Known Issues

Artifactory could not install modules and providers from https://registry.terraform.io/  since Terraform Registry changed the CDN Providers on Jan 18th, 2023. This update  changes the responses to the HEAD requests sent by the Artifactory remote repository to the Terraform Registry from 200 (Success) to 405 (Method not allowed) error.

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49  has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

Any changes made to the security configurations UI will override the custom configurations defined in the Access YAML Configuration.

Customers with an Enterprise+ subscription  that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations WebUI.

RTFACT-29273

Workaround:

After the upgrade, place the parameter artifactory.repo.config.db.query.batch.size = 100 in artifactory.system.properties and start Artifactory.

Workaround:

Clear the browser cache and refresh the JFrog UI before attempting to login. If that does not work, disable Google Multi-Factor Authentication by removing the parameter - "google" from the access.config.latest.yml file.

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49  has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

Any changes made to the security configurations Web will override the custom configurations defined in the Access YAML Configuration.

Customers with an Enterprise+ subscription  that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations WebUI.

RTFACT-29235

Workaround:

You can add the user to the permission target with the Create or Replace Permission Target REST API.

Workaround: 

Create a branch with the name ‘master’ and make it default. The initialize should work after that.

Enabling anonymous access can cause Artifactory operate in unhealthy mode, meaning that the WebUI continuously displays the message "JFrog Platform will be available shortly".

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49  has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

Any changes made to the security configurations UI will override the custom configurations defined in the Access YAML Configuration.

Customers with an Enterprise+ subscription  that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations UI.

The default expiration of Access Tokens created by the deprecated Artifactory Create Token REST API (/api/security/token) was increased from 1 hour to 1 year.  As a result, newly created Access tokens become revocable tokens and do not support cross-instance authentication through a "Circle of Trust".

RTFACT-29203

RTFACT-29193

RTDEV-28125

RTDEV-27713

RTFACT-27352

RTFACT-27341

RTDEV-26051

The Proxy field in the remote/federated repositories settings that was actively set by users as empty with the intention that the proxy be disabled, is now automatically populated with the default proxy.

When using Artifactory 7.41.4 & 7.41.6, when the Xray version is upgraded to 3.55.2, the Xray tabs in the UI will disappear. However, Xray functionality continues to work as expected.

META-1405

 Artifactory fails to start due to a failed MDS migration on MSSQL.

RTDEV-26051

The Proxy field in the remote/federated repositories settings that was actively set by users as empty with the intention that the proxy be disabled, is now automatically populated with the default proxy.

When using Artifactory 7.41.4 & 7.41.6, when the Xray version is upgraded to 3.55.2, the Xray tabs in the UI will disappear. However, Xray functionality continues to work as expected.

This issue affects Artifactory 7.41.2 and 7.41.6 (inclusive) when using Xray 3.55.0 and above. This issue was resolved in Artifactory 7.41.7. 

RTFACT-27371

NPM virtual repositories cannot find specific URLs.

RTFACT-27288

Artifacts deployed to repository via distribution of release bundle do not create Xray Index Events.

JA-3455

Artifactory fails to verify Reference tokens federated by Access Federation, while other endpoints like Router/Access are able to verify the same token.

RTFACT-29232

Artifactory upgrade to version 7.49.5 which is integrated with MSSQL and has multiple repositories (~200 and above), might fail due to MSSQL hard-coded limitation of 2100 parameters per query.

Possible Workaround:

Add the following property to the artifactory.system.properties file and restart Artifactory: artifactory.repo.config.db.query.batch.size = 100.

Distribution and PDN Server appear to be up although they are not.

JA-3299

Reference token expires earlier than expected.

RTFACT-27077

When a local repository is converted to a federated repository, all property sets are dropped.

RTFACT-27079

RTFACT-27253

RTFACT-27118

Artifactory Returns 404 Instead of 403 for blocked artifacts from NPM Virtual Repositories.

RTFACT-27078

Users can set the maxUniqueSnapshots value on npm repos, causing artifacts to be deleted unexpectedly in certain cases.

The CLI build scan command often does not match the severity of the UI Xray data.

Related to Xray 3.44.3

RTFACT-26980

RTFACT-26951

Artifactory Cold Storage does not handle Docker images properly.

RTFACT-26880

For Self-Hosted Enterprise + users running an on-prem installation: When restarting Artifactory while using MySQL, Oracle, or MSSQL, if the Mission Control microservice is enabled, an SQL error occurs and Artifactory fails to restart.

RTFACT-26884

RTFACT-26798

RTFACT-26854

Workaround: 

Add the system property below to $JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties file and restart Artifactory for changes to take effect:

 artifactory.nuget.v2.search.page.size=1000 

RTFACT-26710

Artifactory will fail to start up after upgrade if the system property allowExternalConversionScripts is set to true and there is no External Conversion script provided.

artifactory.sql.converter.allowExternalConversionScripts=true 

Workaround:

Remove the system property  allowExternalConversionScripts or set it to false:

artifactory.sql.converter.allowExternalConversionScripts=false

When clicking edit profile user gets a
"You are not authorized to view this page" error.

When using the Build UI and going to the dependencies, the ability to Diff with a previous build is disabled. The same is true for the Diff tab in the Build UI.

RTFACT-26591

RTFACT-26448

Triggering Replication will delete all the other artifacts in the repository and replicate the artifacts only mentioned in the path prefix.

Workaround:
Disable 'Sync Delete'.

RTFACT-26500

We recommend disabling the "Delete From Archive" option in any Archive Policy for any version before 7.27.10. 

RTFACT-26398

The solution for the issue is controlled by this property:  enforce.permission.check.on.identical.checksum.deploy=true.

RTFACT-26348

Access Tokens work to authorize Vagrant access, so instead of grabbing the token from the endpoint /api/vagrant/auth, create it in the UI and use it.

https://jfrog.com/knowledge-base/how-to-generate-an-access-token-video/

Workaround:

For non-admin users that have references in multiple permission targets, make sure to have only one permission target where the user is referred.

RTFACT-26363

The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time.

Related to Mission Control 4.7.11 & Distribution 2.9.2

Suggested Workaround:

Increase the Incomplete Release Bundles Cleanup Period

RTFACT-26263

Suggested Workaround:

Download version 7.19 and take the relevant .jars from that version to the upgraded Artifactory. Replace the files in the following location: 
/opt/jfrog/artifactory/app/artifactory/tomcat/lib

Workaround:

PowerShell users are advised to disable this feature until it addressed. To disable it, update artifactory.system.properties or the JVM parameter with:

artifactory.redirect.native.browser.requests.to.ui=false

RTFACT-26518

Workaround:

Input the URL without the ending "/" while adding repository as a member

Re-indexing a path on the metadata server will cause a connection leak and eventually a starvation of connections of the database connection pool, due to a query with a lazy AQL query with an unclosed result set.

Artifact search performance issue due to case-insensitivity.

From Artifactory 7.0.0, the "artifact search" via UI/API is case-insensitive by default.

Workaround:

The case-insensitive search can be disabled by applying the following property:

artifactory.ui.search.artifacts.caseInsensitive=false

The indexer is stuck because the http response is not closed after isValidDocker returns an error.

Xray has stopped supporting Access Tokens generated with /api/security/token.

UI does not send repo name for builds

When using Artifactory 7.41.4 & 7.41.6, when the Xray version is upgraded to 3.55.2, the Xray tabs in the UI will disappear. However, Xray functionality continues to work as expected.

XRAY-11685

When there are two violations are on the same vulnerability - only one should be highlighted when the right-pane is open.

XRAY-11687

The Xray tab is not accessible for artifacts.

XRAY-11600

The Xray data tab crashes on Go artifacts.

XRAY-11445

Disabling the Contextual Analysis on a Docker repository causes the enabling switch to disappear from the UI and HTTP 500 errors.

XRAY-11701

In the Violations tab, sometimes when a policy is deleted, an error occurs and the violations related to the policy remain.

XRAY-11565

The CLI build scan command often does not match the severity of the UI Xray data.

Related to Artifactory 7.35.2

After upgrading from 3.26.2 to 3.41.7, Xray goes down periodically.

Workaround:

The issue appears to be caused by a cleanup job. Disabling the cleanup job should stop this issue.

JIRA integration - for the basic auth integration, when mandatory keys are missing in the payload, the response should mention which exact keys are missing.

JIRA integration - for the oauth1 auth integration, when mandatory keys are missing in the payload, the response should mention which exact keys are missing. 

JIRA integration - for the oauth2 auth integration, when mandatory keys are missing in the payload, the response should mention which exact keys are missing. 

JIRA integration - the validation of the auth type during creation and update is missing, which means that the user can create an integration with any authType.

JIRA integration - the status code when trying to delete a non-existent integration is shown as 200 instead of 404.

JIRA integration - the status code when trying to get the issue types with an invalid integration name and ticketing project is 500 instead of 404 (when specifying which parameter is wrong).

JIRA integration - the status code when trying to get all Jira projects with an invalid integration name is 500 instead of 404.

Unable to display distribution targets on UI - missing Mission Control backwards compatibility.

Related to Artifactory 7.25.6 & Mission Control 4.7.3

Workaround:

You will need to upgrade Mission Control, preferably to 4.7.16, since 4.7.3 does not return the base URL, so that Distribution sets a null in place of it.

The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time.

Related to Artifactory 7.25.6 & Mission Control 4.7.11 

Suggested Workaround:

Increase the Incomplete Release Bundles Cleanup Period

RTFACT-26382

The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time.

Related to Artifactory 7.25.6 & Distribution 2.9.2

Suggested Workaround:

Increase the Incomplete Release Bundles Cleanup Period

Unable to display distribution targets on UI - missing MC backwards compatibility.

Related to Artifactory 7.25.6 & Distribution 2.9.3 (upgrade from 2.7.2 and 2.9.2)

Workaround:

To prevent this type of race condition, remove the pipelines from the project that is not relevant - whether the pipelines is the default or Insight.

Adding event data for steps on an upgrade reqsealer can result in an crash in a scenario where the upgrade happens after the step was kicked off but before it is logged as an event.

RTFACT-27016

In some cases, during a simultaneous distribution of Release Bundle versions that have artifacts with similar parent paths (BulkCopyOnMove mechanism), the distribution may fail silently (i.e., the Release Bundle version distribution will be marked as completed successfully despite the fact that the artifacts are not displayed in the target).

RTFACT-19990

Websockets do not work with Artifactory's nginx configuration. You may want to use ingresses when using Pipelines as a workaround.

When setting multiple replications per repository in the UI, there is no way to set a dedicated cron expression for each replication. Only a single one in the main screen.

VCS Remote to Azure-hosted Repositories is not supported in Artifactory.

RTFACT-26770

A thread leak in the access-go-client causes an error. From Artifactory 7.38.7 also affects Xray.

Many grpc calls are being blocked because of a platform performance issue: in these cases there are many threads waiting for a cache to be initialized in permissions.

Suggested Workaround:

If you are not using Projects, you can change the parameter
artifactory.access.client.projects.config.ignored=true.

RTFACT-25553

Edge Webhook - Artifactory Release Bundle Domain should be Release Bundle. The Artifactory Release Bundle domain has been renamed Destination to consolidate all under same Release Bundle domain.

Artifactory 7.18.0

Distribution 2.10.5

Slowness issue in the release bundles list page.

Added database indexes to support AQL queries for Postgres - performed internal changes to the database indexing mechanism to improve the AQL Query Performance for Postgres.

RTFACT-25637

RTFACT-22649

Artifactory failure on redeployment with MySQL Art database for customers who do not have Mission Control Pro or Enterprise subscriptions.