Skip to end of metadata
Go to start of metadata

Overview

This page presents release notes for JFrog Artifactory describing the main fixes and enhancements made to each version as it is released. For a complete list of changes in each version, please refer to the JIRA Release Notes linked at the end of the details for each release.

If you need release notes for earlier versions of Artifactory, please refer to the  Release Notes in the Artifactory 3.x User Guide.

Download 

For an Artifactory Pro or Artifactory Enterprise installation, click to download the latest version of JFrog Artifactory Pro.

For an Artifactory OSS installation, click to download the latest version of JFrog Artifactory OSS.

Previous Versions

Previous versions of JFrog Artifactory Pro and JFrog Artifactory OSS are available for download on JFrog Bintray.

Click to download previous versions of JFrog Artifactory Pro.

Click to download previous versions of JFrog Artifactory OSS as a ZIP or RPM.

Upgrade Notice

Artifactory 5.5 implements a database schema change to natively support SHA-256 checksums. This change affects the upgrade procedure for an Enterprise Artifactory HA cluster (upgrading an Artifactory Pro or OSS installation is not affected).

For an Artifactory Enterprise HA cluster, if your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

If your current version is below 5.4.6, there are two options to upgrade to the latest version (5.5 and above): a two-phase option with zero downtime or a single phase option that incurs downtime.

For details, please refer to the Upgrade Notice under the release notes for Artifactory 5.5.1.  

Longer upgrade time

Due to the changes implemented in version 5.5, upgrading to this version or above from version 5.4.6 or below may take longer than usual and depends on the database you are using.

For an Artifactory Pro installation and for the Primary node of an Artifactory HA cluster, if you use MySQL database, the upgrade may take up to 5 minutes for each 1 million artifacts in your repositories for a typical setup. If you are using one of the other supported databases, the extra upgrade time will be less noticeable and should only take several seconds longer than usual.

Installation and Upgrade

For installation instructions please refer to Installing Artifactory.

To upgrade to this release from your current installation please refer to Upgrading Artifactory.

(lightbulb) To receive automatic notifications whenever there is a new release of Artifactory, please watch us on Bintray.

Known Issues

For a list of known issues in the different versions of Artifactory, please refer to Known Issues.

Page Contents


Artifactory 6.12

Released: August 18, 2019

Highlights

Support for Smart Remote Repositories on Edge Nodes

From version 6.12, Artifactory Edge supports pulling artifacts using Smart Remote Repositories. Previously distributing artifacts to an Edge Node could only be done using Release Bundles. This enhancement allows pulling artifacts from other Artifactory instances (ones with Enterprise+ or Edge licenses), just like any remote repository.

Support for remote repositories (that are not Smart Remote) is not available. For example, creating a remote repository pointing to Docker hub is not supported.

This feature is available as a JFrog Artifactory On-Premise installation and requires a JFrog Enterprise+ or JFrog Artifactory Edge license.

Pull replication is not available. 

S3 Cloud Storage Provider Using the Official AWS SDK

Artifactory now supports using S3 cloud storage provider using the official AWS SDK. S3 using JetS3t library is still supported, upon upgrade you are not required to make any changes. 

To opt-in and use the new S3 template, see here.

Pull Latest Docker Image from Virtual Repository

You can now set your Virtual Docker repositories to pull Docker images according to their modification time in scenarios where two or more aggregated repositories contain the same tag name. For example, busybox:1.1.
Instead of fetching the image that is positioned higher in the resolution order in the virtual repository, Artifactory will return the Docker image last deployed to one of the aggregated repositories in the Virtual repository. Artifactory will first try to fetch the tag from the Local repositories according to the modification time, if not found, it will continue to try to fetch the image from the Remote repositories according to the resolution order.

This functionality is useful for multi-site environments where you create the same image on two different instances.

To configure this, set the resolveDockerTagsByTimestamp parameter to true (false by default) when creating a new repository.

Tomcat Version Upgrade

The Tomcat bundled with Artifactory has been upgraded to version 8.5.41.

Feature Enhancements

Concurrent File Download Performance Improvement

Multiple concurrent downloads of the same file will now only be downloaded once from a remote binary provider (for example, S3), improving system performance and decreasing network load.

Checksum validation for files downloaded from cloud storage

Artifactory will now complete an additional checksum validation when downloading an artifact from cloud storage, such as S3. This is to prevent any potential corruptions or incomplete streams, for example where the checksum value of the file does not match the checksum name of the file.

Garbage collection performance improvement

Improved garbage collection for large scale systems.

Artifactory SAML integration for EncryptedAssertion Support

Artifactory SSO SAML integration now supports Encrypted Assertion, using an X509 public key certificate generated by Artifactory. This enables users encrypt their payloads that includes user data such as name and email, providing an added security layer. 

Anonymous access disabled by default

For new installations, anonymous access will now be disabled by default for hardening security. It can be enabled at any time.

Issues Resolved

JIRA IssueDescription
RTFACT-16744

The db.properties password will not be re-encrypted on every Artifactory restart.

RTFACT-18325

Trying to login to Artifactory through the SAML portal while already logged in is now possible.

RTFACT-16693

Deploying artifacts with properties is now validated the same way as in the UI.

The Set Item Properties REST API uses the following rules:
Name must start with a letter and cannot contain spaces or special characters

RTFACT-17532

The Retrieve Latest Artifact REST API returns the latest version (for Maven or non-Maven) from among the aggregated repositories held within a virtual repository.

RTFACT-17515

The Retrieve Latest Artifact REST API for local repositories (including Maven and non-Maven) returns the correct artifact (based on version).

RTFACT-18234

Artifactory user plugins will now capture headers from the remote resource and pass it back to the user.

RTFACT-19168

When starting Artifactory as a service with pssh or ssh, the connection will now properly terminate, leaving Artifactory and Replicator running.

RTFACT-17710Artifactory can now use a context URL path when working with Xray. http://host:port/*contextPath*. For example, jfrog.io/xray, where xray is the context path.
RTFACT-19820Deleting Release Bundles with a large number of files is now possible.
RTFACT-15471Unauthorized users attempting to pull a Docker image from a Docker repository will now receive a 403 status code, instead of a 404 error code. 
RTFACT-19292

npm repository tags are copied over to the target repository during replication. From version 6.12, Artifactory will save npm tags by adding an npm.disttag property on the replicated file. The npm tags will automatically be replicated to the target instance. During the metadata calculation process on the target instance, Artifactory will use the replicated property to add the npm tags to the metadata file.

The following system properties have been removed as part of this fix: artifactory.npm.index.quietPeriodSecs and artifactory.npm.index.cycleSecs.

To apply the fix to previously uploaded npm packages, recalculate the metadata for all relevant local npm repositories. Use the REST API, or right-click on the repository from the Artifactory UI and select 'Recalculate Index'. 

RTFACT-19759

When deleting or uploading an npm package, Artifactory will recalculate the metadata only for the actual package instead of the entire repository.

RTFACT-19678

Artifactory now calculates the digest for the existing Helm charts after running repository reindex.

RTFACT-16454

When running yum list on a virtual repository, Artifactory will now return all of the artifacts under all the aggregated local, remote (and smart remote) and virtual repositories under the targeted virtual repository.

RTFACT-15405

Requests for artifacts from a NuGet remote repository that is considered offline will now be retrieved from the remote cache repository. 

RTFACT-17325

Artifactory successfully now finds NuGet packages that are not stored under the root path in remote repositories.

RTFACT-17889

Artifactory will now return the correct latest version from a virtual NuGet repository that contains a remote repository pointing to chocolatey.org

RTFACT-17787

Users can now deploy to a virtual Ruby Gems repository if they have a Deploy permission to the Default Deployment Repository, and not necessarily to all of the other aggregated repositories. 

RTFACT-19510

PyPI Wheel packages that have more than one name: and version: values in their metadata file will now be indexed successfully. Previously packages with multiple names failed to index.

RTFACT-18411Artifactory now returns the correct artifact when requesting an artifact that is available in multiple Conda repositories aggregated under a virtual Conda repository.
RTFACT-18497

Artifactory now returns a 404 error code, instead of a 200 status code, when trying to retrieve a package that does not exist from a remote or virtual Chef repository.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.11

Released: 25 June 2019

Highlights

Direct Cloud Storage Download

Get optimized cloud storage when storing your binaries on AWS S3 by downloading your binaries directly from the cloud storage without having to route through Artifactory on the way. Artifactory can now redirect requests from clients (supporting HTTP 302 responses), directly to the cloud storage. As a result, the load on the Artifactory local storage cache is reduced as the large artifacts will be downloaded directly from the cloud. This feature is available as a JFrog Artifactory On-Premise installation and requires a JFrog Enterprise+ or JFrog Artifactory Edge license.

Direct Cloud Storage Download is available for Docker, Helm, Maven, Npm, Debian (supported from Client version 9), PyPI, Bower, CRAN, Composer, and RubyGems. Support on Google Cloud Storage (GCP) will be added in the forthcoming releases. For more information, see Direct Cloud Storage Download.

Optimized Repository Replication with Checksum-Based Storage

Artifactory alongside storage solutions offers an additional alternative for binary replication. You can now enable Artifactory to perform replication of the actual binaries directly through the storage layer without routing the data through Aritfactory and from there to the storage. This is recommended if you are already replicating your Artifactory data to another Artifactory cluster using a solution provided by the storage provider. As part of this new capability, Artifactory will continue to replicate the artifacts' metadata and ensure the consistency of the data. In parallel, Artifactory will offload the heavy lifting part of the replication to the storage device, allowing you to only replicate the metadata and make sure the file is available on the target instance. Checksum-Based storage is enabled by adding a feature flag to the Push/Pull Rest API commands and will be available in the UI shortly. Requires an Enterprise+ license. For more information, see Optimizing Repository Replication with Checksum-Based Storage.

Issues Resolved

  1. Fixed an issue whereby, in some cases, Artifactory would not validate the API key authentication for an LDAP user opposite the LDAP server as part of the authentication process opposit Artifactory.
  2. Fixed an issue in an HA environment where in some cases, after deleting a group, the group members in the cluster can still perform actions based on the group rights for some time. 
  3. Fixed an issue with Ruby Gems repositories whereby accessing the /versions API endpoint (e.g. `/api/gems/gems-local/versions`) would fail with the following error: `getWriter() has already been called for this response'.
  4. Fixed an issue whereby when running event-based replication, in some cases, the properties were not replicated to the destination instance only once the CRON replication was initiated. 
  5. Fixed an issue regarding Conda virtual repository performance, whereby Artifactory calculated metadata for every client request. 
  6. Fixed an issue whereby a remote repository did not display artifacts if the artifact name included special characters and the item was not yet cached.  
  7. Fixed an issue whereby users could not perform delete operations when the permission targets only included builds with no repositories.  
  8. Fixed an issue whereby if one of the email addresses of one of the admin users would not be a valid address, email notifications would be sent only to some of the admin users and not all of them.  
  9. Fixed an issue whereby an exception was thrown when triggering pull replication if the request body was left empty.
  10. Fixed an issue whereby an outdated Crowd REST client version in Artifactory caused delayed logins when using an HTTPS-based Crowd server.
  11. Fixed an issue whereby Artifactory will attempt to convert NPM packages with non-semver versions to semver instead of automatically rejecting suspected packages. 
  12. Fixed an issue whereby users were missing the delete permissions for the Promote build plugin endpoint. 
  13. Fixed an issue whereby only a user with read-only permissions could run the npm dist-tag to update the metadata.  

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.11.1

Released: June 30, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
  2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.
  3. Fixed an issue when the ‘password max age’ in the configuration was enabled and set, Artifactory failed to load with a configuration error after restart.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.11.3

Released: July 22, 2019

Mail server with TLS 1.2 connections Support

Artifactory now supports email messages with TLS 1.2.

Fixed Issues

  1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only for an Admin user.
  2. Fixed an issue where in some circumstances Gem artifacts failed to resolve from a virtual repository.

Artifactory 6.11.6

Released: August 13, 2019

Fixed Issues

  1. Fixed an issue, whereby under certain circumstances, users experienced performance degradation when searching in the Artifactory UI.

Artifactory 6.10

Released: May 6, 2019

Artifactory Installation contains files for future Metadata Service Feature

Please notice that the Artifactory 6.10 Installer includes new files in $ART_HOME/bin/metadata, for a soon to be released Metadata Service feature.

Setting up Apache HTTP server using AJP Protocol

New Artifactory installations will not include the AJP connector in Artifactory’s Tomcat server.xml file (i.e. under $ARTIFACTORY_HOME/tomcat/conf/server.xml).
To use AJP connector, the <Connector port="8019" protocol="AJP/1.3" sendReasonPhrase="true"/> should be added manually to the server.xml file under <Service name="Catalina">.

Upgraded Artifactory environments will be unchanged provided the server.xml file is copied over.

NoticeAJP connector support will be removed in Artifactory's next major version (7.0).

Highlights

Support for Conan Remote and Virtual repositories

In addition to local repositories, Artifactory now supports Conan remote and virtual repositories. Remote Conan repositories proxy remote Conan resources and cache downloaded Conan packages to keep you independent of the network and the remote resource. Virtual repositories allow you to aggregate multiple local, remote and virtual Conan repositories under a single endpoint and easily manage the resolution and deployment of all your Conan packages.

Support for npm audit

Artifactory now supports npm audit, allowing you to get vulnerabilities on your npm projects’ dependencies tree.

Audit reports contain information about security vulnerabilities of dependencies and can help fix a vulnerability by providing npm commands and recommendations for further troubleshooting.

This functionality will be enabled by default on npm virtual repositories that aggregate at least one remote repository that supports npm audit. For example, a remote repository that points to https://registry.npmjs.org or Artifactory Smart Remote repository.

JFrog Xray users with Artifactory Pro X / Enterprise / Enterprise+ license, will get an enhanced audit report that includes security vulnerabilities from Xray's database. When Xray is configured to work with Artifactory, an audit report can be generated from scratch even without connecting to any remote repository.

Java 11 Compatibility

From this version, Artifactory officially supports running with JDK 11 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 11.

Java 8 support end of life is coming up, and Artifactory contains components that require Java to run properly and include Java runtime as part of Artifactory.

Feature Enhancements

New Artifactory User Plugins hooks

The Artifactory User Plugins now include two new hooks:

  • Upload.beforeUploadRequestuseful for overriding the actual repository path during the Artifactory upload process. 
  • Download.altAllResponses, used to provide an alternative response during the Artifactory download process, by setting response headers, status code, error message or inputStream and size context variables.

Issues Resolved

  1. Fixed an issue where downloading a Docker image from remote repositories did not cache layers that existed on the local drive of the user trying to download the image, resulting in missing layers in the remote cache repository. Artifactory will now search for any missing layers in all repositories the user has permissions for and copy them to the remote cache repository for full image coverage that contains all layers. 

  2. GoLang repository fixes and enhancements:

    1. Go .mod and .info files can now be viewed from within the Artifactory UI.

    2. Added both golang.org and k8s.io to the default whitelisted Go virtual repositories external dependencies.

    3. Fixed an issue where a 404 response instead of a 400 response was returned when trying to resolve directly from a remote Go repository REST resource.
    4. Fixed an issue where a NullPointerException was printed to Artifactory logs, when setting up a remote repository with Artifactory as the module provider and the url as github.com, and requesting a mod file.
    5. Fixed an issue when resolving artifacts from a remote Go repository, the go-get.html file was stored instead of the info module. Unused go-get.html files will now be removed.
    6. Fixed an issue where downloading a Go module with a version that contains upper case characters would fail

  3. Fixed an issue where virtual Docker repositories composed of aggregated local/remote repositories that had one repository configured with exclude patterns, would return 404 when trying to resolve Docker images. Artifactory will now search for the Docker image in all of the aggregated repositories of the virtual repository.

  4. Fixed an issue where using the Gems client to search for packages in a virtual repository did not return any results. 

  5. Fixed an issue where communication between Artifactory instances in an HA configuration did not work in some cases where the service ID was changed.

  6. Fixed an issue in the UI where in Admin > Users > [specific user] > User Permissions table, the same permission target would be listed more than once, based on the number of groups the specific user would be associated with.

  7. Fixed an issue in which trying to get the IP address of a user in User Plugins requests would sometimes return null.

  8. Fixed an issue in which deploying packages that contain the plus sign character (+) when deploying multiple files would convert the plus sign to spaces.

  9. Fixed an issue in the UI > Permissions page when using Internet Explorer, where creating a new permission the scroll bar would not work in the Available/Included Repositories/Builds drag and drop components. 

  10. Fixed an issue in which if the proxy settings being used for the Sumo Logic integration settings in the Log Analytics page are incorrect, Artifactory would try to reach Sumo Logic directly without going through a proxy, causing potential timeouts.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.10.1

Released: May 20, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.
  2. Fixed an issue introduced in Artifactory version 6.10, whereby users trying to download an artifact that did not exist from an Artifactory, configured with Azure as the binary provider in Artifactory, would receive a 200 HTTP error code with an empty stream instead of receiving a 404 error.
  3. Fixed an issue related to the new Conan API v2 introduced in Artifactory 6.9, whereby push replication for Conan local repositories was stopped when running replication from Artifactory 6.9 and above, to a target Artifactory running 6.8 or below. 
    Please note that this was intentionally designed to prevent Conan repositories in the target Artifactory from being overwritten if you have not yet upgraded the target to 6.9 or above. After you upgrade the target Artifactory 6.9 or above, the replication process will resume.
  4. Fixed an issue whereby promoting a build using the Build Promotion REST API will now only require granting the Deploy permission instead of the Delete+Deploy permission that was the requirement in Artifactory 6.6 to 6.10.0.
    Note that when promoting a build, you will see an entry in the access.log indicating that the build was deleted by a user named _system_.
  5. Fixed an issue whereby changing or adding repositories could take up to a few minutes in some scenarios within certain environments in which Artifactory was set behind a proxy.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.10.2

Released: June 3, 2019

Issues Resolved

  1. Fixed an issue in which installing Artifactory as a service on Windows while running with Java 11 would fail upon startup.
  2. Fixed an issue in which under specific circumstances, Access Federation would fail to replicate security entities and will not recover automatically.
  3. Fixed an issue, where in certain scenarios, creating a remote Maven repository from within the UI created a default value for the Max Unique Snapshots field with the username (e.g. admin). This caused an error when saved.
  4. Fixed an issue when working with Azure as the Artifactory binary provider, in some cases would result in timeout errors in the logs.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.10.3

Released: June 11, 2019

Feature Enhancement

Proxying Remote PyPI Repositories Using a Custom Registry Suffix

Artifactory now supports proxying remote PyPI repositories whereby the repository content (i.e. the packages) can reside under different paths in addition to /simple (for example, DevPi repositories).

Issues Resolved

  1. Fixed an issue where under certain scenarios, downloading a Debian package from a virtual Debian repository could take a long time, as opposed to downloading the same package from a remote Debian repository that would be served faster. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.10.4

Released: June 19, 2019

Issues Resolved

  1. Fixed an issue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators. 
  2. Updated Artifactory Docker base image to fix the following issue.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.10.6

Released: July 1, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
  2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

Artifactory 6.10.7

Released: July 22, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.9

Released: 25 March 2019

Highlights

Conan v2 Supports Conan Package Revisions 

From Artifactory 6.9.0, Conan API v2 is supported and introduces an extension of the binary layout to support Conan Package Revisions. Revisions allow you to change your artifacts while keeping the same Conan reference, allowing immutable binary artifacts whether it be because of changes to the recipe, or minor code changes between revisions (similar to snapshot builds in other languages).

After the upgrade to Artifactory 6.9.0 is complete, your Conan packages will automatically be migrated to the Conan API v2 structure in Artifactory.

Conan Repositories not Accessibile During Migration

The Conan package migration process from Conan v1 to v2 may take some time causing your Conan repositories to be inaccessible until the process is complete. For more information on the migration process, see the Conan Package V1 Backward Compatibility section.

Conan API v2 support is backward compatible allowing you to continue using your current Conan client version to work with your Conan repositories from Artifactory 6.9 and above.

For the Conan client to work with the revisions feature, download the Conan client 1.13 with Revisions enabled.

Support for Docker Manifest v2, Schema 1

Added support for Docker Manifest v2, Schema 1. Pulling Docker images from local/remote/virtual repositories that are set with Manifest v2 Schema 1 is now supported. For example: kibana:v4.6.1

Added Two New Target Endpoint Rest API Commands

Added two new REST APIs to retrieve the permission targets associated with a specific user or group:

Issues Resolved

  1. Fixed an issue whereby modifying a permission target containing an Admin user failed, and displayed the following error: ‘Permission target contains a reference to a non-existing user <username>’. 
  2. Fixed an issue whereby multiple entries with the following error: 'Couldn't find user named "xray" in ldap' were added to the Artifactory log when JFrog Xray was enabled with LDAP/ Crowd.
  3. Fixed an issue, from Artifactory 6.8.0, whereby the Nginx image in the Artifactory Docker image did not contain the cURL utility.
  4. Fixed an issue, from Artifactory 6.5.1, whereby using the RedHat CDK to pull Docker images with a manifest list (i.e. fat manifest) from https://registry.access.redhat.com would fail. 
  5. Fixed an issue in PyPI repositories whereby packages containing “>” or “<” characters in the “data-requires-python” section of the package metadata file could not be downloaded.
  6. Fixed an issue whereby Artifactory did not find metadata files (PKG-INFO/METADATA)in the root of the archive.
  7. Fixed an issue whereby npm packages with Emoji characters in the package’s description field could not be downloaded when MySQL is set as the database.
  8. Fixed an issue whereby the Test Connection button in the Remote repositories wizard in the UI would return a 405 error if the remote repository URL was an Artifactory URL (i.e. Smart Remote Repository). 

For a complete list of changes, please refer to our JIRA Release Notes.



Artifactory 6.9.1

Released: April 8, 2019

Feature Enhancements

npm virtual repository performance improvements

Performance improvements when installing an npm package from npm virtual repositories + reducing memory consumption. 

Access and Request log improvements 

The request.log and access.log files now include the source user ID and the IP address. This applies to users accessing Artifactory via UI, REST API, ‘docker login’ command regardless of whether the authentication was successful (i.e. good credentials) or not (i.e. bad credentials).

Artifactory Docker installation using the Distroless base Docker image

To provide a smaller, and more secure Docker image of our Artifactory Docker distributions (oss, cpp-ce and pro), we have changed the base image used in our Docker files to the JFrog Distroless Docker image that includes only required packages. This reduces the image sizes by more than 30%.

  1. Starting from Artifactory version 6.9.1, the Artifactory Docker image is shipped with JDK 11.
    Make sure your database JDBC driver is Java 11 compatible.
  2. If you get your JDBC driver using curl, you should now update your command to use wget.
    Example for mysql driver:

    Old command
    `curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar`

    Notice the capital ‘O’ with the wget command

    New command
    `wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar`

Issues Resolved

  1. Fixed an issue in Ruby Gems repositories where in some cases, cached dependency requests from a remote repository would not return the latest version.

  2. Fixed an issue in Docker repositories where pulling a Docker image from a remote repository pointing to Microsoft/Azure container registry (e.g. mcr.microsoft.com) would fail with “error pulling image configuration: unknown blob”.

  3. Fixed an issue in Docker repositories where pushing a Docker image with properties on the layers to one repository and then pushing another image with some shared layers to another repository, the layers in the second new repository would be cloned from the existing layers along with all properties. Only the "sha256" property will be cloned, the other properties will not be cloned.

  4. Fixed an issue, relevant to version 6.4.0 and above, in which replicating Maven artifacts from a generic repository to another generic repository would not replicate the metadata, resulting in missing metadata on the target. 

  5. Fixed an issue in Maven repositories in which, when a client would ask for a snapshot and the snapshot version behaviour was ‘unique’, Artifactory would keep searching for the artifact in all the remote repositories even after the artifact was found.

  6. Fixed an issue in which the Debian indexer would try to get artifact properties even in case non-Debian packages would be uploaded, deleted or moved from Artifactory.

  7. Fixed an issue in RPM repositories where in some cases Artifactory would fail to parse XML metadata files on certain remote RPM repositories. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.9.2

Released: May 20, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.

Artifactory 6.9.3

Released: June 19, 2019

Issues Resolved

  1. Fixed an issue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.

Artifactory 6.9.4

Released: July 1, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
  2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

Artifactory 6.9.5

Released: July 22, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.8

Released: February 14, 2019

Highlights

Support Bundle Repository

The Support Zone has been enhanced with a simplified UI flow, which includes the ability to create a support bundle that contains the relevant data (such as system and log files) for a single Artifactory instance or multiple nodes in an HA cluster. Once a support bundle is created, it will be saved to the new default jfrog-support-bundle system repository for any future reference. 

Feature Enhancements

Artifactory Pro Nginx Docker Image Upgrade with TLS v1.3 Support

As part of the Artifactory Pro Docker distribution, the Nginx Docker Image (docker.bintray.io/jfrog/nginx-artifactory-pro) is now upgraded to Nginx version 1.15.5, running on top of Ubuntu 18.10 and provides full support for TLS v1.3.

Tomcat Extra Connectors for Artifactory Docker Images Support

You can now add extra Connectors to Artifactory Docker images Tomcat's server.xml, using the SERVER_XML_EXTRA_CONNECTOR environment variable

Improved Performance for Users Managed within a Group

The performance for authentication of users during login that are associated with groups has been enhanced.

Issues Resolved

  1. Fixed an issue where in some scenarios of Artifactory HA scenarios, terminating the deploy of an artifact to a repository before the deploy was completed would result in a "Failed to move file from _pre folder to filestore" error in the log.

  2. Fixed an issue in which Artifactory would allow creating users and groups using the REST API even if the username or group name included illegal characters (/\:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.

  3. Replication fixes:

    1. Fixed an issue where a source Artifactory configured to replicate more than one target would only replicate to one of the targets, after restarting the source Artifactory instance.

    2. Fixed an issue in which pull event replication in a full-mesh topology would fail in some scenarios, after restarting one of the instances in the topology.

    3. Fixed an issue when replicating an artifact that had properties on it while there was an artifact with the same name on the target (but different content), the properties from the source would not be replicated to the target.  

  4. Fixed 2 issue in Property Sets:

    1. In some scenarios adding new properties to a Property Set would not work.

    2. In some scenarios changing the value of single-value property would not work.

  5. Fixed an issue where the Access config yaml was encrypted when using the JFrog Access encrypt API, causing an issue when trying to restart an Artifactory instance after an Access encrypt was completed.

  6. Fixed an issue where using a custom user ID to run Artifactory and Nginx Docker containers custom configurations, caused Nginx to not start and Artifactory to fail setting the custom configurations. 

  7. Fixed an issue in Opkg repositories, where in some cases the repository indexing caused performance issues.

  8. Fixed an issue in which in some scenarios, concurrent requests to a remote Docker repository would hang connections and threads.

  9. Fixed an issue where the ListDockerRepositories rest API would return an empty list and the ListDockerTags rest API would return an error rather than what is stored in cache, while the remote endpoint is unavailable. This fix requires setting the artifactory.docker.catalogs.tags.fallback.fetch.remote.cache system property to true (default false).

  10. Fixed an issue in which when deploying a Gem to a local Ruby Gems package, the ‘Deployed By’ field would show _system_ instead of the actual username who deployed the package.

  11. Fixed an issue in which retrieving the Effective Permissions for a repository or a build would not show the users who have permissions for the resource if the user got the permissions from a Group.

  12. Fixed an issue where remote PHP repositories did not support last modified headers, which caused the client to download the same files remotely and not use the client cache.

  13. Fixed an issue when deleting/deploying files to Helm or Cran remote repositories, a metadata calculation was unnecessarily triggered.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.1

Released: February 17, 2019

Issues Resolved

  1. Fixed an issue where manually starting Artifactory version 6.8 on Windows using the artifactory.bat file or the artifactory.sh on RPM and Debian would fail with an 'Application could not be initialized: Timed out waiting for join.key file to be made available aty' error.
  2. Fixed an issue where setting the loginBlockDelay system property to 0, caused Artifactory to fail to start with the following error: 'Application could not be initialized: / by zero'.
  3. Fixed an issue where access tokens created before Artifactory version 5.4 could not be used for authentication and returned a 401 error.
  4. Significantly reduced the memory footprint of the global permissions cache held by Artifactory at runtime.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.2

Released: February 19, 2019

Issues Resolved

  1. Fixed an issue where creating a new or distributing an existing release bundle would fail, after an upgrade to Artifactory versions 6.8.0 and 6.8.1.

For a complete list of changes, please refer to our JIRA Release Notes.



Artifactory 6.8.3

Released: February 26, 2019

Issues Resolved

  1. Fixed an issue whereby when pulling a Docker image from a Docker repository, Artifactory would try to fetch the manifest list (i.e. fat manifest) file even if the image did not have a manifest list. This prevented users with Read-only permissions from pulling Docker images that did not have a manifest list.
  2. Fixed an issue regarding Mission Control Disaster Recovery, whereby permission targets were not replicated from source to target instances.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.4

Released: March 4, 2019

Issues Resolved

  1. Fixed an issue, applicable to Artifactory versions 6.8.0 to 6.8.3, where a user that is associated with a group that is configured with admin privileges and additional non-admin group(s), did not have admin privileges.

For a complete list of changes, please refer to our JIRA Release Notes.



Artifactory 6.8.6

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.8.7

Released: 14 March, 2019

Issues Resolved

  1. Fixed an issue whereby performance was degraded when processing a massive Access Control List (ACL). 
  2. Fixed an issue that applies from Artifactory 6.6 and above, whereby starting Artifactory takes minutes due to index validation in the Oracle database.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.9

Released: April 22, 2019

Feature Enhancement

User authentication loading improvement

Artifactory can be configured to provide asynchronous loading of user/build permissions enhancing authentication of Artifactory's login performance.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.12

Released: May 20, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that were otherwise exposed only to administrators.

Artifactory 6.8.14

Released: June 19, 2019

Issues Resolved

  1. Fixed an issue where in some circumstances, users could gain access to application data that should otherwise be exposed only to administrators.



Artifactory 6.8.15

Released: July 1, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
  2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

Artifactory 6.8.16

Released: July 22, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.7

Released: January 22, 2019

Issues Resolved

  1. Fixed an issue relevant from Artifactory 6.6.3 / 6.6.5 in which with Artifactory running on a Windows machine, it was not possible to work with RubyGems repositories.

  2. Fixed an issue in which for Artifactory instances that were  upgraded to version 5.5 (in which SHA-256 checksums were introduced) and above, but whose database was not migrated to SHA-256 checksums, reindexing an entire Debian repository could take a long time.
  3. Fixed an issue in which indexing of a Debian virtual repository that aggregates a local Debian repository would fail in one of the following scenarios:
    • a user triggers indexing of the local Debian repository using the REST API
    • a user with limited permissions deploys a Debian package into the local Debian repository
  4. Fixed an issue in which Artifactory would not clean up temporary metadata files that were created during the Debian metadata calculation.
  5. Fixed an issue in which under certain circumstances, an Artifactory remote Go repository would cache a goget.html file instead of the corresponding Go module.
  6. Fixed an issue whereby an Artifactory remote Go repository pointed to an Artifactory as a module provider (smart remote repository) resulting in the following:
    - Failure to fetch the real zip content by returning an empty zip file.
    - Failure to fetch info, MOD or Zip files if the remote URL contained a trailing slash.
  7. Fixed an issue whereby an Artifactory remote Go repository pointed to an Artifactory as the module provider (smart remote repository) resulting in failure to fetch info, mod and zip files if the remote URL had trailing slash.
  8. Fixed an issue in which when proxying GitHub.com in a remote Go repository, Artifactory would not pass credentials to api.github.com
  9. Fixed an issue in which parsing the go-import from the go-get metadata for a Go package would fail if that metadata was spread out over multiple lines.
  10. Fixed an issue in which when importing LDAP groups, Artifactory would not display results if a search for existing LDAP groups yielded more than 1000 results.
  11. Fixed an issue in which after setting a custom SERVER_XML environment variable as part of a Docker execution command, the Docker container would succeed starting up the first time, but fail starting up from then on.
  12. Fixed an issue in which Artifactory would allow creating a repository with a repository key that is longer than 64 characters using the REST API. While creating the repository succeeded, deploying to the repository would fail and the log would display the following error messages:
    • Could not acquire lock within 120 seconds
    • Couldn't acquire lock for: 120000 milliseconds
    When creating a repository using the REST API, Artifactory will now validate that the repository key is no longer than 64 characters (as is enforced when creating a repository through the UI).
  13. Fixed an issue in which when deploying the same artifact under two different paths to a NuGet repository, and then deleting it from the first upload path, the NuGet repository would not get reindexed and the artifact would also not be available from its second upload path.
  14. Fixed an issue in which Artifactory would allow creating a repository through the REST API even if the repository key included illegal characters (/\:|?*"<>). Artifactory now validates that the repository key only includes legal characters as is done when creating a repository through the UI.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.7.1

Released: January 30, 2019

Issues Resolved

  1. Fixed an issue with npm in which proxying https://registry.npm.taobao.org/ with an npm remote repository would fail. 

  2. Fixed an issue in which editing a Permission Target from the Artifactory UI when running on Internet Explorer would result in a blank screen.

  3. Fixed an issue with Go remote repositories in which proxying a Go remote repository in another Artifactory instance and clicking Test Connection in the UI would fail with a 405 error.

  4. Fixed an issue in which upgrading from an Artifactory version 5.6 or below to version 6.6.5 or above when Artifactory had MSSQL configured as its database would fail in certain scenarios.

For a complete list of changes, please refer to our  JIRA Release Notes.


Artifactory 6.7.2

Released: February 3, 2019

Issues Resolved

  1. Fixed an issue in which an Artifactory Smart Remote Go repository (i.e. one that points to another Artifactory repository as its module provider) got a 404 response to get version list requests, instead of the version numbers. 

  2. Fixed an issue which occurred when using the synchronizeLdapGroups user plugin together with PostgreSQL as the Artifactory database. With this combination, certain circumstances would cause multiple concurrent requests to the JFrog Access REST API resulting in a "duplicate index" error.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.7.3

Released: February 6, 2019

Issues Resolved

  1. Fixed an issue in which installing a package from a remote RubyGems repository would fail when using Bundler.

For a complete list of changes, please refer to our JIRA Release Notes.

For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version of JFrog Artifactory Pro.

For Artifactory OSS, click to download this latest version of JFrog Artifactory OSS.

For Artifactory Enterprise+, click to download the latest version of  JFrog Enterprise+.


Artifactory 6.7.5

Released: March 12, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.7.7

Released: July 22, 2019

Issues Resolved

  1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.6

Released: December 18, 2018

Highlights

Build Info Repository and Permissions Management

This version introduces a new local Build Info repository. This default artifactory-build-info repository will store all build info files uploaded to Artifactory by the different CI server plugins, such as the Artifactory Jenkins Plugin, CLI, and directly through the Build Upload REST API or Artifactory UI. 

The same build information will continue to be available through the REST API and the Builds page in the Artifactory UI.

Also, it is now possible to define access to the different build info files with user and group permissions such as read/deploy/delete. This is equivalent to managing permissions on repositories with include/exclude patterns on build info json paths, in the build info repository.

Additional benefits include: 

  • improved accessibility to the build info json files and overall performance of the Builds module
  • build info replication to other instances, since they are stored as artifacts in a repository
    (Available using REST API only. Configuring replication for this repository through the UI will be added in future releases.)

Migrating to the artifactory-build-info Repository

When upgrading to Artifactory 6.6, the artifactory-build-info repository is automatically created and cannot be removed. All existing builds info json files will be migrated from the DB to the repository.

Depending on the number of builds in your system, this process may take some time. To help you monitor the process, progress and status messages will be printed to the artifactory.log file. During the migration, your system will continue to work without being affected.

You can also enhance the migration process and reduce time by adding system property settings.

Build info replication will be available once the migration is complete.

Breaking Changes

From this version, the build info files are stored as artifacts in the Artifactory artifactory-build-info repository. This conceptual change requires the following attention:

Delete Build Permission

The following build related REST APIs will now require Delete permission on the build level after the upgrade to 6.6 and above:

Cleanup Policies

  • If you have existing cleanup policies, defined in Artifactory User Plugins, that delete artifacts from your local repositories according to a policy, they will also affect the artifactory-build-info repository and should be updated accordingly. Exclude this repository from your cleanup policies to ensure that your build info files are not deleted.

DefaultBuildPermission

  • During the upgrade, all existing users/groups will be assigned with an artifactory-system-default-build-permission permission target. This will provide them with the same build access they had before the upgrade (i.e. users who could view build info files or deploy new build info files will still be able to do so). It is highly recommended to remove this default permission target and define new ones for each user/group.
  • New users added to Artifactory will require permission to read/deploy/delete build info artifacts. Notice that these are additional permissions that must be set specifically for the build info repository permissions. These permissions are managed separately
Support for Debian Virtual Repositories

In addition to local and remote repositories, Artifactory now supports Debian virtual repositories. Virtual repositories allow you to aggregate multiple local, remote and virtual Debian repositories under a single endpoint and easily manage your Debian packages.

This provides additional support for managing Artifactory multi-sites

Calculate Debian package coordinates from remote repositories

Artifactory now enables you to extract Debian package metadata (i.e. component, distribution and architecture) from remote Debian repositories and assign them as properties on the cached packages. This can be done using the REST API or from the Artifactory UI.  

This enables searching for cached Debian packages in remote repositories, as well as whitelisting remote-cached Debian packages.

Hardened Security for Secrets

To harden security when providing encrypted data (secrets) such as connection strings to external databases, from this version, when running Artifactory, you can optionally provide secrets in a temporary file. Artifactory will load the parameters specified in a temporary file at startup and then delete the file. Notice that this is an additional recommended functionality that will not change your current behaviour if not used.

Artifactory Edge Uploads Repository

Artifactory Edge nodes now include a default generic repository called artifactory-edge-uploads, to which you can deploy files.
Note: this is the only repository in an Artifactory Edge node that's available for deploying files to.

SHA 256 Migration Task REST API Endpoints

From this version, Migrating to SHA-256 can now also be done using the following two new REST API endpoints. This is in addition to ability to set the SHA-256 migration using the existing system setting configurations in Artifactory's artifactory.system.properties file.

Existing migration process

This note applies If you have a SHA256 migration process currently running before upgrading to Artifactory 6.6.

As part of the upgrade, your existing migration process will stop running. To reinitiate it, you'll need to use the new Start SHA256 Migration Task REST API after the Artifactory 6.6 upgrade is complete.

Feature Enhancements

  1. The permission target page has been updated with a new view for easier navigation.
  2. Artifactory Docker container can be configured to run as any user/group id.
  3. Improved performance on Microsoft SQL when performing Property Search through UI or REST API.
  4. In addition to the REST API, deleting a build directly from the Artifactory UI is now supported.

Issues Resolved

  1. Fixed an issue in npm repositories where uploading npm packages that contained Emoji symbols in the package.json file would fail with an error.
  2. Fixed an issue where Artifactory did not support Go module names that did not have a slash (/) in their names. For example, the go4.org module used by golang.org/x/build.
  3. Fixed an issue where Go Package deployment to Artifactory Go repositories, using JFrog CLI, would fail and return a ‘Header Or Cookie Too Large’ error for packages with large mod files.
    This fix requires Artifactory 6.6 and JFrog CLI 1.23.0.
  4. Fixed an issue where NuGet repository $batch requests resulted in an error.
  5. Fixed an issue in NuGet virtual repositories where if a certain package would exist in more than one of the aggregated repositories, Artifactory would return all of those packages when the NuGet client would ask for the latest version of this package.
  6. Fixed an issue in NuGet repositories where if the same NuGet package would exist in two different paths, when deleting the package from one of the paths, the package would not be returned to the client although it did exist in the other path. The only way to get around this was by manually running the recalculate index.
  7. Fixed an issue where pip requests would ignore “If-None-Match” and If-Modified-Since” headers used with an /artifactory/api/pypi/<repo>/<path> endpoint.

  8. Fixed an issue where in some cases where a user tried to login to Xray with SSO they received the following error message "Request was blocked. Please refer to access.log".

  9. Fixed an issue where in a target HA instance for an event based pull replication, an exception was thrown when trying to propagate replication event between cluster nodes after deploy or delete events.
  10. Fixed an issue where in some scenarios, remote pull replication did not work for Artifactory Cloud instances.
  11. Fixed an issue in HA in which uploading a logo file to Artifactory through one of the nodes would update the logo for this specific node but not for the others node in the cluster.
  12. Fixed an issue where Azure blob storage endpoint configuration was not supported. You can now use the default https://<ACCOUNT_NAME>.blob.core.windows.net/ endpoint or define your own.
  13. Fixed an issue in virtual repositories where in some cases the resolution order was not enforced and packages were not downloaded from the expected repository order list.
  14. Fixed an issue in which executing a repository listing request through REST API with an Access Token would fail with a 403 error.
  15. Fixed an issue where in some scenarios, remote pull replication did not sync the properties from the source Artifactory instance correctly.
  16. Fixed an issue where using a checksum-deploy with push replication between local repositories, did not replicate the following artifact metadata: Last modifiedCreatedCreated By and Modified By.
  17. Fixed an issue where pip did not download from its local cache for some packages when using an Artifactory PyPI repository as its custom package index.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.6.1

Released: December 26, 2018

Issues Resolved

  1. Fixed an issue that occurred only in Artifactory 6.6, in which if more than one Artifactory schema/catalog combination exists on the same database instance, and the user with which Artifactory connects to the database has permissions to see all of them, the Build Info Migration from the database to the artifactory-build-info-repository would sometimes be completed with an error or a log entry indicating that the migration had failed with no specified reason.

  2. Fixed an issue in which when using JFrog CLI to upload a Go module containing upper case characters in the module name, those characters would be converted to lower case characters pre-pended with an exclamation mark.
  3. Fixed an issue with HTTP SSO where users working under a proxy would fail to access the Update Profile page.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.6.3

Released: 31 December 2018

Feature Enhancements

For Artifactory Docker Images: Setting the Database Connection Pool Size is Now Supported                        

For Docker Image Artifactory installations, you can set the pool.max.active and pool.max.idle parameters in the etc/db.properties by setting the following environment variables:

  • DB_POOL_MAX_ACTIVE
  • DB_POOL_MAX_IDLE

In the following example, we set the maximum active database connection pool to 500:

docker run ...... -e DB_POOL_MAX_ACTIVE=500 -e DB_POOL_MAX_IDLE=50 ....... docker.bintray.io/jfrog/artifactory-pro:6.6.3
For Artifactory Docker Images: Added Support for Environment Variables to Customize Tomcat server.xml Values 

Added support for configuring Tomcat server.xml values. Just pass the values as environment variables with your Docker execution command and they will be injected into Tomcat's server.xml. For more information, see Supported Environment Variables.

Issues Resolved

  1. Fixed an issue whereby selecting the 'Remember Me' option to log in to the Artifactory UI did not work as expected. Logging in with 'Remember Me' is now valid for 14 days.
  2. Fixed an issue whereby the NuGet API v3 feed for remote NuGet repositories did not get updated with the latest index.json of a package. This resulted in Artifactory not retrieving the metadata from the NuGet feed.
  3. Fixed an issue whereby Artifactory instances installed on Windows-based systems would fail to proxy NuGet API v3 feeds.
  4. Fixed an issue when searching from a NuGet client (e.g. Visual Studio) for a certain package that had more than 100 versions in a remote NuGet repository, returned only the first 100 versions in the search. 
  5. Fixed an issue whereby memory consumption was high when calculating the index for the Gems virtual repository.
  6. Fixed an issue whereby tagging npm packages did not work properly.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.6.5

Released: January 8, 2019

Issues Resolved

  1. Fixed an issue relevant for version 6.6.0 and above in which in some cases, migration to the artifactory-build-info repository would fail with errors in the log.

Artifactory 6.6.8

Released: March 12, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.6.10

Released: July 22, 2019

Issues Resolved

  1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.5

Released: October 11, 2018

Breaking change

The combination of Artifactory 6.5.0 and with PostgreSQL database enforces property values limit of 2400 characters.

Upgrading to version 6.5.0 without trimming the property values first, may result with old indexes or partial indexes for the ‘node_props’ database table and cause an error.

See fix here: Recovering from Error: An incompatible index has been found for the Artifactory ‘node_props’ database table.

Highlights

Release Bundle Repository

As part of the Distribution flow that was introduced with Enterprise+, Artifactory now supports release bundle repositories. 

The Release bundle repository protects the artifacts created in the Artifactory source instance, by copying them into a separate repository where their contents cannot be edited or removed. 

Whenever a new release bundle is created and signed, it is copied and saved into an immutable release-bundles repository in Artifactory. This ensures consistency in the artifacts being distributed among target instances.

*This feature is available when upgrading to both Artifactory 6.5 and Distribution 1.3

Xray Data in Package Native UI

This version adds data from JFrog Xray to the Package Viewer, enriching the information on major package types in Artifactory. Once a specific package is selected in the package viewer, Artifactory will expose data about license and security violations detected by Xray for all of the versions of the selected package.

This critical information helps users choose the right packages and version they would like to use.

Access Tokens Lifecycle Management

This version adds more capabilities for administrators to exercise greater control over the lifecycle of access tokens:

  • Previously, expirable tokens could not be revoked. This version moderates this feature in that now, all tokens can be revoked, but with the minimum-revocable-expiry flag set in the access.config.yml file, you can specify a minimal period of time during which a token cannot be revoked. 
JFrog Access User Guide

JFrog Access is the service that manages all aspects of authentication and authorization for all JFrog services under the hood. Run as a separate service that is installed under the same Tomcat with Artifactory, it stores all Users, Groups, Permissions and Access Tokens generated by any connected JFrog service. The features and capabilities of JFrog Access were previously concentrated around the Access Tokens and Access Federation pages in the JFrog Artifactory User Guide. As the service’s capabilities were extended, and its scope widened to include all JFrog products, its documentation has been moved to a separate space to provide better visibility for its features and easier access to relevant information which now available in the JFrog Access User Guide, and will continue to be maintained and updated there. 

Feature Enhancements

Changes have been introduced to improve the performance of Artifactory as a Docker registry while using PostgreSQL as the database.

Issues Resolved

  1. Fixed an issue where download requests to a remote RubyGems repository, marked as offline, would respond with a 500 error and the download request would fail.
  2. Fixed an issue where in some cases, list browsing in the UI for artifacts path with very long name (For example: /central/org/springframework/boot/spring-boot-starter-cloud-connectors/1.2.0.RELEASE/) would fail with a 404 error.
  3. Fixed an issue where new users created by REST API, would not automatically get added to default groups marked with ‘Automatically Join New Users to this Group’.
  4. Fixed an issue where downloading an artifact with a name that contains an exclamation mark (i.e. !) would fail. 
    Note: due to this fix, when downloading an artifact from an archive requires the resource path within the archive to start with a ‘/’
    For example: GET http://localhost:8081/artifactory/repo1/folder/a.jar!/META-INF/LICENSE

  5. Fixed an issue where deploying a Go build info to Artifactory, the artifacts’ path would not be displayed in the Builds page in the UI. This would happen only when Artifactory was configured behind NGINX.
    Available with JFrog CLI V1.20.2.
  6. Fixed an issue in which the ‘Last Login’ field would be updated for REST API calls. The field will now only be updated when logging through the UI.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.5.1

Released: October 18, 2018

Feature Enhancements

Support for Docker Manifest List (Fat Manifests)

Artifactory now supports hosting and proxying Docker images with a  Manifest List

Issues Resolved

  1. Fixed a UI issue with Xray data in the Package Viewer in which if the same Docker tag existed in different repositories, the Xray graph would not be displayed.
  2. Fixed an issue in which pulling a Docker image from a remote Docker registry, for which "Block Unscanned Artifacts" was checked in Xray, would generate an "Unknown: Forbidden" error. 

For a complete list of changes, please refer to our  JIRA Release Notes.


Artifactory 6.5.2

Released: October 21, 2018

Issues Resolved

  1. Fixed an issue where Filtered Resources (for example: username and password in settings.xml files a Maven repository) would not be populated when downloading the Filtered Resources file.

For a complete list of changes, please refer to our  JIRA Release Notes.


Artifactory 6.5.3


Released: November 13, 2018

Feature Enhancements

  1. The security entities (users, groups and permissions) migration process from Artifactory to Access has been improved for large scale environments.
  2. Improved performance when syncing security entities (users, groups and permissions and access tokens) in Access Federation.

Issues Resolved
  
  1. Fixed an issue whereby the System Import could fail if import included a large number of users, groups, or permissions.
  2. Fixed an issue whereby if the configured database was PostgreSQL, then during the upgrade to Artifactory 6.5.x, the index for the ‘node_props’ DB table was deleted causing degradation in Artifactory performance.

Artifactory 6.5.6

Released: November 26, 2018

Issues Resolved

  1. Fixed an issue whereby a security vulnerability may have allowed unauthorized users to log in to Artifactory.
    JFrog would like to thank Gilbert Clark of Symantec for reporting this issue and for working with JFrog to help protect our customers.
  2. Fixed an issue starting from Artifactory 6.5.1, whereby is some cases users received the following error stating they did not have permissions to push a Docker image to the repository:
    "Unauthorized: The client does not have permission to push to the repository."

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.5.8

Released: November 26, 2018

Issues Resolved

  1.  Fixed an issue whereby LDAP authentication required sending up to three requests to retrieve all groups. This was resolved by adding a cache for all imported LDAP groups, using default TTL of 1 minute, configurable in artifactory.system.property under artifactory.security.ldap.group.cacheRetentionSecs=60 [secs].
  2. Fixed an issue whereby resolving a Go module failed if the module name did not include a slash

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.5.9

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers. 

Artifactory 6.5.13

Released: December 17, 2018

Issues Resolved

  1. Enhanced the fix for an issue in which under certain circumstances, a security vulnerability may have allowed unauthorized users to log in to Artifactory

    JFrog would like to thank Timo Lindfors  of Nixu Oyj for reporting this issue and for working with JFrog to help protect our customers.


Artifactory 6.5.15

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.5.17

Released: July 1, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, users can take actions that should otherwise be permitted only to administrators.
  2. Fixed an issue where in some circumstances, users could gain access to artifacts data that should otherwise be exposed only to some permission level.

Artifactory 6.5.18

Released: July 22, 2019

Fixed Issues

  1. Fixed an issue where in some circumstances, user can take actions that should otherwise be permitted only for an Admin user.

Artifactory 6.4

Released: September 26, 2018


Highlights

Package Native UI for npm

To complement Artifactory's universal support for all major package types, in this version, Artifactory adds support for npm packages in the Package Viewer. This provides a native experience with the look and feel that is customized for development with npm packages.

Once you select npm as the package type, the Package Viewer will restrict search results for npm packages matching the search term entered, and the details provided in the search results will be specific to npm packages. When selecting a specific search result, you can drill down to view details such as the package's readme file, properties, dependencies, builds that include it and more.

Feature Enhancements

  1. Artifactory can now download Docker foreign layers, from a whitelist defined by an Artifactory administrator, to an Artifactory Docker Remote Repository. This makes them available from Artifactory for future Docker pulls.
    This functionality is disabled by default, and can be enabled from the UI or using REST API.
  2. During replication, metadata files will be calculated by the target instance repository rather than replicated from the source repository, saving time and bandwidth.
  3. Properties being created as a result actions such as replication, restore from trashcan and add, will now trigger the create and delete user plugin execution points that can be used for catching the property event on the target Artifactory instance.
    For example: afterPropertyCreate, beforePropertyCreate, afterPropertyDelete and beforePropertyDelete
  4. Artifactory now supports Conda client versions 4.3.0 and above which requires metadata files in bz2 format. 

Issues Resolved

  1. Fixed an issue where HA system import failed and caused Artifactory to disconnect from Access. HA import will now work properly without requiring a restart to migrate users/groups/permissions and an additional system import to get the full import working.
  2. Fixed an issue where Artifactory became unavailable when running Garbage Collection and the Artifactory Trashcan contained an extreme amount of artifacts.
  3. Fixed an issue where Artifactory was sometimes unable to connect to Xray if the system default proxy was on.
  4. Fixed an issue where REST API requests that resolved Maven jar files, did not contain the Cache-Control header in the response.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.4.1

Released: Oct. 1, 2018

Issues Resolved

  1. Fixed in an issue introduced in Artifactory 6.4 in which when configured with AWS S3 as the binary provider, Artifactory would not start up.

For a complete list of changes please refer to our JIRA Release Notes



Artifactory 6.4.2

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.



Artifactory 6.4.3

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.3

Released: August 22, 2018


Using Artifactory with JFrog Distriibution

JFrog Artifactory 6.3.0 is not backwards compatible with previous versions for the purposes of distributing release bundles. Therefore, when distributing release bundles between Artifactory services with JFrog Distribution, you need to ensure that either both source and target services are version 6.3.0 and above, or they are both below version 6.3.0.

Highlights

Support for Conda Repositories

Artifactory now offers native supports for Conda Repositories, giving you full control over deploying and resolving Conda packages.

You can create secure and private local Conda repositories with fine-grained access control. Remote Conda repositories proxy remote Conda resources and cache downloaded Conda packages to keep you independent of the network and the remote resource, and virtual Conda repositories give you a single URL through which to manage the resolution and deployment of all your Conda packages.

Issues Resolved

  1. Fixed an issue in which encryption or decryption of the db.properties file in one node of an HA cluster would not get propagated to the other nodes.
  2. Fixed an issue in which an npm artifact resolved from a local npm registry would have a different package.json file compared to the one it had in its default public registry at registry.npmjs.org.
  3. Fixed an issue in which if a remote Docker registry was marked by JFrog Xray to block the download of unscanned artifacts, Artifactory would not be able to cache remote Docker images in that repository for scanning.

For a complete list of changes, please refer to our JIRA Release Notes 


Artifactory 6.3.2

Released: August 28, 2018

Issues Resolved

  1. Fixed an issue introduced in Artifactory 6.2 in which due to the upgrade of Tomcat to version 8.5.32 in Artifactory 6.2.0, requests to Artifactory that contained square brackets would fail.

  2. Fixed an issue relevant for Artifactory 6.2 and above running in an HA environment, in which when browsing through artifacts in the UI, transactions would be left open when the http request would complete. This could lead to contention on rows in the database resulting in outstanding database locks and duplicate key violation errors.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.3.3

Released: Sept. 2, 2018

Issues Resolved

  1. Fixed an issue in which unlocking the User Profile page in the UI would fail if the user's password contained any special characters.

  2. Fixed an issue in which when configuring a smart remote repository in the UI and testing the connection, a the login credentials to the remote resource would be deployed in plain text in the smart remote repository cache.

For a complete list of changes please refer to our JIRA Release Notes



Artifactory 6.3.4

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.



Artifactory 6.3.6

Released: March 12, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.3.7

Released: April 17, 2019

Issues Resolved

  1. Fixed an issue in which under certain circumstances, push replication to a target repository would fail due to timeout errors.

Artifactory 6.3.8

Released: May 2, 2019

Issues Resolved

  1. Fixed an issue where replication was prematurely terminated in certain scenarios in replicating between case-difference instances.

Artifactory 6.2

Released: August 8, 2018

Feature Enhancements

Session Management for HA

This version enhances the internal session management between nodes in an Artifactory HA cluster to provide more stability. In previous versions, an HA cluster used a third-party library, Hazelcast, to manage sessions between the cluster nodes. From this version, Artifactory introduces a new mechanism that uses the database which makes session management more robust.

Artifactory Docker Container

The Artifactory Docker container now starts and runs under an artifactory user and no longer requires root access. Similarly, the Artifactory NGINX Docker container now starts and runs as user nginx

Tomcat Version Upgrade

The Tomcat bundled with Artifactory has been upgraded to version 8.5.32.  

Issues Resolved

  1. Fixed an issue which prevented updating propertySets in the YAML configuration file.
  2. Fixed an issue in which when Xray Integration was enabled, for all artifacts scanned by Xray, the download counter would increase by one and the "Last Downloaded By" would indicate being downloaded by Xray.
  3. Fixed an issue in which upgrading from Artifactory 5.x to Artifactory 6.x would fail if an SSL/TLS certificate was configured on one or more of the remote repositories.
  4. Fixed an issue in which when promoting a Docker tag with the REST API using an existing dockerRepository:<tag> tag, the call would deploy a new tag rather than overwrite the existing one resulting in orphaned layers.
  5. Fixed an issue in which using the UI to deploy a single artifact from a folder in a repository would sometimes fail with a constantorg.artifactory.descriptor.repo.RepoType.undefined error.
  6. Fixed an issue in which when reloading user plugins, whether through a scheduled task or on-demand via the REST API, new JARS would be loaded, but existing JARS would not, even if they had been modified.
  7. Fixed an issue in which installation of npm packages would fail because parsing the npm repository's package.json file would fail when the value of its version field contained a leading "v" or "=" character.
  8. Fixed an issue in which downloading an individual file from within a ZIP file, the file would not be cached. This resulted in long resolution times every time you needed to resolve the file (because the file was never cached).
  9. Artifactory has been enhanced to correctly manage the new character encoding that the Go client uses for capital letters.

For a complete list of changes, please refer to our JIRA Release Notes 


Artifactory 6.2.1

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.



Artifactory 6.2.2

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.1

Released: July 1, 2018

Highlights

CRAN Repository Support 

Artifactory now natively supports CRAN repositories for the R language, giving you full control of your deployment and resolve process of CRAN packages. 
You can create secure and private local CRAN repositories with fine-grained access control. Remote CRAN repositories proxy remote CRAN resources and cache downloaded CRAN packages to keep you independent of the network and the remote resource, and virtual CRAN repositories give you a single URL through which to manage the resolution and deployment of all your CRAN packages.

Cross-Zone Sharding Enhancements

Sharding across multiple zones allows you to create zones or regions of sharded data to provide additional redundancy in case one of your zones becomes unavailable. From 6.1, you can determine the order in which the data is written between the zones and can set the method for establishing the free space when writing to the mounts in the neighboring zones.

Feature Enhancements

Direct Access to Xray from the Xray Info tab

Added a link to the Xray tab giving you direct access to Xray from within the Artifactory Artifact tree browser. 

Force Authentication on Virtual Maven Repositories

You can force the Maven client to send credentials in order to authenticate against the virtual repository. This means that even if anonymous access is enabled for the Artifactory instance, a virtual repository configured using this field or directly in the Repository Configuration JSON, will require the Maven client to send its credentials. This will be enforced even if some of the aggregated local repositories under the virtual repository allow anonymous access.

NuGet Search is Now Case-insensitive

Previously searching for NuGet packages using the ID and version via the NuGet CLI was case-sensitive causing search results to be narrowed down to an accurate result. This was very limiting, especially if you were looking for a specific version. So for example, if I was searching for junit version 1.0.2, and the repository package name was JUnit, I would not get any result. We now have improved the search to be case-insensitive, allowing for both junit or JUnit to be displayed in the search. 

Build Promotion Timestamp Added to Release History Tab 

When promoting a build, under the Builds > Release History tab, you can now see the timestamp of the build promotion.

Issues Resolved

  1. Fixed an issue in PyPI repositories in which PyPI packages set with metadata version 2.1 in the METADATA or PKG-INFO files were not indexed by Artifactory and were not available for download. 
  2. Fixed an issue with npm repositories resulting in improved performance.  Deploying a new version of an npm package that already exists in the repository caused Artifactory to calculate the metadata for all the package versions instead of calculating the metadata for the specific deployed package.
  3. Fixed an issue with npm repositories. This issue relates to tagging the version of a specific package that is not the ‘highest’ in terms of SemVer.  When an npm client was trying to install the ‘latest’ package he would receive the ‘highest’ version instead of the package that was tagged as the "latest'. An example: if I have MyApp-1.0.0, MyApp-1.0.1, MyApp-1.0.2 and I tag 1.0.1 as the latest one (with npm tag command) when trying to install the latest package (e.g. npm install MyApp), MyApp-1.0.2 would be returned.
  4. Fixed an issue whereby users with special characters in their password (e.g. colon), tried to access their profile page by entering their password and would be redirected to a page with the following message: 
    "You are already logged in. You can go to the home page or log out."
  5. Fixed an issue whereby pulling a Docker image caused the "Number of Downloads" counter for the image to be increased by two.
  6. Fixed an issue whereby setting the Password Encryption to ‘Required’, prevented anonymous users from performing authentication opposite the Docker repositories. A 401 error was generated.
  7. Fixed an issue regarding PyPI repositories whereby an Artifactory behind a proxy no longer ignores the "X-Artifactory-Override-Base-Url" header which overrides Artifactory base URL.
  8. Fixed an issue in Debian repositories. Artifactory could not extract metadata in Debian packages that contained a control metadata file archived as a ‘control.tar’ or a ‘control.tar.xz.

For a complete list of changes, please refer to our JIRA Release Notes 


Artifactory 6.1.4

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.




Artifactory 6.1.5

Released: 12 March, 2019


Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.



Artifactory 6.0

Released: May 17, 2018

Highlights

JFrog Enterprise+

Announcing the new Enterprise+ Platform, that provides a complete solution for covering all the steps involved in creating a secure, trustworthy, and traceable software release in a multi-site development environment.

The solution works in conjunction with source version control, continuous integration, and deployment tools.

The JFrog Enterprise+ platform bundle includes:

  • JFrog Artifactory: all features available with an Enterprise license as well as Access Federation and the ability to work with Artifactory Edge.
  • JFrog Distribution: an on-premise, centralized platform that lets you provision software release distribution.
  • JFrog Xray: universal analysis of binary software components at any stage of the application lifecycle providing unprecedented visibility into issues lurking in components anywhere in your organization.
  • JFrog Mission Control: all features available in Mission Control with the addition of: 

    • the ability to add instances of Jenkins-CI, JFrog Distribution and JFrog Artifactory Edge as services in the system and monitor them

    • Insight and analytics on build processes through as set of metrics on the end to end build process

Enterprise+ Dedicated Features

The following dedicated Enterprise+ features are a part of the Artifactory 6.0.0 release:

For more details on the JFrog Enterprise+ platform, please refer to the  JFrog Enterprise+ User Guide.

Single Sign-On Support

SSO allows you to log into all your JFrog applications using a single set of user credentials that are stored in the Authentication Provider Artifactory instance. When SSO is applied, the user logs into the JFrog product using a set of predefined credentials and is granted access across the board to the JFrog products. SSO eliminates the need to re-enter the credentials every time a product is accessed. It is automatically enabled for all the JFrog services that use an Authentication Provider for managing security. For more information, see Authentication Using Single Sign-On.

NuGet Enhancements
  • NuGet API v3 Registry Support 
    Artifactory now supports NuGet API v3 and allows you to proxy remote NuGet API v3 repositories (e.g., the NuGet gallery) and other remote repositories that support API v3. For more information, see the API documentation.

  • NuGet SemVer 2.0 Packages
    Artifactory now supports SemVer 2.0 rules for NuGet repositories (for both NuGet API v2 and API v3), which means you can now use pre-release numbers with dot notations or add metadata to the version, for example:
    MyApp.3.0.0-build.60, MyApp.1.0+git.52406.

    Backward Compatibility for NuGet CLI Versions Lower Than 4.3.0

    NuGet packages with SemVer 2.0 are not available for NuGet clients using NuGet CLI versions lower than 4.3.0. This breaking change is due to required modifications made to the local repository structure in Artifactory to align with the official global repository behavior.
    To continue using NuGet packages in versions lower than 4.3.0, add the artifactory.nuget.disableSemVer2SearchFilterForLocalRepos = true property to $ARTIFACTORY_HOME/etc/artifactory.system.properties and proceed to restart your Artifactory service.

    For more information, see NuGet SemVer 2.0 Package Support.

Artifactory HA Enhancement

This version enhances the internal locking mechanism in Artifactory HA setups to provide more stability.
Prior to this version, Artifactory HA used the third-party Hazelcast library for distributed locking during concurrent operations. From this version, Artifactory introduces a new locking mechanism relying on the database to provide added robustness and stability. 
Important: Since the new mechanism relies on the database and therefore may require additional database connections. For more information, see Database Locks. 

IPv6 Support

From Artifactory version 6.0.0, Artifactory supports IPv6-enabled hosts. This version allows users to configure IPv6 for both Artifactory standalone instances and for HA setups where you can configure the different nodes in the cluster to communicate over IPv6. This address is used to connect an Artifactory node to its peers over REST or TCP, when required. For more information, see IPv6 Support.

Breaking Change
CSRF Protection

CSRF Protection was released in Artifactory 5.11. From Artifactory 6.0.0, CSRF protection is now enabled by default. Artifactory prevents CSRF attacks by using a new custom header - 'X-Requested-With', for internal UI calls. If you are using a proxy server, verify that the proxy does not filter out the 'X-Requested-With' header. For more information, see CSRF Protection

Feature Enhancements

Improved Builds Page and New Improved Table Design 

The Builds page has a new look and feel, together with newly designed table provide an improved UI experience.
Also, a new look and feel for all tables in Artifactory.

Issues Resolved

  1. (Applies only if you are upgrading from Artifactory versions 5.10.x and 5.11.x.): Fixed an issue whereby API keys were no longer valid when deactivating an Artifactory Key Encryption and then reactivating it.
  2. Fixed an issue whereby Artifactory redirected to an incorrect URL resulting in a 404 error when navigating in PyPI repositories using the Native Browser and browsing a package. 
  3. Fixed an issue whereby an event based pull replication caused a small thread leak in the subscribed Artifactory. For example, when the source Artifactory from which the target is pulling the artifacts. Additionally, we have capped the maximum number of subscribed Artifactories per repository to 30.  You can modify the maximum number of allowed subscribed Artifactories to the event based pull replication per repo by modifying the artifactory.system.properties file, by adding the following line:

    artifactory.replication.eventbased.maxPullReplicationsPerRepo=<number>
    In addition, we have added a new REST API call to Get Remote Repositories Registered for Replication. 
  4. Fixed an issue whereby a Docker image would exist on two different repositories with the same tag, causing it to fail when distributing it to Bintray using a Distribution repository.
  5. Fixed an issue whereby changes made to Distribution repository rules (e.g., when modifying an existing rule), would not take effect and required restarting Artifactory.
  6. Fixed an issue in which two Helm charts containing different build metadata but sharing the same version would count as the same version.
  7. Fixed an issue whereby packing a Helm package not using the Helm client prevented the charts to be indexed.

For a complete list of changes please refer to our JIRA Release Notes. 


Artifactory 6.0.1

Released: May 24, 2018

Issues Resolved

  1. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer, several capabilities in the UI did not work: logging out from Artifactory, the Set Me Up window wouldn't close, the Artifacts tab would be blank and the Advanced options under the Admin tab would be missing. 

  2. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer 11 or Microsoft Edge 15, the contents of the Builds and the Packages tab in the UI would be misplaced.
  3. Fixed an issue in which the Distribute build button in the Builds page in the UI was missing. 

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.0.2

Released: June 7, 2018

Issues Resolved 

  1. Fixed an issue related to the JFrog Xray integration in which artifacts could still be downloaded from a remote repository even though it was configured to Block Unscanned Artifacts
  2. Fixed UI issues in the Builds module. 

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.0.3

Released: June 25, 2018

Issues Resolved

  1. Removed a remote code execution vulnerability that may have been exploited when a user with Admin permissions used one of the import capabilities in Artifactory.

    JFrog would like to thank Jakub Zoczek of Allegro Group for reporting this issue and for working with JFrog to help protect our customers.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.0.4

Released: November 29, 2018

Issue Resolved
  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.



Artifactory 6.0.5

Released: 12 March, 2019

Issue Resolved
  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Previous Release Notes

For JFrog Artifactory 5.x release notes, please refer to Release Notes in the JFrog Artifactory 5.x User Guide

For JFrog Artifactory 4.x release notes, please refer to Release Notes in the JFrog Artifactory 4.x User Guide