Overview
The following document lists the set of known issues in the JFrog Platform, including the version in which they were discovered, and the version in which they were fixed (if relevant). For JFrog Artifactory issues, click the issue ID for the details in JIRA.
Known issues are based on the following criteria:
- Severity 1 critical issues
- Breaking changes for upgrades
- Issues that have caused downtime and restarts
How do Known Issues Affect Your System?
In this document, you will find the issues that met the criteria above and that were detected in a released version (only). When considering an upgrade to your system, we recommend that you review the Known Issues below (including the database schema issues that follow) to help you determine which is the right upgrade for your system.
Affected Version
For each product below, you will find the version in which a know issue (or issues) was detected in. To check whether a released version has a known issue detected in it, look for the version number.
Artifactory Known Issues
Detected Version
To check whether a released version has a known issue detected in it, look for the version number.
Artifactory 7.38.8
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Distribution and PDN Server appear to be up although they are not. |
Artifactory 7.37.14
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
When a local repository is converted to a federated repository, all property sets are dropped. | |||
| Cannot apply properties where the value contains an emoji on MySQL instances. | |||
| ECDSA keys stop working upon an Artifactory restart. |
Artifactory 7.35.4
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Users can set the |
Artifactory 7.35.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
The CLI build scan command often does not match the severity of the UI Xray data. Related to Xray 3.44.3 |
Artifactory 7.35.1
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Artifactory Cold Storage does not handle Docker images properly. | |||
Unable to create a release bundle from artifacts in a Project-assigned repository. Related to Distribution 2.12.0 | 7.37.12 | ||
For Self-Hosted Enterprise + users running an on-prem installation: When restarting Artifactory while using MySQL, Oracle, or MSSQL, if the Mission Control microservice is enabled, an SQL error occurs and Artifactory fails to restart. | 7.35.2 | ||
| When customer tries to access the simple index of a smart remote pypi repo, they get a 404 response instead of getting the simple index of the upstream repository. |
Artifactory 7.33.9
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
The uniqueNugetDeploy user plugin does not work in Artifactory version 7.x. |
Artifactory 7.33.6
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Project admins are not able to create remote repositories in Artifactory. |
Artifactory 7.31.10 & 7.33.6
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Conan authentication fails after updating group in UI. | 7.36.8, 7.37.13, 7.38.x |
Artifactory 7.31.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Using a DevExpress NuGet feed as a remote repository in Artifactory can result in a memory leak. The installation of NuGet packages from this remote repository may fail due to timeouts. | Workaround: Add the system property below to $JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties file and restart Artifactory for changes to take effect: artifactory.nuget.v2.search.page.size=1000 | ||
Artifactory will fail to start up after upgrade if the system property artifactory.sql.converter.allowExternalConversionScripts=true | 7.31.11 | Workaround: Remove the system property artifactory.sql.converter.allowExternalConversionScripts=false |
Artifactory 7.29.7
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Unable to perform authentication to SaaS instance using user/password method |
Artifactory 7.29.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Attempting to resolve a NuGet package with PowerShellGet causes an NPE | 7.31.10 |
Artifactory 7.28.4
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
When clicking edit profile user gets a | 7.28.8 |
Artifactory 7.27.10
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
When using the Build UI and going to the dependencies, the ability to Diff with a previous build is disabled. The same is true for the Diff tab in the Build UI. | 7.29.0, 7.30.0 |
Artifactory 7.27.6
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| The 'Sync Delete' feature does not process the path prefix of the replication configuration. | 7.27.9, 7.28.1 | Triggering Replication will delete all the other artifacts in the repository and replicate the artifacts only mentioned in the path prefix. Workaround: Disable 'Sync Delete'. | |
| A case-insensitive download for a NuGet local repository did not work after restart. | 7.31.10 | ||
| Federation does not work in a simple setup where Artifactory is configured without any reverse proxy or LB. | 7.27.9, 7.28.1, 7.29.3 |
Artifactory 7.27.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| The "Delete From Archive" toggle on an Archive Policy may cause artifacts in the Cold Storage instance to get deleted prematurely. | 7.27.10 | We recommend disabling the "Delete From Archive" option in any Archive Policy for any version before 7.27.10. | |
| Federation does not work in a simple setup where Artifactory is configured without any reverse proxy or LB. | 7.27.9, 7.28.1, 7.29.3 |
Artifactory 7.26.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Artifactory fails to start due to a circular reference of systemRepoFactory. | 7.26.1 |
Artifactory 7.25.7
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Vagrant returns a 401 message when trying to add boxes from a restricted repository. | Access Tokens work to authorize Vagrant access, so instead of grabbing the token from the endpoint https://jfrog.com/knowledge-base/how-to-generate-an-access-token-video/ | ||
| RTFACT-26382 | Edge nodes are not visible if a user has multiple permission targets associated with them. | Workaround: For the non-admin users that have references in multiple permission targets, make sure to have only one permission target where the user is referred. |
Artifactory 7.25.6
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time. Related to Mission Control 4.7.11 & Distribution 2.9.2 | Possible workaround: Increase the Incomplete Release Bundles Cleanup Period |
Artifactory 7.24.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-26250 | The link to the HTTP-SSO does not work after the upgrade and generates an error message. | 7.24.6 |
Artifactory 7.22.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Artifactory auto recovery after the connection to standalone, i.e., a single database server is lost and then reestablished. | 7.36.1 |
Artifactory 7.21.7
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-26177 | Upgrading from Artifactory 6.x to 7.x creates a startup issue "Unknown HK2 failure detected". | 7.27.3 | Suggested Workaround: Download version 7.19 and take the relevant .jars from that version to the upgraded Artifactory. Replace the files in the following location: |
Artifactory 7.21.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-26216 | The "Native Browser Redirect" feature prevents Windows PowerShell (Invoke-WebRequest command) from downloading a file. | Workaround: PowerShell users are advised to disable this feature until it addressed. To disable it, update artifactory.redirect.native.browser.requests.to.ui=false | |
| Updating users via REST API affects user tokens for Conan requests. | 7.35.x |
Artifactory 7.21.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| The application could not be initialized: Pull replication for repo php-flex-remote requires non-anonymous authentication to the remote repository. | 7.21.3 |
Artifactory 7.19.8
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-26046 | In Federated Repository, if the URL ends with a "/" when configuring Federated Repositories, this results in a GetVersion warning and pauses the queue. | Workaround: Input the URL without the ending "/" while adding repository as a member |
Artifactory 7.17 to 7.27
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| The Artifacts browser general tab appears as blank | 7.29.7 |
Artifactory 7.9.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| The Conan repositories created in the Free Trial are broken in version 7.9.0: Free Trial instances do not support Conan repositories; therefore, it is not possible to configure users using Conan repositories. | 7.10.5 |
Artifactory 7.8.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| System messages do not work in the UI. | 7.9.0 |
Artifactory 7.8.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Artifactory 7.8.0 does not start up after upgrading from Artifactory 6.21.0. | 7.8.1 |
Artifactory 7.7.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-23368 | When an Azure guest user tries to log in to Artifactory, they are not able to log in successfully. | 7.10.1 |
Artifactory 7.6.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Unable to run Singleton type tasks, such as garbage collection. Singleton type tasks are marked with markers to decide if they can run and stop other tasks from running. | 7.7.0 |
Artifactory 7.6.1
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
PostgreSQL driver should not be bundled in WARs but under tomcat/lib (the Postgres driver is being added twice in Docker containers: both as part of the Artifactory war (artifactory-online-war) and copied during the Docker build (artifactory-pro-docker)). | 7.7.0 |
Artifactory 7.6.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Artifactory fails to start in Azure SAAS due to "FileNotFoundException: /home/artifactory/.postgresql/root.crt". Consistently affects both AOL and JCR editions in SAAS. This issue occurs when we perform a redeploy of a SaaS customer with a new version, and occurs only on Azure staging environments (as opposed to other cloud providers). | 7.6.1 |
Artifactory 7.5.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Artifactory failed to start after redeployment. | 7.6.1 |
Artifactory 7.2.1
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| MDS migration causes the distributed_locks table to bloat during a 6.x to 7.x upgrade. | 7.24.0 | ||
| RTFACT-21580 | Using join key twice (in file and system.yaml) causes startup failures | 7.11.1 |
Artifactory 7.0.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-7850 | Setting the default system proxy also changes the existing remote repositories definition. | 7.27.0 | |
| RTFACT-21287 | Re-indexing a path on the metadata server will cause a connection leak and eventually a starvation of connections of the database connection pool, due to a query with a lazy AQL query with an unclosed result set. | 7.2.0 | |
Artifact search performance issue due to case-insensitivity. | From Artifactory 7.0.0, the "artifact search" via UI/API is case-insensitive by default. Workaround: The case-insensitive search can be disabled by applying the following property:
|
Artifactory 6.23.16
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| Because the addition of the "Allow Content browsing" in feature allowed stored XSS and phishing, an addition was made to version 6.23.16 to remove this potential security issue. However, this addition can lead to problems with accessing resources like XML, HTML due to the new CSP header "Content-Security-Policy: sandbox". | 7.17.2 |
Artifactory 6.20.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-22591 | When trying to pull Docker images through mcr.microsoft, the proxy mcr.microsoft no longer works. This is probably due to an upgrade with the HTTP client. | 7.6.4, 6.21.0 |
Artifactory 6.19.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-21838 | Nuget local repository may return an incorrect version when IsLatestVersion=true. | 7.5.0, 6.20.0, 6.19.1 |
Xray Known Issues
Detected Version
To check whether a released version has a known issue detected in it, look for the version number.
Xray 3.44.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
The CLI build scan command often does not match the severity of the UI Xray data. Related to Artifactory 7.35.2 |
Xray 3.44.2 and Below
| Description | Fix Version | Additional Information |
|---|---|---|
| Due to a breaking change in the npm registry, for all Xray versions from 3.44.2 and below, Xray fails to perform an npm audit. | 3.43.4 | Workaround: Disable the feature by setting the following Artifactory system property ( $ARTIFACTORY_HOME/etc/artifactory.system.properties) to a high value, for example:artifactory.npm.minimal.xray.audit.support=9.9.9 (default value). |
Xray 3.42.3
| Description | Fix Version | Additional Information |
|---|---|---|
| In Xray HA, under certain situations, block download might not work as expected | 3.43.1 |
Xray 3.41.6, 3.42.3
| Description | Fix Version | Additional Information |
|---|---|---|
After upgrading from 3.26.2 to 3.41.7, Xray goes down periodically. | Workaround: The issue appears to be caused by a cleanup job. Disabling the cleanup job should stop this issue. |
Xray 3.41.0
| Description | Fix Version | Additional Information |
|---|---|---|
| The JCLI indexing is failing for GO binaries. | 3.41.3 |
Xray 3.38.5, 3.40.2
| Description | Fix Version | Additional Information |
|---|---|---|
| An internal AQL from Xray to Artifactory can cause significant load on the Artifactory database. The AQL is triggered when Xray scans a build. | 3.41.1, 3.38.6, 3.40.4 |
Xray 3.34.0
| Description | Fix Version | Additional Information |
|---|---|---|
| JIRA integration - oauth1 integration does not working if there is not forward slash at the end of the jira server url | ||
| in the integration page the name field gets cleared if we change the auth type | ||
| JIRA integration - editing a profile sometimes crashes the xray | 3.35.0 |
Xray 3.33.1
| Description | Fix Version | Additional Information |
|---|---|---|
| Updating a profile gives the wrong status code. | 3.33.3 | |
JIRA integration - for the basic auth integration, when mandatory keys are missing in the payload, the response should mention which exact keys are missing. | 3.33.3 | |
JIRA integration - for the oauth1 auth integration, when mandatory keys are missing in the payload, the response should mention which exact keys are missing. | 3.33.3 | |
JIRA integration - for the oauth2 auth integration, when mandatory keys are missing in the payload, the response should mention which exact keys are missing. | 3.33.3 | |
| Some oauth2 fields are missing when clicking edit for the first time after creation. | ||
| JIRA integration - the API allows the creation of an integration with empty values. | 3.33.3 | |
JIRA integration - the validation of the auth type during creation and update is missing, which means that the user can create an integration with any authType. | 3.33.3 | |
JIRA integration - the status code when trying to delete a non-existent integration is shown as 200 instead of 404. | 3.33.3 | |
| JIRA integration - the status code when using an invalid integration name is 200 instead of 404. | 3.33.3 | |
JIRA integration - the status code when trying to get the issue types with an invalid integration name and ticketing project is 500 instead of 404 (when specifying which parameter is wrong). | 3.33.3 | |
JIRA integration - the status code when trying to get all Jira projects with an invalid integration name is 500 instead of 404. | 3.33.3 | |
| JIRA integration - the status code when trying to get all labels with an invalid integration name is 500 instead of 404. | ||
| While generating a public key, clicking the eye icon and then clicking copy creates different spacing in the public key compared to the key spacing without clicking the icon. |
Xray 3.27.0
| Description | Fix Version | Additional Information |
|---|---|---|
| The scan build times out when the build name contains '/'. | 3.30.2 |
Distribution Known Issues
Detected Version
To check whether a released version has a known issue detected in it, look for the version number.
Distribution 2.12.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Unable to create a release bundle from artifacts in a Project-assigned repository. Related to Artifactory 7.35.1 | 7.37.12 |
Distribution 2.11.0
| Description | Fix Version | Additional Information |
|---|---|---|
| A critical issue causes a distribution process to fail when using older Artifactory versions. | 2.11.1 |
Distribution 2.10.3
| Description | Fix Version | Additional Information |
|---|---|---|
| Unable to perform authentication to SaaS instance using user/password method |
Distribution 2.9.3 (Upgrade from 2.7.2 and 2.9.2)
| Description | Fix Version | Additional Information |
|---|---|---|
Unable to display distribution targets on UI - missing Mission Control backwards compatibility. Related to Artifactory 7.25.6 & Mission Control 4.7.3 | Workaround: You will need to upgrade Mission Control, preferably to 4.7.16, since 4.7.3 does not return the base URL, so that Distribution sets a null in place of it. | |
| Distribution removes the properties that were set on the edge node repository. This means that there is a possibility that all the properties set by customer will be overridden. | 7.31.x | Fixed in Artifactory to resolve known issue. |
Distribution 2.9.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-26363 | The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time. Related to Artifactory 7.25.6 & Mission Control 4.7.11 | Possible workaround: Increase the Incomplete Release Bundles Cleanup Period | |
| Edge nodes are not visible if a user has multiple permission targets associated with them. | For the non-admin users that have references in multiple permission targets, make sure to have only one permission target where the user is referred. |
Distribution 2.9.0
| Description | Fix Version | Additional Information |
|---|---|---|
| Conflicting target path for the Docker layers | 2.9.1 |
Mission Control Known Issues
Detected Version
To check whether a released version has a known issue detected in it, look for the version number.
Mission Control 4.7.11
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| RTFACT-26363 | The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time. Related to Artifactory 7.25.6 & Distribution 2.9.2 | Possible workaround: Increase the Incomplete Release Bundles Cleanup Period |
Mission Control 4.7.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
Unable to display distribution targets on UI - missing MC backwards compatibility. Related to Artifactory 7.25.6 & Distribution 2.9.3 (upgrade from 2.7.2 and 2.9.2) | You will need to upgrade Mission Control, preferably to 4.7.16, since 4.7.3 does not return the base URL, so that Distribution sets a null in place of it. |
Mission Control 4.0.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
When using the Mission Control API GET /mc/api/v1/federation/{JPD ID}, the API overwrites manual configuration of Access Federation in access config files. |
Pipelines Known Issues
Detected Version
To check whether a released version has a known issue detected in it, look for the version number.
Pipelines 1.20.6
| Description | Fix Version | Additional Information |
|---|---|---|
| An issue was found in default W19 images whereby GCP integrations were not working. | 1.20.7 |
Pipelines 1.18.0
| Description | Fix Version | Additional Information |
|---|---|---|
| The runtrigger crashes, which causes the pipeline to get triggered multiple times. | 1.18.1 | |
| The "Uploading step information' was looped 270 times for a single step that errored out. | 1.18.1 | |
| The Jenkins Native steps get stuck. | ||
| The "uploading step information" was looped 270 times for a single step that errored out. | 1.18.1 |
Existing Known Issues
| Issue ID | JFrog Product | Description | Fix Version | Additional Information |
|---|---|---|---|---|
A thread leak in the access-go-client causes an error. From Artifactory 7.38.7 also affects Xray. | 3.50.0 | Fixed in Xray version. | ||
Many grpc calls are being blocked because of a platform performance issue: in these cases there are many threads waiting for a cache to be initialized in permissions. | Possible Workaround: If you are not using Projects, you can change the parameter | |||
RTFACT-25553 | Artifactory / Distribution | Edge Webhook - Artifactory Release Bundle Domain should be Release Bundle. The Artifactory Release Bundle domain has been renamed Destination to consolidate all under same Release Bundle domain. | Artifactory 7.18.0 Distribution 2.10.5 | |
| Distribution | Slowness issue in the release bundles list page. | Distribution 2.10.3 | ||
| Distribution | In cases where the Mission Control token had an extended expiration, the connection of the Distribution instance to the remote Mission Control using a circle of trust for token validation fails. | Distribution 2.9.3 | ||
| Xray | Artifacts are not indexed and the persist queue continues to grow when the number of persisted workers is increased without properly updating the max-connections configuration. | The issue has not been resolved but a watchdog was introduced to enable faster detection of the misconfiguration. When the problem occurs, the following warning willl appear in the log file: "All db connections are in use (30/30) for 3m. service might not be functioning. Consider increasing the persist.database.maxOpenConnections configuration parameter". |
Database Schema Known Issues
The JFrog Platform requires a common database upgrade infrastructure for all products. Currently, each product has a different implementation, so the following database schema-related issues are also addressed in this Known Issues document.
| Issue ID | Description | Affected From Version | Fix Version | Additional Information |
|---|---|---|---|---|
| Problems when upgrading from 6.16.2 to 7.7.8 | 7.7.8 | |||
| Artifactory does not cleanly remove deleted configuration import files | 7.12.6 | 7.23.3 | ||
| The security.<timetstamp>.xml file is being synced between nodes after upgrade upon Artifactory start process | 7.5.7 | 7.23.3 | ||
Artifactory failure on redeployment with MySQL Art database for customers who do not have Mission Control Pro or Enterprise subscriptions. | 4.11.0 | 4.14.0, 4.13.2 |
