Search


Cloud customer?
Upgrade in MyJFrog >


Working with an older version?

JFrog Artifactory 6.x
JFrog Xray 2.x
JFrog Mission Control 3.x
JFrog Distribution 1.x
JFrog Enterprise+ (Pre-Platform Release)




Overview

This page presents release notes for JFrog Xray describing the main fixes and enhancements made to each version as it is released. 

If you need release notes for earlier versions of Xray, please refer to the Release Notes in the Xray 2.x User Guide.

Before You Get Started!

Be sure to read the Xray 3.0 Release Notes carefully before installing or upgrading any version of Xray 3.X version to learn about the new features and functionality Introduced in the JFrog Platform.

Download 

Click to download the latest Xray version.

Installer Name Change!

From Xray 3.0, the installer naming convention has been changed to include the installer type.
The following table lists the official installer names.

Installer TypeInstaller Syntax
Linux archivejfrog-xray-<version>-linux.tar.gz
Composejfrog-xray-<version>-compose.tar.gz
RPM/Debianjfrog-xray-<version>.<rpm|deb>

Installation and Upgrade

For installation instructions please refer to Installing Xray.

To upgrade to this release from your current installation please refer to Upgrading Xray.


Xray 3.2

Released: February 23, 2020

Resolved Issue

  1. Fixed an issue whereby Xray analysis failed due to an out of memory issue caused by duplications of user-component licences.

Xray 3.2.3

Released: March 30, 2020

Resolved Issue

  1. Fixed an issue whereby Xray failed to connect to Artifactory when trying to assign an Xray trial license.

Xray 3.0

Released: January 12, 2020

Deprecated Features
Xray 3.0 introduces several deprecated features. Learn More > 
Also read about the features that are currently out of scope and will be available soon, in forthcoming release. Read More >

Breaking Changes
For a list of breaking changes in XrayLearn More >

REST API Changes
For a list of REST API changes in Xray, click here >

Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/). Accessing Xray directly for REST API and downloads is still possible through port 8081. Learn More >

Highlights

JFrog Platform

Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:

  • Universal package management with all major packaging formats, build tools, and CI servers.
  • Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
  • Radically simplified administration with all configurations in one place.
  • Complete trust in your pipeline all the way from code to production.
  • Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.

JFrog Platform New Functionalities

System Architecture

Xray 3.0 is now part of the JFrog Platform Deployment (JPD) which defines a single logical unit shared by all JFrog products. Xray pairing process to JPD was simplified and now requires only URL and shared secret (Join key). Learn More >

Xray system.yaml
This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process.  Learn More >
Installation and Upgrade

Xray 3.0 comes with a new installer, which affects the installation and upgrade procedures. As part of the new installers, the file structure was changed and is now aligned with the other JFrog products. When upgrading to the JFrog Platform, Xray must be connected only to a single Artifactory instance. If you have a single Xray instance connected to multiple Artifactory instances, before upgrading Artifactory and Xray, you will need to split your Xray instance to multiple instances to support this requirement. See details here

Additional enhancements:

  • The new Docker installer has been improved and now supports setting the uid/gid of the Xray container and image.
  • The new system architecture includes a new system.yaml configuration which provides the option of silent installation.
Unified Permission Model

This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >

Unified User Interface

This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Xray data is located within each of your resource pages allowing you to quickly review the status of for your scanned resources - Packages, Builds, Artifacts or Release Bundles. To find the changes in Artifactory UI. Learn More >

Logging

All JFrog products now follow a standardized logging format and naming convention. Learn More >

Feature Enhancements

Removed the MongoDB Database

The MongoDB database used by Xray prior to the Unified Platform, is no longer required (except during the data migration process). If you are upgrading to the new JFrog Platform, your data will automatically be migrated to PostgreSQL as part of the upgrade process.

Release Bundles Scan

In addition to scanning repositories and builds, the Unified Platform now allows Xray 3.0 to scan Release Bundles for vulnerability and license compliance.  You can now protect your releases by defining policies and watches on your Release Bundles. Policy violations can block the distribution of a Release Bundle

Configure Indexed Resources Using Patterns

You now have more flexibility when configuring Xray indexed resources by using Exclude or Include Patterns for Builds and Release Bundles.

Configure Watch Scope Using Patterns

You now have more flexibility when configuring the Watch resources scope of repositories, builds and Release Bundles by name or using Exclude/Include patterns.

Dedicated Security and Compliance Search Experience

Xray 3.0 introduces a new Security and Compliance Search, part of the new Global Search Experience in the JFrog Platform. You can now search for specific vulnerability and license compliance information by resource name, CVE number, license, severity level and scan date range.  Learn More >

Issues Resolved

  1. Xray now collects "branch" information for Alpine components and vulnerabilities. 
  2. Xray now displays the ignored violation upon creation.
  3. Security improvements to Xray-related Docker base images.  
  4. Fixed an issue whereby under certain circumstances, an exported Xray data file in a component could not be unzipped. 

Xray 3.0.13

Released: February 17, 2020

Resolved Issues

  1.  Fixed an issue whereby loading and displaying vulnerability and violation data prolonged.
  2.  Fixed an issue whereby assigning custom issue to descendent components failed.
  3.  Fixed an issue whereby Go packages were indexed incorrectly.
  4.  Fixed an issue whereby aborting the DB sync did not remove old zip packages. 
  5.  Fixed an issue whereby under certain circumstances violations were not triggered when a package with vulnerabilities was detected. 
  6.  Fixed an issue whereby Xray incorrectly detected Debian package names.
  • No labels
Copyright © 2020 JFrog Ltd.