Released: February 23, 2020
- Fixed an issue whereby Xray analysis failed due to an out of memory issue caused by duplications of user-component licences.
Released: March 30, 2020
- Fixed an issue whereby Xray failed to connect to Artifactory when trying to assign an Xray trial license.
Released: January 12, 2020
Xray 3.0 introduces several deprecated features. Learn More >
Also read about the features that are currently out of scope and will be available soon, in forthcoming release. Read More >
For a list of breaking changes in Xray. Learn More >
REST API Changes
For a list of REST API changes in Xray, click here >
Important: The JFrog Platform web UI is now accessed through port 8082 (For example,
http://SERVER_HOSTNAME:8082/ui/). Accessing Xray directly for REST API and downloads is still possible through port 8081. Learn More >
Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:
- Universal package management with all major packaging formats, build tools, and CI servers.
- Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
- Radically simplified administration with all configurations in one place.
- Complete trust in your pipeline all the way from code to production.
- Seamless DevOps experience from on-prem, cloud, hybrid or multi-cloud of your choice.
JFrog Platform New Functionalities
Xray 3.0 is now part of the JFrog Platform Deployment (JPD) which defines a single logical unit shared by all JFrog products. Xray pairing process to JPD was simplified and now requires only URL and shared secret (Join key). Learn More >
Xray system.yamlThis release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. Learn More >
Installation and Upgrade
Xray 3.0 comes with a new installer, which affects the installation and upgrade procedures. As part of the new installers, the file structure was changed and is now aligned with the other JFrog products. When upgrading to the JFrog Platform, Xray must be connected only to a single Artifactory instance. If you have a single Xray instance connected to multiple Artifactory instances, before upgrading Artifactory and Xray, you will need to split your Xray instance to multiple instances to support this requirement. See details here.
- The new Docker installer has been improved and now supports setting the uid/gid of the Xray container and image.
- The new system architecture includes a new system.yaml configuration which provides the option of silent installation.
Unified Permission Model
This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >
Unified User Interface
This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Xray data is located within each of your resource pages allowing you to quickly review the status of for your scanned resources - Packages, Builds, Artifacts or Release Bundles. To find the changes in Artifactory UI. Learn More >
All JFrog products now follow a standardized logging format and naming convention. Learn More >
Removed the MongoDB Database
The MongoDB database used by Xray prior to the Unified Platform, is no longer required (except during the data migration process). If you are upgrading to the new JFrog Platform, your data will automatically be migrated to PostgreSQL as part of the upgrade process.
Release Bundles Scan
In addition to scanning repositories and builds, the Unified Platform now allows Xray 3.0 to scan Release Bundles for vulnerability and license compliance. You can now protect your releases by defining policies and watches on your Release Bundles. Policy violations can block the distribution of a Release Bundle.
Configure Indexed Resources Using Patterns
You now have more flexibility when configuring Xray indexed resources by using Exclude or Include Patterns for Builds and Release Bundles.
Configure Watch Scope Using Patterns
You now have more flexibility when configuring the Watch resources scope of repositories, builds and Release Bundles by name or using Exclude/Include patterns.
Dedicated Security and Compliance Search Experience
Xray 3.0 introduces a new Security and Compliance Search, part of the new Global Search Experience in the JFrog Platform. You can now search for specific vulnerability and license compliance information by resource name, CVE number, license, severity level and scan date range. Learn More >
- Xray now collects "branch" information for Alpine components and vulnerabilities.
- Xray now displays the ignored violation upon creation.
- Security improvements to Xray-related Docker base images.
- Fixed an issue whereby under certain circumstances, an exported Xray data file in a component could not be unzipped.
Released: February 17, 2020
- Fixed an issue whereby loading and displaying vulnerability and violation data prolonged.
- Fixed an issue whereby assigning custom issue to descendent components failed.
- Fixed an issue whereby Go packages were indexed incorrectly.
- Fixed an issue whereby aborting the DB sync did not remove old zip packages.
- Fixed an issue whereby under certain circumstances violations were not triggered when a package with vulnerabilities was detected.
- Fixed an issue whereby Xray incorrectly detected Debian package names.