

Maven users can now search by Maven Coordinates (GAVC: GroupID, ArtifactID, Version, Classifier), on remote and virtual repositories, in addition to the existing support for local repositories. For more information, see the new parameters added to the GAVC Search REST API.

Added Support for Custom Ports to be Exposed on the NGINX Pod 

As part of the alignment of the JFrog Platform with the conventional Kubernetes YAML syntax for container ports, we have added support for comments in the values.yaml file. It is self-explanatory as it is traditional Kubernetes YAML syntax and allows you to pass additional ports other than HTTP and HTTPS port to Nginx deployment and service in the values.yaml file.

New Webhook to Support Pull Replication from Remote Repositories   

The newly added 'Cache' webhook event is triggered for Pull Replication events occurring opposite remote repositories. Please note that for push replication, you should use this 'Deployed' event. For more information, see the Domain:Artifact section.

Extended the Priority Resolution feature to Support RPM Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for RPM packages.

Integration Service Logs Added to Support Bundle

The integration-request.log and integration-service.log logs have been added to the Support Bundle.

Release Bundle Webhooks: Enhanced the Exclude and Include Pattern Experience in the WebUI

To prevent confusion when creating the Release Bundle Webhook, the Webhooks WebUI has been improved when setting the include and exclude patterns.

Updated the Refresh Token Mechanism

To enable refreshing a token without having to provide the old token, a new column has been added to the database that contains the token payload, the token version, and `kid` as a JSON (this is an applicable to refreshable tokens only!). Upon receiving a token request to refresh, the original data is then taken from the new column in the database. See RefreshToken.

Resolved Issues

Artifactory 7.36

This section includes all the the Artifactory 7.36.x releases.

Artifactory 7.36.2 ^Cloud 

Released: 18 March, 2022

Resolved Issues

Artifactory 7.36.1 ^Cloud

Released: 13 March, 2022

 Highlights

Artifactory as Your Symbol Server  

A Symbol Server stores the .PDB files and binaries for all your public builds. These are used to enable you to debug any crash or problem that is reported for one of your stored builds. Both Visual Studio and WinDBG know how to access Symbol Servers, and if the binary you are debugging is from a public build, the debugger will get the matching PDB file automatically.
From Artifactory 7.36.1, you can benefit from the following advanced Symbol Server features:

• Publishing while indexing your Symbol packages to Artifactory from your NuGet Client v3 together with your NuGet packages or as separate Symbol packages
• Resolving Symbol files (.pdb) from virtual and local repositories in the JFrog Platform
• Resolving Symbol files from remote proxies. For example, http://symbols.nuget.org/download/symbols.
• Debugging the Symbol files hosted on Artifactory using the Visual Studio debugger tool.

Note that prior to Artifactory 7.36.1, Symbol Server support was limited to setting Artifactory as a remote Proxy for Symbol files that were hosted as Generic packages in Artifactory.

Resolved Issues

Artifactory 7.35

This section includes all the the Artifactory 7.35.x releases.

Artifactory 7.35.2 ^Self-Hosted

Released: 9 March, 2022

Artifactory 7.35.1 ^{Cloud | Self-Hosted}

Released: 1 March, 2022

Feature Enhancements

Build-Info Repositories can be Shared Across Federated Repositories

The Federated repository feature has been expanded to support adding Build-Info repositories as federated members within a Federation using a dedicated

command. For more information, see Converting a Build-Info Repository to a Federated Repository.

UI Support for Removing Binding Tokens for Federated Repositories

From Artifactory 7.35.1, you can now remove the binding tokens you created between a source JPD and target JPD using the JFrog Platform UI. See Removing Binding Tokens.

Enhanced the AQL Query Performance for Postgres

Performed internal changes to the database indexing mechanism to improve the AQL Query Performance for Postgres.

Resolved Issues

Artifactory 7.34

This section includes all of the Artifactory version 7.34.x releases.

Artifactory 7.34.4 ^Cloud

Released: 14 February, 2022

Feature Enhancements

Improved Pub Package Deploy Experience

From Artifactory 7.34.4, when running the dart pub publish CLI command, the pub files will automatically be packaged as tr.gz files and uploaded to Artifactory.

Resolved Issues

Artifactory 7.33

This section includes all of the Artifactory version 7.33.x releases.

Artifactory 7.33.9 ^{Cloud | Self-Hosted}

Released: 7 February 2022

Resolved Issues

Artifactory 7.33.8 ^{Cloud | Self-Hosted}

Released: 3 February, 2022

Highlights

Announcing the Integration Microservice

Released the new Integration microservice (as part of the JFrog platform) responsible for third-party authentication and event registration.
8071 and 8072 are the ports that must be open for the Integration microservice. For more information, see the Requirements Matrix. 

Binding Tokens 

JFrog introduces a new type of access token called a binding token, which allows trust to be bi-directional. Binding tokens provide a narrowed trust scope for those customers that do not wish to provide full access to the other JPDs, and also full self-service for Cloud Enterprise customers that can build customizable binding to the other JPDs on their own. While binding was available with the older access methods (Circle of Trust, join key, etc.), it has now been implemented as part of the JFrog Platform Deployments function in the Administration tab. See Binding Tokens.

Federated Repositories Now Supported for Cloud Customers 

Federated Repositories require setting up trust between two JPD instances (source and target), which can be achieved using a Circle of Trust. With this release, using the new Binding Tokens, you can set up Federated Repositories in a JFrog Platform Cloud environment without using a Circle of Trust. See Setting Up a Federated Repository and Binding Tokens for Federated Repositories.

Resolved Issues

Artifactory 7.33.6 ^Cloud

Released: 1 February, 2022

Feature Enhancements

Force Authentication is Supported for Conan Repositories

For Conan repositories, you can now enable Force Authentication on the repository level forcing users to perform authentication as a prerequisite for using the Conan Client opposite the repository. For more information, see Conan Allowing Anonymous. Access

Federated Repository Enhancements 

You can control the Federated Repository binary importer number of workers/threads by setting a set of parameters in the binary.xml file

Deprecation of the JetS3t

Because the JetS3t library is no longer maintained; therefore, this template will be deprecated in Artifactory in the second quarter of 2022. You should use the s3-storage-v3 instead, which uses the official, highly-maintained AWS S3 SDK. The transition should be seamless between s3 to s3-storage-v3, as most parameters are the same between the two providers. To learn more, see Amazon S3 Official SDK Template.

Resolved Issues

Artifactory 7.31

This section includes all of the Artifactory version 7.31.x releases.

Artifactory 7.31.13 ^{Cloud | Self-Hosted}

Released: January 26, 2022

Resolved Issue

Artifactory 7.31.11 ^{Cloud | Self-Hosted}

Release: 23 January, 2022

Resolved Issue

Artifactory 7.31.10 ^{Cloud | Self-Hosted}

Released: 10 January, 2022

Highlights

JFrog Projects Feature is Available to All JFrog Users

The JFrog Projects feature is now supported on all JFrog Subscriptions. JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. As such, using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. Projects simplify the onboarding process for new users, create better visibility for LOBs and project stakeholders. To learn more, see Projects.

Pub Repository Support (Beta Version)

Artifactory now natively supports Dart packages, giving you full control of your deployment and resolution process of Flutter, Angular Dart, and general Dart programs. You can create secure and private local Pub repositories with fine-grained access control. Remote Pub repositories proxy remote Dart resources and cache downloaded Dart packages to keep you independent of the network and the remote resource, and virtual pub repositories give you a single URL through which to manage the resolution and deployment of all your Dart packages. To learn more, see Pub Repositories.

S3 with Storage Sharding Support

Artifactory introduces S3 Sharding template (s3-sharding) that utilizes a new sub-provider, state-aware-s3, so that you can use multiple S3 buckets with sharding as the Artifactory file store. For more information, see S3 Sharding.

High Availability in PostgreSQL Database

Artifactory introduces the ability to set up PostgreSQL databases in an HA configuration to be used as the Artifactory database. For more information, see PostgreSQL.

Feature Enhancements 

Priority Resolution Supported on Federated Repositories

Added support for setting Priority Resolution on Federated repositories. Setting Priority Resolution takes precedence over the resolution order when resolving Federated repositories and will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. 

Garbage Collection Improvements

To improve Garbage Collection performance, you can now disable size-based ordering of the GC query. As a result, artifacts will not necessarily be deleted from largest to smallest. For more information, see Garbage Collection.

NuGet SetMeUp API v3 Enhancements

The NuGet package Set Me UP page in the JFrog Platform UI has been redesigned to reflect the best practices promoted by NuGet regarding the usage of API v3 over API v2. For more information, see Configuring NuGet Repositories.

Introducing npm SHA512 Support

From npm version 5, all npm packages published to Artifactory will support both SHA512 and SHA1 while using the strongest algorithm available, which will result in improved performance, robustness, and enhanced fault-tolerance. For more information, see v500.

Artifactory now supports SHA512 checksum when publishing to Artifactory with npm versions greater than 5 (containing sha512).

Checksum Policy Support for NPM Uploads

Added support for checksum validation on the NPM Tarballs when running the NPM Publish command.

Resolved Issues

Artifactory 7.29

This section includes all of the Artifactory version 7.29.x releases.

Artifactory 7.29.9 ^{Cloud | Self-Hosted}

Released: 11 January, 2021

Resolved Issues

• Fixed a number of issues related to the internal Replicator service within an High Availability (HA) environment.

Artifactory 7.29.8 ^{Cloud | Self-Hosted}

Released: 15 December, 2021

Resolved Issues

Artifactory 7.29.7 ^{Cloud | Self-Hosted}

Released: 5 December, 2021

Highlight

New Hybrid Solution Provided through the Distribution Edges

Self-hosted customers who have an existing JFrog Distribution in place may sometimes require the option of adding additional JFrog Artifactory instances in the cloud. This hybrid setup is now supported through the JFrog Distribution Edges Add-on, a commercial offering for On-Prem customers to leverage JFrog SaaS for software distribution. This add-on enables On-Prem customers to add cloud-based Edge nodes managed by JFrog (software-as-a-service) and fully utilize them for content distribution. See Configuring Distribution Edges Using the Distribution Edges Add-on.

New Integration for JFrog Artifactory with Amazon's Elastic Cloud Kubernetes (EKS) Anywhere

Amazon's Elastic Cloud Kubernetes (EKS) Anywhere is a new deployment option for Amazon EKS, which allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, supported by AWS. Unlike the Bring Your Own License (BYOL) model, which uses a Docker image, the deployment of JFrog Artifactory on Elastic Cloud Kubernetes (EKS), EKS Anywhere uses Helm Charts to leverage the AWS License Manager. See Artifactory Integration with Amazon AWS Container Marketplace.

Support for Personal OAuth SSO

JFrog Cloud users (only) can now also join through an invite, and to then log in using Personal OAuth such as Google or GitHub. For more information, see Adding New Users via Invite.

Master.key Load and Retention in Memory

To improve security around the storage of the master.key, from Artifactory version 7.29.7 JFrog supports loading the master.key at startup and keeping it in memory. This is achieved by removing the master key from the file system by each application, after it was read by the application node during bootstrapping. Customers who wishing to utilize this capability will need to "opt-in" to the master key removal, to fetch the master key and to place it in the correct path on the application's file system whenever a new node is bootstrapped. See Master.key Load and Retention in Memory.

Feature Enhancements

Garbage Collection Performance Improvements

Improved Garbage collection performance by implementing changes to the internal garbage collection batch mechanism.

New Pairing Token UI and API

Added new UI in the JFrog Platform for a pairing token, which establishes trust between different JFrog micro services. The pairing token is an access token that is used for the initial pairing flow. Because the token is a limited access token, it is dedicated to a specific task and short-lived. Once trust is established, the services can continue using the standard token-based authentication for communication. Pairing tokens replace the join.key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not with in a JPD). See Generating Scoped and Pairing Tokens.

NuGet Repository Improvements

As part of the NuGet package improvement initiative, we have added the ability to resolve cached artifacts from remote NuGet repositories in case the remote repository is down.

Hiding Artifactory Version in the UI is Supported

The Artifactory version in the UI can be hidden by setting the artifactory.standalone.show.detailed.footer=false to the var/etc/artifactory/artifactory.system.properties file.

This feature is applicable only to Artifactory Self-hosted instances.

Conan Search Optimization

Performed internal changes to the Conan search resulting in Conan search optimization.

Resolved Issues

Artifactory 7.28

This section includes all of the Artifactory version 7.28.x releases.

Artifactory 7.28.9 ^Cloud

Released: 19 November, 2021

select count(1) from node_props where length(prop_value) > 2400

Feature Enhancements

External ID Added to Support Azure Active Users 

To support Azure Active Directory users, the field External ID field was added to the group definition and can be set via the group creation UI. See Creating and Editing Groups.

New PyPi Public Remote Registry Supported    

For PyPi users, Artifactory now supports the public remote registry URL: https://download.pytorch.org/whl/torch_stable.html.

Resolved Issues

Artifactory 7.27

This section includes all of the Artifactory version 7.27.x releases.

Artifactory 7.27.10 ^{Cloud | Self-Hosted}

Released: 5 November, 2021

Resolved Issues

Artifactory 7.27.9 ^{Cloud | Self-Hosted}

Released: 28 October 2021

Resolved Issues

Artifactory 7.27.7 ^Cloud

Released: 20 October, 2021

Resolved Issues

Artifactory 7.27.6 ^{Cloud | Self-Hosted}

Released: 11 October, 2021

Feature Enhancements

Push Configuration Updates are Supported for Federated Repositories

You can manually initiate push configuration updates to member federated members in case of network issues using the REST API or directly in the UI. For more information, see Troubleshooting Federated Member Out-of-Sync Notifications.

Enabling Log Collection (Cloud Subscriptions) 

The Log Collection Enablement feature enables Cloud customers to collect and download their application logs in a dedicated Logs Artifactory System Repository, to improve auditing capabilities. The feature requires an opt-in, and is enabled using a dedicated Artifactory API. The log types collected include Artifactory request and access audit trail.
This feature is available to all Cloud subscriptions.

Resolved Issues

Artifactory 7.27.3 ^Self-Hosted

Released: 30 September, 2021

Highlights

Announcing JFrog Artifactory Cold Artifact Storage Feature

The JFrog Cold Artifact Storage enables organizations to save cost and improve usability and performance by providing the ability to retain unused artifacts that cannot be deleted for several years due to regulatory obligations. Cold Artifact Storage enables you to move these artifacts from one Artifactory instance to another Artifactory instance that is connected to cost-effective storage. Artifacts that are moved to the Cold instance are removed from the Live Artifactory instance, thereby reducing the number of artifacts that require maintenance, which helps to improve the usability, search capabilities, and performance of the Live instance. For more information, see Cold Artifact Storage.

PHP Composer Virtual Repositories

As part of our initiative to support PHP Composer versions 1 and 2 and support for downloading Drupal file versions 7 and 8 from remote repositories, we now support PHP Composer virtual repositories version 2 (version 1 is not supported). A virtual repository is a collection of local, remote, and other virtual repositories accessed through a single logical URL. It hides the access details of the underlying repositories letting users work with a single, well-known URL. The underlying participating repositories and their access rules may be changed without requiring any client-side changes. For more information, see PHP Composer Virtual Repositories.

Feature Enhancements

JFrog Mission Control is Now Integrated as a Service in Artifactory

From this version, Mission Control is now a dedicated service in Artifactory and manages the connectivity between the Platform Deployment units. The dashboard and metrics are now part of a new dedicated product called Insight. For more information, see Migrating Platform Deployments and License Buckets.

Extended the Priority Resolution feature to Support PHP Composer Repositories 

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for PHP Composer packages. 

HELM Remote Repositories Improvements in the UI

Helm Charts requested by the Helm client frequently use external dependencies as defined in the index.yaml file. These dependencies may, in turn, need additional dependencies. Therefore, when downloading a chart, you may not have full visibility into the full set of dependencies that your original chart needs (whether directly or transitively). As a result, you are at risk of downloading malicious dependencies from unknown external resources.

To manage this risk, and maintain the best practice of consuming external charts through Artifactory, you may specify a "safe" Allow List from which dependencies may be downloaded, cached in Artifactory, and configured to rewrite the dependencies so that the Helm client accesses dependencies through a remote repository. For more information, see Automatically Rewriting External Dependencies.

Project-related Enhancements

• Added the ability to share repositories within a Project/s in Read-Only mode to avoid any changes or modifications of the shared content.
• Increased the number of characters supported for a Project key up to 10 chars.

Docker Push Image Performance Improvements

Improved speed when pushing new Docker images to Docker repositories by implementing enhancements to the internal Docker Blob Search mechanism.

Expanded Indexing to Support .ddeb Files for Debian Repositories

Added support for Indexing debug symbols for Debian repositories. For more information, see Debian Repositories.

Enhanced the Get Reverse Proxy Configuration REST API Permissions

Users running the Get Reverse Proxy Configuration REST API can now view proxy information based on their permission set.

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.68, solving some security vulnerabilities described in CVE-2021-33037.

Resolved Issues

Artifactory 7.26

This section includes all of the Artifactory version 7.26.x releases.

Artifactory 7.26.3 ^Cloud 

Released: 9 September, 2021

Resolved Issues

Artifactory 7.25

This section includes all of the Artifactory version 7.25.x releases.

Artifactory 7.25.7 ^{Cloud | Self-Hosted}

Released: 10 September, 2021

Resolved Issues

Artifactory 7.25.6 ^{Cloud | Self-Hosted}

Released: 5th September, 2021

Resolved Issues

Artifactory 7.25.5 ^Self-Hosted

Released: 2 September, 2021

Feature Enhancements

Artifactory Helm Chart Installation Setup Improvements 

Single and cluster license types are both supported in a single artifactory.cluster.license file, thereby removing the need to support two separate licenses files. Running two license files is still supported for backward compatibility purposes.

Artifactory Docker Container Image Uses the Redhat UBI Micro Base Image

In an effort to provide a more secure Artifactory image, Artifactory now uses the Redhat UBI Micro base image. Some of the tools that were available in the Artifactory image are not available in this more secure image. For more information, see JFrog Products Container Base Image.

Resolved Issues

Artifactory 7.25.4 ^Cloud

Released: 30 August, 2021

Feature Enhancements

Build Info Supports Aggregated Builds

Aggregated builds are builds that contain multiple steps and can run on multiple machines. Aggregated Build are now represented by Build Info using the new 'type' parameter under the module section in the UI. 

URL Normalization is Now Prevented for Remote Repositories

Remote repositories are now enabled with the new disableUrlNormalization parameter to prevent URL normalization from occurring. This field is s configurable by changing the default setting disableUrlNormalization from false to true. For more information, see the Remote Repository JSON.

Resolved Issues

Artifactory 7.24

This section includes all of the Artifactory version 7.24.x releases.

Artifactory 7.24.7 ^{Cloud | Self-Hosted}

Released: 15 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.24.6 ^Self-Hosted

Released: 5th September, 2021 

Resolved Issues

Artifactory 7.24.4 ^Cloud

Released: 19 August 2021

Resolved Issue

• Fixed an issue whereby after distributing Docker images using Release Bundles, the Docker pull was failing. 

Artifactory 7.24.3 ^{Cloud | Self-Hosted}

Released: 11 August, 2021

Resolved Issues

Artifactory 7.24.1 ^Cloud

Released: 8 August, 2021

Highlights

PHP Composer Repository Highlights

PHP Composer V2 Support

Artifactory supports PHP Composer V2 in addition to V1. From Artifactory 7.24, Local PHP repositories will automatically be created in V2 that supports faster download times and enhanced performance.
The PHP Metadata V2 index support for local repositories, and complies with the following rules:

• Your existing Composer repositories will remain unchanged and Composer v1 will be set as the default.
• From this Artifactory version and above, all newly created Composer repositories will be set with Composer version 2. The option to set V1 indexing is disabled by default.

The V1 indexing can be enabled or disabled in the local repository configuration and requires full reindexing after applying changes. For more information, see PHP Composer Local Repositories.

Drupal 7 and 8 Registry Support

You can now upload Drupal version 7 and 8 packages to remote repositories. For more information, see Setting Remote Repositories to Work Opposite Drupal 7 and 8 Packages.

Feature Enhancements

Added Namespace Support for Helm Virtual Repositories 

You can now assign namespaces to local and remote repositories in Helm virtual repositories allowing you to explicitly state which aggregated repository to fetch. In the past, when attempting to fetch a chart from a virtual Helm repository, the first chart that randomly matched the name, was fetched. For more information, see Kubernetes Helm Chart Repositories.

Migration Performance Improvements

Introduced performance improvements when migrating from Artifactory 6.x to Artifactory 7.x.

Resolved Issues

Artifactory 7.23

This section includes all of the Artifactory version 7.23.x releases.

Artifactory 7.23.8 ^{Cloud | Self-Hosted}

Released: 15 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.23.7 ^{Cloud | Self-Hosted}

Released: 5 September, 2021 

Resolved Issues

Artifactory 7.23.5 ^Cloud

Released: 25 August, 2021

Resolved Issues

Artifactory 7.23.4 ^Cloud  

Released: 19 August, 2021

Resolved Issue

1. Fixed an issue whereby after distributing Docker images using Release Bundles, the Docker pull was failing. 

Artifactory 7.23.3 ^{Cloud | Self-Hosted}

Released: 4 August, 2021

Feature Enhancements

Preliminary Release of the JFConnect Service

A new JFConnect service is now added to Artifactory but is disabled for now. JFConnect will act as the JPD (JFrog Deployment) entitlements service, enabling dynamic entitlement allocation for the connected products, based on account/subscription changes in JFrog’s main Entitlements Server (myJFrog).

Note that this service uses port 8030 (HTTP listener) and 8035 (gRPC listener) but does not require enabling them.

Builds Info REST API Displays the VCS Parameter

The VCS property is now displayed in BuildInfo REST API response.

Resolved Issues

Artifactory 7.21

This section includes all of the Artifactory version 7.21.x releases.

Artifactory 7.21.20 ^{Cloud | Self-Hosted}

Released: 16 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.21.13 ^{Cloud | Self-Hosted}

Released: 22 August, 2021

Resolved Issues

Artifactory 7.21.12 ^{Cloud | Self-Hosted}

Released: 28 July, 2021

Resolved Issues

Artifactory 7.21.8 ^{Cloud | Self-Hosted}

Released: 19 July, 2021

Resolved Issue

Artifactory 7.21.7 ^{Cloud | Self-Hosted}

Released: 14 July, 2021

Resolved Issue

Artifactory 7.21.5 ^{Cloud | Self-Hosted}

Released: July 9th, 2021

Resolved Issues

Artifactory 7.21.3 ^{Cloud | Self-Hosted}

Released: 1 July, 2021

Feature Enhancements

Docker Enhancements

As part of our ongoing effort to provide the best Docker-related experience, we have introduced the following enhancements:

• Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.
• Added Docker Buildx support, allowing you to easily build and push multi-architecture images using the Docker buildx CLI. For more information, see Pushing Multi-Architecture Docker Images to Artifactory.
• Added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

Announcing a New Outbound Repository Request Log

Announcing the release of the new Outbound Remote Repository Request log, which allows you to track every request initiated by a remote repository including requests related to replication. For more information, see Logging.

Extended the Priority Resolution feature to Support Puppet Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for Puppet packages.

Improved Metadata Request Performance for Remote Repositories 

You can now configure the Metadata Retrieval Cache Timeout (Sec) parameter in the Remote Repository Cache Settings to control the Metadata timeout performance. If the timeout is reached, the local cached artifact is served and the previous metadata is returned to the client (the default value is 60 seconds).

Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu. Authenticated users will not need to re-authenticate to access the native browser.

Expanded Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality

The new Security Manager role enables a user to perform security-related project actions such as Manage Xray Data, Manage Reports, Manage Watches and Policies, and Ignore Global Violations. This version also introduces additional functionalities for Xray in Projects, such as generating Global Xray Reports for a Project scope and applying Global Watches to Projects. This expanded role and capabilities require using Xray version 3.27 and above. 

Docker/Conan GetToken Request Improvements

Improved the response time of Docker / Conan getToken requests and reduced the number of DB calls.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI.  You can see the list of available connectors in the new HashiCorp Vault Connectors window. To learn more, see Vault.

Managing Multiple Signing Keys

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API. The JFrog Platform supports managing multiple pairs of GPG signing keys to sign packages for authentication of several package types such as Debian, Opkg, and RPM through the Keys Management UI and REST API. To learn more, see Managing Signing Keys

Generating an Identity Token through the Profile UI

The user profile now enables users to generate identity tokens. Any user can create a user identity token for themselves via the UI or via REST API. Identity tokens are scoped tokens, which means that they provide limited and focused permissions, making them more secure and, therefore, preferable to API keys. In addition, when a user is deleted/disabled, their tokens are also revoked. To learn more, see Identity Token.

Added Capability to Ignore Download Statistics 

The new skipUpdateStats parameter can now be added to Rest requests, allowing you to ignore statistics generated by 3rd party tools.

Resolved Issues

Artifactory 7.19

This section includes all of the Artifactory version 7.19.x releases.

Artifactory 7.19.12 ^{Cloud | Self-Hosted}

Released: 15 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.19.10 ^{Cloud | Self-Hosted}

Released: 29 June, 2021

Artifactory 7.19.9 ^{Cloud | Self-Hosted}

Released: June 17, 2021

Resolved Issue

Artifactory 7.19.8 ^{Cloud | Self-Hosted}

Released: 9 June, 2021

Resolved Issues

Artifactory 7.19.6 ^Cloud

Released: 25 May, 2021

Resolved Issue

Artifactory 7.19.4 ^{Cloud | Self-Hosted}

Released: May 24, 2021

Highlights

Extended Flagging Safe Repositories Support for Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages 

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories has been extended to support Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.

Feature Enhancement

Support for Controlling Signed URL Download Methods

You now have the option to set your signed URL redirects using one of these methods: S3, CloudFront, or using a direct download without a signed URL redirect. For more information, see Controlling Your Signed URL Downloads.

 Enhanced the S3 Configuration Template

To reduce the overhead on the Ceph backend, you can now modify the chunk size that was previously fixed at 5 MB by setting the multipartElementSize tag in the Amazon S3 Official SDK Template. If no tag is specified, the AWS client default of 5 MB will be applied.

UI for the JFrog Platform Vault Integration with HashiCorp Vault

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The JFrog Platform integration with HashiCorp Vault now enables you to configure an external vault connection to use as a centralized secret management tool not only through the APIs but also using the JFrog Platform UI. Using vault allows you to store JFrog Platform GPG keys, RSA keys, and Trusted keys used to sign packages and Release Bundles as secrets in HashiCorp Vault and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, see Vault.

UI for the JFrog Platform SCIM Integration 

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

JFrog Platform now enables you to generate a dedicated admin access token for SCIM in the JFrog Platform by going to Admin | Security | SCIM. The token generated can then be used in the identity service setup. To learn more, see SCIM.

Signing Keys Management 

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The JFrog Platform now features a centralized dashboard for creating and managing all signing keys. This feature enables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location, which makes it easier for you to manage signing keys throughout your organization. To learn more, see Security Keys Management.

Resolved Issues

Artifactory 7.18

This section includes all of the Artifactory version 7.18.x releases.

Artifactory 7.18.11 ^{Cloud | Self-Hosted}

Released: 15 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.18.9 ^{Cloud | Self-Hosted}

Released: 28 June, 2021

Resolved Issues

Artifactory 7.18.7^{Cloud | Self-Hosted}

Released: May 19, 2021

Resolved Issues

Artifactory 7.18.6 ^{Cloud | Self-Hosted}

Released: 6 May, 2021

Feature Enhancement

Added More Flexibility When Setting SSH Server Security

You can now control ciphers, MACs, signatures, and key exchange algorithms that are accepted by the Artifactory SSH server. For more information, see Artifactory Security.

Artifactory 7.18.5 ^{Cloud | Self-Hosted}

Released: 29 April, 2021

Highlights

JFrog Platform Ansible Installer

JFrog’s Ansible Collection includes several Ansible roles that allow you to install the latest JFrog Platform in many different configurations-from simple single server installations to redundant and highly available setups-this collection provides the flexibility for any architecture. To learn more, see Installing the JFrog Platform Using Ansible. 

Resolved Issues

Artifactory 7.18.3 ^{Cloud | Self-Hosted}

Released: 22 April, 2021

Highlights

Federated Repositories

^{CLOUD: Enterprise | Enterprise+  SELF-HOSTED: Enterprise | Enterprise+} 

The JFrog Platform enables you to create Federated repositories, which support mirroring repositories and artifacts with JFrog Platform users located on remote JFrog Deployments (JPDs) in a multisite environment. A Federation is a collection of repositories of Federated type in different JPDs that are automatically configured for full bi-directional replication. Once you have created a Federation, changes made to artifacts on one site will be automatically synchronized to the other federated sites using bi-directional mirroring. For more information, see Federated Repositories.

Feature Enhancements

PostgreSQL Version Support

JFrog products now support PostgreSQL version 13.0. To learn more, see System Requirements.

Improved Large Scale Release Bundle Distribution

Improved distributing Release Bundles at a large scale, resulting in three times faster performance, by implementing internal database optimization.

Extended Docker OCI Support

Extended the ability to serve OCI requests without relying on the accept header. For example, if you have a client named containers/someVersion, you can assume that all the containers will support OCI (if configured).

SCIM ID Management Support

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise | Enterprise+}

JFrog now supports managing both users and groups, and the association between them using the System for Cross-domain Identity Management (SCIM) protocol 2.0. Okta and Azure Active Directory (AD) have used to verify this capability. To learn more, see SCIM.

Resolved Issues

Artifactory 7.17

This section includes all of the Artifactory version 7.17.x releases.

Artifactory 7.17.14 ^{Cloud | Self-Hosted}

Released: 9 February, 2022

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.17.13 ^{Cloud | Self-Hosted}

Released: May 23, 2021

Resolved Issues

Artifactory 7.17.12 ^{Cloud | Self-Hosted}

Released: 29 April, 2021

Feature Enhancement

Access Federation REST APIs Now Public

Publicly released the Access Federation REST APIs and requires a valid admin-scoped token.

Artifactory 7.17.11 ^{Cloud | Self-Hosted}

Released: 20 April, 2021

Resolved Issue

Artifactory 7.17.9 ^{Cloud | Self-Hosted}

Released: 14 April, 2021

Resolved Issues

Artifactory 7.17.5 ^{Cloud | Self-Hosted}

Released: 4 April, 2021

Resolved Issues

Artifactory 7.17.4 ^{Cloud | Self-Hosted}

Released: 31 March, 2021

Highlights

Announcing Projects in the JFrog Platform

^{CLOUD: Enterprise | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. As such, using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. Projects simplifies the onboarding process for new users, creates better visibility for LOBs and project stakeholders. To learn more, see Projects.

Cloud-Native High Availability (HA) is Now Supported for Self-Hosted Artifactory Installations

From Artifactory 7.17.4, all nodes in the high availability cluster can perform tasks such as replication, garbage collection, backups, exporting, and importing, removing the need to set up a primary node in the cluster. Instead, every node in the cluster can serve any of the mentioned tasks and if any node goes down, the different nodes in the cluster will be able to perform these tasks instead. By default, when adding a new node (member) to the cluster, it will be able to perform cluster-wide tasks without user intervention. For more information, see Cloud-Native High Availability.

Cargo Packages Support 

Artifactory natively supports a Cargo Registry for the Rust language, giving you full control of your deployment and resolve process of Cargo packages. Cargo downloads your Rust package's dependencies, compiles your packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry. You can contribute to this book on GitHub. To learn more, see Cargo Package Registry.

SCIM ID Management Support

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

JFrog introduces initial support for the System for Cross-domain Identity Management (SCIM) protocol 2.0, to enable Enterprise and Enterprise+ customers to create, remove and disable user accounts from their choice of user management tool and automatically update the platform with these changes. Okta and Azure Active Directory (AD) have used to verify this capability. To learn more, see SCIM.

HashiCorp Vault Integration with the JFrog Platform

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The JFrog Platform integration with HashiCorp Vault enables you to configure an external vault connection to use as a centralized secret management tool. Using vault allows you to store JFrog Platform GPG keys, RSA keys, and Trusted keys used to sign packages and Release Bundles as secrets in HashiCorp Vault and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, see Vault.

PrivateLink for AWS Cloud

^{CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The MyJFrog Cloud Portal enables customers to establish a secure network connection from their cloud account into their JFrog Cloud instance-without going through a public Internet-by setting establishing a private connection. MyJFrog provides customers with step-by-step instructions on how to set up a PrivateLink connection, in which the source is the customer's own AWS Virtual Private Cloud (VPC) and the target is the JFrog PrivateLink. To learn more, see Setting up AWS PrivateLinks.

Live Logs

^{CLOUD: Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+}

The JFrog Platform now includes an integrated Live Logs plugin, which allows customers to get the JFrog product logs (Artifactory, Xray, Mission Control, Distribution, and Pipelines) using the JFrog CLI Plugin. To learn more, see https://github.com/jfrog/live-logs. 

Support for User-Provided Certificates for TLS

The Access router now supports using user-provided certificates for the TLS. When setting the TLS certificates and indicating to the Platform which TLS certificate to use, customers may now use provide their own signed certificate. For more information, see Using Access as a Certificate Authority.

Feature Enhancements  

AQL Search for Remote Repository 

Using AQL, you can now search within remote and virtual repositories. For more information, see Working with Remote Repositories.

Artifact Browser with More Filters and Advanced SetMeUp

Introducing new filters and improved SetMeUp capabilities in the Artifact Browser available to all new users and those upgrading from previous Artifactory versions. This new view and capabilities are now the default Artifact Browser view in the JFrog Platform.

Peer-to-Peer Consumption Monitoring

The JFrog Platform allows you to monitor your P2P downloads in a Self-Hosted environment within the UI. The page lists the Peers, their status, the number of files download, and the total consumption. For more information, see Monitoring Peer-to-Peer (P2P) Traffic Consumption.

Resolved Issues

Artifactory 7.16

This section includes all of the Artifactory version 7.16.x releases.

Artifactory 7.16.6 ^{Cloud | Self-Hosted}

Released: May 24, 2021

Resolved Issues

Artifactory 7.16.3 ^{Cloud | Self-Hosted}

Released: March 15, 2021

Highlights

Avoiding Security Risks by Flagging Safe Repositories

You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for for Local and Remote repositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for Docker, PyPI, RubyGems, and NPM packages but will be extended to all the package types in the upcoming releases.

P2P Functionality for JFrog SaaS Users

P2P peers can be configured to work opposite JFrog Artifactory and JFrog Artifactory Edge hosted by JFrog SaaS.

Enhancements

Database Locking Mechanism Improvements 

Improved the database locking mechanism for High Availability environments.

Resolved Issues

Artifactory 7.15

This section includes all of the Artifactory version 7.15.x releases.

Artifactory 7.15.5 ^{Cloud | Self-Hosted}

Released: May 24, 2021

Resolved Issues

Artifactory 7.15.4 ^{Cloud | Self-Hosted}

Released: March 4, 2021

Resolved Issues

Artifactory 7.15.3 ^{Cloud | Self-Hosted}

Released: 18 February 2021

Feature Enhancements

Improvements to RubyGems Indexing for Virtual Repositories

Added Bundler Compact index support for Virtual repositories, in addition to Local and Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

Enhanced Folder Download Functionality 

The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders. 

Group REST API Enhancements

From Artifactory 7.15.3, when running the Update Group, you can enforce using lower case characters in user names when associating users to groups, by setting the validate.lowercase.username.on.group.association to true. The default is set to false. When set to true, an error will be generated if an upper case character is used in the user name. 

Conan Package Improvements

User and channel attributes can be changed when copying and moving Conan artifacts and packages.

Additional Webhooks for Distribution

Added new events for Release Bundles on Edge Nodes, which enables you to trigger events when a Release Bundle was received on an Edge node, and when a Release Bundle deletion process has started, completed successfully, or failed. 

Quick Repository Setup

Admins can now use the Quick Setup to create repositories for selected package types in one go. With a couple of simple steps, admins can create local, remote, and virtual repositories for single or multiple package types.

Access Swagger Security Enhancement

The Access Swagger UI now requires admin token authentication.

Performance Improvements

The archive index is now set to false by default to prevent an overload on database resources.

Resolved Issues

Artifactory 7.12

This section includes all of the Artifactory version 7.12.x releases.

Artifactory 7.12.10 ^{Cloud | Self-Hosted}

Released: 16 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.12.9 ^{Cloud | Self-Hosted}

Released: May 24, 2021

Resolved Issues

Artifactory 7.12.8 ^{Cloud | Self-Hosted}

Released: 8 February, 2021

Resolved Issues

Artifactory 7.12.6 ^Self-Hosted

Released: 10 January, 2021

Resolved Issues

Artifactory 7.12.5 ^Self-Hosted

Released: 30 December, 2020

Feature Enhancements

Central P2P Peer Management in the JFrog Platform

You can now control all the P2P Peer settings centrally by storing the configurations in the JFrog Platform. All that is required is to add your settings to a YAML file and to update the settings using the REST API, directly in the UI, or through the bootstrap from the file system. The next time the Peers connect to the Tracker (Artifactory), they will be populated with the new settings. For more information, see the Central Peer Deployment and Management section in JFrog Peer-to-Peer (P2P) Downloads.

Docker Authentication for Self-Hosted Customers Only

In lieu of the latest rate limitations enforced by Docker, JFrog self-hosted customers are recommended to set up Docker Hub authentication for Remote Docker repositories. 

Amazon S3 Official Amazon SDK template is set to use HTTP 

As part of JFrog's security policy, HTTP is set by default when using the official S3 Official Amazon S3 Storage template. For more information, see Amazon S3 Official SDK Template.

Resolved Issues

Artifactory 7.12.3 ^Cloud

Released: 21 December 2020

Feature Enhancements

Advanced patterns supported for Docker Virtual Repositories

Extended Ignore/include patterns for Docker Virtual Repositories.

Resolved Issues

Artifactory 7.11

This section includes all of the Artifactory version 7.11.x releases.

Artifactory 7.11.8 ^{Cloud | Self-Hosted}

Released: 16 December, 2021

Resolved Issue

This patch resolves the issue caused by CVE-2021-3860. For more information, see the JFrog Security Advisories page.

Artifactory 7.11.7 ^{Cloud | Self-Hosted}

Released: May 24, 2021

Resolved Issues

Artifactory 7.11.5 ^{Cloud | Self-Hosted}

Released: 1 December, 2020

Resolved Issues

Artifactory 7.11.2 ^Self-Hosted

Released: 20 November, 2020

Resolved Issues

Artifactory 7.11.1 ^Cloud

Released: 17 November, 2020

Highlights

Helm V3 Support

Artifactory now supports Helm 3 clients, enabling you to deploy and resolve Helm Charts using Helm V2 and V3 clients.

OCI Support

Artifactory is now OCI compliant and supports OCI clients, providing you with the ability to deploy and resolve OCI images in Docker Registries. 

Live System Logs

You can now view or download essential Platform system log files for each of JFrog's services; Artifactory, Xray, Mission Control, and Pipelines. For more information, see Viewing Log Files from the UI.

Feature Enhancements

Improvements to RubyGems Indexing for Local Repositories

Added Bundler Compact index support for Local repositories, in addition to the Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.

To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

PostgreSQL Database Improvements

Introduced the following improvements:

• PostgreSQL database indexing improvements
• Indexing on bundle_files for delete operations

Resolved Issues

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 7.10

This section includes all of the Artifactory version 7.10.x releases.

Artifactory 7.10.6 ^{Cloud | Self-Hosted}

Released: 8 November, 2020

Feature Enhancements

Removed the hardcoded -Dartifactory.metadata.native.ui=true flag the from the startup script as it was already set as true by default.

Resolved Issues

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 7.10.5 ^{Cloud | Self-Hosted}

Released: 2 November, 2020

Feature Enhancements

Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits

Docker Registry functionality is now optimized in JFrog Artifactory to accommodate the latest Rate Limit changes announced by Docker. We have changed the default Retrieval Cache Period to six hours and optimized the GET requests to Docker Hub by introducing HEAD requests and optimizing the usage of GET calls. To assist our Docker users, you will be will now receive a Platform level warning for every unauthenticated Docker remote repository pointing to Docker Hub. In addition, the Remote Docker Authentication section has been moved to the Remote Docker Repositories Basic Tab.

Hardened the User Login Messages 

User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts. 

Resolved Issues

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 7.10.2 ^Self-Hosted

Released: 15 October 2020

Highlights

New JFrog Platform Onboarding Experience 

In Artifactory 7.10.2, we have introduced a new self-hosted Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform. 

Feature Enhancements

Improvements to RubyGems Indexing for Remote Repositories

Added Bundler Compact index support for Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.

To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

Importing Release Bundle Enhancements for Air Gap

The Air Gap feature has been extended to support importing Release Bundle from an /import folder on the server machine in addition to importing files from the local drive of the user.

API Open Metrics Enhancements

Added more metrics related to JVM, DB connections, and remote HTTP connections in Artifactory. For more information, see Open Metrics.

Resolved Issues

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 7.10.1 ^Cloud

Released: 11 October 2020

Highlights

New JFrog Platform Onboarding Experience 

In Artifactory 7.10.1, we have introduced a new Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform. 

Feature Enhancements

Artifactory Supports AWS Secrets for DB Connections

You can now use the AWS SecretsManager alias in the Artifactory system.yaml allowing Artifactory to automatically retrieve the secret associated with the alias connection. 

Verify Audience Restriction Applied for SAML SSO

As part of JFrog's security enforcement, an additional verification step has been set up opposite the SAML server to validate SAML SSO authentication requests. The verifyAudienceRestriction attribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured. For more information, see SAML SSO Configuration.

Improved Maven Plugin Metadata Calculation

Maven plugin metadata is now calculated for every deploy or delete actions.

Resolved Issues

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 7.9

This section includes all of the Artifactory version 7.9.x releases.

Artifactory 7.9.2 ^{Cloud | Self-Hosted}

Released: 20 October, 2020

Resolved Issues

1. Fixed an issue occurring in Artifactory version 7.9, whereby when installing or upgrading a JFrog Artifactory HA environment, the HA nodes sometimes failed to start due to a bad hex format for the join key. 
2. Fixed an issue, whereby missing dependencies caused RPM installs to fail on certain operating systems.

Artifactory 7.9.1 ^Self-Hosted

Released: 5 October 2020

Feature Enhancement

Simplified JFrog Self-Hosted Trial Installer Experience

From JFrog Artifactory 7.9.1 and JFrog Xray 3.9.1, the Self-Hosted Trial installation experience has undergone major improvements to support the easy installation of Artifactory and the option of installing Artifactory together with Xray. The new installers are not intended for Production but remove the need to manually establish connectivity between Artifactory and Xray.

Artifactory 7.9.0 ^{Cloud | Self-Hosted}

Released: 29 September, 2020

Highlights

Peer-to-Peer (P2P) Download 

The new Peer-to-Peer (P2P) Download feature allows hosts to download artifacts from local, remote, and virtual repositories through a local network of peers in addition to downloading artifacts from JFrog Artifactory. 

Downloading files using P2P provides the following benefits: 

• Handles bursts of downloads from Artifactory.
• Improves the download speed and decreases bandwidth consumption.
• Promotes the scalability and availability of your artifact downloads while providing a highly secure environment.

P2P download is supported in the JFrog Platform in a self-hosted environment and requires a JFrog Enterprise+ subscription. For more information, see JFrog Peer-to-Peer (P2P) Downloads.

GraphQL API for the JFrog Platform Metadata

JFrog's Metadata Service public APIs are now enabled allowing you to query the entities from the metadata server with GraphQL. For more information, see GraphQL.

Log Analytics

JFrog now offers tools that enable a real-time view of the platform’s operation through various analytics and visualization tools. For more information, see Log Analytics.

Feature Enhancements

Changes in Artifactory to Facilitate the New Docker Rate Limit

Following the latest Docker announcement regarding changes to the Docker Rate Limits, Artifactory 7.9 includes several internal improvements to support the usage of remote repositories opposite Docker Hub while taking into account the new rate limits. In order to use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in your Advanced Remote Docker Repositories.

Docker Remote Repository Improvements 

Docker Schema 2 is now fetched from the remote registry if no header was sent. This improves the Docker experience when the metadata expires.

Docker Pull Performance Improvements

Greatly improved the performance of Docker pull requests by digest and by tag. From 7.9, Artifactory will use more efficient queries and better utilize the internal caching when serving Docker pull requests.

Viewing and Tracking Non-Revocable Access Tokens

You can view and track non-revocable Access Token in the UI. You can now filter the token view based on the token's revocability and not just its expiry. The behavior for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and the revocable-expiry-threshold parameter.

Improved the Monitoring JFrog Microservices Status Page in the UI

The Service Statuses page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines. 

Improved Artifactory Installation and Setup Using Oracle Database

When using an external Oracle DB as the Artifactory database, you no longer need to manually install and set up Liabio as it is now bundled into the Artifactory installer.

Database Performance Improvements in HA Environments

Reduced Database lock contention and Database loads in High Availability (HA) environments.

S3 Storage Direct Upload Mechanism

From Artifactory 7.9, you have the option to select the Direct Upload Mechanism which serves as an alternative to the existing default Eventual Upload mechanism, whereby the upload is not considered successful until it reaches the S3 storage. 

Upgraded AWS SDK Bundled with Artifactory

Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v. 1.11.496 includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.

Hazelcast is Deprecated

The write-locking method and UI session sharing between the JFrog Platform cluster nodes using Hazelcast is no longer supported. For more information, see the Support Blog.

Resolved Issues

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 7.8

This section includes all of the Artifactory version 7.8.x releases.

Artifactory 7.8.1 ^Cloud

Released: 16 September 2020

Highlights

GraphQL API for the JFrog Platform Metadata

JFrog's Metadata Service public APIs are now enabled and allows you to query the entities from the metadata server with GraphQL. To learn more see, GraphQL.

Feature Enhancements

Docker Pull Performance Improvements

Greatly improved the performance of Docker Pull requests by digest and by tag. From 7.8.1, Artifactory will use more efficient queries and better utilize the internal caching mechanism when serving Docker Pull requests.

Viewing and Tracking Non-Revokable Access Tokens

You can view and track non-revokable Access Token in the UI. 

You can now filter the token view based on the token's revocability and not just its expiry. the behaviour for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and the revocable-expiry-threshold parameter.

Improved the Monitoring JFrog Microservices Status Page in the UI

The Service Status page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines. 

Improved Database Performance in HA Environments

Reduced DB lock contention and DB load in HA setups.

Upgraded AWS SDK bundled with Artifactory

Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v. 1.11.496 includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.

Disable Basic Authentication Method

When using an external authentication method such as LDAP, SAML, etc, the basic authentication method can be disabled for internal users, as described in Disable Basic Authentication Method.

Resolved Issues

Artifactory 7.7

This section includes all of the Artifactory version 7.7.x releases.

Artifactory 7.7.8 ^{Cloud | Self-Hosted}

Released: 14 September, 2020

Resolved Issue

Artifactory 7.7.6 ^Cloud

Released: September 4, 2020

Feature Enhancements

Performance Enhancements

Implemented a set of internal improvements that will have a direct impact on the overall user Cloud experience. 

Artifactory 7.7.3 ^{Cloud | Self-Hosted}

Released: 13th August, 2020

Resolved Issues