Artifactory 7.10
Artifactory 7.10.1
Released: 11 October 2020
JFrog Artifactory 7.10.1 is Available as a Cloud Version
The JFrog Artifactory 7.10.1 release is available as a Cloud version and will be available for on-premise shortly.
Highlights
New JFrog Platform Onboarding Experience
In Artifactory 7.10.1, we have introduced a new Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform.
This new Onboarding experience will be rolled out to all users over the next couple of weeks.
Feature Enhancements
Artifactory Supports AWS Secrets for DB Connections
You can now use the AWS SecretsManager alias in the Artifactory system.yaml allowing Artifactory to automatically retrieve the secret associated with the alias connection.
Verify Audience Restriction Applied for SAML SSO
As part of JFrog's security enforcement, an additional verification step has been set up opposite the SAML server to validate SAML SSO authentication requests. The verifyAudienceRestriction attribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured. For more information, see SAML SSO Configuration.
Improved Maven Plugin Metadata Calculation
Maven plugin metadata is now calculated for every deploy or delete actions.
Resolved Issues
| Jira Issue | Description |
|---|---|
| RTFACT-15577 | Fixed an issue, whereby Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry. |
| RTFACT-20334 | Fixed an issue, whereby Artifactory indexed Helm Charts with an invalid version number or appVersion number but the Helm repository containing these charts could not be added to the helm client’s repository. |
| Fixed an issue, whereby value updates (add/remove) to Property sets were not reflected in files and directories in the repositories. | |
| RTFACT-17512 | Fixed an issue whereby, Artifactory did not proxy Nexus PyPi repositories. |
| RTFACT-20036 | Fixed an issue whereby, the Prune process was consuming a lot of memory when handling a large files list. |
| RTFACT-20143 | Fixed an issue, whereby in a number of cases the CRAN package metadata displayed in the UI was not consistent with the CRAN package info. |
| Fixed an issue whereby, checksum mismatch errors and 404 errors occurred when resolving nested Go modules in Artifactory from a virtual repository that included remote pointers to Github. | |
| Fixed an issue, whereby the Artifactory CacheLoader returned a null error following LDAP authentication. | |
| RTFACT-19109 | Fixed an issue, whereby Conda metadata calculation failed due to a Race condition. |
access.config file. | |
| RTFACT-14226 | Fixed an issue, whereby the TimestampSnapshotComparator compare method that compared two different snapshotVersion sections according to timestamps was not compatible with maven-metadata.xml artifacts that contained a base-revision with more than one element. |
Fixed an issue, whereby in certain instances, Azure guest users were unable to log in to Artifactory. | |
| RTFACT-20226 | Fixed an issue, whereby users without the required permissions could deploy the same package to their Local Cran repository. |
| RTFACT-19094 | Fixed an issue, whereby, under certain circumstances, the Helm remote repository URLs were not added correctly to the Artifactory virtual repository index.yaml file. |
| RTFACT-22323 | Fixed an issue, whereby Exclude patterns were not applied on Remote Repositories when REST API commands when triggering REST API commands. |
| Security-Related Resolved Issues | |
Artifactory now will check the AudienceRestriction or SubjectConfirmationData Recipient values in every SAML response. For more information, see Verify Audience Restriction Applied for SAML SSO. | |
| Hardened the logging process between Artifactory and the Docker Client. | |
| Vulnerable security values are no longer supported when running the Create User command via the REST API. | |
| Vulnerable security values are no longer supported for permission targets. | |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.10.2
Released: 15 October 2020
JFrog Artifactory 7.10.2 is Available as a Self-Hosted Version
The JFrog Artifactory 7.10.2 release is available as a Self-Hosted version and is aligned with the 7.10.1 Cloud Release.
Highlights
New JFrog Platform Onboarding Experience
In Artifactory 7.10.2, we have introduced a new self-hosted Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform.
Feature Enhancements
Improvements to RubyGems Indexing for Remote Repositories
Added Bundler Compact index support for Remote repositories, providing you with the latest version of the package that is compatible with your installed Ruby version of the project.
To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.
Importing Release Bundle Enhancements for Air Gap
The Air Gap feature has been extended to support importing Release Bundle from an /import folder on the server machine in addition to importing files from the local drive of the user.
API Open Metrics Enhancements
Added more metrics related to JVM, DB connections, and remote HTTP connections in Artifactory. For more information, see Open Metrics.
Resolved Issues
| Jira Issue | Description |
|---|---|
| Fixed an issue, whereby in some circumstances Artifactory HA additional node failed to start due to incorrect encryption values. | |
| RTFACT-14607 | Fixed an issue, whereby Test connection failed for Smart Docker remote repositories. |
| RTFACT-20660 | Improved performance of your artifacts search through the /ui/artifactbuilds that previously caused an extreme overload. |
Fixed an issue, whereby Event-based pull replication did not trigger when properties were added to a folder. For this fix to take effect, both the source and target Artifactory instances need to run either on Artifactory version 7.10.2 and higher or on Artifactory version 6.23.0 and higher. Otherwise, the fix will not take effect and the folder properties will not be replicated. | |
Fixed an issue, whereby Docker push was failing when trying to use the configuration generated from the HTTP settings page (Repository path) in Artifactory 6.20.0. | |
| RTFACT-19247 | Fixed an issue, whereby Smart remote capabilities were broken when the target Artifactory was running without the /artifactory context. |
| Fixed an issue, whereby Artifactory generated an InRelease file with the wrong line endings in Windows. | |
| RTFACT-23103 | Fixed an issue, whereby Admin users could get user API Keys using the REST API. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.9
Released: 29 September 2020
Highlights
Peer-to-Peer (P2P) Download
The new Peer-to-Peer (P2P) Download feature allows hosts to download artifacts from local, remote, and virtual repositories through a local network of peers in addition to downloading artifacts from JFrog Artifactory.
Downloading files using P2P provides the following benefits:
- Handles bursts of downloads from Artifactory.
- Improves the download speed and decreases bandwidth consumption.
- Promotes the scalability and availability of your artifact downloads while providing a highly secure environment.
P2P download is supported in the JFrog Platform in a self-hosted environment and requires a JFrog Enterprise+ subscription. For more information, see JFrog Peer-to-Peer (P2P) Downloads.
GraphQL API for the JFrog Platform Metadata
JFrog's Metadata Service public APIs are now enabled allowing you to query the entities from the metadata server with GraphQL. For more information, see GraphQL.
Log Analytics
JFrog now offers tools that enable a real-time view of the platform’s operation through various analytics and visualization tools. For more information, see Log Analytics.
Feature Enhancements
Changes in Artifactory to Facilitate the New Docker Rate Limit
Following the latest Docker announcement regarding changes to the Docker Rate Limits, Artifactory 7.9 includes several internal improvements to support the usage of remote repositories opposite Docker Hub while taking into account the new rate limits. In order to use your Docker account type, you need to authenticate the Docker Hub pull requests, by setting your user and password in your Advanced Remote Docker Repositories.
Docker Remote Repository Improvements
Docker Schema 2 is now fetched from the remote registry if no header was sent. This improves the Docker experience when the metadata expires.
Docker Pull Performance Improvements
Greatly improved the performance of Docker pull requests by digest and by tag. From 7.9, Artifactory will use more efficient queries and better utilize the internal caching when serving Docker pull requests.
Viewing and Tracking Non-Revokable Access Tokens
You can view and track non-revokable Access Token in the UI. You can now filter the token view based on the token's revocability and not just its expiry. The behavior for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and the revocable-expiry-threshold parameter.
Improved the Monitoring JFrog Microservices Status Page in the UI
The Service Statuses page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines.
Improved Artifactory Installation and Setup Using Oracle Database
When using an external Oracle DB as the Artifactory database, you no longer need to manually install and set up Liabio as it is now bundled into the Artifactory installer.
Database Performance Improvements in HA Environments
Reduced Database lock contention and Database loads in High Availability (HA) environments.
S3 Storage Direct Upload Mechanism
From Artifactory 7.9, you have the option to select the Direct Upload Mechanism which serves as an alternative to the existing default Eventual Upload mechanism, whereby the upload is not considered successful until it reaches the S3 storage.
Upgraded AWS SDK Bundled with Artifactory
Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v. 1.11.496 includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.
Hazelcast is Deprecated
The write-locking method and UI session sharing between the JFrog Platform cluster nodes using Hazelcast is no longer supported. For more information, see the Support Blog.
Resolved Issues
| Jira Issue | Description |
|---|---|
Fixed an issue whereby, binding users in Artifactory using Google OAuth did not function correctly. | |
| RTFACT-21955 | Fixed an issue whereby, Helm and Go users failed to create virtual repositories on Artifactory Edge nodes due to the inability to point to remote repositories on the Edge node. |
| RTFACT-22023 | Fixed an issue whereby, Support Bundles did not include logs. |
| RTFACT-7460 | Fixed an issue whereby, the _temp folder for Debian and RPM repositories was replicated when performing Push replication if event-based replication was enabled. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.9.1
Released: 5 October 2020
Artifactory 7.9.1 is a Self-Hosted Version
The JFrog Artifactory 7.9.1 release is only available as a Self-Hosted version.
Feature Enhancement
Simplified JFrog Self-Hosted Trial Installer Experience
From JFrog Artifactory 7.9.1 and JFrog Xray 3.9.1, the Self-Hosted Trial installation experience has undergone major improvements to support the easy installation of Artifactory and the option of installing Artifactory together with Xray. The new installers are not intended for Production but remove the need to manually establish connectivity between Artifactory and Xray.
Artifactory 7.8
Artifactory 7.8.1
Released: 16 September 2020
Artifactory 7.8.1 is Available as a Cloud Version
The JFrog Artifactory 7.8.1 release is available as a Cloud version and will be available for on-premise shortly.
Supported Docker Strategies for JFrog Cloud Users
From Artifactory 7.8.1, the subdomain resolution method for resolving Docker repositories will not be supported for new Cloud users. This deprecation does not apply to existing Cloud users.
Highlights
GraphQL API for the JFrog Platform Metadata
JFrog's Metadata Service public APIs are now enabled and allows you to query the entities from the metadata server with GraphQL. To learn more see, GraphQL.
Feature Enhancements
Docker Pull Performance Improvements
Greatly improved the performance of Docker Pull requests by digest and by tag. From 7.8.1, Artifactory will use more efficient queries and better utilize the internal caching mechanism when serving Docker Pull requests.
Viewing and Tracking Non-Revokable Access Tokens
You can view and track non-revokable Access Token in the UI.
You can now filter the token view based on the token's revocability and not just its expiry. the behaviour for a token revocation request also changed, and you will now see an error message if you try to revoke a non-revocable token. Token revocability is still governed by its expiry and the revocable-expiry-threshold parameter.
Improved the Monitoring JFrog Microservices Status Page in the UI
The Service Status page in the UI displays an improved view with detailed information about the status of your JFrog services and now includes monitoring for Pipelines.
Improved Database Performance in HA Environments
Reduced DB lock contention and DB load in HA setups.
Upgraded AWS SDK bundled with Artifactory
Upgraded the AWS SDK bundled with Artifactory to support the use of service account IAM roles. AWS SDK v. 1.11.496 includes a feature for granting IAM roles to Kubernetes service accounts, instead of granting an IAM role to an EC2 machine, or using an open-source project.
Resolved Issues
| Jira Issue | Description |
|---|---|
| Fixed an issue whereby, Access Tokens created in the UI were not displayed in the UI. | |
Fixed an issue whereby, if Artifactory started with a failed crowd server connection, it did not attempt to connect to the crowd server again. | |
| Fixed an issue whereby, remote NuGet repositories on Azure DevOps were not working. | |
| Fixed an issue whereby, the automatic cleanup process did not prune empty folders. | |
| Fixed an issue whereby, when replicating Artifactory instances with Artifactory properties replication and event replication enabled, the npm dist-tag was not replicated with npm dist-tag add. | |
Fixed an issue whereby, when refreshing an Access Token, the expire_in value was not inherited, and the default 3600 is used instead, resulting in the token expiring after only one hour. | |
| Fixed an issue whereby, an Artifactory Go remote repository was not proxying requests to the latest URLs. | |
| Fixed an issue whereby, removing a HA node from a cluster in Artifactory version 7.x was not working. | |
Fixed an issue whereby, the Create Repository Rest API was allowing the creation of a NuGet remote repository without the mandatory parameter downloadContextPath. | |
Fixed an issue whereby, when using the Quick Setup to create repositories, the repositories were created without the default proxy configured in Artifacotry. | |
Fixed an issue whereby, when running an NPM search, and the | |
| Fixed an issue whereby, when a property set with values was added to a repository, and any modification was done, such as addition or deletion of values, to the property set, the new values were not listed. | |
| Fixed an issue whereby, Artifactory was using the last update timestamp for local Go repositories when populating the version list causing older versions of dependencies that were pushed to Artifactory using the JFrog CLI to appear as newer versions. | |
| Fixed an issue whereby, when adding or editing a user plugin and running the Reload Plugins API in a HA setup, the reload was not propagated to the nodes in a HA cluster. | |
| Fixed an issue whereby, a proxy was used when deploying an artifact to a localhost. | |
| Fixed an issue whereby, when deleting a remote repository, in some cases, cached artifacts were not deleted. | |
| Fixed an issue whereby, a build appeared without artifacts when the Block Unscanned Artifacts, was enabled in Xray. | |
| Fixed an issue whereby, Artifactory was issuing a 500 error instead of 404 for non-existing modules causing a Go builds to fail instead of moving on to the next proxy in the list. | |
| Fixed an issue whereby, the SAML SSO login was triggering an unnecessary PATCH user API. |
Artifactory 7.7
Released: 29th July, 2020
Artifactory 7.7 is Available as a Cloud Version
The Artifactory 7.7 release is available as a Cloud version. Artifactory 7.7.3 is the On-Premises version and official Cloud Version of Artifactory 7.7.0.
Highlights
Users can be Assigned the Manage Resources Role
Admins can assign users with the Manage Resource role to manage resources including create, edit, and delete permissions on any resource type including Pipeline resources (Integration, Source, and Node Pools).
GraphQL Beta version Released in the JFrog Platform
This version of GraphQL is a beta version and for now, it only has a limited set of capabilities till future additions are made.
JFrog's Metadata Service has now enabled the integration of the metadata server with the GraphQL public API. Currently, only packages are supported, with more GraphQL capabilities coming in the near future. You can use the graphiql to learn about the GraphQL metadata schema and as a playground to test your queries. To access it, <your server url>/metadata/api/v1/query/graphiql. For more information, see GraphQL.
Artifactory Open Metrics Support
Artifactory 7.7 has been enhanced to support open metrics. The new API Get the Open Metrics for Artifactory REST API command has been added and returns the following metrics in the Open Metrics format. The following two new metric-related log files are added to the file system:
artifactory_metrics.log: Contains system metrics such as:- Total disk space used
- Total disk space free
- Time CPU is used by the process
artifactory_metrics_events.log: Contains deduplicated metrics related to an event such as a GC run.
For more information, see Open Metrics.
Feature Enhancements
Improved LDAP Pagination Support Usage
Added the Used Page Results parameter in the LDAP page to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. For unsupported LDAP servers, admins can disable the LDAP pagination results via the UI or Artifactory's configuration files, thereby improving LDAP performance and calls.
Persistent Expiry Threshold Token
Added the new persistent-expiry-threshold parameter allowing you to set the minimum value of expiry a token in order for the token to be saved in the DB to the Access YAML Configuration file.
Indexing Improvements for Npm Packages
Implemented incremental indexing as part of the existing npm indexing mechanism resulting in reduced time to build the package index.
Improved Export and Access Federation Performance in an HA Environment
Minimized the load for the Export and Access Federation processes in an HA environment when using JFrog Distribution.
Artifactory Now Supports MySQL 8 Out-of-the-box
From Artfactory 7.7, MySQL 8 is now supported.
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.57, solving some security vulnerabilities described in CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935.
Resolved Issues
JIRA Issue | Description |
|---|---|
Fixed an issue where Puppet release names containing a dash "-" in the version-number were not resolved. | |
| RTFACT-21624 | Fixed an issue whereby Event-Based Pull Replication for Docker Repositories did not copy the images to the Target. |
| RTFACT-22470 | Fixed an issue whereby Gem artifacts containing a large number of dependencies failed to be resolved from the rubygems.org repo. |
| RTFACT-21554 | Fixed an issue whereby Docker images were not served from cache if the source repository was offline. |
| Fixed an issue whereby the Forgot password feature in Artifactory did not take into consideration the "Disable Internal Password" field when the "Can Update Profile" field was also selected. | |
| RTFACT-21646 | Fixed an issue whereby a deadlock occurred when pushing the same Docker image with different tags in parallel. |
| RTFACT-22686 | Fixed several issues whereby when working with the S3 direct binary provider, connections were not being released from the HTTP connection pool of the S3 client, resulting in HTTP connection leaks. |
| RTFACT-22460 | Fixed an issue whereby NuGet searches failed when locks were inserted from the Distributed_locks table. |
| Fixed an issue whereby Metadata migration during an upgrade from Artifactory 6.x to 7.x failed. | |
| RTFACT-17370 | Changed the default database connection pool to HikariCP to improve database connection handling and potentially improve performance on high concurrency environments. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.7.3
Released: 13th August, 2020
Artifactory 7.7.3 is Available as a Cloud and On-Premises Version
The Artifactory 7.7.3 release is available as an On-Premises and Cloud version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.7.0 as part of our Cloud-first initiative.
Resolved Issues
JIRA Issue | Description |
|---|---|
| RTFACT-22952 | Fixed an issue whereby, Release bundle repo mapping caused Xray scanning to not find the files. |
| RTFACT-22852 | Fixed an issue whereby, the repository import of zip files containing .pom extensions failed when using the direct AWS s3 template. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.7.6
Released: September 4, 2020
Artifactory 7.7.6 is Available as a Cloud Version Only
The Artifactory 7.7.6 release is available only as a Cloud version.
Docker V1 Support
From Artifactory 7.7.6, Docker V1 is no longer supported for new Artifactory SaaS users but maintains backward compatibility of Docker V1 to support existing users.
Feature Enhancements
Performance Enhancements
Implemented a set of internal improvements that will have a direct impact on the overall user Cloud experience.
Artifactory 7.7.8
Released: 14 September, 2020
Resolved Issue
JIRA Issue | Description |
|---|---|
Fixed an issue whereby, concurrent uploads may result in a null pointer exception. |
Artifactory 7.6
Released: June 23, 2020
Artifactory 7.6 is Available as a Cloud Version
The Artifactory 7.6 release is available only as a Cloud version.
Highlights
Alpine Linux Repository Support
Artifactory now natively supports Alpine Linux packages, giving you full control of your deployment and resolution process of Alpine Linux (*.apk) packages.
You can create secure and private local Alpine Linux repositories with fine-grained access control. Remote Alpine Linux repositories proxy remote Alpine resources and cache downloaded apk packages to keep you independent of the network and the remote resource, and virtual Alpine Linux repositories give you a single URL through which to manage the resolution and deployment of all your apk packages. To learn more, see Alpine Linux Repositories.
To support the signing of Alpine Linux package types, Artifactory now supports creating and managing RSA Key Pairs. You upload the RSA Key Pair using the Create RSA Key Pair or directly in the web UI and manage the keys directly in the JFrog Platform. Once you have generated the RSA Keys, you can assign the key pair to the Alpine Repository in the Advanced tab of the Alpine Repository configuration. For more information, see RSA Key Pairs.
JFrog Xray support for scanning Alpine Linux packages will be added in the forthcoming release.
Multi-factor Authentication
For JFrog Platform Cloud (SaaS) users, you can now use an additional layer of security when logging into the JFrog Platform. Administrators can enable multi-factor authentication for all users, which will require users to provide a verification code from a third-party authentication application every time users log in.
Event-driven Webhooks
The new Webhooks feature enables you to send important events occurring in Artifactory. You have a number of events that you can select, such as Artifact Deployment or Build Deployment, and send these events to other applications that are configured by setting a URL.
These events are sent through the new Event Service, which distributes your events to the relevant URLs you set when creating your Webhooks.
Feature Enhancements
PostreSQL Version Support
All JFrog products (excluding Pipelines) now support PostgreSQL version 10.x.
PostgreSQL Version Bundling
All JFrog’s installers bundling PostgreSQL have been updated to use a newer PostgreSQL version 10.13.
Resolved Issues
| JIRA Issue | Description |
|---|---|
| RTFACT-22136 | Fixed an issue, whereby when performing concurrent requests to the Helm |
| RTFACT-21207 | Fixed an issue, whereby when Artifactory tried to read events on a remote event-based replication and the connection failed, a connection leak occurred. |
| Fixed an issue, whereby when trying to resolve remote server information against a non Artifactory instance, a connection leak might occur. | |
| Fixed an issue, whereby non-admin users with the manage permissions were unable to update permission targets created using the Artifactory REST API. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.6.1
Released: June 28, 2020
Feature Enhancements
Upgraded JDK Version in Artifactory
OpenJDK Runtime Environment bundled with Artifactory has been upgraded to build 11.0.7+10, which solves the “HIGH” CVSS from the previous version and is the latest JDK published.
Enhancements for Webhooks Events
Introduced a few fixes to Webhooks events, such as adding a build_started field to the Build events, additional fixes to Docker events, and improved payload data.
Metadata Service DB Upgraders
The DB schema required for Conan is now enhanced to work better with metadata and optimize the search speed in Artifactory. On upgrade, no downtime is required, however, this enhancement might impact the upgrade time, depending on the amount of artifacts, possibly temporarily increasing the DB load.
Resolved Issues
| JIRA Issue | Description |
|---|---|
| RTFACT-22136 | Fixed an issue, whereby when performing concurrent requests to the Helm |
| RTFACT-21207 | Fixed an issue, whereby when Artifactory tried to read events on a remote event-base replication and the connection failed, a connection leak occurred. |
| Fixed an issue, whereby when trying to resolve remote server information against a non Artifactory instance, a connection leak might occur. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.6.2
Released: July 6, 2020
Feature Enhancements
Improved Permissions Cache Invalidation
Improved the permissions cache invalidation mechanism by minimizing the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.
Resolved Issues
| JIRA Issue | Description |
|---|---|
| RTFACT-22590 | Fixed an issue whereby, indexing Conda packages did not work properly when deployed with a user that did not have delete permissions. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.6.3
Released: July 12, 2020
Resolved Issues
| JIRA Issue | Description |
|---|---|
| Fixed an issue whereby, when trying to upgrade to Artifactory 7.6.2, dependency errors occurred with CentOS and RedHat version 7.8. | |
| Fixed an issue whereby, in some cases, a connection leak occurred when working with an S3 binary provider, where connections were not released from the HTTP Connection pool of the S3 client. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.5
Released: May 19, 2020
Artifactory 7.5 is Available as a Cloud Version
The Artifactory 7.5 release is available only as a Cloud version.
Highlights
Artifactory Cloud with CDN Distribution
Artifactory Cloud Enterprise and Enterprise+ supports a fully integrated advanced CDN solution removing the need to deal with the complexity of setting up a separate external CDN Caching system. JFrog Artifactory Cloud with Amazon's CloudFront CDN solution allows you to manage, control, and distribute high volumes of software distribution across multiple locations.
The CDN solution provided in Artifactory Cloud supports distributing public content via Anonymous Access and Signed URLs, distributing private content using fine-grained permissions and Access Tokens, CNAME/SSL support, and setting IP Whitelisting and Geo Restrictions. To view the list of CDN features supported by the different JFrog subscription types, see Cloud Pricing.
From version 7.5, CDN Distribution is enabled by default for Artifactory Cloud Enterprise and Artifactory Cloud Enterprise+ users and all is that is required is to set CDN support on your repository level. For more information, see Get Started: Cloud.
Support for Signed URLs
Artifactory now supports using signed URLs. Users with administrator or manage permission can generate a signed URL that provides temporary shared access to a specific artifact, using the Create Signed URL REST API. Using the Replace Signed URL Key REST API, administrators can replace the key for signing and validating signed URLs, invalidating any signed URLs previously created. This feature is supported for Artifactory Cloud Enterprise and Enterprise+ users.
Xray Block Unscanned Artifacts Timeout Policy
This version includes the capability to define the timeout policy for unscanned artifact download requests. This means that when a block unscanned artifacts policy is configured in Xray, Artifactory will wait for the predefined time of the policy, to allow Xray to perform the required scan. This will prevent download request failures that require Xray scan on the artifacts.
In addition, to improve artifact download performance, Artifactory will now only request Xray scans results for repositories configured with block download policy.
Configurations are available here.
** Available with Artifactory version 7.5.x and Xray version 3.4.x.
Support for RHEL 8 AppStream
Artifactory now supports Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. An example of this new metadata includes the data type=modules metadata from repomd.xml. The Content in AppStream in RPM is available in one of two formats - the familiar RPM format and an extension to the RPM format called Modules.
As part of the AppStream support in Artifactory, you can:
- Proxy AppStream modules through a remote RPM repository.
- Host and serve AppStream modules according to profiles and streams through a local RPM repository.
- Serve local and remote content through a virtual repository.
For more information, see Deploying RPM Modules to Your Local Repository.
Feature Enhancements
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.54.
In this upgrade, the HTTP date headers issue that existed in Artifactory 7.3.2 and 7.4.0 (that were bundled with Tomcat 8.5.51) was fixed.
Generate Maven POM File from Internal Jar or a Default POM File REST API
You can now generate a Maven POM file using the Artifactory REST API. To use the POM within the artifact, you can deploy an existing POM, or generate a default POM. Previously available only through the UI, Deploying Maven Artifacts.
Resolved Issues
JIRA Issue | Description |
|---|---|
| Fixed an issue whereby, when authenticating a Docker or Conan Packages login with a username and API key of an LDAP user, Artifactory always checked against the LDAP service, even if it was in the cache period. | |
Fixed an issue whereby, when using HTTP SSO and the anonymous mode was enabled, non-cookie-cached requests resulted in a 401 error if an anonymous request was sent beforehand. | |
| Fixed an issue whereby, when event-based pull replication was enabled for a large number of repositories, the target server reached a thread pool exhaustion. | |
Fixed an issue whereby, in Docker repositories, pushing a container using several clients such as containers, did not work properly. | |
| RTFACT-20761 | Fixed an issue whereby, proxying and caching npm packages from GitHub Packages resulted in an error. |
Fixed an issue whereby, in several remote npm repositories, running an npm search that did not return any results and therefore these search requests did not close, caused a pool leak. | |
| RTFACT-20216 | Fixed an issue whereby, in some cases, in Conan smart remote repositories, the pull replication from a distant Artifactory instance did not pull packages from the source Artifactory instance. |
Fixed an issue whereby, in a Debian client, when using your own GPG keys, the initial GPG verification failed when resolving packages from a Debian virtual repository. | |
| Fixed an issue whereby, in a Debian local repository, when running recalculate index to create a Release metadata file, the Component property in the Release file was missing the text before the hyphen in the name of the component. Example: acpu-base appeared just as base. | |
| Fixed an issue whereby, when trying to resolve packages from a PyPI remote repository that is connected to a pypiserver, the download did not work due to a malformed download URL. | |
| RTFACT-20544 | Fixed an issue whereby, in CRAN remote repositories, downloading and deploying CRAN packages with versions that contained more than 4 octets (e.g. 0.9.800.1.0) failed. |
| RTFACT-21319 | Fixed an issue whereby, in CRAN virtual repositories, when trying to resolve packages, the updated packages were not available until the aggregated CRAN remote repository updated its' metadata. |
| Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.5.5
Released: 31 May, 2020
Resolved Issue
- Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters.
Artifactory 7.5.7
Released: 11 June, 2020
Feature Enhancements
Upgraded Tomcat Version
The Tomcat bundled with Artifactory has been upgraded to version 8.5.55.
Resolved Issues
JIRA Issue | Description |
|---|---|
Fixed an issue whereby, when using JFrog Distribution to distribute artifacts from one Artifactory instance to another, the source Artifactory ignored the proxy configuration and would not distribute through it. | |
Fixed an issue whereby, under certain circumstances, upgrading to version 7.5.x would fail because of a failing converter. |
Artifactory 7.4
Released: April 6, 2020
Artifactory 7.4 is Available as a Cloud Version
The Artifactory 7.4 release is available only as a Cloud version.
Highlights
Go Private GitHub Repositories Support
It is now possible to create a remote Go repository and proxy Go modules from GitHub private repositories.
Additional information on how to configure Artifactory and your Go client to work with GitHub private repositories can be found here.
Conda v2 Format
Artifactory now supports the Conda v2 metadata format. You can now use Conda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).
As part of this change, Artifactory now supports the .conda file extension to compress packages more effectively and the current_repodata.json file that makes packages search faster.
Create Admin Access Tokens from within the UI
Administrators can now generate admin-scoped access tokens, for any of the services in the JFrog Platform directly from the UI. This is available from the Administration module under Identity and Access | Access Tokens and click Generate Admin Token. Previously available only as a REST API.
Google Cloud Platform Binary Provider Native Client Support
This release introduces support for the Google Storage native client binary provider, providing improved security using unique private keys.
To opt-in and use the new Google Cloud Storage template, see here.
Feature Enhancements
Improved AQL Performance with MSSQL DB
Significant performance improvement for AQL queries when searching artifacts according to build name and number.
Docker Installation Includes Upgraded OpenJDK Version 11.0.6
The OpenJDK version that is bundled with the Artifactory Docker image was upgraded to OpenJDK 11.0.6.
Debian InRelease
Added support for Debian InRelease metadata files. Artifactory will now produce an InRelease metadata file in the repository when working with GPG signing. Downloading a Debian package from Artifactory will now be faster as the client will only download the InRelease file without downloading the Release and Release.gpg files that are heavier.
Resolved Issues
JIRA Issue | Description |
|---|---|
| RTFACT-19530 | Improved the performance for the Promote Docker Image API. |
| RTFACT-19381 | Fixed an issue in which the RPM group settings would not be returned when using the Get Repository Configuration API. |
| RTFACT-16370 | Fixed an issue in npm repositories in which downloading npm packages that contain “.json” (e.g. merge-package.json) as part of the package name would fail. |
| RTFACT-8966 | Fixed an issue in Ruby Gems repositories in which downloading packages (e.g. sidekiq-pro) from a remote repository that points to gems.contribsys.com would fail. |
| Fixed an issue in NuGet repositories in which virtual repositories indexes would include extra unnecessary pages that would slow packages installation in some cases. This will now improve performance for NuGet virtual repositories. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.4.1
Released: 14 April, 2020
Feature Enhancements
Reverted Tomcat Version to 8.5.41
The Tomcat version previously bundled in Artifactory 7.3.2 and 7.4.0 has been reverted back to Tomcat 8.5.41 due to an issue found in Tomcat version 8.5.51.
Just a bit of background, Tomcat was previously upgraded to version 8.5.51. Due to a known issue in Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more details here.
This applies only if you are using clients that make use of the "If-Modified-Since" request header in the request to Artifactory, therefore validate that dates are sent in GMT format (according to the HTTP spec mandates).
If your clients send dates in a timezone that is different than GMT format and you are using Artifactory 7.3.2, we recommend upgrading to this version.
An Artifactory version containing an upgraded Tomcat version will be released once making sure the aforementioned issue no longer affects Artifactory.
Setting SSL/TLS for the Artifactory Tomcat Connector via Artifactory system YAML File
You can now enable SSL/TLS for the Artifactory Tomcat connector directly in the Artifactory System YAML file. For more information, see Artifactory Operational Microservices.
Added Support for Docker Upgrades from Legacy Artifactory Versions
You can upgrade JFrog Artifactory using Docker from Artifactory version 6.x to 7.x or from 7.x to 7.x.
Issues Resolved
- Improved performance when running Interactive Installers.
- Fixed an issue whereby stopping a service using the
artifactoryctl stopcommand failed in the first attempt if thepidofcommand did not exist on the installed server.
Artifactory 7.4.3
Released Date: 27 April, 2020
Resolved Issues
JIRA Issue | Description |
|---|---|
| RTFACT-21835 | Fixed an issue, whereby upgrading from Artifactory 6.19.0 to 7.4.1 failed. |
Fixed an issue relevant to NuGet virtual repositories whereby, Artifactory only served the first 80 versions of a NuGet package containing more than 80 versions, while local and remote NuGet repositories returned all of the versions for the package. | |
| RTFACT-21846, RTFACT-21825 | Fixed a permission issue in Docker and NuGet repositories for virtual repositories that aggregated local and remote repositories. If a user had permissions only on a number of the aggregated repositories and tried to download a package from the virtual repository, he would receive an error Unauthorized error message. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.3
Released: 23 March, 2020
Artifactory 7.3 is Available as a Cloud Version
The Artifactory 7.3 release is available only as a Cloud version. Artifactory 7.3.2 applies to on-prem and contains all the resolved issues in Artifactory 7.3.0 and 7.3.1.
Highlights
PAT (Personal Access Token) Support for Remote Repository Authentication
In addition to the basic authentication, with username and password, Artifactory now supports remote repository authentication using Personal Access Tokens (PAT). The big advantage of using PATs is that you can strengthen your Artifactory security practices by using Access Tokens for authentication instead of using your primary credentials. For example, you can configure your remote Docker repository to point to GitHub and authenticate it by using a PAT. You can use PATs for any package type. For more information, see Remote Credentials.
LDAP Improvements
Artifactory now supports a new type of Active Directory "Nested Groups" search, enabling performance improvements when working with LDAP. This feature requires that Active Directory runs on Windows Server 2012 R2 version or later. There are no additional requirements for the Active Directory Windows Server side. For more information, see Support for Nested Groups.
Write-disabled Mode Supported for Shard Storage Requests
To enhance storage sharding, Artifactory now supports disabling write-requests to shards.
This is useful, for example, when migrating data from a shard that must be replaced. First, the feature is used to write-disable the shard and then the data is migrated to a new shard.
In addition, the feature still allows garbage collection to continue to clean the deleted binaries from the write-disabled shard.
To set the write-disable mode on a shard in Artifactory, see the Configuring State-Aware Binary Provider section.
Support for Matrix-params with Conan Repositories
Artifactory now supports matrix parameters for Conan repositories. As a result, the Build Info for Conan packages uploaded to Artifactory SaaS is now available.Feature Enhancements
Restricting System and Repository Imports
Artifactory allows admin users to import and export data at both the system level and the repository level. For more information, see the Importing and Exporting section.
Sometimes, however, it is advantageous to restrict imports to avoid causing undesirable results. With this new feature, the system and repository import options can be disabled, thereby preventing specific admin users in the enterprise from performing imports. For example, you can stop an admin from overriding the Release Bundles distributed to an Artifactory Edge, by preventing him from importing the initial Artifactory state. For more information, see Importing and Exporting.
Resolved Issues
JIRA Issue | Description |
|---|---|
| Fixed an issue where Artifactory did not start as a service on RedHat 7.7 and Centos 7.7 when upgrading Artifactory from versions earlier than 6.14.0. | |
Fixed an issue where Docker Image failed to start with Oracle DB because Artifactory's Docker entry point could not get the endpoint of the external Oracle DB. | |
RTFACT-14848 | Fixed an issue where, even if the user had Deploy Permissions for the default deployment repository in the virtual repository, Set Me Up would incorrectly issue the following warning message: |
RTFACT-21117 | Fixed an issue whereby in some cases of a load-balanced remote repository, where two nodes are out-of-sync, a conflict between the metadata of a file and the contents of the file might result. |
RTFACT-20905 | Fixed an issue where pulling an image from a smart remote Docker repository always causes it to pull the manifest.json file from the source Artifactory. This behavior would cause a failure if the Artifactory source instance was not reachable. |
RTFACT-18779 | Fixed an issue where, after a pull replication was executed from a Docker smart remote repository, which was pointing to a Docker remote repository that in turn was pointing to a Docker Hub, Artifactory was not able to serve the artifacts from the local cache when the Docker smart remote repository was set to offline mode. |
RTFACT-20127 | Fixed an issue where the latest npm package was always being determined by the publish date, regardless of the artifactory.npm.tag.tagLatestByPublish system property value. |
RTFACT-19364 | Artifactory now supports the new Maven XML tag attributes that were introduced with Maven 3.6.x. |
RTFACT-21189 | The Go remote GitHub repository can now resolve both incompatible and compatible Go Module v2+ project version formats. |
RTFACT-20160 | Fixed an issue where the checksum for a Go module that was directly resolved from GitHub differed from the checksum when the module was resolved from gocenter.io or proxy.golang.org. |
RTFACT-20460 | Fixed an issue where Debian packages that did not contain control files would cause metadata resolution to fail when the $ apt update command was invoked. |
RTFACT-18399 | Fixed an issue that resulted in Artifactory generating incorrect metadata for some CRAN package types. |
RTFACT-21088 | Fixed an issue whereby viewing Docker images stored in a remote-cache displayed a hash symbol instead of a tag. |
RTFACT-21170 | Fixed an issue whereby the port used for Artifactory authentication in Artifactory 7 (8082) differed to Artifactory 6.0 (8081) causing backward compatibility to fail. |
RTFACT-20988 | Fixed an issue whereby upgrading to Artifactory 7.x caused the internal Hostname to be set to Artifactory instead of being configured as the IP address of the Artifactory server. |
RTFACT-18414 | Fixed an issue whereby the SHA256SUMS file was not tracked as an IDK in Debian Remote repositories. |
RTFACT-21395 | Fixed an issue whereby PyPI redirections did not recognize the value of the |
RTFACT-21388 | Fixed an issue whereby users (that are not defined as admins) in any group defined as an Admin group could not generate Join Keys. |
| Fixed an issue whereby indexing Helm Charts failed during high concurrent indexing. | |
RPG-287 | Fixed an issue whereby, hijacked sessions caused a memory leak in the JFrog Router service. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.3.1
Released: March 23, 2020
Artifactory 7.3.1 is Available as a Cloud Version
The Artifactory 7.3.1 release is available only as a Cloud version. Artifactory 7.3.2 applies to on-prem and contains all the content from Artifactory 7.3.0 and 7.3.1.
Resolved Issues
| JIRA Issue | Description |
|---|---|
Fixed an issue whereby during an upgrade from Artifactory 6.x to Artifactory 7.x the admin password was reset. | |
| Fixed an issue whereby Artifactory could not pull artifacts from the Azure Container Registry. |
For a complete list of changes, please refer to our Jira Release Notes.
Artifactory 7.3.2
Released: 23 March, 2020
Tomcat Breaking Change
The Tomcat bundled with Artifactory has been upgraded to version 8.5.51 which introduces a change that might affect your Artifactory instance.
HTTP Date Headers
Due to a known issue in Tomcat 8.5.51, Artifactory may return HTTP date headers (Date, Last-Modified) in a timezone that is different than GMT. See more details here.
If you are using clients that make use of the "If-Modified-Since" request header in the request to Artifactory, you need to make sure that dates are sent in GMT format (as the HTTP spec mandates).
If the clients that you use send dates in GMT format, this change will not affect you.
Feature Enhancement
Upgraded Tomcat Version in JFrog Artifactory
The Tomcat bundled with Artifactory has been upgraded to version 8.5.51.
Issues Resolved
| JIRA Issue | Description |
|---|---|
Fixed an issue whereby under certain circumstances, authenticated users were able to:
| |
RTFACT-21509 | Fixed an issue whereby, selecting the Remember Me option in the Login screen to the Artifactory Cloud Web UI, would occasionally return an internal server 500 message if Artifactory was configured behind a reverse proxy using a small proxy buffer size. |
RTFACT-21539 | Fixed an issue whereby after upgrading Artifactory to 7.x, the Artifactory logs would not be sent to Sumo Logic in cases where the Sumo Logic integration was enabled. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.2
Released: February 23, 2020
Highlight
JFrog Container Registry 7.0
JFrog Container Registry 7.0 has been released as part of the Artifactory 7.2 release. The JFrog Container Registry is powered by JFrog Artifactory with a set of features that have been customised to serve the primary purpose of running Docker and Helm packages in a Container Registry. For more information, see JFrog Container Registry.
Resolved Issues
| JIRA Issue | Description |
|---|---|
Fixed an issue whereby a metadata server reindex operation resulted in a database connection leak. |
Artifactory 7.2.1
Released: 23 February, 2020
Resolved Issues
JIRA Issue | Description |
|---|---|
Fixed an issue whereby, when upgrading to Artifactory 7.x, an error was generated when trying to log in to the JFrog Platform using OAuth SSO provider authentication and your Artifactory was configured with a context path other than |
Artifactory 7.1
Released: February 17, 2020
Resolved Issues
- Fixed an issue, whereby S3 CloudFront redirections did not function correctly.
- Fixed an issue, whereby Maven snapshot were not indexed with snapshot versions in the metadata server.
- Fixed an issue, whereby the Virtual repository info tab was displayed incorrectly when sorting by package type.
- Fixed an issue, whereby builds were displayed incorrectly in the Build view when performing multiple promotion steps.
- Fixed an issue, whereby Conan packages were uploaded incorrectly to Artifactory.
Artifactory 7.0
Released: January 12, 2020
Deprecated Features
Artifactory 7.0 introduces several deprecated features. Learn More >
Also, read about the features that are currently out of scope and will be available in later releases. Learn More >
Breaking Changes
For a list of breaking changes in Artifactory and other services in the JFrog Platform, click here >
REST API Changes
For a list of REST API changes in Artifactory, click here >
Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/). Accessing Artifactory directly for REST API and downloads is still possible through port 8081. Learn More >
Highlights
JFrog Platform
Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:
- Universal package management with all major packaging formats, build tools, and CI servers.
- Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
- Radically simplified administration with all configurations in one place.
- Complete trust in your pipeline all the way from code to production.
- Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.
JFrog Platform New Functionalities
System Architecture
The new Artifactory architecture is more Cloud Native. The Artifactory application has been divided into several microservices. Learn More >
Artifactory system.yaml
This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. Learn More >
Installation and Upgrade
Artifactory 7.0 comes with a new installer, which affects the installation and upgrade procedures. The file structure has been improved and is now aligned across all JFrog products. Learn More >
Upgrade process changes
Update reverse proxy and load balancer
When upgrading your Artifactory HA installation from version 6.x to 7.x, make sure to adjust your reverse proxy settings and update your load balancer configuration to use the new JFrog Platform URL http://<hostname>:8081. Complete upgrade instructions here.
Unified User Interface
This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Learn More >
Unified Permission Model
This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >
Logging
All JFrog products now follow a standardized logging format and naming convention. Learn More >
Feature Enhancements
Packages page
While previously the Packages page provided information for Docker and npm packages, it is now extended to provide metadata for all package types in your system (excluding Git LFS and Generic repositories). Learn More >
Search Experience
The search experience has been enhanced to enable searching for all resource types, including packages, builds and artifacts from a single search bar. It now also includes advanced capabilities, such as keyword search, simplifying the search experience. Learn More >
Issues Resolved
JIRA Issue | Description |
|---|---|
RTFACT-17343 | When groups are imported from an LDAP server, groups names containing special characters are blocked and error messages are issued to alert the administrator. |
Fixed an issue where the | |
RTFACT-20888 | Fixed an issue where deploying an artifact using basic authentication, such as <username>:<API Key>, or an access token for authentication, would not send an email notification to users following the relevant repository. |
For a complete list of changes, please refer to our JIRA Release Notes.
Artifactory 7.0.1
Released: January 14, 2020
Issue Resolved
- Fixed an issue whereby the Download stats propagated incorrect information to the Metadata Service, resulting in incorrect data displayed in the UI.
Artifactory 7.0.2
Released: January 15, 2020
Issue Resolved
- Fixed an issue, whereby when performing SAML-based Single Sign-On to Artifactory, a URL with double slashes (‘//’) was returned causing the redirection requests to break.
Artifactory 7.0.3
Released: January 17, 2020
Issue Resolved
| JIRA Issue | Description |
|---|---|
Fixed an issue, whereby Filtered Resources (e.g. Maven's settings.xml) would return an incorrect encrypted password when authenticating with an access token or via the UI. |