Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Working with an older version? JFrog Artifactory 6.x | JFrog Xray 2.x | JFrog Mission Control 3.x | JFrog Distribution 1.x |


Skip to end of metadata
Go to start of metadata

Overview

This page presents release notes for JFrog Distribution describing the main fixes and enhancements made to each version as it is released.

If you need release notes for earlier versions of Distribution, please refer to the Release Notes in the Distribution 1.x User Guide.

Before You Get Started!

Be sure to read the Distribution 2.0 Release Notes carefully before installing or upgrading any version of Distribution 2.X version to learn about the new features and functionality Introduced in the JFrog Platform.

Download 

Click to download the latest Distribution version..

Installer Name Change!

From Distribution 2.0, the installer naming convention has been changed to include the installer type.
The following table lists the official installer names.

Installer TypeInstaller Syntax
Linux archivejfrog-distribution-<version>-linux.tar.gz
Composejfrog-distribution-<version>-compose.tar.gz
RPM/Debianjfrog-distribution-<version>.<rpm|deb>

Previous Versions

Previous versions of JFrog Distribution are available for download in the Previous Releases page.

Installation

For installation instructions please refer to Installing Distribution

To upgrade to this release from your current installation please refer to Upgrading Distribution.

Page Contents

Additional References

Distribution 2.12

Distribution 2.12.0

Released: February 28, 2022

Resolved Issues

  • Fixed an issue whereby, the path was omitted from the AQL query in the UI.
  • Fixed an issue whereby, customers were unable to create a release bundle based on the path pattern.
  • Fixed an issue whereby, some Distribution logs were being logged in an incorrect folder.
  • Fixed an issue whereby, an error was displayed for missing logs (that were not missing).
  • Fixed an issue whereby, in the release bundle view, the versions were not sorted correctly.
  • Fixed an issue in the GPG key propagation.

This release also contains resolved security vulnerability issues.

Distribution 2.12.1

Released March 7, 2022

Resolved Issues

Fixed an issue, whereby loading release bundles to the JFrog Platform UI resulted in infinite loading.

Distribution 2.12.2

Released April 24, 2022

Highlights

Updated the versions of the following third-party software:

  • PostgreSQL 42.2.25
  • Node.js16.13.2

Resolved Issues

This release includes a number of fixes to the Distribution UI in the JFrog Platform. 

Distribution 2.12.3

Released May 10, 2022

Resolved Issues

  • Fixed a UI issue whereby, in some cases, the user was not able to type text in the Release Bundle creation tab.
  • Fixed an issue that generated distribution errors related to upgrading to v.2.11.1.
  • Fixed an issue related to security issues in common dependencies.

This release also contains resolved security vulnerability issues.

Distribution 2.11

Distribution 2.11.0

Released: February 7, 2022 

Known Issue

Distribution 2.11.0 includes a critical issue causing a distribution process to fail when using older Artifactory versions. We recommend upgrading directly to 2.11.1.

Highlights

This version focused on improving performance and stability.

Resolved Issues

  1. The Maintenance API has been changed to be more secure; for more information, see Distribution REST API - MAINTENANCE.
  2. Improved the release bundle clean up process.
  3. Fixed an issue, whereby Webhooks were not triggered correctly.
  4. Improved Distribution service logs for better root cause analysis.
  5. Resolved a permission-related issue.
  6. Fixed an issue, whereby the Distribution status API was returning the wrong number of artifacts and bytes transferred.

This release also contains resolved security vulnerability issues.

Distribution 2.11.1

Released: February 9, 2022

Resolved Issues

Fixed a critical issue causing a distribution process to fail when using older Artifactory versions.

Distribution 2.10

Distribution 2.10.3

Released: November 1, 2021 

Highlights

New Hybrid Solution Provided through the Distribution Edges

Self-hosted customers who have an existing JFrog Distribution in place may sometimes require the option of adding additional JFrog Artifactory instances in the cloud. This hybrid setup is now supported through the JFrog Distribution Edges Add-on, a commercial offering for On-Prem customers to leverage JFrog SaaS for software distribution. This add-on enables On-Prem customers to add cloud-based Edge nodes managed by JFrog (software-as-a-service) and fully utilize them for content distribution. See Configuring Distribution Edges Using the Distribution Edges Add-on.

New Pairing Token UI and API

Added new UI in the JFrog Platform for a pairing token, which establishes trust between different JFrog microservices. The pairing token is an access token that is used for the initial pairing flow. Because the token is a limited access token, it is dedicated to a specific task and short-lived. Once trust is established, the services can continue using the standard token-based authentication for communication. Pairing tokens replace the join.key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not with in a JPD). See Generating Scoped and Pairing Tokens.

Resolved Issues

  1. Fixed an issue whereby the API Get all Versions of all Release Bundles returned an empty array of artifacts for every release bundle, and both Get all Versions of all Release Bundles and Get Release Bundle Versions failed to paginate properly because they always returned the full list.
  2. Fixed an issue whereby usernames longer than 64 (and up to 255) chars were not supported.
  3. Fixed an issue whereby Edge nodes were not visible if a user is referred to in multiple permission targets.
  4. Fixed an issue whereby a Mission Control connected to the remote JFrog Platform environment, was resolving the Artifactory URL improperly.
  5. Fixed a slowness issue in the release bundles list page. 
  6. Fixed the naming for Edge Webhook: the Artifactory Release Bundle domain has been renamed Destination to consolidate all under same Release Bundle domain.

Distribution 2.10.5

Released: December 7, 2021 

Distribution 2.10.5 is Available as an On-prem Version

Distribution 2.10.5 is available as an on-prem version.

Resolved Issues

  1. Fixed an issue where the deletion of a release bundle fails in cases when the target is using the new paring token configuration.
  2. Reduced the number of tokens used in the distribution flow.
  3. Updated the bundled Redis version to 6.2.6.
  4. Added additional logs to make it easier to troubleshoot.
  5. General fix: fixed some security issues that were detected.

Distribution 2.9

Released: August 4, 2021 

Feature Enhancements

Maven Shared Library Upgrade

Upgraded the Maven shared utils library to version 3.3.4 to fix some vulnerabilities issues related to the following:

Distribution 2.9.1

Released: August 8, 2021 

Distribution 2.9.1 is Available as a Cloud Version

Distribution 2.9.1 is Available as a Cloud Version

Resolved Issues

  1. Fixed an issue whereby, in some cases, conflicts in target paths for Docker layers were present upon Release Bundle creation.
  2. Fixed an issue whereby, the Distribution service was shutting down the Release Bundle distribution transaction in a non-optimal manner.

Distribution 2.9.2

Released: August 22, 2021 

Resolved Issues

This release contains resolved security vulnerability issues. 

Distribution 2.9.3

Released: September 30, 2021

Resolved Issues

  1. Fixed an issue whereby, a Distribution instance connected to the remote Mission Control while using a Circle of Trust for Token validation failed.
  2. Fixed issue whereby, a token generated using the UI, had fewer permissions in the Distribution process.

Distribution 2.8

This section describes all of the Distribution 2.8 releases.

Distribution 2.8.1

Released: June 30, 2021

Highlights

Dynamic Release Bundle

Introduced the capability to create, sign and distribute an ad-hoc Release Bundle dynamically through a single REST API request. For more information, see Creating a Dynamic Release Bundle.

Multiple GPG keys for Signing Release Bundles

Distribution now supports signing Release Bundles using multiple GPG keys and not one key pair for all Release Bundles. This enables you to use different keys according to your organizational requirements, such as keys used in different departments. For more information, see Multiple GPG Signing Keys

Target Repository Auto-Creation

Automatically create repositories on the target edges if no repositories exist when distributing Release Bundles. For more information, see Target Repository Auto-Creation

Feature Enhancements

Distribution Service

To introduce efficiencies within the JFrog Platform, the services that were previously under the Distributor service has been moved under the Distribution service. This does not affect the Distribution's functionality. 

Live Logs Enhancement

Added a new distribution-service log to the System Logs Viewer.

Distribution 2.8.2 

Released: July 12, 2021 

Resolved Issues

  1. Fixed an issue regarding the Distribution Support Bundle creation in Distribution version 2.8.1.

Distribution 2.7

This section describes all of the Distribution 2.7 releases.

Distribution 2.7.1 

Released: March 31, 2021

Highlights

HashiCorp Vault Integration with the JFrog Platform

The Jfrog Platform integration with HashiCorp Vault enables you to configure an external vault connection to use as a centralized secret management tool. Using vault allows you to store signing keys as secrets and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, see HashiCorp Vault Integration with the JFrog Platform.

Resolved Issues

  1.  Fixed an issue whereby, in some cases, Release Bundles were stuck and blocking distribution.

Distribution 2.6

Released: January 13, 2021

Highlights

Webhooks for Distribution

You can now use event-driven Webhooks to send important events occurring in Distribution. You have a number of events that you can choose from, such as Release Bundle status changes, Release Bundle distribution status changes, and Release Bundle deletion from Edge nodes. 

These events are sent to other applications by setting a URL. To learn more, see Webhooks.

Distribution 2.6.1

Released: February 25, 2021

Resolved Issue

  1. Fixed an issue whereby, when creating a Release Bundle, the Docker manifest resolver, in some cases, duplicated artifacts causing a conflict. 

Distribution 2.5

Released: 29 September, 2020

Highlights

Distributing Release Bundles in an Air Gap Environment

JFrog Distribution supports distributing your Release Bundles to remote Artifactory nodes within an Air Gap self-hosted environment. This use case is mainly intended for organizations such as financial institutions and military installations that have two or more Artifactory instances that have no network connection between them. To distribute the Release Bundles in an Air Gap environment, you need to export the Release Bundle on the Source Artifactory either directly from the WebUI or using REST API. For more information, see Distributing Release Bundles in an Air Gap Environment.

Distribution 2.5.1

Released: 5 October, 2020

Resolved Issue

  • JFrog Distribution now externalizes the configuration parameter allowing users to set the required time interval for Xray to complete the Release Bundle scanning process.

Distribution 2.5.2

Released: 11 November, 2020

Highlights

Release Bundle Release Notes

You can now add and distribute Release Notes with a Release Bundle.

PostgreSQL Version Support

Distribution now supports PostgreSQL version 12.3.

Resolved Issue

  1. Fixed an issue whereby, the timezone differed between the request.log and distribution-service.log.

Distribution 2.5.3

Released: 8 December, 2020

Resolved Issue

  1. Fixed an issue, whereby a proxy configuration from Artifactory cannot be used in distribution due to an expired token.

Distribution 2.5.4

Released: 29 December, 2020

Resolved Issue

  1. Fixed an issue, whereby a proxy configuration from Artifactory cannot be used in distribution due to an expired token.
  2. Fixed an issue, whereby a Release Bundle version added properties that might override existing artifact properties.
  3. Fixed an issue, whereby using multiple AQL queries in a single Release Bundle version may cause the Release Bundle creation to fail due to token expiration.
  4. Fixed an issue whereby, in some cases, Distribution may remain in an in-progress state due to a failed close transaction flow.

Distribution 2.4

Released: July 5, 2020

Highlights

Hybrid Distribution

JFrog SaaS supports Hybrid Distribution allowing you to distribute your Release Bundles from Artifactory Cloud to multiple Cloud and On-Prem Edge nodes within the same organisation. Hybrid Cloud promotes scalability and flexibility allowing you to distribute sensitive and highly regulated and mission critical Release Bundles to Artifactory On-Prem edges while using the Artifactory Cloud for mainstream public distributions and thereby gaining significant cost savings. For more information, see Hybrid Distribution.

Added Manual Linux Archive Installation

You can now install JFrog Distribution using a Linux Archive installer in addition to the existing options giving more control over how to set up your environment. For more information, see Manual Linux Archive Installation.

Feature Enhancements

Automated GPG Public Key Propagation to Edge Nodes

The automatic propagation of signed public GPG Keys to the Artifactory source and edge nodes is now an integral part of the upload process of the GPG keys to Distribution. To support this, the Upload and Propagate GPG Signing Keys for Distribution REST API has been introduced and replaces the Upload GPG Signing Key for Distribution REST API command that is now deprecated from version Distribution version 2.4. For more information, see GPG Signing.

Export/Import Release Bundle Metadata to Support One To One Pairing

To support the Artifactory to Distribution One to One paring ratio in the JFrog Platform, you can now migrate Release Bundle metadata of the relevant Artifactory Instance to the correlating Distribution Service. For more information, see Distribution and Artifactory One to One Pairing.

Distribution to the source Artifactory without Proxy

The requirement to Distribute to the source Artifactory via a proxy has been removed.

Distribution Load Balancing Mechanism Improvements 

Improved the load balancing mechanism in High Availability environments.

PostgreSQL Version Support

Distribution is now certified to run with PostgreSQL versions 10.X, 11.X, and 12.X. Note that, all JFrog’s installers bundling PostgreSQL have been updated to use a newer PostgreSQL version 10.13.

Resolved Issues
  1. Fixed an issue whereby you could not distribute Release Bundles from Artifactory version 7.x to Artifactory Edge 6.x edge nodes.
  2. When creating a Release Bundle, exclude Release Bundle repositories from the source.

Distribution 2.4.1

Released: 26 July 2020

Feature Enhancements

Distribution to Artifactory Edge nodes behind a proxy is now supported.

Distribution 2.3

Released: May 27, 2020

Feature Enhancements

Retrieve the Latest Version of a Release Bundle REST API 

You can now retrieve the Last Release Bundle Version through the Rest API which enables you to distribute the latest version of the Release Bundle to your dedicated Edge nodes. 

Improved Release Bundle Distribution Auditiblity and Tracking

A new set of parameters have been added to the Release Bundle APIs providing you with more audibility into the Distribution process:

  • The  created_by and distributed_by parameters provide information on who created and distributed the Release Bundles.

  • The start_time, finish_time and duration parameters provide information on the Distribution timeline of the Release Bundle.
Get Public GPG Key REST API 

The Artifactory Edge Node verifies the Release Bundle signature with a public GPG key. You can now view the assigned public GPG Key by running the Get Public Key REST API command.

Distributing Release Bundle UI Improvements 

Improved the Release Bundle Distribution management experience in the UI while providing you with the option to delete Release Bundles either from the JFrog Distribution server or from the JFrog Edge nodes.

Resolved Issues

  1. Fixed an issue whereby multiple Distribution nodes for one Edge Node were not performing well by introducing an algorithm for improving distribution scalability. 
  2. Fixed an issue whereby Distribution was not supporting distributing Release Bundles containing artifacts using Unicode characters in the artifact name.
  3. Fixed an issue whereby the Release Bundle “In-Progress” status was generated for all distribution issues. This general state has been replaced with specific states to accommodate different distribution issues.

Distribution 2.2

Released: February 23, 2020

Resolved Issues

  1. Fixed an issue where Distribution did not recover when the Mission Control token was not valid or if the Mission Control service was not running when Distribution started.

  2. Fixed an issue which caused confusion in the use of the Create Release Bundle Version REST API. From this release, the default of the dry_run parameter is now FALSE, so that by default, executing the REST API creates the release bundle object. 

    Action Required!

    Previously triggering this API with the default value=True, resulted in running a dry run only. Note that this new default will execute the action.

Distribution 2.0

Released: January 12, 2020

Deprecated Features
Distribution 2.0 introduces several deprecated features. Learn More > 
Also read about the features that are currently out of scope and will be available soon, in forthcoming release. Learn More >

Breaking Changes
For a list of breaking changes in Distribution and other services in the JFrog Platform, click here >

REST API Changes
For a list of REST API changes in Distribution, click here >

Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/). Accessing Xray directly for REST API and downloads is still possible through port 8081. Learn More >

Highlights

JFrog Platform

Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:

  • Universal package management with all major packaging formats, build tools, and CI servers.
  • Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
  • Radically simplified administration with all configurations in one place.
  • Complete trust in your pipeline all the way from code to production.
  • Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.

Get Started with the JFrog Platform >>

JFrog Platform New Functionalities

System Architecture

The new Distribution architecture has been updated to align with all JFrog products in the Platform. Learn More >

Distribution system.yaml

This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. Learn More >

Installation and Upgrade

Distribution 2.0 comes with a new installer, which affects the installation and upgrade procedures. The file structure has been improved and is now aligned across all JFrog products. Learn More >

Distribution must be connected only to a single Artifactory instance. If you have a single Distribution instance connected to multiple Artifactory instances, the upgrade to the JFrog Platform requires mapping a source Artifactory to a single Distribution service. If you are creating and distributing release bundles from multiple source Artifactory instances, you now need to deploy a Distribution service in every JPD that contains these source Artifactory instances. You would then register multiple Distribution services to one Mission Control.

Unified User Interface

This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Learn More >

Unified Permission Model

This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >

Logging

All JFrog products now follow a standardized logging format and naming convention. Learn More >

Feature Enhancements

Xray Integration

Release Bundles can now be scanned for security and compliance issues with JFrog Xray. This means you can now define security and compliance policies for your organization, on the release bundles, to ensure your distributable content is protected and meets your standards. Learn More >

Package View Including Distribution Data

This version includes a Package Viewer, providing a 360 view of your packages from all your available JFrog services, including JFrog Distribution. With this, you can understand which packages are included in release bundles and have been distributed to various Artifactory Edge devices. Learn More >

Copyright © 2022 JFrog Ltd.