Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Overview

This page presents release notes for JFrog Artifactory describing the main fixes and enhancements made to each version as it is released. For a complete list of changes in each version, please refer to the JIRA Release Notes linked at the end of the details for each release.

If you need release notes for earlier versions of Artifactory, please refer to the Release Notes in the Artifactory 6.x User Guide.

Before You Get Started!

Be sure to read the Artifactory 7.0 Release Notes carefully before installing or upgrading any version of Artifactory 7.X version to learn about the new features and functionality Introduced in the JFrog Platform.

Download 

Click to download the latest Artifactory version.

Installer Name Change!

From Artifactory 7.0, the installer naming convention has been changed to include the installer type.
The following table lists the official installer names.

Installer TypeInstaller Syntax
Linux archivejfrog-artifactory-<pro|oss|cpp-ce|jcr>-<version>-linux.tar.gz
Composejfrog-artifactory-<pro|oss|cpp-ce|jcr>-<version>-compose.tar.gz
RPM/Debianjfrog-artifactory-<pro|oss|cpp-ce|jcr>-<version>.<rpm|deb>
Windows archivejfrog-artifactory-<pro|oss|cpp-ce|jcr>-<version>-windows.zip

Previous Versions

Previous versions of JFrog Artifactory are available for download in the Previous Releases page.

Installation and Upgrade

For installation instructions please refer to Installing Artifactory.

To upgrade to this release from your current installation, please refer to Upgrading Artifactory.

Known Issues

For a list of known issues in the different versions of Artifactory, please refer to Known Issues.

Embedded OpenJDK Version

Artifactory uses the OpenJDK embedded with the binary package.

The following table lists the Artifactory versions and the corresponding OpenJDK version.

Artifactory VersionOpenJDK Version
7.25.5-7.25.611.0.11
7.15.0-7.25.411.0.10
7.11.0-7.13.911.0.8
7.6.0-7.10.611.0.7
7.4.0-7.5.511.0.6
7.0.0-7.3.211.0.2

Artifactory 7.25

This section includes all of the Artifactory version 7.25.x releases.

Artifactory 7.25.4

Artifactory 7.25.4 is Available as a Cloud Version

Artifactory 7.25.4 is available as a Cloud version. The JFrog Artifactory 7.25.4 is aligned with the Artifactory 7.25.5 Self-Hosted version.

Released: 30 August, 2021

Feature Enhancements

Build Info Supports Aggregated Builds

Aggregated builds are builds that contain multiple steps and can run on multiple machines. Aggregated Build are now represented by Build Info using the new 'type' parameter under the module section in the UI. 

URL Normalization is Now Prevented for Remote Repositories

Remote repositories are now enabled with the new disableUrlNormalization parameter to prevent URL normalization from occurring. This field is s configurable by changing the default setting disableUrlNormalization from false to true. For more information, see the Remote Repository JSON.

Resolved Issues

Jira Issue

Description

RTFACT-18754Fixed an issue whereby, Debian packages only displayed the Checksum and File path but not the metadata information.

RTFACT-26173

Fixed an issue whereby, artifacts with usernames containing more than 64 characters were not uploaded to the JFrog Platform.

RTFACT-26186Fixing an issue whereby, deploying CocoaPod artifacts failed due to non-JSON Podspec files not supporting double quotes in the source URL.

Fixed an issue whereby, converting local Maven repositories to Federated repositories generated an error message.


Fixed an issue whereby, LDAP user profiles could not be edited if both LDAP and Crowd were enabled.


Fixed an issue whereby, Federated Repository full synchronization failed and generated a 503 error message.

Fixed an issue related to Maven Federated Repositories whereby, mirroring did not complete due to an infinite loop.

Artifactory 7.25.5

Released: 2 September, 2021

Artifactory 7.25.5 is Available as a Self-hosted Version

Artifactory 7.25.5 is the Self-hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.25.4 as part of our Cloud-first initiative.

Breaking Change

Artifactory 7.25.5 onwards, includes OpenJDK 11.0.11 or higher. OpenJDK has stopped the out-of-the-box support for TLS 1.0 and 1.1 from version 11.0.11 since these versions of TLS are no longer considered secure. If your database version supports only TLS 1.0 and 1.1, Artifactory fails to start when you upgrade to Artifactory 7.25.5 or higher.

We recommend that you upgrade to a database version that supports TLS 1.2 or later. If you are unable to upgrade the database, you must enable TLS 1.0 and 1.1 in the JDK. For more information, refer to Enabling TLS 1.0 and 1.1.

Feature Enhancements

Artifactory Helm Chart Installation Setup Improvements 

Single and cluster license types are both supported in a single artifactory.cluster.license file, thereby removing the need to support two separate licenses files. Running two license files is still supported for backward compatibility purposes.

Artifactory Docker Container Image Uses the Redhat UBI Micro Base Image

In an effort to provide a more secure Artifactory image, Artifactory now uses the Redhat UBI Micro base image. Some of the tools that were available in the Artifactory image are not available in this more secure image.

Resolved Issues

Jira Issue

Description

RTFACT-26250

Fixed an issue whereby, HTTP SSO was not functioning after upgrading Artifactory versions starting from version 7.23.3 to version 7.24.4.

Artifactory 7.25.6

Released: 5th September 2021

Resolved Issues

Jira Issue

Description


Fixed an issue whereby, users could not log in to the UI after upgrading to Artifactory version 7.25.4.

Artifactory 7.25.7

Released: 10 September, 2021

Resolved Issues

Jira Issue

Description

RTFACT-26329Fixed an issue whereby, Artifactory version 7.25.6 failed to start due to a circular reference of the systemRepoFactory.

Artifactory 7.24

This section includes all of the Artifactory version 7.24.x releases.

Artifactory 7.24.1

Artifactory 7.24.1 is Available as a Cloud Version

Artifactory 7.24.3 is the On-Premises version of the official Cloud version of Artifactory 7.24.1.

Released: 8 August, 2021

Highlights

PHP Composer Repository Highlights

PHP Composer V2 Support

Artifactory supports PHP Composer V2 in addition to V1. From Artifactory 7.24, Local PHP repositories will automatically be created in V2 that supports faster download times and enhanced performance.
The PHP Metadata V2 index support for local repositories, and complies with the following rules:

  • Your existing Composer repositories will remain unchanged and Composer v1 will be set as the default.
  • From this Artifactory version and above, all newly created Composer repositories will be set with Composer version 2. The option to set V1 indexing is disabled by default.

The V1 indexing can be enabled or disabled in the local repository configuration and requires full reindexing after applying changes. For more information, see PHP Composer Local Repositories.

Drupal 7 and 8 Registry Support

You can now upload Drupal version 7 and 8 packages to remote repositories. For more information, see Setting Remote Repositories to Work Opposite Drupal 7 and 8 Packages.

Feature Enhancements

Added Namespace Support for Helm Virtual Repositories 

You can now assign namespaces to local and remote repositories in Helm virtual repositories allowing you to explicitly state which aggregated repository to fetch. In the past, when attempting to fetch a chart from a virtual Helm repository, the first chart that randomly matched the name, was fetched. For more information, see Kubernetes Helm Chart Repositories.

Migration Performance Improvements

Introduced performance improvements when migrating from Artifactory 6.x to Artifactory 7.x.

Resolved Issues

Jira Issue

Description

Fixed an issue whereby, Push replication failed when artifacts containing the semicolon (;) character was included in the file name.

RTFACT-19119

Fixed an issue whereby Pull replications failed if the source contained a colon character in the artifact path.

Fixed an issue whereby, .ddeb package types were not indexed in Debian repositories.

RTFACT-23931

Fixed an issue whereby, a 404 message was generated by Artifactory when the tarball location on NPM remote registries did not comply with the standard.

RTFACT-26063

Fixed an issue whereby, a 401 Unauthorized error was generated when resolving the Charts using Helm v3.6.1 


Fixed an issue whereby, for non-SemVer versions, the NuGet v3 search worked only if the ?prerelease=true was set to true.

Artifactory 7.24.3

Artifactory 7.24.3 is Available as a Cloud and On-Premises Version

The Artifactory 7.24.3 release is available as an On-Premises and Cloud version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.24.1 as part of our Cloud-first initiative.

Released: 11 August 2021

Resolved Issues

Jira Issue

Description


Fixed an issue whereby, copying a Docker Container to a repository was not copied to the correct path.


Fixed an issue whereby, user names could not be configured with spaces.

Artifactory 7.24.4 

Released: 19 August 2021

Artifactory 7.24.4 is Available as a Cloud Version

Artifactory 7.24.4 is available as a Cloud version, and the Self-hosted version will be available shortly. 

Resolved Issue

  1. Fixed an issue whereby after distributing Docker images using Release Bundles, the Docker pull was failing. 

Artifactory 7.24.6

Released: 5th September 2021 

Artifactory 7.24.6 is Available as a Self-Hosted Version

Artifactory 7.24.6 is available as a Self-Hosted version only. 

Resolved Issues

Jira Issue

Description

RTFACT-26250

Fixed an issue whereby, HTTP SSO was not functioning after upgrading Artifactory version 7.23.3 to version 7.24.3.

Artifactory 7.23

This section includes all of the Artifactory version 7.23.x releases.

Artifactory 7.23.3

Released: 4 August, 2021

Feature Enhancements

Preliminary Release of the JFConnect Service

A new JFConnect service is now added to Artifactory but is disabled for now. JFConnect will act as the JPD (JFrog Deployment) entitlements service, enabling dynamic entitlement allocation for the connected products, based on account/subscription changes in JFrog’s main Entitlements Server (myJFrog).

Note that this service uses port 8030 (HTTP listener) and 8035 (gRPC listener) but does not require enabling them.

Builds Info REST API Displays the VCS Parameter

The VCS property is now displayed in BuildInfo REST API response.

Resolved Issues

Jira Issue

Description

Fixed an issue whereby, when starting the Artifactory upgrade process, the security.<timetstamp>.xml file was synced between nodes causing the upgrade to hold.

RTFACT-26144

Fixed an issue whereby, NuGet V3 packages with an invalid projectUrl URL broke the indexing in local and virtual NuGet repositories.

Fixed an issue whereby, the user profile could not be updated when the password started with a colon.

RTFACT-23455

Fixed an issue whereby, NPM remote caching prevented packages that were previously downloaded incorrectly, from being pulled correctly at a later stage.

Fixed an issue whereby, Helm did not support adding the term artifactory to the context path of the base URL.

Expanded the SCIM functionality to allow changing the email of a Platform user in Microsoft Azure.


Fixed an issue whereby, a corrupted helm local repository created an index.yaml that corrupted the virtual repository index.yaml file.


Fixed an issue whereby, the JSP extension was included in the Mime Type mapping.


Fixed an issue whereby, a 500 error was generated, when fetching RubyGem non-standard platform files (for example, an x86_64-linux-musl file) from remote repositories and incorrect indexing after uploading the files to local repositories.


The Username is now displayed in the UserLockInMemoryServiceImpl logs allowing you to detect problematic users.

Fixed an issue whereby, the offline services were not shown in the list in the JFrog Deployments page in the UI.

Fixed an issue whereby, under certain circumstances, the SAML login auto-redirect was not functioning. 


Fixed an issue whereby, the YUM XML serializer accepted characters that were not supported by YUM.


Fixed an issue whereby, NuGet virtual repositories did not support Include and Exclude patterns when uploading files.


Fixed an issue whereby, the custom AWS S3 endpoint was not supported for Pro subscriptions.

Fixed an issue whereby, .import files were saved in the DB mechanism during the upgrade process causing the upgrade process to fail.



Artifactory 7.23.4 

Released: 19 August 2021

Artifactory 7.23.4 is Available as a Could Version

Artifactory 7.23.4 is Available as a Could version, and On-Premises will be available shortly. 

Resolved Issue

  1. Fixed an issue whereby after distributing Docker images using Release Bundles, the Docker pull was failing. 

Artifactory 7.23.5

Released: 25 August, 2021

Artifactory 7.23.5 is Available as a Cloud Version

Artifactory 7.23.5 is available as a Cloud version only. 

Resolved Issues

Jira Issue

Description


Fixed an issue related to Maven Federated repositories whereby, mirroring did not complete due to an infinite loop.


Fixed an issue whereby, Federated repository full synchronization failed and generated a 503 error message.

Fixed an issue whereby, a Federated repository running on a binary provider with sharding experienced broken deployments.

Fixed an issue whereby, converting local Maven repositories to Federated repositories generated an 202 error message.


Artifactory 7.23.7

Released: 5 September, 2021 

Resolved Issues

Jira Issue

Description

RTFACT-26250

Fixed an issue whereby, HTTP SSO was not functioning after upgrading Artifactory version 7.23.3 to version 7.23.5.



Artifactory 7.21

This section includes all of the Artifactory version 7.21.x releases.

Artifactory 7.21.3

Released: 1 July, 2021

Tomcat Future Breaking Change: Action Required

Towards the end of 2021, JFrog is planning to upgrade the Tomcat version that is bundled with Artifactory from version 8.5 to 9.0.48, in preparation for the upcoming end-of-life of Tomcat version 8.5. From Tomcat version 9.0.48, the Reason-Phrase feature will no longer be supported by this Tomcat version or retrievable as part of the automation responses. More information can be found here.

To help you evaluate the impact of this change in advance, and to gain a better understanding of this update's impact on your CI/CD flows, especially if your CI/CD flows rely on responses with Reason-Phrase (versus responses with numeric IDs only)we have released Artifactory 7.21 with Tomcat 8.5 with sendReasonPhrase set to 'false' in the Artifactory System YAML.

If this change is affecting your flows, you can reset the value to 'true'; however, you will need to make the necessary adjustments to your automation so that they work properly without the need to consume the Reason-Phrase. This will mitigate any effect in the future when new versions of Tomcat 9 are released.

Bintray Premium Offering Sunset Announcement

As of July 4th, 2021, JFrog Bintray Premium will no longer be supported and will be replaced with a set of advanced JFrog Cloud hosting solutions that are based on Artifactory's enhanced capabilities, which include a set of dedicated features for managing, controlling, and distributing your software packages. To learn more about migrating to JFrog's Advanced Cloud hosting solutions, see the JFrog Bintray Migration Guide.

Feature Enhancements

Docker Enhancements

As part of our ongoing effort to provide the best Docker-related experience, we have introduced the following enhancements:

  • Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.
  • Added Docker Buildx support, allowing you to easily build and push multi-architecture images using the Docker buildx CLI. For more information, see Pushing Multi-Architecture Docker Images to Artifactory.
  • Added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.
Announcing a New Outbound Repository Request Log

Announcing the release of the new Outbound Remote Repository Request log, which allows you to track every request initiated by a remote repository including requests related to replication. For more information, see Logging.

Extended the Priority Resolution feature to Support Puppet Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for Puppet packages.

Improved Metadata Request Performance for Remote Repositories 

You can now configure the Metadata Retrieval Cache Timeout (Sec) parameter in the Remote Repository Cache Settings to control the Metadata timeout performance. If the timeout is reached, the local cached artifact is served and the previous metadata is returned to the client.

Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu. Authenticated users will not need to re-authenticate to access the native browser.

Expanded Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality

The new Security Manager role enables a user to perform security-related project actions such as Manage Xray Data, Manage Reports, Manage Watches and Policies, and Ignore Global Violations. This version also introduces additional functionalities for Xray in Projects, such as generating Global Xray Reports for a Project scope and applying Global Watches to Projects. This expanded role and capabilities require using Xray version 3.27 and above. 

Docker/Conan GetToken Request Improvements

Improved the response time of Docker / Conan getToken requests and reduced the number of DB calls.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI.  You can see the list of available connectors in the new HashiCorp Vault Connectors window. To learn more, see Vault

Managing Multiple Signing Keys
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST APIThe JFrog Platform supports managing multiple pairs of GPG signing keys to sign packages for authentication of several package types such as Debian, Opkg, and RPM through the Keys Management UI and REST API. To learn more, see Managing Signing Keys

Generating an Identity Token through the Profile UI

The user profile now enables users to generate identity tokens. Any user can create a user identity token for themselves via the UI or via REST API. Identity tokens are scoped tokens, which means that they provide limited and focused permissions, making them more secure and, therefore, preferable to API keys. In addition, when a user is deleted/disabled, their tokens are also revoked. To learn more, see Identity Token.

Added Capability to Ignore Download Statistics 

The new skipUpdateStats parameter can now be added to Rest requests, allowing you to ignore statistics generated by 3rd party tools.

Resolved Issues

Jira Issue

Description

RTFACT-25623

Fixed an issue whereby, running the Docker Promote API failed to promote images using a multiplatform image or against images that included a list.manifest.json under its tag. 

RTFACT-26006

Fixed an issue whereby, Helm Charts containing artifact hub complex annotations disrupted working with Artifactory Helm repositories.

RTFACT-25995

Fixed an issue whereby, uploading artifacts using the REST API in Artifactory version 7.19.4 tagged the URL to the files in the JSON response as 'slf' as opposed to 'URL' in earlier Artifactory versions.

RTFACT-25902

Fixed an issue whereby, deploying to Debian local repositories caused the InRelease file to be unreachable when fetched from the Debian virtual repository.

Fixed an issue whereby, running Docker Pulls from Docker Hub failed due to case-sensitivity HTTP header handling.

RTFACT-25936

Fixed an issue whereby, running virtual Helm repository indexing returned a partialindex.yaml to users with no read permissions for one of the repositories under the virtual repository.

RTFACT-15802Fixed an issue whereby, the time in the UI was displayed incorrectly for certain timezones. 
Fixed an issue whereby, archiving and browsing of executable spring boot JAR/WAR files was permitted.

RTFACT-25212

Fixed an issue whereby, performance issues were encountered for RubyGems virtual repositories with the Bundler compact index. 

RTFACT-23012

Fixed an issue whereby, emails sent by Artifactory 7.x Mail Server integration contained legacy URLs causing incorrect redirects.

Fixed an issue whereby, uploading an artifact using the REST API generated errors when null values were retrieved.


Fixed an issue whereby, users that were deleted and then re-created in the same cache period, received a 401 error.


Fixed an issue whereby, Artifactory HA nodes were out of sync.


Fixed an issue whereby, all the requests via a virtual repository were stuck when one of the Docker remote repositories was marked with token authentication that was not supported.


Fixed an issue whereby, pushing images using Docker buildx failed and returned an unexpected 400 status.


Fixed an issue whereby, accessing a repository native browser, triggered a pop-up that constantly requested a username and password even after accessing with a valid user.


Fixed an issue whereby, after upgrading from Artifactory 7.12.6 to 7.16.3, the Direct Cloud Storage Download configuration was removed.


Fixed an issue whereby, the RepoPathFactory.create function did not work correctly with Artifactory user plugins.


Fixed an issue whereby, build promotion failed for Artifactory.



Fixed an issue whereby, RPM consumed part of the metadata by adding a missing condition, causing a number of entries to be filtered out incorrectly.



Artifactory 7.21.5

Released: July 9th, 2021

Resolved Issues

Jira Issue

Description


Fixed an issue, whereby the 'Admin Password Reset' did not function on Artifactory SaaS instances.


Fixed an issue, whereby upgrading to Artifactory version 7.21.3 was not supported for Windows.


Fixed an issue, whereby deploying Helm Charts with long Description section in the Chart.yaml caused indexing issues with virtual and local repositories.

Fixed an issue, whereby upgrading from Artifactory version 6.23.X to version Artifactory 7.21.X failed.


Fixed an issue whereby, under certain circumstances, Artifactory failed to restart and displayed the following error in the logs:  Duplicate key TopologyStorageServiceImpl.EndpointKey.

Artifactory 7.21.7

Released: 14 July, 2021

Resolved Issue

Jira Issue

Description

RTFACT-26136

Fixed an issue whereby, a 500 error message was generated when trying to open a virtual repository in the Artifact Tree Browser.


Artifactory 7.21.8 

Released: 19 July, 2021

Resolved Issue

Jira Issue

Description


Fixed an issue whereby, users could not import LDAP groups in the UI.


Artifactory 7.21.12

Released: 28 July, 2021

Resolved Issues

Jira Issue

Description

RTFACT-26160

Fixed an issue whereby, navigating to the native artifacts browser was not working properly when anonymous access is enabled.

RTFACT-26090


Fixed an issue whereby, the Federated Repository full sync and binaries download were using the default proxy instead of the Federated Repository proxy. 

Additionally, the Federated Repository internal services were not modified if the proxy settings were modified.


Fixed an issue whereby, the Federated repository temporary files were not deleted, causing the disk to run out of space.



Fixed an issue whereby, when recreating a Federated Repository that was deleted, artifacts were deleted from the Federated Repositories remote members.


Artifactory 7.21.13 

Released: 22 August, 2021

Resolved Issues

Jira Issue

Description


Fixed an issue whereby, Federated Repository full synchronization failed and generated a 503 error message.

Fixed an issue where, a Federated repository running on a binary provider using sharding experienced broken deployments.


Fixed an issue whereby, clicking the login link did not direct users to the configured SAML login URL.

Fixed UI-related issues whereby, the Release Bundle tab was not visible in the Xray Indexes Resources page and  in the Security & Compliance | Reports page in the JFrog Platform UI.

Artifactory 7.19


This section includes all of the Artifactory version 7.19.x releases.

Artifactory 7.19.4 

Released: May 24, 2021

Highlights

Extended Flagging Safe Repositories Support for Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages 

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories has been extended to support Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.

Feature Enhancement

Support for Controlling Signed URL Download Methods

You now have the option to set your signed URL redirects using one of these methods: S3, CloudFront, or using a direct download without a signed URL redirect. For more information, see Controlling Your Signed URL Downloads.

 Enhanced the S3 Configuration Template

To reduce the overhead on the Ceph backend, you can now modify the chunk size that was previously fixed at 5 MB by setting the multipartElementSize tag in the Amazon S3 Official SDK Template. If no tag is specified, the AWS client default of 5 MB will be applied.

UI for the JFrog Platform Vault Integration with HashiCorp Vault
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform integration with HashiCorp Vault now enables you to configure an external vault connection to use as a centralized secret management tool not only through the APIs but also using the JFrog Platform UI. Using vault allows you to store JFrog Platform GPG keys, RSA keys, and Trusted keys used to sign packages and Release Bundles as secrets in HashiCorp Vault and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, see Vault.

UI for the JFrog Platform SCIM Integration 
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

JFrog Platform now enables you to generate a dedicated admin access token for SCIM in the JFrog Platform by going to Admin | Security | SCIM. The token generated can then be used in the identity service setup. To learn more, see SCIM.

Signing Keys Management 
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform now features a centralized dashboard for creating and managing all signing keys. This feature enables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location, which makes it easier for you to manage signing keys throughout your organization. To learn more, see Security Keys Management.

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.
RTFACT-25683Fixed an issue whereby, Installing from a v3 remote repository triggered an NPE if the downloadRemoteRegistrationSpecificVersion failed even if the requested package exists in the other aggregated repositories. 

Fixed an issue whereby, Artifactory could not resolve signed Helm Charts from Artifactory version 7.10 and above. 

RTFACT-24627

Fixed an issue whereby, downloading Helm Charts from Smart Remote repository routed to the remote URL instead of routing through Artifactory.

Fixed an issue whereby, upgrading JFrog Artifactory version 6.x to 7.x, caused the Metadata Migration process to fail if there was an artifact with a multi-value property and its total number of characters extended 4000 characters.

RTFACT-25065

Fix an issue whereby, GitLFS with SSH authentication did not function in Artifactory 7.x when using a base URL of the Platform root (i.e. without /artifactory).

RTFACT-23590Fixed an issue whereby, an offline remote repository failed to serve requests from the cache if the metadata retrieval value was set to zero. 
Fixed an issue whereby, Artifactory cached corrupted Docker layers in remote Docker repositories. 

Fixed an issue whereby, the latest JFrog Helm charts using the Kubernetes startupProbe failed to launch on Kubernetes clusters. Applies to Charts running Kubernetes versions lower than 1.18, if the feature was not enabled.

Artifactory 7.19.6

Released: 25 May, 2021

Artifactory 7.19.6 is Available as a Cloud Version

Artifactory 7.19.6 is Available as a Cloud Version. 

Resolved Issue

Jira Issue

Description


Fixed an issue regarding an internal licensing issue.


Artifactory 7.19.8

Released: 9 June, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25895

Fixed an issue, whereby attempting to upgrade Artifactory with MSSQL database from version 6.x to 7.x failed with database conversion-related errors.

RTFACT-25995

Fixed an issue, whereby an alternate response structure was returned for uploaded files. This failed TeamCity Artifactory plugin uploads since version 7.19.4.`


Artifactory 7.19.9

Released: June 17, 2021

MySQL Database Users

Users using MySQL database with Artifactory, should refrain from upgrading to this version, and upgrade directly to Artifactory version 7.19.10.

Resolved Issue

Jira Issue

Description

RTFACT-26029

Fixed an issue whereby, in some cases, when upgrading Artifactory with MySQL, the nodes_repo_path_checksum index was missing.


Artifactory 7.19.10

Upgrading from JFrog Artifactory 6.23.21

To upgrade to Artifactory 7.x from version 6.23.21, you will need to upgrade to Artifactory 7.21.3, or to a higher version.

Released: 29 June, 2021

Jira Issue

Description


Fixed an issue whereby, under certain circumstances, MySQL database performance was impacted.

Artifactory 7.18

This section includes all of the Artifactory version 7.18.x releases.

Artifactory 7.18.3

Released: 22 April, 2021

Highlights

Federated Repositories
CLOUD: Enterprise | Enterprise+  SELF-HOSTED: Enterprise | Enterprise+ 

The JFrog Platform enables you to create Federated repositories, which support mirroring repositories and artifacts with JFrog Platform users located on remote JFrog Deployments (JPDs) in a multisite environment. A Federation is a collection of repositories of Federated type in different JPDs that are automatically configured for full bi-directional replication. Once you have created a Federation, changes made to artifacts on one site will be automatically synchronized to the other federated sites using bi-directional mirroring. For more information, see Federated Repositories.

Feature Enhancements

PostgreSQL Version Support

JFrog products now support PostgreSQL version 13.0. To learn more, see System Requirements.

Improved Large Scale Release Bundle Distribution

Improved distributing Release Bundles at a large scale, resulting in three times faster performance, by implementing internal database optimization.

Extended Docker OCI Support

Extended the ability to serve OCI requests without relying on the accept header. For example, if you have a client named containers/someVersion, you can assume that all the containers will support OCI (if configured).

SCIM ID Management Support
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise | Enterprise+

JFrog now supports managing both users and groups, and the association between them using the System for Cross-domain Identity Management (SCIM) protocol 2.0. Okta and Azure Active Directory (AD) have used to verify this capability. To learn more, see SCIM.

Resolved Issues

Jira Issue

Description

RTFACT-25288Fixed an issue, whereby a memory leak was occurring in io.opentracing.util.ThreadLocalScope

Fixed an issue, whereby requests with duplicate semantics (based on type and path) were sent to the MDS. 

RTFACT-25553

Fixed the Release Bundle Domain field to display "Artifactory Release Bundle" in the Webhooks Events list in the UI for Edge and Source Artifactory instances. 


Artifactory 7.18.5

Released: 29 April, 2021

Highlights

JFrog Platform Ansible Installer

JFrog’s Ansible Collection includes several Ansible roles that allow you to install the latest JFrog Platform in many different configurations-from simple single server installations to redundant and highly available setups-this collection provides the flexibility for any architecture. To learn more, see Installing the JFrog Platform Using Ansible

Resolved Issues

Jira Issue

Description

RTFACT-25697Fixed an issue, whereby Federated members could not be added to a Federation when trying to find the repositories via JFrog Mission Control. 
RTFACT-25145Fixed an issue, whereby Artifactory returned a URL to the CDN for S3 redirects with CloudFront. As an enhancement, a header was added to manually control signed URL redirects.

Fixed an issue, whereby artifact properties were not displayed in the Artifact browser details.



Artifactory 7.18.6

Released: 6 May, 2021

Feature Enhancement

Added More Flexibility When Setting SSH Server Security

You can now control ciphers, MACs, signatures, and key exchange algorithms that are accepted by the Artifactory SSH server. For more information, see Artifactory Security.


Artifactory 7.18.7

Released: May 19, 2021

MySQL Database Users

Users using MySQL database with Artifactory, should refrain from upgrading to this version, and upgrade directly to Artifactory version 7.18.9.

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.

Artifactory 7.18.9

Released: 28 June, 2021

Resolved Issues

Jira Issues

Description


Fixed an issue whereby, under certain circumstances, writing to the Config Descriptor failed in an HA environment.


Fixed an issue whereby, under certain circumstances, MySQL database performance was impacted.


Artifactory 7.17

This section includes all of the Artifactory version 7.17.x releases.

Artifactory 7.17.4

Released: 31 March, 2021

Highlights

Announcing Projects in the JFrog Platform
CLOUD: Enterprise | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. As such, using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. Projects simplifies the onboarding process for new users, creates better visibility for LOBs and project stakeholders. To learn more, see Projects.

Cloud-Native High Availability (HA) is Now Supported for Self-Hosted Artifactory Installations

From Artifactory 7.17.4, all nodes in the high availability cluster can perform tasks such as replication, garbage collection, backups, exporting, and importing, removing the need to set up a primary node in the cluster. Instead, every node in the cluster can serve any of the mentioned tasks and if any node goes down, the different nodes in the cluster will be able to perform these tasks instead. By default, when adding a new node (member) to the cluster, it will be able to perform cluster-wide tasks without user intervention. For more information, see Cloud-Native High Availability.

Cargo Packages Support 

Artifactory natively supports a Cargo Registry for the Rust language, giving you full control of your deployment and resolve process of Cargo packages. Cargo downloads your Rust package's dependencies, compiles your packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry. You can contribute to this book on GitHub. To learn more, see Cargo Registry.

SCIM ID Management Support
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

JFrog introduces initial support for the System for Cross-domain Identity Management (SCIM) protocol 2.0, to enable Enterprise and Enterprise+ customers to create, remove and disable user accounts from their choice of user management tool and automatically update the platform with these changes. Okta and Azure Active Directory (AD) have used to verify this capability. To learn more, see SCIM.

HashiCorp Vault Integration with the JFrog Platform
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform integration with HashiCorp Vault enables you to configure an external vault connection to use as a centralized secret management tool. Using vault allows you to store JFrog Platform GPG keys, RSA keys, and Trusted keys used to sign packages and Release Bundles as secrets in HashiCorp Vault and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, see Vault.

PrivateLink for AWS Cloud
CLOUD: Enterprise with Security Pack | Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The MyJFrog Cloud Portal enables customers to establish a secure network connection from their cloud account into their JFrog Cloud instance-without going through a public Internet-by setting establishing a private connection. MyJFrog provides customers with step-by-step instructions on how to set up a PrivateLink connection, in which the source is the customer's own AWS Virtual Private Cloud (VPC) and the target is the JFrog PrivateLink. To learn more, see Setting up AWS PrivateLinks.

Live Logs
CLOUD: Enterprise+  SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform now includes an integrated Live Logs plugin, which allows customers to get the JFrog product logs (Artifactory, Xray, Mission Control, Distribution, and Pipelines) using the JFrog CLI Plugin. To learn more, see https://github.com/jfrog/live-logs

Support for User-Provided Certificates for TLS

The Access router now supports using user-provided certificates for the TLS. When setting the TLS certificates and indicating to the Platform which TLS certificate to use, customers may now use provide their own signed certificate. For more information, see Using Access as a Certificate Authority.

Feature Enhancements  

AQL Search for Remote Repository 

Using AQL, you can now search within remote and virtual repositories. For more information, see Working with Remote Repositories

Artifact Browser with More Filters and Advanced SetMeUp

Introducing new filters and improved SetMeUp capabilities in the Artifact Browser available to all new users and those upgrading from previous Artifactory versions. This new view and capabilities are now the default Artifact Browser view in the JFrog Platform.

Peer-to-Peer Consumption Monitoring

The JFrog Platform allows you to monitor your P2P downloads in a Self-Hosted environment within the UI. The page lists the Peers, their status, the number of files download, and the total consumption. For more information, see Monitoring Peer-to-Peer (P2P) Traffic Consumption.

Resolved Issues

Jira IssueDescription
RTFACT-19598Fixed issue, whereby npm could not deserialize tokens of an unpublished repository. 
RTFACT-24106Fixed an issue whereby,  the 'Docker uploads folder cleanup' job was triggered every 1000 days instead of a single day. To fix this, a new parameter artifactory.docker.cleanup.uploadsTmpFolderJobSecs has been introduced to replace the artifactory.docker.cleanup.uploadsTmpFolderJobMillis
RTFACT-24307Fixed an issue whereby, trying to run two plugins simultaneously (using Cron), resulted in only one of the plugins running. 
RTFACT-20896

Fixed an issue whereby, special characters in Nuget V3 packages were not supported.

RTFACT-23649Fixed an issue when trying to use event-based pull replication, whereby a remote repository pointed to a local repository using HTTPS, caused a read timeout and the remote cache was not updated.
RTFACT-17058Fixed an issue, whereby OAuth secrets containing special characters, caused authentication to fail.
RTFACT-10141Fixed an issue whereby, sending a username containing upper case characters from LDAP, using an API key, caused the response to fail, even if an API key was generated for the username. 
RTFACT-23950

Fixed an issue whereby, Smart repositories did not support artifacts containing the plus ('+') symbol in the URL. 

RTFACT-24889Fixed an issue whereby, browsing virtual repositories containing '_cache' at the end of the name generated a 500 error. 
Security-related Items


Fixed an issue, whereby in certain circumstances, logs displayed private text.


Fixed an issue, whereby a potential XXE was detected in p2 XML inputs.

Artifactory 7.17.5

Released: 4 April, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25433

Fixed an issue, whereby upgrading to Artifactory 7.17.4, failed under certain circumstances, if a public GPG key was installed without a private key.


Artifactory 7.17.9

Released: 14 April, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25582Fixed an issue by adding a new Config Descriptor Converter to fix an invalid state for repositories and key pairs.                    
RTFACT-25483Fixed an issue regarding remote repository concurrent mappings. 

Artifactory 7.17.11 

Released: 20 April, 2021

Resolved Issue

Jira Issue

Description

RTFACT-25601

Fixed an issue, whereby upgrading JFrog Artifactory to version 7.17.x may have failed due to database issues. 


Artifactory 7.17.12 

Released: 29 April, 2021

Feature Enhancement

Access Federation REST APIs Now Public

Publicly released the Access Federation REST APIs and requires a valid admin-scoped token.


Artifactory 7.17.13

Released: May 23, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.



Artifactory 7.16

This section includes all of the Artifactory version 7.16.x releases.

Artifactory 7.16.3

Released: March 15, 2021

Highlights

Avoiding Security Risks by Flagging Safe Repositories

You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for for Local and Remote repositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for Docker, PyPI, RubyGems, and NPM packages but will be extended to all the package types in the upcoming releases.

P2P Functionality for JFrog SaaS Users

P2P peers can be configured to work opposite JFrog Artifactory and JFrog Artifactory Edge hosted by JFrog SaaS.

Enhancements

Database Locking Mechanism Improvements 

Improved the database locking mechanism for High Availability environments.

Resolved Issues

Jira IssueDescription
RTFACT-25211Fixed issue whereby, missing dependencies prevented Artifactory to start with the JetS3t binary provider.
RTFACT-24694Fixed an issue whereby, Docker v1 images could not be pulled by digest.
RTFACT-22667Fixed an issue, whereby a 500 error was displayed in the UI when uploading or moving a file to a folder containing the same same.
RTFACT-24791Fixed an issue whereby, the resolution order in Docker virtual repositories was not functioning correctly.
RTFACT-24852Fixed an issue whereby, the Replicator processed Maven artifacts as generic artifacts, which failed the JAR replication.
RTFACT-15577Fixed an issue whereby, Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry. 
RTFACT-24115Fixed an issue whereby downloading logs from the Artifactory UI displayed the file name as null. 
Fixed an issue whereby, the Docker Catalog API used incorrect permissions and include/exclude path filtering. 
RTFACT-24944Fixed an issue whereby, Artifactory did not support Docker labels containing spaces.
RTFACT-20132

Fixed an issue whereby, PyPI packages were not indexed if there was an emoji in the metadata. 

RTFACT-23838Fixed a performance issue whereby, in high-scale environments, repository Cache rebuild was taking too long. 
RTFACT-23706Fixed an issue whereby, promoting a Docker V2 image in the same repository, without a re-tag, deleted the image. 
RTFACT-21074

Fixing an issue related to virtual NPM repo indexing by removing shadow requests to 3rd party. 

RTFACT-22958Fixed an issue whereby, Artifactory generated the RPM primary.xml with a file time that was not aligned with the RPM. spec. It was generated with milliseconds, unlike the build time. 
Fixed an issue, Artifactory generated a 500 error message when resolving Nuget V.3 packages. The fix now parses NuGet packages without dependency version range as "any version". 
RTFACT-20798Fixed an issue, whereby the Update Group REST API only supported adding users and not updating users.
RTFACT-23209Fixed an issue, whereby a blind SSRF was found in the /ui/api/v1/ui/ldap/test/<name> - 953900

Artifactory 7.16.6

Released: May 24, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.

Artifactory 7.15

This section includes all of the Artifactory version 7.15.x releases.

Artifactory 7.15.3

Released: 18 February 2021

Feature Enhancements

Improvements to RubyGems Indexing for Virtual Repositories

Added Bundler Compact index support for Virtual repositories, in addition to Local and Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

Enhanced Folder Download Functionality 

The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders. 

Group REST API Enhancements

From Artifactory 7.15.3, when running the Update Group, you can enforce using lower case characters in user names when associating users to groups, by setting the validate.lowercase.username.on.group.association to true. The default is set to false. When set to true, an error will be generated if an upper case character is used in the user name. 

Conan Package Improvements

User and channel attributes can be changed when copying and moving Conan artifacts and packages.

Additional Webhooks for Distribution

Added new events for Release Bundles on Edge Nodes, which enables you to trigger events when a Release Bundle was received on an Edge node, and when a Release Bundle deletion process has started, completed successfully, or failed. 

Quick Repository Setup

Admins can now use the Quick Setup to create repositories for selected package types in one go. With a couple of simple steps, admins can create local, remote, and virtual repositories for single or multiple package types.

Access Swagger Security Enhancement

The Access Swagger UI now requires admin token authentication.

Performance Improvements

The archive index is now set to false by default to prevent an overload on database resources.

Resolved Issues

Jira IssueDescription
RTFACT-24596Fixed an issue, whereby Support Bundles collected .gz log files that were not included in the time range. 
RTFACT-24305Fixed an issue, whereby Docker labels containing special characters that were not supported by Artifactory are now supported and automatically replaced with the hyphen ('-') symbol.
RTFACT-24246Fixed an issue whereby, the optionalIndexCompressionFormats parameter was not included in the payload json of the Debian Virtual Repository using REST API.
RTFACT-24162Fixed an issue, whereby Artifactory did not start if the serverUrl in the Atlassian Crowd setting had timed out. 
RTFACT-24063

Fixed an issue, whereby running the List Docker Repositories REST API against a Docker remote repository continued to try and fetch the list even after an exception was generated. 

RTFACT-23912Fixed an issue, whereby running a docker push, returned a 400 error when trying to overwrite an image tag without having delete or overwrite permissions instead of generating a 403 error. 
RTFACT-23855Fixed an issue, whereby the inRelease metadata in virtual repositories was not available when metadata calculations were triggered.
RTFACT-22155Fixed an issue, whereby, under certain circumstances, when deploying an RPM package the primary.xml.gz file did not contain the 'pre' attribute. 
RTFACT-22019Fixed an issue, whereby Helm repositories could not be proxied when running on an Azure Container Registry. 
Fixed an issue, whereby running the Deploy Artifact by Checksum REST command did not validate permissions correctly when performing an overwrite. 
RTFACT-18464Fixed an issue, whereby resolving Helm Charts through local repositories was not supported. 
RTFACT-13517

Fixed an issue, whereby the CocoaPods dependency resolution mechanism failed opposite Remote repositories.

RTFACT-24335

Fixed an issue, whereby the SumoLogic dashboard URL could not be accessed, due to invalid credentials, after the initial token expired. 

RTFACT-24220

Fixed an issue, whereby the Async converter only converted the first Artifactory upgrade when multiple Artifactory instances were connected to a single PostgreSQL database with multiple schemas.

RTFACT-19596

Fixed an issue, whereby the logs generated during the NuGet metadata calculation process, displayed the timestamp in milliseconds, instead of the period of time it took to calculate the metadata.

RTFACT-22341

Fixed an issue, whereby pinging an npm repository returned an error response.

RTFACT-21840

Fixed an issue, whereby a 500 response was generated, for a session timeout for a CROWD user, instead of a session timeout event. 

Security-Related Resolved Issues

Fixed an issue, whereby sensitive information was exposed when running a REST API command.


Fixed an issue, whereby running a UI-related REST API call containing certain characters caused Artifactory performance issues. 

Fixed a security issue related to the System Import and Export feature. 

Artifactory 7.15.4

Released: March 4, 2021

Resolved Issues

Jira IssueDescription
Fixed an issue whereby, SHA256 was hashed in the PyPI Repository metadata. 
N/A

Fixed an issue, whereby the Window service installation of Artifactory version 7.15.3 failed.

N/A

Fixed an issue, whereby under certain circumstances, running the Deploy Artifacts from Archive REST API failed when containing files with Chinese characters.


Artifactory 7.15.5

Released: May 24, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.

Artifactory 7.12

This section includes all of the Artifactory version 7.12.x releases.

Artifactory 7.12.3

Released: 21 December 2020

Artifactory 7.12.3 is Available as a Cloud Version

Artifactory 7.12.3 is Available as a Cloud Version. The JFrog Artifactory 7.12.3 is aligned with the Artifactory 7.12.5 Self-Hosted version.

Feature Enhancements

Advanced patterns supported for Docker Virtual Repositories

Extended Ignore/include patterns for Docker Virtual Repositories.

Resolved Issues

Jira Issue

Description

RTFACT-22689

Fixed an issue to improve the Docker Catalog V2 API performance.

Fixed an issue, whereby under certain circumstances, when multiple LDAP settings were configured, Artifactory did not search and displayed authentication failures. 

RTFACT-19741Fix an issue to enable the Browse Native API to return a permission challenge message.
RTFACT-17320Fixed an issue, whereby the number of errors populating in the error log file were reduced together with Improving the error logs messaging for Database locking.
RTFACT-21121Fixed an issue,  whereby Artifactory Rest API Automatically Supports Spaces in URLs. As part of the Artifactory REST API, A space in the User, Group, and permission names is automatically represented and converted to the Plus symbol ('+'). From 7.12.4, This is the default behavior and is achieved with the new security.api.plus.insteadof.space property which is set by default to true. To use the Plus ("+") symbol and cancel this conversion, set the security.api.plus.insteadof.space parameter to false. 

RTFACT-22447

Fixed an issue, whereby Artifactory only displayed the deltas in the logs for the Docker cache. After the fix, the full statistics are displayed in the logs.

RTFACT-21570

Fixed an issue, whereby unnecessary requests were made to the LDAP server when performing authentication using an API Key.

RTFACT-20147

Fixed an issue, whereby deleting multiple Release Bundles when using a Derby DB sometimes failed and generated a Database deadlock.  

RTFACT-18128

Fixed an issue, whereby recalculating the index for Helm repositories did not delete the corrupted entries.


Fixed an issue, whereby the console.log was disabled for Docker and Docker Compose installs by default to prevent performance issues. To enable the console.log, set the shared.logging.consoleLog.enabled to true
Security Related Issues
RTFACT-20379

Blocked direct requests with basic authentication to the required URL when SAML SSO is configured.


Artifactory 7.12.5

Released: 30 December, 2020

Artifactory 7.12.5 is Available as a Self-Hosted Version

The Artifactory 7.12.5 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in 7.12.3 as part of our Cloud-first initiative.

Upgrading Artifactory 6.23.7 to 7.x

Upgrading from Artifactory 6.23.7 to 7.12.5 is not supported. Please upgrade to Artifactory 7.12.6 or above.

Feature Enhancements

Central P2P Peer Management in the JFrog Platform

You can now control all the P2P Peer settings centrally by storing the configurations in the JFrog Platform. All that is required is to add your settings to a YAML file and to update the settings using the REST API, directly in the UI, or through the bootstrap from the file system. The next time the Peers connect to the Tracker (Artifactory), they will be populated with the new settings. For more information, see the Central Peer Deployment and Management section in Peer-To-Peer Downloads.

Docker Authentication for Self-Hosted Customers Only

In lieu of the latest rate limitations enforced by Docker, JFrog self-hosted customers are recommended to set up Docker Hub authentication for Remote Docker repositories. 

Amazon S3 Official Amazon SDK template is set to use HTTP 

As part of JFrog's security policy, HTTP is set by default when using the official S3 Official Amazon S3 Storage template. For more information, see Amazon S3 Official SDK Template.

Resolved Issues

Jira Issue

Description

RTFACT-20076

Fixed an issue, whereby the s3-storage-v3 endpoint could not connect to a bucket with a custom port. This issue was resolved by adding a new parameter port to the s3-storage-v3 binary config template. 

RTFACT-24225

Fixed an issue, whereby downloading an NPM package containing an emoji could not be parsed by MySQL database using UTF-8 encoding.

RTFACT-23974

Fixed an issue, whereby running the Create or Replace Group REST API command returned a success 200 message when an error was generated. 

RTFACT-23514

Fixed an issue, whereby Docker Virtual repositories including Smart and regular remote repositories containing the resolveDockerTagsByTimestamp setting did not resolve artifacts as expected. 

RTFACT-23485

Fixed an issue, whereby an Archive entry download included an entry path in the filename instead of just the filename. 

Fixed an issue, whereby the last ‘N-1’ number of overridden images in a Docker Registry were stored based on their digest SHA and not according to their tags.

RTFACT-22897

Fixed an issue, whereby Docker login and Conan user requests were caching the user without triggering the Realm plugins.

RTFACT-20188Fixed an issue, whereby SumoLogic custom URLs were not supported for existing user accounts. 
Security Issues

Fixed an issue, whereby sensitive information was passed in the request URL. 


Artifactory 7.12.6

Released: 10 January, 2021

Artifactory 7.12.6 a Self-Hosted Version

Artifactory 7.12.6 is available as a Self-Hosted version Only.

Resolved Issues

JIRA NumberDescription
RTFACT-24549

Fixed an issue, whereby upgrading from Artifactory 6.23.7 to 7.12.5 failed.

RTFACT-24423

Fixed an issue, whereby Helm reindexing only re-indexed the last 100 entries.


Artifactory 7.12.8

Released: 8 February, 2021

Resolved Issues

JIRA Issue

Description

RTFACT-24826

Fixed an issue whereby, within an HA environment, upgrading Artifactory 7.11.5 to 7.12.5 caused Artifactory to crash.

RTFACT-24738Fixed an issue whereby, under certain circumstances, common UI calls generated numerous request calls to the Access sever.

Artifactory 7.12.9

Released: May 24, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.

Artifactory 7.11

This section includes all of the Artifactory version 7.11.x releases.

Artifactory 7.11.1

Released: 17 November, 2020

Artifactory 7.11.1 is Available as a Cloud Version

The JFrog Artifactory 7.11.1 release is available as a Cloud version and is aligned with the Artifactory 7.11.2 Self-Hosted version.

Highlights

Helm V3 Support

Artifactory now supports Helm 3 clients, enabling you to deploy and resolve Helm Charts using Helm V2 and V3 clients.

OCI Support

Artifactory is now OCI compliant and supports OCI clients, providing you with the ability to deploy and resolve OCI images in Docker Registries. 

Live System Logs

You can now view or download essential Platform system log files for each of JFrog's services; Artifactory, Xray, Mission Control, and Pipelines. For more information, see Viewing Log Files from the UI.

Feature Enhancements

Improvements to RubyGems Indexing for Local Repositories

Added Bundler Compact index support for Local repositories, in addition to the Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.

To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

PostgreSQL Database Improvements

Introduced the following improvements:

  • PostgreSQL database indexing improvements
  • Indexing on bundle_files for delete operations

Resolved Issues

Jira IssueDescription

Fixed an issue, whereby under certain circumstances, running Event-based Pull Replication on many files may have caused Artifactory to crash. 

Fixed an issue, whereby searching for Nuget packages using the Tag or PackageId did not work outside of Nuget.Org.

Fixed an issue, whereby you could not run a single node to process *-delete files of the eventual _queue folder on each node of an HA cluster when the cluster-s3 template is used for the binarystore.xml.

RTFACT-19479

Fixed an issue, whereby multiple delete events were processed on multiple nodes that led to multiple delete requests for the same resource storing on the Cloud instance. After the fix, only single node processes delete requests. 

RTFACT-22366

Fixed an issue, whereby Artifactory returned the PyPi yanked release as the latest version.

RTFACT-17273

Fixed an issue, whereby pulling and pushing the same Docker image simultaneously, returned an “unknown blob” error. 

RTFACT-18471

Fixed an issue, whereby empty virtual repositories were not listed when running the Get Repositories REST API. 

Fixed an issue, whereby running the POST /ui/userProfile REST command will no longer require a password for performing CROWD actions.

RTFACT-20610

Fixed an issue, whereby deleting a Debian repository after copying the contents to a different Debian repository displayed N/A repository/package type in the Storage Summary log.

RTFACT-23318

Fixed an issue, whereby in an HA environment, system export did not export repositories when running on members.

RTFACT-15797

Fixed an issue, whereby users could not name the NPM local repository as npm

RTFACT-23665

Fixed an issue, whereby a Docker remote repository did not trigger the beforeRemoteDownload plugin execution point.

RTFACT-23307

Fixed an issue, whereby the apt-get client failed when the Debian repository was configured with CDN.

Fixed an issue, whereby Artifactory was losing track of the cacheFS data size on the disk, after an upgrade and a restart. Once Artifactory lost track of the cacheFS size, it reset the amount of space used to zero bytes. 

RTFACT-23816

Fixed an issue, whereby a DataSource memory leak occurred when using MySQL. 

Fixed an issue, whereby we now provide release fields content for Debian repositories.

RTFACT-23651

Fixed an issue, whereby the Label attribute in a Debian Release file was set to the repository name instead of the hardcoded Artifactory

RTFACT-23275

Fixed an issue, whereby the performance of the distributed_locks table in PostgreSQL was improved.


Fixed an issue, whereby Access Federation issues were arising between servers of different versions, where the source version was higher than the target version.


Fixed a join.key bootstrapping issue, whereby the system would not accept the user-provided join.key if an existing join.key was already registered.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.11.2

Released: 20 November, 2020

Artifactory 7.11.2 is Available as a Self-Hosted Version

The Artifactory 7.11.2 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.11.1 as part of our Cloud-first initiative.

Resolved Issues

Jira IssueDescription


Fixed an issue, whereby the Replication arcs between JPDs were not shown on the Topology maps in the Dashboard.


Fixed an issue, whereby Replications were not displayed in the Replication monitoring section and were displayed as failed in the Topology page.


Artifactory 7.11.5

Released: 1 December, 2020

Resolved Issues

Jira Issue

Description

Fixed an issue, whereby the Metrics logger did not work after upgrading Artifactory. 


Fixed an issue, whereby Filebeat failed to start intermittently after restarting Artifactory. 

Artifactory 7.11.7

Released: May 24, 2021

Resolved Issues

Jira Issue

Description

RTFACT-25912 Fixed an issue whereby, Docker pull commands failed due to a new HTTP implementation used by Docker Hub, affecting the response headers.

Artifactory 7.10

Upgrading from JFrog Artifactory 7.x to 7.10 or above

When upgrading from any version prior to 7.10, to any version from 7.10 and above, the upgrade process executes an internal DB schema migration which may result in a short downtime.

Artifactory 7.10.1

Released: 11 October 2020

JFrog Artifactory 7.10.1 is Available as a Cloud Version

The JFrog Artifactory 7.10.1 release is available as a Cloud version and is aligned with the Artifactory 7.10.2 Self-Hosted version.


Highlights

New JFrog Platform Onboarding Experience 

In Artifactory 7.10.1, we have introduced a new Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform. 

This new Onboarding experience will be rolled out to all users over the next couple of weeks.

Feature Enhancements

Artifactory Supports AWS Secrets for DB Connections

You can now use the AWS SecretsManager alias in the Artifactory system.yaml allowing Artifactory to automatically retrieve the secret associated with the alias connection. 

Verify Audience Restriction Applied for SAML SSO

As part of JFrog's security enforcement, an additional verification step has been set up opposite the SAML server to validate SAML SSO authentication requests. The verifyAudienceRestriction attribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured. For more information, see SAML SSO Configuration.

Improved Maven Plugin Metadata Calculation

Maven plugin metadata is now calculated for every deploy or delete actions.

Resolved Issues

Jira IssueDescription
RTFACT-15577Fixed an issue, whereby Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry. 
RTFACT-20334Fixed an issue, whereby Artifactory indexed Helm Charts with an invalid version number or appVersion number but the Helm repository containing these charts could not be added to the helm client’s repository.

RTFACT-19010

Fixed an issue, whereby value updates (add/remove) to Property sets were not reflected in files and directories in the repositories.
RTFACT-17512

Fixed an issue whereby, Artifactory did not proxy Nexus PyPi repositories.

RTFACT-20036Fixed an issue whereby, the Prune process was consuming a lot of memory when handling a large files list. 
RTFACT-20143

Fixed an issue, whereby in a number of cases the CRAN package metadata displayed in the UI was not consistent with the CRAN package info.

RTFACT-23136

Fixed an issue whereby, checksum mismatch errors and 404 errors occurred when resolving nested Go modules in Artifactory from a virtual repository that included remote pointers to Github. 
Fixed an issue, whereby the Artifactory CacheLoader returned a null error following LDAP authentication. 
RTFACT-19109Fixed an issue, whereby Conda metadata calculation failed due to a Race condition.
Fixed an issue, whereby JFrog Xray unable to connect to Artifactory when the Password policy was set in the access.config file. 
RTFACT-14226Fixed an issue, whereby the TimestampSnapshotComparator compare method that compared two different snapshotVersion sections according to timestamps was not compatible with maven-metadata.xml artifacts that contained a base-revision with more than one element.

Fixed an issue, whereby in certain instances, Azure guest users were unable to log in to Artifactory. 

RTFACT-20226Fixed an issue, whereby users without the required permissions could deploy the same package to their Local Cran repository.
RTFACT-19094Fixed an issue, whereby, under certain circumstances, the Helm remote repository URLs were not added correctly to the Artifactory virtual repository index.yaml file.
RTFACT-22323Fixed an issue, whereby Exclude patterns were not applied on Remote Repositories when REST API commands when triggering REST API commands. 
Security-Related Resolved Issues


Artifactory now will check the AudienceRestriction or SubjectConfirmationData Recipient values in every SAML response. For more information, see Verify Audience Restriction Applied for SAML SSO.


Hardened the logging process between Artifactory and the Docker Client.


Vulnerable security values are no longer supported when running the Create User command via the REST API. 


Vulnerable security values are no longer supported for permission targets. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.10.2

Released: 15 October 2020

JFrog Artifactory 7.10.2 is Available as a Self-Hosted Version

The JFrog Artifactory 7.10.2 release is available as a Self-Hosted version and is aligned with the 7.10.1 Cloud Release.

Highlights

New JFrog Platform Onboarding Experience 

In Artifactory 7.10.2, we have introduced a new self-hosted Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform. 

Feature Enhancements

Improvements to RubyGems Indexing for Remote Repositories

Added Bundler Compact index support for Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.

To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

Importing Release Bundle Enhancements for Air Gap

The Air Gap feature has been extended to support importing Release Bundle from an /import folder on the server machine in addition to importing files from the local drive of the user.

API Open Metrics Enhancements

Added more metrics related to JVM, DB connections, and remote HTTP connections in Artifactory. For more information, see Open Metrics.

Resolved Issues

Jira IssueDescription

Fixed an issue, whereby in some circumstances Artifactory HA additional node failed to start due to incorrect encryption values.
RTFACT-14607Fixed an issue, whereby Test connection failed for Smart Docker remote repositories.
RTFACT-20660Improved performance of your artifacts search through the /ui/artifactbuilds that previously caused an extreme overload.

Fixed an issue, whereby Event-based pull replication did not trigger when properties were added to a folder. 

For this fix to take effect, both the source and target Artifactory instances need to run either on Artifactory version 7.10.2 and higher or on Artifactory version 6.23.0 and higher. Otherwise, the fix will not take effect and the folder properties will not be replicated.

RTFACT-22683

Fixed an issue, whereby Docker push was failing when trying to use the configuration generated from the HTTP settings page (Repository path) in Artifactory 6.20.0.

RTFACT-19247Fixed an issue, whereby Smart remote capabilities were broken when the target Artifactory was running without the /artifactory context. 
Fixed an issue, whereby Artifactory generated an InRelease file with the wrong line endings in Windows.
RTFACT-23103Fixed an issue, whereby Admin users could get user API Keys using the REST API. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.10.5

Released: 2 November, 2020

Feature Enhancements

Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits

Docker Registry functionality is now optimized in JFrog Artifactory to accommodate the latest Rate Limit changes announced by Docker. We have changed the default Retrieval Cache Period to six hours and optimized the GET requests to Docker Hub by introducing HEAD requests and optimizing the usage of GET calls. To assist our Docker users, you will be will now receive a Platform level warning for every unauthenticated Docker remote repository pointing to Docker Hub. In addition, the Remote Docker Authentication section has been moved to the Remote Docker Repositories Basic Tab.

Hardened the User Login Messages 

User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts. 

Resolved Issues

Jira IssueDescription
RTFACT-23563Fixed an issue, whereby Conan repositories were not supported in the Free Tier subscription.
RTFACT-20334  

Fixed an issue, whereby Artifactory indexed Helm Charts with an invalid version number or appVersion number but the Helm repository containing these charts could not be added to the Helm client’s repository.

Fixed an issue, whereby under certain circumstances, running Docker Pull requests by digest returned an incorrect manifest file due to wrong caching.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.10.6

Released: 8 November, 2020

Feature Enhancements

Removed the hardcoded -Dartifactory.metadata.native.ui=true flag the from the startup script as it was already set as true by default.

Resolved Issues

Jira Issue

Description

Fixed an issue, whereby the Metadata Service and Artifactory, under certain circumstances, experienced high resource utilization caused due to a limited number of files processed per a single Metadata Service version entity, and a limited number of the supported repository layouts for the version file collection query. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.9

Released: 29 September, 2020

Highlights

Peer-to-Peer (P2P) Download 

The new Peer-to-Peer (P2P) Download feature allows hosts to download artifacts from local, remote, and virtual repositories through a local network of peers in addition to downloading artifacts from JFrog Artifactory. 

Downloading files using P2P provides the following benefits: 

  • Handles bursts of downloads from Artifactory.
  • Improves the download speed and decreases bandwidth consumption.
  • Promotes the scalability and availability of your artifact downloads while providing a highly secure environment.

P2P download is supported in the JFrog Platform in a self-hosted environment and requires a JFrog Enterprise+ subscription. For more information, see JFrog Peer-to-Peer (P2P) Downloads.  

GraphQL API for the JFrog Platform Metadata

JFrog's Metadata Service public APIs are now enabled allowing you to query the entities from the metadata server with GraphQL. For more information, see GraphQL.

Log Analytics

JFrog now offers tools that enable a real-time view of the platform’s operation through various analytics and visualization tools. For more information, see Log Analytics.

Feature Enhancements

Changes in Artifactory to Facilitate the New Docker Rate Limit

Following the latest Docker announcement regarding changes to the Docker Rate Limits, Artifactory 7.9 includes several internal improvements to support the usage of remote repositories opposite Docker Hub while taking into account the new rate limits. In order to use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in your Advanced Remote Docker Repositories.

Docker Remote Repository Improvements 

Docker Schema 2 is now fetched from the remote registry if no header was sent. This improves the Docker experience when the metadata expires.

Docker Pull Performance Improvements

Greatly improved the performance of Docker pull requests by digest and by tag. From 7.9, Artifactory will use more efficient queries and better utilize the internal caching when serving Docker pull requests.

Viewing and Tracking Non-Revokable Access Tokens

You can view and track non-revokable Access Token in the UI. You can now filter the token view based on the token's revocability and not just its expiry. The behavior for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and the revocable-expiry-threshold parameter.

Improved the Monitoring JFrog Microservices Status Page in the UI

The Service Statuses page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines. 

Improved Artifactory Installation and Setup Using Oracle Database

When using an external Oracle DB as the Artifactory database, you no longer need to manually install and set up Liabio as it is now bundled into the Artifactory installer.

Database Performance Improvements in HA Environments

Reduced Database lock contention and Database loads in High Availability (HA) environments.

S3 Storage Direct Upload Mechanism

From Artifactory 7.9, you have the option to select the Direct Upload Mechanism which serves as an alternative to the existing default Eventual Upload mechanism, whereby the upload is not considered successful until it reaches the S3 storage. 

Upgraded AWS SDK Bundled with Artifactory

Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v. 1.11.496 includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.

Hazelcast is Deprecated

The write-locking method and UI session sharing between the JFrog Platform cluster nodes using Hazelcast is no longer supported. For more information, see the Support Blog.

Resolved Issues

Jira IssueDescription

Fixed an issue whereby, binding users in Artifactory using Google OAuth did not function correctly. 

RTFACT-21955Fixed an issue whereby, Helm and Go users failed to create virtual repositories on Artifactory Edge nodes due to the inability to point to remote repositories on the Edge node.
RTFACT-22023Fixed an issue whereby, Support Bundles did not include logs. 
RTFACT-7460Fixed an issue whereby, the _temp folder for Debian and RPM repositories was replicated when performing Push replication if event-based replication was enabled.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.9.1

Released: 5 October 2020

Artifactory 7.9.1 is a Self-Hosted Version

The JFrog Artifactory 7.9.1 release is only available as a Self-Hosted version.

Feature Enhancement

Simplified JFrog Self-Hosted Trial Installer Experience

From JFrog Artifactory 7.9.1 and JFrog Xray 3.9.1, the Self-Hosted Trial installation experience has undergone major improvements to support the easy installation of Artifactory and the option of installing Artifactory together with Xray. The new installers are not intended for Production but remove the need to manually establish connectivity between Artifactory and Xray.


Artifactory 7.9.2

Released: 20 October, 2020

Resolved Issues

  1. Fixed an issue occurring in Artifactory version 7.9, whereby when installing or upgrading a JFrog Artifactory HA environment, the HA nodes sometimes failed to start due to a bad hex format for the join key. 
  2. Fixed an issue, whereby missing dependencies caused RPM installs to fail on certain operating systems.

Artifactory 7.8


Artifactory 7.8.1

Released: 16 September 2020

Artifactory 7.8.1 is Available as a Cloud Version

The JFrog Artifactory 7.8.1 release is available as a Cloud version and will be available for on-premise shortly.

Supported Docker Strategies for JFrog Cloud Users

From Artifactory 7.8.1, the subdomain resolution method for resolving Docker repositories will not be supported for new Cloud users. This deprecation does not apply to existing Cloud users.

Highlights

GraphQL API for the JFrog Platform Metadata

JFrog's Metadata Service public APIs are now enabled and allows you to query the entities from the metadata server with GraphQL. To learn more see, GraphQL.

Feature Enhancements

Docker Pull Performance Improvements

Greatly improved the performance of Docker Pull requests by digest and by tag. From 7.8.1, Artifactory will use more efficient queries and better utilize the internal caching mechanism when serving Docker Pull requests.

Viewing and Tracking Non-Revokable Access Tokens

You can view and track non-revokable Access Token in the UI. 

You can now filter the token view based on the token's revocability and not just its expiry. the behaviour for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and the revocable-expiry-threshold parameter.

Improved the Monitoring JFrog Microservices Status Page in the UI

The Service Status page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines. 

Improved Database Performance in HA Environments

Reduced DB lock contention and DB load in HA setups.

Upgraded AWS SDK bundled with Artifactory

Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v. 1.11.496 includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.

Disable Basic Authentication Method

When using an external authentication method such as LDAP, SAML, etc, the basic authentication method can be disabled for internal users, as described in Disable Basic Authentication Method.

Resolved Issues

Jira IssueDescription

Fixed an issue whereby, Access Tokens created in the UI were not displayed in the UI.

RTFACT-17777

Fixed an issue whereby, if Artifactory started with a failed crowd server connection, it did not attempt to connect to the crowd server again.

RTFACT-21334

Fixed an issue whereby, remote NuGet repositories on Azure DevOps were not working.

RTFACT-13618

Fixed an issue whereby, the automatic cleanup process did not prune empty folders.

RTFACT-21400

Fixed an issue whereby, when replicating Artifactory instances with Artifactory properties replication and event replication enabled, the npm dist-tag was not replicated with npm dist-tag add.

RTFACT-17791

Fixed an issue whereby, when refreshing an Access Token, the expire_in value was not inherited, and the default 3600 is used instead, resulting in the token expiring after only one hour. 

RTFACT-22878

Fixed an issue whereby, an Artifactory Go remote repository was not proxying requests to the latest URLs.

RTFACT-21822

Fixed an issue whereby, removing a HA node from a cluster in Artifactory version 7.x was not working.

RTFACT-21536

Fixed an issue whereby, the Create Repository Rest API was allowing the creation of a NuGet remote repository without the mandatory parameter downloadContextPath.

RTFACT-17592

Fixed an issue whereby, when using the Quick Setup to create repositories, the repositories were created without the default proxy configured in Artifacotry.

RTFACT-21889

Fixed an issue whereby, when running an NPM search, and the maintainers field was a string and not a JSON object, the search command failed with a timeout. 

RTFACT-19010

Fixed an issue whereby, when a property set with values was added to a repository, and any modification was done, such as addition or deletion of values, to the property set, the new values were not listed.

RTFACT-21670

Fixed an issue whereby, Artifactory was using the last update timestamp for local Go repositories when populating the version list causing older versions of dependencies that were pushed to Artifactory using the JFrog CLI to appear as newer versions.

RTFACT-19269

Fixed an issue whereby, when adding or editing a user plugin and running the Reload Plugins API in a HA setup, the reload was not propagated to the nodes in a HA cluster.

RTFACT-22834

Fixed an issue whereby, a proxy was used when deploying an artifact to a localhost.

RTFACT-9852

Fixed an issue whereby, when deleting a remote repository, in some cases, cached artifacts were not deleted.

RTFACT-17586

Fixed an issue whereby, a build appeared without artifacts when the Block Unscanned Artifacts, was enabled in Xray.

RTFACT-23024

Fixed an issue whereby, Artifactory was issuing a 500 error instead of 404 for non-existing modules causing a Go builds to fail instead of moving on to the next proxy in the list.

RTFACT-19690

Fixed an issue whereby, the SAML SSO login was triggering an unnecessary PATCH user API.

Artifactory 7.7

Released: 29th July, 2020

Artifactory 7.7 is Available as a Cloud Version

The Artifactory 7.7 release is available as a Cloud version. Artifactory 7.7.3 is the On-Premises version and official Cloud Version of Artifactory 7.7.0.

Highlights

Users can be Assigned the Manage Resources Role

Admins can assign users with the Manage Resource role to manage resources including create, edit, and delete permissions on any resource type including Pipeline resources (Integration, Source, and Node Pools).

GraphQL Beta version Released in the JFrog Platform

This version of GraphQL is a beta version and for now, it only has a limited set of capabilities till future additions are made.

JFrog's Metadata Service has now enabled the integration of the metadata server with the GraphQL public API. Currently, only packages are supported, with more GraphQL capabilities coming in the near future. You can use the graphiql to learn about the GraphQL metadata schema and as a playground to test your queries. To access it,  <your server url>/metadata/api/v1/query/graphiql. For more information, see GraphQL.

Artifactory Open Metrics Support

Artifactory 7.7 has been enhanced to support open metrics. The new API Get the Open Metrics for Artifactory REST API command has been added and returns the following metrics in the Open Metrics formatThe following two new metric-related log files are added to the file system:

  • artifactory_metrics.log: Contains system metrics such as: 
    • Total disk space used
    • Total disk space free
    • Time CPU is used by the process
  • artifactory_metrics_events.log: Contains deduplicated metrics related to an event such as a GC run.

For more information, see Open Metrics.

Feature Enhancements 

Improved LDAP Pagination Support Usage 

Added the Used Page Results parameter in the LDAP page to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. For unsupported LDAP servers, admins can disable the LDAP pagination results via the UI or Artifactory's configuration files, thereby improving LDAP performance and calls.

Persistent Expiry Threshold Token

Added the new persistent-expiry-threshold parameter allowing you to set the minimum value of expiry a token in order for the token to be saved in the DB to the Access YAML Configuration file.

Indexing Improvements for Npm Packages  

Implemented incremental indexing as part of the existing npm indexing mechanism resulting in reduced time to build the package index.

Improved Export and Access Federation Performance in an HA Environment

Minimized the load for the Export and Access Federation processes in an HA environment when using JFrog Distribution.

Artifactory Now Supports MySQL 8 Out-of-the-box 

From Artfactory 7.7, MySQL 8 is now supported.

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.57, solving some security vulnerabilities described in CVE-2020-11996CVE-2020-13934, and CVE-2020-13935.

Resolved Issues

JIRA Issue

Description

Fixed an issue where Puppet release names containing a dash "-" in the version-number were not resolved.

RTFACT-21624Fixed an issue whereby Event-Based Pull Replication for Docker Repositories did not copy the images to the Target.
RTFACT-22470

Fixed an issue whereby Gem artifacts containing a large number of dependencies failed to be resolved from the rubygems.org repo.

RTFACT-21554

Fixed an issue whereby Docker images were not served from cache if the source repository was offline.

Fixed an issue whereby the Forgot password feature in Artifactory did not take into consideration the "Disable Internal Password" field when the "Can Update Profile" field was also selected. 
RTFACT-21646Fixed an issue whereby a deadlock occurred when pushing the same Docker image with different tags in parallel. 
RTFACT-22686

Fixed several issues whereby when working with the S3 direct binary provider, connections were not being released from the HTTP connection pool of the S3 client, resulting in HTTP connection leaks.

RTFACT-22460Fixed an issue whereby NuGet searches failed when locks were inserted from the Distributed_locks table.
Fixed an issue whereby Metadata migration during an upgrade from Artifactory 6.x to 7.x failed.
RTFACT-17370 Changed the default database connection pool to HikariCP to improve database connection handling and potentially improve performance on high concurrency environments.
RTFACT-19474OPKG spec changed - causes packages' resolution failures

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.7.3

Released: 13th August, 2020

Artifactory 7.7.3 is Available as a Cloud and On-Premises Version

The Artifactory 7.7.3 release is available as an On-Premises and Cloud version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.7.0 as part of our Cloud-first initiative.

Resolved Issues

JIRA Issue

Description

RTFACT-22952

Fixed an issue whereby, Release bundle repo mapping caused Xray scanning to not find the files.

RTFACT-22852Fixed an issue whereby, the repository import of zip files containing .pom extensions failed when using the direct AWS s3 template.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.7.6

Released: September 4, 2020

Artifactory 7.7.6 is Available as a Cloud Version Only

The Artifactory 7.7.6 release is available only as a Cloud version.

Docker V1 Support

From Artifactory 7.7.6, Docker V1 is no longer supported for new Artifactory SaaS users but maintains backward compatibility of Docker V1 to support existing users.

Feature Enhancements

Performance Enhancements

Implemented a set of internal improvements that will have a direct impact on the overall user Cloud experience. 

Artifactory 7.7.8

Released: 14 September, 2020

Resolved Issue

JIRA Issue

Description

Fixed an issue whereby, concurrent uploads may result in a null pointer exception.


Artifactory 7.6

Released: June 23, 2020

Artifactory 7.6 is Available as a Cloud Version

The Artifactory 7.6 release is available only as a Cloud version.

Highlights

Alpine Linux Repository Support

Artifactory now natively supports Alpine Linux packages, giving you full control of your deployment and resolution process of Alpine Linux (*.apk) packages.

You can create secure and private local Alpine Linux repositories with fine-grained access control. Remote Alpine Linux repositories proxy remote Alpine resources and cache downloaded apk packages to keep you independent of the network and the remote resource, and virtual Alpine Linux repositories give you a single URL through which to manage the resolution and deployment of all your apk packages. To learn more, see Alpine Linux Repositories.

To support the signing of Alpine Linux package types, Artifactory now supports creating and managing RSA Key Pairs. You upload the RSA Key Pair using the Create RSA Key Pair or directly in the web UI and manage the keys directly in the JFrog Platform. Once you have generated the RSA Keys, you can assign the key pair to the Alpine Repository in the Advanced tab of the Alpine Repository configuration. For more information, see Managing Signing Keys.

JFrog Xray support for scanning Alpine Linux packages will be added in the forthcoming release.

Multi-factor Authentication 

For JFrog Platform Cloud (SaaS) users, you can now use an additional layer of security when logging into the JFrog Platform. Administrators can enable multi-factor authentication for all users, which will require users to provide a verification code from a third-party authentication application every time users log in. 

Event-driven Webhooks 

The new Webhooks feature enables you to send important events occurring in Artifactory. You have a number of events that you can select, such as Artifact Deployment or Build Deployment, and send these events to other applications that are configured by setting a URL.

These events are sent through the new Event Service, which distributes your events to the relevant URLs you set when creating your Webhooks. 

Feature Enhancements

PostreSQL Version Support

All JFrog products (excluding Pipelines) now support PostgreSQL version 10.x.

PostgreSQL Version Bundling

All JFrog’s installers bundling PostgreSQL have been updated to use a newer PostgreSQL version 10.13.

Resolved Issues

JIRA IssueDescription
RTFACT-22136

Fixed an issue, whereby when performing concurrent requests to the Helm index.yaml file, Artifactory returned incorrect content to some users.

RTFACT-21207

Fixed an issue, whereby when Artifactory tried to read events on a remote event-based replication and the connection failed, a connection leak occurred.

RTFACT-21234

Fixed an issue, whereby when trying to resolve remote server information against a non Artifactory instance, a connection leak might occur. 

Fixed an issue, whereby non-admin users with the manage permissions were unable to update permission targets created using the Artifactory REST API.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.6.1

Released: June 28, 2020

Feature Enhancements

Upgraded JDK Version in Artifactory

OpenJDK Runtime Environment bundled with Artifactory has been upgraded to build 11.0.7+10, which solves the “HIGH” CVSS from the previous version and is the latest JDK published.

Enhancements for Webhooks Events

Introduced a few fixes to Webhooks events, such as adding a build_started field to the Build events, additional fixes to Docker events, and improved payload data.

Metadata Service DB Upgraders

The DB schema required for Conan  is now enhanced to work better with metadata and optimize the search speed in Artifactory. On upgrade, no downtime is required, however, this enhancement might impact the upgrade time, depending on the amount of artifacts, possibly temporarily increasing the DB load. 

Resolved Issues

JIRA IssueDescription
RTFACT-22136

Fixed an issue, whereby when performing concurrent requests to the Helm index.yaml file, Artifactory returned incorrect content to some users.

RTFACT-21207

Fixed an issue, whereby when Artifactory tried to read events on a remote event-base replication and the connection failed, a connection leak occurred.

RTFACT-21234

Fixed an issue, whereby when trying to resolve remote server information against a non Artifactory instance, a connection leak might occur. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.6.2

Released: July 6, 2020

Feature Enhancements

Improved Permissions Cache Invalidation

Improved the permissions cache invalidation mechanism by minimizing the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.

Resolved Issues

JIRA IssueDescription
RTFACT-22590Fixed an issue whereby, indexing Conda packages did not work properly when deployed with a user that did not have delete permissions.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.6.3

Released: July 12, 2020

Resolved Issues

JIRA IssueDescription

RTFACT-22823

Fixed an issue whereby, when trying to upgrade to Artifactory 7.6.2, dependency errors occurred with CentOS and RedHat version 7.8.

RTFACT-22686

Fixed an issue whereby, in some cases, a connection leak occurred when working with an S3 binary provider, where connections were not released from the HTTP Connection pool of the S3 client.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.5

Released: May 19, 2020

Artifactory 7.5 is Available as a Cloud Version

The JFrog Artifactory 7.5 release is available as a Cloud version and is aligned aligned with the Artifactory 7.5.5 Self-Hosted version.

Highlights

Artifactory Cloud with CDN Distribution

Artifactory Cloud Enterprise and Enterprise+ supports a fully integrated advanced CDN solution removing the need to deal with the complexity of setting up a separate external CDN Caching system. JFrog Artifactory Cloud with Amazon's CloudFront CDN solution allows you to manage, control, and distribute high volumes of software distribution across multiple locations.

The CDN solution provided in Artifactory Cloud supports distributing public content via Anonymous Access and Signed URLs, distributing private content using fine-grained permissions and Access Tokens, CNAME/SSL support, and setting IP Whitelisting and Geo Restrictions. To view the list of CDN features supported by the different JFrog subscription types, see Cloud Pricing.

From version 7.5, CDN Distribution is enabled by default for Artifactory Cloud Enterprise and Artifactory Cloud Enterprise+ users and all is that is required is to set CDN support on your repository level. For more information, see Get Started: Cloud.

Support for Signed URLs

Artifactory now supports using signed URLs. Users with administrator or manage permission can generate a signed URL that provides temporary shared access to a specific artifact, using the Create Signed URL REST API. Using the Replace Signed URL Key REST API, administrators can replace the key for signing and validating signed URLs, invalidating any signed URLs previously created. This feature is supported for Artifactory Cloud Enterprise and Enterprise+ users.

Xray Block Unscanned Artifacts Timeout Policy 

This version includes the capability to define the timeout policy for unscanned artifact download requests. This means that when a block unscanned artifacts policy is configured in Xray, Artifactory will wait for the predefined time of the policy, to allow Xray to perform the required scan. This will prevent download request failures that require Xray scan on the artifacts.

In addition, to improve artifact download performance, Artifactory will now only request Xray scans results for repositories configured with block download policy.

Configurations are available here.

** Available with Artifactory version 7.5.x and Xray version 3.4.x.

Support for RHEL 8 AppStream

Artifactory now supports Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. An example of this new metadata includes the data type=modules metadata from repomd.xml. The Content in AppStream in RPM is available in one of two formats - the familiar RPM format and an extension to the RPM format called Modules. 

As part of the AppStream support in Artifactory, you can:

  • Proxy AppStream modules through a remote RPM repository.
  • Host and serve AppStream modules according to profiles and streams through a local RPM repository.
  • Serve local and remote content through a virtual repository.

For more information, see Deploying RPM Modules to Your Local Repository.

Feature Enhancements

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.54. 

In this upgrade, the HTTP date headers issue that existed in Artifactory 7.3.2 and 7.4.0 (that were bundled with Tomcat 8.5.51) was fixed. 

Generate Maven POM File from Internal Jar or a Default POM File REST API

You can now generate a Maven POM file using the Artifactory REST API. To use the POM within the artifact, you can deploy an existing POM, or generate a default POM. Previously available only through the UI, Deploying Maven Artifacts

Resolved Issues

JIRA Issue

Description

RTFACT-20911


Fixed an issue whereby, when authenticating a Docker or Conan Packages login with a username and API key of an LDAP user, Artifactory always checked against the LDAP service, even if it was in the cache period.

RTFACT-17456

Fixed an issue whereby, when using HTTP SSO and the anonymous mode was enabled, non-cookie-cached requests resulted in a 401 error if an anonymous request was sent beforehand. 

RTFACT-21262

Fixed an issue whereby, when event-based pull replication was enabled for a large number of repositories, the target server reached a thread pool exhaustion. 

RTFACT-20814

Fixed an issue whereby, in Docker repositories, pushing a container using several clients such as containers, did not work properly.

RTFACT-20761Fixed an issue whereby, proxying and caching npm packages from GitHub Packages resulted in an error.

RTFACT-21150

Fixed an issue whereby, in several remote npm repositories, running an npm search that did not return any results and therefore these search requests did not close, caused a pool leak. 

RTFACT-20216Fixed an issue whereby, in some cases, in Conan smart remote repositories, the pull replication from a distant Artifactory instance did not pull packages from the source Artifactory instance.

RTFACT-20257

Fixed an issue whereby, in a Debian client, when using your own GPG keys, the initial GPG verification failed when resolving packages from a Debian virtual repository. 

RTFACT-16188

Fixed an issue whereby, in a Debian local repository, when running recalculate index to create a Release metadata file, the Component property in the Release file was missing the text before the hyphen in the name of the component. Example: acpu-base appeared just as base. 

RTFACT-21738

Fixed an issue whereby, when trying to resolve packages from a PyPI remote repository that is connected to a pypiserver, the download did not work due to a malformed download URL.
RTFACT-20544Fixed an issue whereby, in CRAN remote repositories, downloading and deploying CRAN packages with versions that contained more than 4 octets (e.g. 0.9.800.1.0) failed.
RTFACT-21319Fixed an issue whereby, in CRAN virtual repositories, when trying to resolve packages, the updated packages were not available until the aggregated CRAN remote repository updated its' metadata. 

Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters.

For a complete list of changes, please refer to our JIRA Release Notes


Artifactory 7.5.5

Released: 31 May, 2020

Artifactory 7.5.5 is Available as a Self-Hosted Version

The Artifactory 7.5.5 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.5 as part of our Cloud-first initiative.

Resolved Issue

  1. Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters.

Artifactory 7.5.7

Released: 11 June, 2020

Feature Enhancements

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 8.5.55. 

Resolved Issues

JIRA Issue

Description

RTFACT-22196


Fixed an issue whereby, when using JFrog Distribution to distribute artifacts from one Artifactory instance to another, the source Artifactory ignored the proxy configuration and would not distribute through it. 

RTFACT-22432

Fixed an issue whereby, under certain circumstances, upgrading to version 7.5.x would fail because of a failing converter.



Artifactory 7.4

Released: April 6, 2020

Artifactory 7.4 is Available as a Cloud Version

The Artifactory 7.4.1 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.4 as part of our Cloud-first initiative.

Highlights

Go Private GitHub Repositories Support

It is now possible to create a remote Go repository and proxy Go modules from GitHub private repositories.

Additional information on how to configure Artifactory and your Go client to work with GitHub private repositories can be found here.

Conda v2 Format

Artifactory now supports the Conda v2 metadata format. You can now use Conda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).

As part of this change, Artifactory now supports the .conda file extension to compress packages more effectively and the current_repodata.json file that makes packages search faster. 

Create Admin Access Tokens from within the UI

Administrators can now generate admin-scoped access tokens, for any of the services in the JFrog Platform directly from the UI. This is available from the Administration module under Identity and Access | Access Tokens and click Generate Admin Token. Previously available only as a REST API.

Google Cloud Platform Binary Provider Native Client Support

This release introduces support for the Google Storage native client binary provider, providing improved security using unique private keys.

To opt-in and use the new Google Cloud Storage template, see here.

Feature Enhancements

Improved AQL Performance with MSSQL DB

Significant performance improvement for AQL queries when searching artifacts according to build name and number.

Docker Installation Includes Upgraded OpenJDK Version 11.0.6

The OpenJDK version that is bundled with the Artifactory Docker image was upgraded to OpenJDK 11.0.6.

Debian InRelease

Added support for Debian InRelease metadata files. Artifactory will now produce an InRelease metadata file in the repository when working with GPG signing. Downloading a Debian package from Artifactory will now be faster as the client will only download the InRelease file without downloading the Release and Release.gpg files that are heavier.

Resolved Issues

JIRA Issue

Description

RTFACT-19530Improved the performance for the Promote Docker Image API.
RTFACT-19381Fixed an issue in which the RPM group settings would not be returned when using the Get Repository Configuration API.
RTFACT-16370Fixed an issue in npm repositories in which downloading npm packages that contain “.json” (e.g. merge-package.json) as part of the package name would fail.
RTFACT-8966Fixed an issue in Ruby Gems repositories in which downloading packages (e.g. sidekiq-pro) from a remote repository that points to gems.contribsys.com would fail.

RTFACT-19375

Fixed an issue in NuGet repositories in which virtual repositories indexes would include extra unnecessary pages that would slow packages installation in some cases. This will now improve performance for NuGet virtual repositories.

For a complete list of changes, please refer to our JIRA Release Notes


Artifactory 7.4.1

Released: 14 April, 2020

Artifactory 7.4.1 is Available as a Self-Hosted Version

The Artifactory 7.4.1 release is available as a Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.4 as part of our Cloud-first initiative.

Feature Enhancements

Reverted Tomcat Version to 8.5.41

The Tomcat version previously bundled in Artifactory 7.3.2 and 7.4.0 has been reverted back to Tomcat 8.5.41 due to an issue found in Tomcat version 8.5.51. 

Just a bit of background, Tomcat was previously upgraded to version 8.5.51. Due to a known issue in Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more details here

This applies only if you are using clients that make use of the "If-Modified-Since" request header in the request to Artifactory, therefore validate that dates are sent in GMT format (according to the HTTP spec mandates).

If your clients send dates in a timezone that is different than GMT format and you are using Artifactory 7.3.2, we recommend upgrading to this version. 

An Artifactory version containing an upgraded Tomcat version will be released once making sure the aforementioned issue no longer affects Artifactory.

Setting SSL/TLS for the Artifactory Tomcat Connector via Artifactory system YAML File 

You can now enable SSL/TLS for the Artifactory Tomcat connector directly in the Artifactory System YAML file. For more information, see Artifactory Operational Microservices.

Added Support for Docker Upgrades from Legacy Artifactory Versions

You can upgrade JFrog Artifactory using Docker from Artifactory version 6.x to 7.x or from 7.x to 7.x.

Issues Resolved 

  1. Improved performance when running Interactive Installers.
  2. Fixed an issue whereby stopping a service using the artifactoryctl stop command failed in the first attempt if the pidof command did not exist on the installed server.

Artifactory 7.4.3

Released Date: 27 April, 2020

Resolved Issues

JIRA Issue

Description

RTFACT-21835 Fixed an issue, whereby upgrading from Artifactory 6.19.0 to 7.4.1 failed.

Fixed an issue relevant to NuGet virtual repositories whereby, Artifactory only served the first 80 versions of a NuGet package containing more than 80 versions, while local and remote NuGet repositories returned all of the versions for the package.  

RTFACT-21846RTFACT-21825

Fixed a permission issue in Docker and NuGet repositories for virtual repositories that aggregated local and remote repositories. If a user had permissions only on a number of the aggregated repositories and tried to download a package from the virtual repository, he would receive an error Unauthorized error message.

For a complete list of changes, please refer to our JIRA Release Notes


Artifactory 7.3

Released: 23 March, 2020

Artifactory 7.3 is Available as a Cloud Version

The Artifactory 7.3 release is available only as a Cloud version. Artifactory 7.3.2 applies to on-prem and contains all the resolved issues in Artifactory 7.3.0 and 7.3.1.

Highlights

PAT (Personal Access Token) Support for Remote Repository Authentication

In addition to the basic authentication, with username and password, Artifactory now supports remote repository authentication using Personal Access Tokens (PAT). The big advantage of using PATs is that you can strengthen your Artifactory security practices by using Access Tokens for authentication instead of using your primary credentials. For example, you can configure your remote Docker repository to point to GitHub and authenticate it by using a PAT. You can use PATs for any package type. For more information, see  Remote Credentials. 

LDAP Improvements

Artifactory now supports a new type of Active Directory "Nested Groups" search, enabling performance improvements when working with LDAP. This feature requires that Active Directory runs on Windows Server 2012 R2 version or later. There are no additional requirements for the Active Directory Windows Server side. For more information, see Support for Nested Groups.

Write-disabled Mode Supported for Shard Storage Requests

To enhance storage sharding, Artifactory now supports disabling write-requests to shards.
This is useful, for example, when migrating data from a shard that must be replaced. First, the feature is used to write-disable the shard and then the data is migrated to a new shard.
In addition, the feature still allows garbage collection to continue to clean the deleted binaries from the write-disabled shard.

To set the write-disable mode on a shard in Artifactory, see the Configuring State-Aware Binary Provider section.

Support for Matrix-params with Conan Repositories
Artifactory now supports matrix parameters for Conan repositories. As a result, the Build Info for Conan packages uploaded to Artifactory SaaS is now available.

Feature Enhancements 

Restricting System and Repository Imports

Artifactory allows admin users to import and export data at both the system level and the repository level. For more information, see Import and Export.

Sometimes, however, it is advantageous to restrict imports to avoid causing undesirable results. With this new feature, the system and repository import options can be disabled, thereby preventing specific admin users in the enterprise from performing imports. For example, you can stop an admin from overriding the Release Bundles distributed to an Artifactory Edge, by preventing them from importing the initial Artifactory state. For more information, see Importing and Exporting.

Resolved Issues

JIRA Issue

Description

Fixed an issue where Artifactory did not start as a service on RedHat 7.7 and Centos 7.7 when upgrading Artifactory from versions earlier than 6.14.0. 

Fixed an issue where Docker Image failed to start with Oracle DB because Artifactory's Docker entry point could not get the endpoint of the external Oracle DB. 

RTFACT-14848 

Fixed an issue where, even if the user had Deploy Permissions for the default deployment repository in the virtual repository, Set Me Up would incorrectly issue the following warning message:
You do not have deploy permissions to this repository.

RTFACT-21117 
Fixed an issue whereby in some cases of a load-balanced remote repository, where two nodes are out-of-sync, a conflict between the metadata of a file and the contents of the file might result.
RTFACT-20905 
Fixed an issue where pulling an image from a smart remote Docker repository always causes it to pull the manifest.json file from the source Artifactory. This behavior would cause a failure if the Artifactory source instance was not reachable.
RTFACT-18779 

Fixed an issue where, after a pull replication was executed from a Docker smart remote repository, which was pointing to a Docker remote repository that in turn was pointing to a Docker Hub, Artifactory was not able to serve the artifacts from the local cache when the Docker smart remote repository was set to offline mode.

RTFACT-20127 
Fixed an issue where the latest npm package was always being determined by the publish date, regardless of the artifactory.npm.tag.tagLatestByPublish system property value.
RTFACT-19364
Artifactory now supports the new Maven XML tag attributes that were introduced with Maven 3.6.x.
RTFACT-21189

The Go remote GitHub repository can now resolve both incompatible and compatible Go Module v2+ project version formats.

RTFACT-20160
Fixed an issue where the checksum for a Go module that was directly resolved from GitHub differed from the checksum when the module was resolved from gocenter.io or proxy.golang.org.
RTFACT-20460
Fixed an issue where Debian packages that did not contain control files would cause metadata resolution to fail when the $ apt update command was invoked.
RTFACT-18399
Fixed an issue that resulted in Artifactory generating incorrect metadata for some CRAN package types. 
RTFACT-21088
Fixed an issue whereby viewing Docker images stored in a remote-cache displayed a hash symbol instead of a tag.
RTFACT-21170
Fixed an issue whereby the port used for Artifactory authentication in Artifactory 7 (8082) differed to Artifactory 6.0 (8081) causing backward compatibility to fail. 
RTFACT-20988
Fixed an issue whereby upgrading to Artifactory 7.x caused the internal Hostname to be set to Artifactory instead of being configured as the IP address of the Artifactory server. 
RTFACT-18414
Fixed an issue whereby the SHA256SUMS file was not tracked as an IDK in Debian Remote repositories. 
RTFACT-21395

Fixed an issue whereby PyPI redirections did not recognize the value of the X-JFrog-Override-Base-Url header. 

RTFACT-21388
Fixed an issue whereby users (that are not defined as admins) in any group defined as an Admin group could not generate Join Keys. 
Fixed an issue whereby indexing Helm Charts failed during high concurrent indexing. 
RPG-287
Fixed an issue whereby, hijacked sessions caused a memory leak in the JFrog Router service.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.3.1

Released: March 23, 2020

Artifactory 7.3.1 is Available as a Cloud Version

The Artifactory 7.3.1 release is available only as a Cloud version. Artifactory 7.3.2 applies to on-prem and contains all the content from Artifactory 7.3.0 and 7.3.1. 

Resolved Issues

JIRA IssueDescription

Fixed an issue whereby during an upgrade from Artifactory 6.x to Artifactory 7.x the admin password was reset.

Fixed an issue whereby Artifactory could not pull artifacts from the Azure Container Registry.

For a complete list of changes, please refer to our Jira Release Notes.


Artifactory 7.3.2

Released: 23 March, 2020

Tomcat Breaking Change

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51 which introduces a change that might affect your Artifactory instance. 

HTTP Date Headers

Due to a known issue in Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more details here.
If you are using clients that make use of the "If-Modified-Since" request header in the request to Artifactory, you need to make sure that dates are sent in GMT format (as the HTTP spec mandates).

If the clients that you use send dates in GMT format, this change will not affect you. 

Feature Enhancement

Upgraded Tomcat Version in JFrog Artifactory

The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.

Issues Resolved

JIRA IssueDescription

Fixed an issue whereby under certain circumstances, authenticated users were able to:

  • Retrieve environment information from Artifactory that normally required administrative rights.
  • Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.
RTFACT-21509


Fixed an issue whereby, selecting the Remember Me option in the Login screen to the Artifactory Cloud Web UI, would occasionally return an internal server 500 message if Artifactory was configured behind a reverse proxy using a small proxy buffer size.

RTFACT-21539
Fixed an issue whereby after upgrading Artifactory to 7.x, the Artifactory logs would not be sent to Sumo Logic in cases where the Sumo Logic integration was enabled.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 7.2 

Released: February 23, 2020

Highlight

JFrog Container Registry 7.0

JFrog Container Registry 7.0 has been released as part of the Artifactory 7.2 release. The JFrog Container Registry is powered by JFrog Artifactory with a set of features that have been customised to serve the primary purpose of running Docker and Helm packages in a Container Registry. For more information, see JFrog Container Registry.

Resolved Issues

JIRA IssueDescription

Fixed an issue whereby a metadata server reindex operation resulted in a database connection leak.


Artifactory 7.2.1

Released: 23 February, 2020

Resolved Issues

JIRA Issue

Description

Fixed an issue whereby, when upgrading to Artifactory 7.x, an error was generated when trying to log in to the JFrog Platform using OAuth SSO provider authentication and your Artifactory was configured with a context path other than /artifactory. For example: /artifactory is the context URL in the following context path: https://my-company.com/artifactory. For more information, see Creating OAuth Provider Accounts.


Artifactory 7.1 

Released: February 17, 2020

Resolved Issues

  1. Fixed an issue, whereby S3 CloudFront redirections did not function correctly.
  2. Fixed an issue, whereby Maven snapshot were not indexed with snapshot versions in the metadata server.
  3. Fixed an issue, whereby the Virtual repository info tab was displayed incorrectly when sorting by package type.
  4. Fixed an issue, whereby builds were displayed incorrectly in the Build view when performing multiple promotion steps.
  5. Fixed an issue, whereby Conan packages were uploaded incorrectly to Artifactory. 

Artifactory 7.0

Released: January 12, 2020

Deprecated Features
Artifactory 7.0 introduces several deprecated features. Learn More > 
Also, read about the features that are currently out of scope and will be available in later releases. Learn More >

Breaking Changes
For a list of breaking changes in Artifactory and other services in the JFrog Platform, click here >

REST API Changes
For a list of REST API changes in Artifactory, click here >

Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/). Accessing Artifactory directly for REST API and downloads is still possible through port 8081. Learn More >

Highlights

JFrog Platform

Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:

  • Universal package management with all major packaging formats, build tools, and CI servers.
  • Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
  • Radically simplified administration with all configurations in one place.
  • Complete trust in your pipeline all the way from code to production.
  • Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.

JFrog Platform New Functionalities

System Architecture

The new Artifactory architecture is more Cloud Native. The Artifactory application has been divided into several microservices. Learn More >

Artifactory system.yaml

This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. Learn More > 

Installation and Upgrade

Artifactory 7.0 comes with a new installer, which affects the Installation and Upgrade procedures. The file structure has been improved and is now aligned across all JFrog products. Learn More >

Upgrade process changes

Update reverse proxy and load balancer
When upgrading your Artifactory HA installation from version 6.x to 7.x, make sure to adjust your reverse proxy settings and update your load balancer configuration to use the new JFrog Platform URL http://<hostname>:8081Complete upgrade instructions here.

Unified User Interface

This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Learn More >

Unified Permission Model

This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >

Logging

All JFrog products now follow a standardized logging format and naming convention. Learn More >

Feature Enhancements

Packages page

While previously the Packages page provided information for Docker and npm packages, it is now extended to provide metadata for all package types in your system (excluding Git LFS and Generic repositories). Learn More >

Search Experience

The search experience has been enhanced to enable searching for all resource types, including packages, builds and artifacts from a single search bar. It now also includes advanced capabilities, such as keyword search, simplifying the search experience. Learn More >

Issues Resolved

JIRA Issue

Description

RTFACT-17343
When groups are imported from an LDAP server, groups names containing special characters are blocked and error messages are issued to alert the administrator.

Fixed an issue where the /api/security/users/<username> REST API endpoint would return false for an admin user.

RTFACT-20888
Fixed an issue where deploying an artifact using basic authentication, such as <username>:<API Key>, or an access token for authentication, would not send an email notification to users following the relevant repository.

For a complete list of changes, please refer to our JIRA Release Notes


Artifactory 7.0.1

Released: January 14, 2020

Issue Resolved

  1. Fixed an issue whereby the Download stats propagated incorrect information to the Metadata Service, resulting in incorrect data displayed in the UI.

Artifactory 7.0.2

Released: January 15, 2020

Issue Resolved

  1. Fixed an issue, whereby when performing SAML-based Single Sign-On to Artifactory, a URL with double slashes (‘//’) was returned causing the redirection requests to break.

Artifactory 7.0.3

Released: January 17, 2020

Issue Resolved

JIRA IssueDescription

Fixed an issue, whereby Filtered Resources (e.g. Maven's settings.xml) would return an incorrect encrypted password when authenticating with an access token or via the UI.

Copyright © 2021 JFrog Ltd.