Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >



This page describes the general and JFrog product-specific changes applied in the JFrog Platform for Cloud (SaaS) users. 

For a comprehensive list, see: Artifactory Release Notes | Xray Release Notes | Distribution Release Notes | Pipelines Release Notes | Mission Control Release Notes.

Unless otherwise stated, the updates below apply to all JFrog Cloud subscriptions.

30 June, 2021

Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser allows browsing the contents of a repository in a plain HTML structured tree, so that authenticated users will not need to re-authenticate to access the native browser. The browser is available via the artifact URL or via the artifacts Actions menu.

A New Outbound Repository Request Log

A new Outbound Remote Repository Request log that allows you to track every request initiated by a remote repository including requests related to replication. 

Dynamic Release Bundle

Introducing the capability to create, sign, and distribute an ad-hoc.

Multiple GPG keys for Signing Release Bundles

Distribution now supports signing Release Bundles using Multiple GPG signing keys and not one key pair for all Release Bundles. This enables you to use different keys according to your organizational requirements.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+  
The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI. 

Managing Multiple Signing Keys

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+  

The JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API

Generating an Identity Token through the Profile UI

The user profile now enables users to generate scoped identity tokens. Any user can create a user identity token for themselves via the UI or via REST API. 

Docker Enhancements

As part of our ongoing effort to provide the best Docker-related experience, we have introduced enhancements related to the Docker remote repository flow, added Docker Buildx support, and added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

Improved Metadata Request Performance for Remote Repositories 

Customers can now configure the Metadata Retrieval Cache Timeout (Sec) parameter in the Remote Repository Cache Settings to control the Metadata timeout performance. 

Security Manager Role in Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

The new Security Manager role can perform security-related project actions such as Manage Xray Data, Manage Reports, Manage Watches and Policies, and Ignore Global Violations.

Generate Xray Reports on a Project Scope

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +
You can now generate Global Xray Reports for selected Projects for all report types in Xray.

Apply Global Watches on Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +
You can now apply Global Watches on specific Projects enabling you to set rules and policies in the selected Projects. 

Garbage Collector

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +
Xray's Garbage Collector (GC) feature enables you to avoid race conditions between delete/create events sent by Artifactory mainly when moving Artifacts and promoting images. 

Signed Pipelines

JFrog Subscriptions: ENTERPRISE +
A new verification system that determines which pipelines/steps generated a specific artifact. The signing process creates trust and provides a way to validate the immutability of the artifacts.

31 May, 2021

JFrog Platform Integration with HashiCorp Vault

The JFrog Platform integration with HashiCorp Vault now enables you to configure an external vault connection to use as a centralized secret management tool not only through the APIs but also using the JFrog Platform UI.

JFrog Platform SCIM Integration 

JFrog Platform now enables you to generate a dedicated admin access token for SCIM in the JFrog Platform, which can then be used in the identity service setup. 

Signing Keys Management

The JFrog Platform now features a centralized dashboard for creating and managing all signing keys. This feature enables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location

Extended Flagging Safe Repositories Support

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories has been extended to support Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages.

Support for Controlling Signed URL Download Methods

You now have the option to set your signed URL redirects using one of these methods: S3, CloudFront, or using a direct download without a signed URL redirect. 

Distroless Scanning

Xray now can scan Google Distroless Images that only contain your application and its runtime dependencies.

Red Hat Vulnerability Scanner Certification

JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification. The certification recognizes Xray as a trusted Red Hat security partner.

30 April, 2021

Federated Repositories


 The JFrog Platform enables you to create Federated repositories, which support mirroring repositories and artifacts with JFrog Platform users located on remote JFrog Deployments (JPDs) in a multisite environment.

SCIM ID Management Support 

JFrog supports managing both users and groups, and the association between them using the SCIM protocol 2.0. 

Rest API Related Performance Improvement

Improved the performance when running the Scan Build API.

Distroless Scanning

Xray now can scan Google Distroless Images that only contain your application and its runtime dependencies.

Red Hat Vulnerability Scanner Certification

JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification.

Red Hat Packages Enhancements

Improved Red Hat packages scanning to support CPE matching to enhance Red Hat vulnerabilities detection. Xray also supports Red Hat Modules for better scanning of Red Hat OS packages.

Impact Analysis Performance Improvements

Improved the Impact Analysis performance significantly reducing the database server CPU and I/O levels.

Limit Storage Space Used by Indexer

You can now limit the storage space used by the Indexer microservice during concurrent downloads and extraction of artifacts ensuring used storage does not exceed the default usage. 

31 March, 2021

Projects in the JFrog Platform


JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. 

SCIM ID Management Support 


Using the SCIM protocol 2.0, JFrog enables customers to create, remove, and disable user accounts from their choice of user management tool and automatically update the platform with these changes. 

HashiCorp Vault Integration with the JFrog Platform


The JFrog Platform integration with Vault enables you to configure an external vault connection to use as a centralized secret management tool.

AQL Search for Remote Repository 

Using AQL, you can now Working with Remote Repositories.

Artifact Browser with More Filters and Advanced SetMeUp

Introducing new filters and improved SetMeUp capabilities in the Artifact Browser available to all new users and those upgrading from previous Artifactory versions. This new view and capabilities are now the default Artifact Browser view in the JFrog Platform.

Xray in Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Use Xray capabilities in the scope of JFrog Projects. Offload and delegate Xray tasks to the different personas in your organization, such as assigning Xray security management capabilities to Project Admins on the scope of their specific projects.

Pipelines in Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Use Pipelines capabilities in the scope of JFrog Projects. Offload and delegate Pipelines tasks, such as adding integrations, pipeline sources, and node pools, to Project Admins on the scope of their specific projects.

PrivateLink for AWS Cloud

The MyJFrog Cloud Portal enables customers to establish a secure network connection from their cloud account into their JFrog Cloud instance, without going through a public Internet, by Setting up AWS PrivateLinks

Cargo Packages Support 

Artifactory natively supports Cargo Registry for the Rust language giving you full control of your deployment and resolve process of Cargo packages. Cargo downloads your Rust package's dependencies, compiles your packages, makes distributable packages, and uploads them to, the Rust community’s package registry. You can contribute to this book on GitHub.

Expanded Supported for Priority Resolution for Nuget Packages 

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local  and Remote repositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories (currently supported for Docker, PyPI, RubyGems, NPM and Nuget packages).

Xray CVSS v3 Scoring Support

Xray now supports CVSS v3 scoring in addition to the CVSS v2 scoring. This will ensure that Xray's scoring of vulnerabilities is up-to-date and provide the latest universally standard severity ratings of vulnerabilities.

Xray Conan and C/C++ Support

Xray can now scan Conan Packages deployed to Artifactory. Xray can also scan C/C++ dependencies as part of a build.

Enhancements to HelmDeploy Native Step

HelmDeploy native step has been enhanced to support the input resources filespec and buildinfo.

Onboarding Wizard for Pipelines

The Pipelines UI now includes an onboarding wizard to help new users get started with adding an integration, a pipeline source, and a node pool.

Environment Variables Configuration Improvements

It is now possible to add a description and configure the possible list of values for environment variables when creating a custom run configuration. 

Search/Filter Capability

Pipeline and run views now include search and filter capabilities, which enable you to quickly search pipelines by name and filter them by status. 

Support for Extensions in Windows Node

Pipelines nodes now support Windows operating system. Windows can be set as a platform while adding Extension resources and steps

Pipelines in Projects

Pipelines capabilities are now supported in the scope of JFrog Projects.

28 February, 2021 

Enhanced Folder Download Functionality 

The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders. 

Additional Webhooks for Distribution

Added new events for Artifactory Release Bundles, which enables you to trigger events when a Release Bundle was received on an Edge node, and when a Release Bundle deletion process has started, completed successfully, or failed.

Quick Repository Setup

Admins can now use the Quick Setup to create repositories for selected package types in one go. With a couple of simple steps, admins can create local, remote, and virtual repositories for single or multiple package types.

Impact Path Data in Reports

You can now view the Impact Path data in the Due Diligence Licenses Report in the Get Due Diligence Report Content REST API and JSON and CSV outputs.

31 January, 2021

New REST API to Restore Ignored Violations 

Introduced a new Restore Ignored Violations REST API, which allows you to restore violations that were ignored due to defined Ignore Rules.

Impact Path Data in Reports

You can now view the Impact Path data for Vulnerabilities  and Violations reports in JSON and CSV outputs.

Time-based Ignore Rule Filter for REST API

Filter and sort the Ignore Rules by expiration date using the Get Ignore Rules, such as time-based rules that will expire before or after a specific date. You can also sort Ignore Rules by expiration date.

View Ignored Violations in the Violations Report

You can view ignored violations data in the Violations Report including the Ignore Rule ID that can be used in REST APIs.

Reports Enhancements

Xray Violations and Vulnerabilities reports now include additional information regarding the severity received from the Red Hat OS advisory board. This information will be included in the CSV and JSON export formats of the reports.

31  December, 2020 

Central P2P Peer Management in the JFrog Platform

JFrog Subscriptions: ENTERPRISE +

You can now modify and manage all the Peer-to-Peer(P2P) Downloads Central Peer Deployment and Management centrally by storing the configurations in the JFrog Platform. 

Advanced patterns supported for Docker Virtual Repositories

Extended Ignore/include patterns for Docker Virtual Repositories.

Sizing Improvement   

Improved the performance of the Xray Data tab in the UI.

Time-based Ignore Rule Enhancement

Time-based Ignore Rules enables you to set an expiration date for an Ignore Rule in which the violation will be ignored until the Ignore Rule expires.

Ignored Violations Stored in the DB

All ignored violations are now stored in the DB which enables you to view all ignored violations on the artifact, build, and Release Bundle level.

UI Enhancements

The UI now provides more information about an ignored violation in the different screens, including in the violations list for an artifact, build, and Release Bundle.

Export Components Details API Enhancement  

Added the include_ignored_violations parameter to Export Component Details. This will return the ignore rule ID per matched policy.


30 November, 2020

Hardened the User Login Messages 

User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts. 

Helm V3 Support

Artifactory now supports Helm 3 clients, enabling you to deploy and resolve Helm Charts using Helm V2 and V3 clients.

OCI Support

Artifactory is now OCI compliant and supports OCI clients, providing you with the ability to deploy and resolve OCI images in Docker Registries. 

Improvements to RubyGems Indexing for Local Repositories 

Added Bundler Compact index support for Local repositories for RubyGems providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in the file, set the artifactory.gems.compact.index.enabled=true value.

Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits.    

Docker Registry functionality is now optimized in JFrog Artifactory to accommodate the latest Rate Limit changes announced by Docker. 

Improved Indexer Functionality 

Enhanced the indexer functionality with improved classification of artifacts and identification of complex cases, such as identifying inner components within other components.

Build Scanning Improvement

Improved the build scanning process by having Xray only download artifacts from Artifactory that are part of the build in which Xray can scan them to save resources and time.

Violations Report

Introduced the new Violations report, which provides you with information on security and license violations for each component in the selected scope.

Ignore Rules 

Enhanced the Ignore Rules feature functionalities, including the ability to set granularity on a defined Ignore Rule. All of the Ignore Rule functionalities are supported via the REST API


31 October , 2020 

New JFrog Platform Onboarding Experience

We have introduced a new Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform.

Verify Audience Restriction Applied for SAML SSO  

The verifyAudienceRestriction attribute for SAML SSO  has been set up by default to validate SAML SSO authentication requests.

Improved Maven Plugin Metadata Calculation

Maven plugin metadata is now calculated for every deploy or delete actions.

Alpine Package Support in Xray

Xray now scans and indexes your Alpine Repositories and Alpine Packages, including recursive analysis, component graph integration, and providing detailed metadata information. 

Python Package File Format Support

Xray now supports the indexing of Python files (PyPI) inside .tar, .gz, .tgz, .whl, and .egg file formats.

Support PHP files in *.tar Archives

Xray now supports PHP files inside *.tar archives.

New Metadata REST API

Added a new Resend Artifacts Metadata REST API that enables administrators to resend artifact metadata to the Metadata Server.

Due Diligence Licenses Report

Introduced the new Due Diligence Licenses Report, which provides you with a list of components and artifacts and their relevant licenses enabling you to review and verify that the components and artifacts comply with the license requirements. 

30 September, 2020

Peer-to-Peer (P2P) Download 

JFrog Subscriptions ENTERPRISE +

The new Peer-To-Peer Downloads feature allows hosts to download artifacts from local, remote, and virtual repositories through a local network of peers in addition to downloading artifacts from JFrog Artifactory. 

GraphQL API for the JFrog Platform Metadata

JFrog's Metadata Service public APIs are now enabled allowing you to query the entities from the metadata server with GraphQL

Viewing and Tracking Non-Revocable Access Tokens   

You can view and track non-revocable Access Token in the UI, and filter by its revocability as well as its expiry.

Changes in Artifactory to Facilitate the New Docker Rate Limit

Artifactory has made improvements to support the usage of Remote Docker Repositories opposite Docker Hub, while taking into account the new Docker rate limits.     

Docker Remote Repository Improvements 

Docker Schema 2 is now fetched from the remote registry if no header was sent. This improves the Docker experience when the metadata expires.

Docker Pull Performance Improvements

Improved the performance of Docker pull requests by digest and tag by using more efficient queries and better utilizing the internal caching when serving Docker pull requests.

License Detection Improvements

Improved license detection performance and success rate to reduce CPU utilization.

31 August, 2020

Vulnerabilities Report

You can now create and generate a Vulnerabilities report  that gives you a visual representation of vulnerabilities found in your artifacts, builds, and release bundles. 

Manage Reports User Role

A new role was added to the users' permissions allowing users to create, generate, and manage the new Reports feature in Users and Groups. This role is also required by some APIs such as Get Component List Per Watch and Find Component by CVE.

Multiple License Permissive Approach

The new Multiple License Permissive Approach enables you to have more flexibility in the policy level by configuring a more permissive approach that allows components that have at least one of the licenses as permitted to go through without triggering a violation even if some licenses are not allowed. 

31 July, 2020


Users can be Assigned the Manage Resources Role  

Admins can assign users with the Manage Resources role to manage resources including create, edit, and delete permissions on any resource type including Pipeline resources (Integration, Source, and Node Pools).

GraphQL version Released in the JFrog Platform  

JFrog's Metadata Service has now enabled the integration of the metadata server with a version of GraphQL public API.  

Improved LDAP Pagination Support Usage 

Added the Used Page Results parameter in the LDAP page to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. 

Persistent Expiry Threshold Token

Added the new persistent-expiry-threshold parameter allowing you to set the minimum value of expiry of a token in order for the token to be saved in the DB to the Access YAML Configuration file.

Improved Permissions Cache Invalidation

 Minimized the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.


Indexing Improvements for Npm Packages  

Implemented incremental indexing as part of the existing npm indexing mechanism resulting in reduced time to build the package index.

30 June, 2020

Multi-factor Authentication

JFrog Subscriptions ENTERPRISE +

Administrators can enable Multi-factor Authentication for all users, which will require users to provide a verification code from a third-party authentication application every time users log in. 

Event-driven Webhooks  

The Webhooks feature enables you to send important events in Artifactory, (such as Artifact Deployment or Build Deployment)  to applications that are configured by setting a URL.

Alpine Linux Repository Support

Artifactory now natively supports Alpine Linux repositories, giving you full control of your deployment and resolution process of Alpine Linux (*.apk) packages.

Enhancements for Webhooks Events

Introduced a few fixes to Webhooks events, such as adding a build_started field to the Build events, additional fixes to Docker events, and improved payload data.

Artifactory Connection Management

Improved the process of Xray's active connections to Artifactory, by limiting the number of concurrent HTTP client connections.

Repository Scan Improvement  

Indexing requests of Artifacts that were initiated from an index repository request are no longer persisted in the Artifactory database, thus reducing the network and database load.  


31 May, 2020

Artifactory Cloud with CDN Distribution  

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Artifactory supports a fully integrated advanced CDN Distribution removing the need to deal with the complexity of setting up a separate external CDN Caching system allowing you to manage, control, and distribute high volumes of software distribution across multiple locations.

Support for Signed URLs

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Users with administrator or manage permission can now generate a signed URL that provides temporary shared access to a specific artifact, using the Create Signed URL REST API, or replace the key for signing and validating by using the Replace Signed URL Key REST API.

Support for RHEL 8 AppStream  

Enhanced Deploying RPM Modules by supporting Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. 

Generate Maven POM File REST API

You can now Generate Maven POM File using the Artifactory REST API. 

Xray Block Unscanned Artifacts Timeout Policy   

You can now define a timeout policy for unscanned artifact download requests. 

30 April, 2020

Create Admin Access Tokens from within the UI

Administrators can now Generating Admin Tokens, for any of the services in the JFrog Platform directly from the UI.

Go Private GitHub Repositories Support 

You can now create a remote Go repository and proxy Go modules and configure Artifactory and Go client to work with GitHub private repositories.  

Conda v2 Format  

Artifactory now supports the Conda v2 metadata format. You can now use Conda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).

Debian InRelease

Added support for Debian InRelease metadata files. Artifactory will now produce an InRelease metadata file in the repository when working with GPG signing. 

Force Full Reindex of Existing Components Rest API

The new Force Reindex Rest API command allows you to easily reindex artifacts that were indexed in the past. 

Added Dedicated Policy REST API V.2 Commands

Xray now supports Policy commands REST API V.1 and V.2. The V.2 commands support blocking Release Bundles and allows you now to notify Watch recipients and File deployers.

31 March, 2020

PAT (Personal Access Token) Support for Remote Repository Authentication  

Artifactory now supports remote repository authentication using Personal Access Tokens (PAT), in addition to basic authentication, enabling you to strengthen your Artifactory security practices.

LDAP Improvements

Artifactory now supports a new type of Active Directory Nested Groups search which enables performance improvements when working with LDAP. 

Restricting System and Repository Imports.  

Artifactory allows admin users to import and export data at both the system level and the repository level. 

Support for Matrix-params with Conan Repositories

Artifactory now supports matrix parameters for Conan repositories. As a result, the Build Info for Conan packages uploaded to Artifactory SaaS is now available.

28 February, 2020

JFrog Container Registry 7.0  

JFrog Container Registry 7.0 has been released. The JFrog Container Registry provides a set of features that have been customized to serve the primary purpose of running Docker and Helm packages in a Container Registry.


12 January, 2020 - Initial JFrog Platform GA

This section describes the general availability release for the initial JFrog Platform, including the general and JFrog product-specific changes applied in the JFrog Platform for Cloud (SaaS) users.

  • JFrog Artifactory 7.0

  • JFrog Xray 3.0

  • JFrog Mission Control 4.0

  • JFrog Distribution 2.0

  • JFrog Pipelines 1.0

JFrog on-prem customer?

If you are an on-prem user, check out what's new on-prem.

Advanced Cloud Environment Settings

Dedicated Cloud NAT IPs Used in the JFrog Platform 

Cloud customers that have previously set up whitelisting on their external services (such as LDAP and SAML) to support communication between their external services and JFrog Cloud, need to update their Allow list according to this updated JFrog's Cloud NAT IP list.

Features and Functionality

Unified Experience

The user interface provides a consistent experience across all JFrog products. It is designed to support the most commonly used workflows, including improved package management, security and compliance, and package distribution, continuing to provide you with full flexibility. To support this experience the internal architecture (defined as a JPD) is designed to provide JFrog users with the same user experience across the JFrog products that have been installed.

To support the different user workflows, the UI is divided into two main modules:

  • Application Module providing an easy to use interface for viewing your packages, builds and artifacts in Artifactory. Including Xray security vulnerabilities and violations, Dashboard topology and trends, Distribution release bundles and Pipelines DevOps automation.

  • Administration Module providing a consolidated place for configurations of all JFrog products (common and product specific). Including centralized settings, such as monitoring (storage, replication, service status), security and compliance, proxies, license and user management. As well as, property sets, backups, indexed resources, database sync and webhooks.

Both modules include an advanced search mechanism.

Flexible Permissions Model

Administrators get fine-grained permissions control over how users and groups access the different resources (repositories, builds, Release Bundles, destinations).

Security and Compliance Across your DevOps Pipeline

Fully integrated into the JFrog Platform, JFrog Xray protects your artifacts, repositories, builds and release bundles across the entire CI/CD pipeline.

  • Get JFrog's vulnerability database that is continuously updated with new component vulnerability data. Including VulnDB, the industry's most comprehensive security vulnerability database.

  • Identify security vulnerabilities and license violations according to your organization's needs. A dedicated Security and Compliance section in the UI allows you to set policies and watches on all your JFrog resources.

  • Configure watches and policies with the option to block artifact download, Release Bundle distribution to Edge nodes, and even break Builds.

  • Use advanced filtering that allows you to configure include /exclude patterns when setting indexed resources or when setting a Watch on the resources.

Secure Distribution Process

Manage the creation and distribution of Release Bundles to your Artifactory Edge Nodes. Gain better visibility and traceability into your distribution process with a complete view of all contents and package references of your Release Bundles.

User Interface

The following table is a quick reference to common functionalities in the JFrog Platform, including their new locations and any functional changes.

JFrog Product


Location in the New UI



Custom Base URL

Date Format

Look and Feel Settings

Custom Message

Administration module | General | Settings

Dedicated Artifactory Settings

Administration module | Artifactory

General: Settings, Property Sets
Services: Maven Indexer
Security: Anonymous access, Revoke API Keys, Signing Keys, Trusted Keys, Certificates


Xray Permissions

Administration module | Identity and Access | Permissions

As part of the JFrog Platform permissions unification, permission targets that were previously separated per product are now represented as one permission target with multiple permission options for the different JFrog products. Changes include:

  • Manage Components is now  Manage Xray Metadata

  • View Components is now included in the Read permission

As part of the permission migration process:

  • Users/Groups with Xray Admin and Artifactory Admin permissions will be converted to Administrators in the JFrog Platform. 

  • Users/Groups with only Xray Admin permissions will be converted to have Read, Manage, Manage Policies and Manage Watch permissions on all the resources.

Administration module | Identity and Access | Users

Administration module | Identity and Access | Groups

  • Manage Policies and Manage Watches are now a global permissions that are enabled on the user or group level. Previously this was a permission option in the permission target.

  • View Watches is now integrated with the Manage Watches global permission. It is not available as a separate permission.

Policies and Watches

Application module  | Security & Compliance 

  • Manually invoking a re-scan of a watch will apply on all resources defined in the watch. Previously you could set the re-scan on part of the resources.

Dedicated Xray Settings

Administration module | Xray

General: Indexed Resources, Webhooks, Integrations

Deprecated Features

JFrog Product



  • License Control is deprecated. Its functionality is included in the Xray integration and provides richer information and support for additional package types.

  • Stash Search Results: allowing you to save your search results and go back to them later, has been removed.

  • HTTP Requests Are No Longer Supported: as part of hardening our cloud security policy in the JFrog Platform, we no longer support non-secure HTTP traffic requests and have enabled HSTS strict headers which will cause all HTTP requests (including browsers) to be automatically redirected to HTTPS.

    It is recommended to use all HTTPS for all your requests.
    Please note that you will receive a 308 response code if you still decide to use HTTP. 

    Also, we deprecated the Legacy TLS 1.0 and 1.1 versions and it effectively enforces the cipher suite floor as well.


  • Out of the box integrations: with Aqua, WhiteSource and Black Duck, are deprecated. Custom integration are still available, supporting integrating to any external source of your choice. The VulnDB integration, now transparently integrated into Xray, provides the industry's most comprehensive security vulnerability database. This eliminates the need for these out of the box 3rd party integrations.

  • Xray Homepage: as part of the JFrog Platform UI unification, this page has been removed.


Internet Explorer

The Internet Explorer browser is not supported in the JFrog Platform. For a list of supported browsers, see Browsers.

Breaking Changes



JFrog Artifactory

  • Viewing Packages/Builds/Release Bundles: The UI will only load only up to 100 results and up to 100 versions per package/builds/Release Bundle. 

  • Removal of support for non-SNI clients
    For improved network security, support for non-SNI (Server Name Indication) clients is removed. If you are using HTTP clients that do not support SNI, your requests for download/upload will fail. To avoid failures, make sure to upgrade your clients to an officially supported version. 

  • Required support for 302 HTTP Redirects
    Download requests using clients that do not support 302 redirects will fail in most cases for the following list of package types. To avoid failures, make sure to upgrade your clients to a version that supports 302 redirects.
    Docker, Debian, Npm, RPM, Generic, Bower, Composer, Conan, Cran, Git LFS, Gradle, Helm, Maven, Pypi and Vagrant.

    See example use case hereSee list of approved client versions here.

  • Deprecated domain
    Following previous notifications regarding the deprecation of the domain, backward compatibility for the deprecated domain will no longer be maintained. If you are still using to access your cloud services, please make sure to use instead.

  • Egress Traffic Whitelisting
    If you are limiting egress traffic from your network to JFrog Cloud services on AWS, or you have applied such a setting on any of your nodes that are accessing JFrog Cloud services, make sure to extend the list of whitelisted IPs to include the AWS S3 IP ranges.
    Continue to get updated with the latest AWS IP address range changes.

JFrog Xray

  • Component Search: searching for components that are not artifacts in your Artifactory instance, but are known to Xray as a result of its recursive scan capability. This functionality will be available in later JFrog Platform releases.

  • Xray Permissions

    • The Manage Watch permission is now available as a global permission on the user/group level. Previously manage watches was an option per permission target that was defined with a scope of resources. Now, users/groups with the Manage Watch permission will enable permissions for all resources. When upgrading to the JFrog Platform, the permission conversion will remove the Manage Watch permission for all users and groups. After upgrading, this permission will need to be reconfigured for all required users and groups. Defining a scope will be available in later JFrog Platform releases, as part of the Projects functionality.

    • The View Watches permission is deprecated. To view watches, enable the Manage Watches permission option for users/groups.

REST API Changes

New shared base url for all JFrog services

The JFrog Platform release introduces a new unified way to access all JFrog services using a single url, using the following format:

https://<Server Name><Service Context>/

For example:

For backward compatibility, JFrog Artifactory and Xray will continue to work as before:

https://<Server Name><Server Name> https://<Server Name>

The following table summarizes the list of changes from previous JFrog products versions to the JFrog Platform.

JFrog Product







Copyright © 2021 JFrog Ltd.