Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

This page presents release notes for JFrog Artifactory describing the main fixes and enhancements made to each version as it is released. For a complete list of changes in each version, please refer to the JIRA Release Notes linked at the end of the details for each release.

If you need release notes for earlier versions of Artifactory, please refer to the  Release Notes in the Artifactory 3.x User Guide.

Download 

For an Artifactory Pro or Artifactory Enterprise installation, click to download the latest version of JFrog Artifactory Pro.

For an Artifactory OSS installation, click to download the latest version of JFrog Artifactory OSS.

Previous Versions

Previous versions of JFrog Artifactory Pro and JFrog Artifactory OSS are available for download on JFrog Bintray.

Click to download previous versions of JFrog Artifactory Pro.

Click to download previous versions of JFrog Artifactory OSS as a ZIP or RPM.

Upgrade Notice

Artifactory 5.5 implements a database schema change to natively support SHA-256 checksums. This change affects the upgrade procedure for an Enterprise Artifactory HA cluster (upgrading an Artifactory Pro or OSS installation is not affected).

For an Artifactory Enterprise HA cluster, if your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

If your current version is below 5.4.6, there are two options to upgrade to the latest version (5.5 and above): a two-phase option with zero downtime or a single phase option that incurs downtime.

For details, please refer to the Upgrade Notice under the release notes for Artifactory 5.5.1

Longer upgrade time

Due to the changes implemented in version 5.5, upgrading to this version or above from version 5.4.6 or below may take longer than usual and depends on the database you are using.

For an Artifactory Pro installation and for the Primary node of an Artifactory HA cluster, if you use MySQL database, the upgrade may take up to 5 minutes for each 1 million artifacts in your repositories for a typical setup. If you are using one of the other supported databases, the extra upgrade time will be less noticeable and should only take several seconds longer than usual.

Installation and Upgrade

For installation instructions please refer to Installing Artifactory.

To upgrade to this release from your current installation please refer to Upgrading Artifactory.

(lightbulb) To receive automatic notifications whenever there is a new release of Artifactory, please watch us on Bintray.

Known Issues

For a list of known issues in the different versions of Artifactory, please refer to Known Issues.


Artifactory 6.0

Released: May 17, 2018

Highlights

JFrog Enterprise+

Announcing the new Enterprise+ Platform, that provides a complete solution for covering all the steps involved in creating a secure, trustworthy, and traceable software release in a multi-site development environment.

The solution works in conjunction with source version control, continuous integration, and deployment tools.

The JFrog Enterprise+ platform bundle includes:

  • JFrog Artifactory: all features available with an Enterprise license as well as Access Federation and the ability to work with Artifactory Edge.
  • JFrog Distribution: an on-premise, centralized platform that lets you provision software release distribution.
  • JFrog Xray: universal analysis of binary software components at any stage of the application lifecycle providing unprecedented visibility into issues lurking in components anywhere in your organization.
  • JFrog Mission Control: all features available in Mission Control with the addition of: 

    • the ability to add instances of Jenkins-CI, JFrog Distribution and JFrog Artifactory Edge as services in the system and monitor them

    • Insight and analytics on build processes through as set of metrics on the end to end build process

Enterprise+ Dedicated Features

The following dedicated Enterprise+ features are a part of the Artifactory 6.0.0 release:

For more details on the JFrog Enterprise+ platform, please refer to the  JFrog Enterprise+ User Guide.

Single Sign-On Support

SSO allows you to log into all your JFrog applications using a single set of user credentials that are stored in the Authentication Provider Artifactory instance. When SSO is applied, the user logs into the JFrog product using a set of predefined credentials and is granted access across the board to the JFrog products. SSO eliminates the need to re-enter the credentials every time a product is accessed. It is automatically enabled for all the JFrog services that use an Authentication Provider for managing security. For more information, see Authentication Using Single Sign-On.

NuGet Enhancements
  • NuGet SemVer 2.0 Packages
    Artifactory now supports SemVer 2.0 rules for NuGet repositories (for both NuGet API v2 and API v3), which means you can now use pre-release numbers with dot notations or add metadata to the version, for example:
    MyApp.3.0.0-build.60, MyApp.1.0+git.52406.

    Backward Compatibility for NuGet CLI Versions Lower Than 4.3.0

    NuGet packages with SemVer 2.0 are not available for NuGet clients using NuGet CLI versions lower than 4.3.0. This breaking change is due to required modifications made to the local repository structure in Artifactory to align with the official global repository behavior.
    To continue using NuGet packages in versions lower than 4.3.0, add the artifactory.nuget.disableSemVer2SearchFilterForLocalRepos = true property to $ARTIFACTORY_HOME/etc/artifactory.system.properties and proceed to restart your Artifactory service.

    For more information, see NuGet SemVer 2.0 Package Support.

Artifactory HA Enhancement

This version enhances the internal locking mechanism in Artifactory HA setups to provide more stability.
Prior to this version, Artifactory HA used the third-party Hazelcast library for distributed locking during concurrent operations. From this version, Artifactory introduces a new locking mechanism relying on the database to provide added robustness and stability. 
Important: Since the new mechanism relies on the database and therefore may require additional database connections. For more information, see Database Locks. 

IPv6 Support

From Artifactory version 6.0.0, Artifactory supports IPv6-enabled hosts. This version allows users to configure IPv6 for both Artifactory standalone instances and for HA setups where you can configure the different nodes in the cluster to communicate over IPv6. This address is used to connect an Artifactory node to its peers over REST or TCP, when required. For more information, see IPv6 Support.

Breaking Change
CSRF Protection

CSRF Protection was released in Artifactory 5.11. From Artifactory 6.0.0, CSRF protection is now enabled by default. Artifactory prevents CSRF attacks by using a new custom header - 'X-Requested-With', for internal UI calls. If you are using a proxy server, verify that the proxy does not filter out the 'X-Requested-With' header. For more information, see CSRF Protection

Feature Enhancements

Improved Builds Page and New Improved Table Design 

The Builds page has a new look and feel, together with newly designed table provide an improved UI experience.
Also, a new look and feel for all tables in Artifactory.

Issues Resolved

  1. (Applies only if you are upgrading from Artifactory versions 5.10.x and 5.11.x.): Fixed an issue whereby API keys were no longer valid when deactivating an Artifactory Key Encryption and then reactivating it.
  2. Fixed an issue whereby Artifactory redirected to an incorrect URL resulting in a 404 error when navigating in PyPI repositories using the Native Browser and browsing a package. 
  3. Fixed an issue whereby an event based pull replication caused a small thread leak in the subscribed Artifactory. For example, when the source Artifactory from which the target is pulling the artifacts. Additionally, we have capped the maximum number of subscribed Artifactories per repository to 30.  You can modify the maximum number of allowed subscribed Artifactories to the event based pull replication per repo by modifying the artifactory.system.properties file, by adding the following line:

    artifactory.replication.eventbased.maxPullReplicationsPerRepo=<number>
    In addition, we have added a new REST API call to Get Remote Repositories Registered for Replication. 
  4. Fixed an issue whereby a Docker image would exist on two different repositories with the same tag, causing it to fail when distributing it to Bintray using a Distribution repository.
  5. Fixed an issue whereby changes made to Distribution repository rules (e.g., when modifying an existing rule), would not take effect and required restarting Artifactory.
  6. Fixed an issue in which two Helm charts containing different build metadata but sharing the same version would count as the same version.
  7. Fixed an issue whereby packing a Helm package not using the Helm client prevented the charts to be indexed.

For a complete list of changes please refer to our JIRA Release Notes. 


Artifactory 6.0.1

Released: May 24, 2018

Issues Resolved

  1. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer, several capabilities in the UI did not work: logging out from Artifactory, the Set Me Up window wouldn't close, the Artifacts tab would be blank and the Advanced options under the Admin tab would be missing. 

  2. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer 11 or Microsoft Edge 15, the contents of the Builds and the Packages tab in the UI would be misplaced.
  3. Fixed an issue in which the Distribute build button in the Builds page in the UI was missing. 

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 6.0.2

Released: June 7, 2018

Issues Resolved 

  1. Fixed an issue related to the JFrog Xray integration in which artifacts could still be downloaded from a remote repository even though it was configured to Block Unscanned Artifacts
  2. Fixed UI issues in the Builds module. 

For a complete list of changes please refer to our JIRA Release Notes

For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version of JFrog Artifactory Pro.

For Artifactory OSS, click to download this latest version of JFrog Artifactory OSS.

For Artifactory Enterprise+, click to download the latest version of  JFrog Enterprise+.


Artifactory 5.11

Released: May 2, 2018

Highlights

Go Registries

Artifactory now provides native support for Go registries, giving you full control over deployment and resolution of Go source control packages. You can create secure and private local Go registries with fine-grained access control, remote repositories to proxy remote Go resources and cache downloaded Go packages to keep you independent of the network and remote resources. Virtual repositories let you set up a Go registry with a single URL through which to manage the resolution and deployment of all your Go packages.

Support for Go repositories is currently integrated with the vgo client which can be downloaded from the vgo GitHub Repository.

CSRF Protection

Artifactory can now prevent CSRF attacks by using a new custom header, X-Requested-With, for internal UI calls. This feature is disabled by default because it may require a change in your proxy server (if you are using one) to ensure it does not filter out this header. The feature can be enabled by modifying a system property and restarting Artifactory. For details, please refer to CSRF Protection under Configuring Security. 

Allow Crowd Users to Access Their Profile Page

Artifactory users who are created by logging in via Crowd can now be given access to their profile page through a configuration in Artifactory. These users can now access a set of functions such as setting their SSH public key, configuring their JFrog Bintray credentials, and updating their password.

Issues Resolved
  1. Fixed an issue with RPM repositories which sometimes caused download requests to fail in. The issue occurred when in some cases, uploading an RPM package would result in deletion of the newly generated metadata files (primary, other, filelists) instead of the old ones. This, in turn, would cause download requests for certain RPM packages to fail. 

  2. Fixed an issue with NPM repositories in which presence of a corrupt package or metadata file caused indexing to be aborted rather than just skipping the corrupt file and continuing.

  3. Fixed an issue which caused a memory leak in some cases when working with HTTP SSO.

  4. Fixed an issue that caused initialization of replication to fail on systems with many event-based push replications configured. 

  5. Fixed an issue in which it would take Artifactory a long time to generate the information displayed in the Admin module under Advanced | Storage Summary, or the response for the Get Storage Summary Info REST API endpoint. 

  6. Fixed an issue which would sometimes cause deployment of artifacts to fail when the Storage Quota Control feature was enabled. 

  7. Fixed an issue in which an Artifactory instance trying to resolve packages from a remote repository in another Artifactory instance, which itself was proxying a remote repository in another Artifactory instance, would sometimes fail.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.11.1

Released: May 21, 2018

Issues Resolved

  1. Fixed an issue whereby, the 'Disable Internal Password' field that was enabled to prevent users from changing their password was removed during the upgrade from Artifactory 5.5 and above. This has been fixed to preserve the original setting thereby preventing users from changing their password after the upgrade.

  2. Fixed an issue in the CSRF protection feature introduced in 5.11.0, whereby under certain circumstances, the X-Requested-With header was sent with an empty value causing the UI to be unavailable.

  3. Fixed an issue related to User Plugins, whereby the Realms plugin execution point was triggered on HA setups. For example, user plugins that authenticated users during login to Artifactory would fail.

  4. Fixed an issue in which it took Artifactory a long time to generate the information displayed in the Admin module under Advanced | Storage Summary, and to get a response when running the Get Storage Summary Info REST API endpoint.

  5. Fixed an issue which occasionally caused artifact deployment to fail when the Storage Quota Control feature was enabled.

  6. Fixed an issue whereby Artifactory was redirected to an incorrect URL resulting in a 404 error. This occurred when navigating in the PyPI repositories while using the Native Browser and searching for a package.

  7. Fixed an issue in which non-admin users could a create an access token with an unlimited expiration period (i.e. expires_in = 0).

  8. Fixed an issue in which, the Docker Info tab was empty when selecting a Docker image in a virtual repository in the UI.

For a complete list of changes, please refer to our JIRA Release Notes

Page Contents


Artifactory 5.11.2

Released: June 13, 2018

Issues Resolved

  1. Fixed an issue in which non-admin users failed to authenticate the npm client against Artifactory when using the npm login command.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.10

Released: March 27, 2018

System Import

Previously, when performing a system import, all security entities (users, groups, permissions and access tokens) on the receiving instance would be removed in addition to configurations, repositories and artifacts. From this version, when doing a system import, existing security entities are maintained and imported security entities are merged with them. As before, other entities (configurations, repositories and artifacts) are removed.

Highlights

Package Native UI

To complement Artifactory's universal support for all major package types, version 5.10 offers a new Package Viewer that provides a native experience with the a look and feel that is customized for a specific package type. Once you select a package type, Package Viewer will only search for packages of the selected type using the search term entered. More significantly, the details provided in the search results are also specific to the package type. For example, when searching for Docker images, the Package Viewer will search for Docker tags, and you can drill down into each search result to see details of the layers comprising the tag. Currently, the Package Viewer supports Docker with additional formats to be added in forthcoming releases.

For more details, please refer to Viewing Packages.  

MariaDB

In addition to the set of databases currently supported, from version 5.10, Artifactory also supports MariaDB.

Xray Integration 
Artifactory 5.10, jointly released with JFrog Xray 1.12, presents significant changes in how these two complementary applications are integrated to improve usability and stability including:
  • a new mechanism for reporting scan status 

  • configuring download blocking through Xray

Upgrade Xray first

 For this joint release of JFrog Artifactory 5.10 and JFrog Xray 1.12, we strongly recommend first upgrading your Xray installation to version 1.12 and only then upgrading Artifactory.

Scan Status - Breaking Change

Previously, Artifactory displayed the scan status (e.g., last scan time, highest severity of any vulnerabilities found etc.) of an artifact as a set of properties that Xray attached to each artifact it scanned. Upon upgrading to version 5.10, these properties will be removed, and instead, Artifactory will display an artifact's scan status by querying Xray and displaying the results on-demand when the artifact is selected in the Tree Browser. To support this behavior, the artifact's scan status is now displayed in a separate Xray information tab

This is a breaking change which restricts compatibility of Artifactory and Xray versions as described in the following table:

 Xray Version
1.12+<1.12

 

Artifactory
Version

5.10+

(tick)

Since both Artifactory and Xray are upgraded, the new integration is fully functional as designed.

(error)

In this combination, the integration will not work since the new version of Artifactory will query Xray for scan status, however, the old version of Xray does not have the required REST API endpoints.

<5.10

(warning) 

This combination is supported. Artifactory will continue to display each artifact's scan status, however, it will use previous mechanism that uses properties.

(tick)

If neither Artifactory nor Xray are upgraded, the integration will work using the previous mechanism that displayed scan status as a set of properties on the artifact.

Download Blocking

From this version, configuration of Download Blocking is moved from Artifactory to Xray. For details, please refer to Download Blocking in the JFrog Xray User Guide. In addition, when trying to download a complete folder, if any of the artifacts in the folder are blocked for download, then downloading the folder will fail. 

Feature Enhancements 

NuGet Performance Improvements

Performance of indexing Nuget repositories has been improved.

Retrying Database Connections

From this version, if Artifactory fails to connect to the database, it will retry several times before dropping the connection.

Pagination for Docker

Artifactory now supports pagination when calling the List Docker Repositories and List Docker Tags REST API endpoints on virtual repositories. 

Issues Resolved

  1. Fixed an issue with the native browser in which Artifactory would encode space characters to a ‘+’ character resulting in incorrect URLs for paths that included spaces.  

  2. Fixed an issue in which for users with a realm that is LDAP, SAML, HTTP SSO and OAuth, their Last Logged In field would remain empty after logging in to Artifactory.

  3. Fixed an issue in which LDAP users who were trying to authenticate against Artifactory with bad credentials would be removed from the LDAP groups they were associated with.

  4. Fixed an issue with Bower repositories in which registering a package from GitHub using SSH would fail with an "Unable to determine coordinates from url" error. The following is an example that would cause this error:

    bower register <package name> ssh://git@github.com/<repo>/<package>
  5. Fixed an issue in which when uploading multiple files from the UI to a virtual repository, non-admin users would fail with a "Forbidden UI REST call from user <x>" error.

  6. Fixed an issue in which the custom expires_in field of refreshable access tokens created by non-admin users would be erased, and upon refreshing a token, the expires_in field would be set with the default value of 3600 seconds.

  7. Fixed an issue with Docker registries in which when promoting a Docker tag properties annotating the tag would not be promoted with it.

  8. Fixed an issue with npm repositories in which resolving an npm package using npm install would fail if the package was present in both a local and remote-cache repository, but have a different checksum in each.

  9. Fixed an issue in which the ‘Test Connection’ button in remote repositories would not work when the URL to which the connection was being tested was a private npm repository.

  10. Fixed an issue in which user plugin event deletion would not be detected so the user plugin would not be deleted from the database and would be reloaded again.

  11. Fixed an issue that prevented users from certain organizations authenticated via Crowd SSO from logging in to Artifactory.

For a complete list of changes please refer to our JIRA Release Notes. 

For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version of JFrog Artifactory Pro.

For Artifactory OSS, click to download this latest version of JFrog Artifactory OSS.


Artifactory 5.10.1

Released: March 29, 2018

Issues Resolved

This is patch fixes these issues that were discovered in version 5.10:

  1. Fixed an issue in which an Artifactory configured with MariaDB as the database did not start.
  2. Fixed an issue whereby enabling the Auto Redirect Login Link To SAML Login setting in the SAML configuration, did not redirect to the SAML login URL, and the Login button in Artifactory became unresponsive.
  3. Fixed an issue whereby Xray users failed to be authenticated using SAML authentication.
  4. Fixed an issue whereby under certain circumstances, authentication between Artifactory and Xray failed, leading to failure between Artifactory and Xray. This caused certain operations to fail such as scanning an artifact or a build.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.10.2

Released: April 12, 2018

Issues Resolved

  1. Fixed an issue in which after upgrading to Artifactory 5.10.x, in some cases, installing and searching for packages in NuGet repositories would fail.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.10.3

Release: April 18, 2018

Using PyPI Remote Repositories?

If you are using PyPI remote repositories, you need to upgrade to this patch to overcome a breaking change introduced to the public PyPI repository.

Issues Resolved

PyPI is undergoing changes and the PyPI administrators have announced that by April 30th, the current URL at which the index is available will be deprecated, and the PyPI public repository will only be available at http://pypi.org.

In addition, the internal structure of the PyPI index is changing.

These are breaking changes if you are using Artifactory remote PyPI repositories that proxy the PyPI index at its current URL of http://pypi.python.org.

This patch addresses these changes and allows you to continue working with remote PyPI repositories.

Important notes: 

  • We strongly recommend upgrading to this patch only if you are using remote PyPI repositories that proxy the public PyPI index at http://pypi.python.org
  • As part of the change PyPI have introduced, the index is now located under http://pypi.org and the binaries (packages) are stored under a different URL: (https://files.pythonhosted.org). 
  • In this patch, Artifactory aligns with the changes introduced on PyPI, both new index structure and the new URL, by adding the Registry URL field, which specifies the location where the repository index file resides, to the remote PyPI repository configuration.

To continue working with PyPI remote repositories, follow these instructions:

Note: upon upgrading to this version, the Registry URL of all of the remote PyPI repositories will be set to the same value as repository's URL. 
If the index file and the binaries are stored in the same URL, you should not make any changes in these remote PyPI repositories. 

In addition to this patch, to accommodate users running older versions of Artifactory, we have also released 5.8.9 and 5.9.5 with the same fix. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.10.4

Released: April 26, 2018

Issues Resolved

  1. Fixed an issue in which user login would sometimes fail when there was more than one LDAP configuration set up (e.g. different OUs)

  2. Fixed an issue in which downloading artifacts from a remote repository would fail when the repository was configured to work with a proxy, and the proxy server was configured in Artifactory with a username and password. 

  3. Fixed an issue that caused a degradation in PyPI API performance when a Derby database has node_props table containing many entries.
  4. Fixed an issue in which LDAP users would be removed from the LDAP groups they were associated with when trying to authenticate against Artifactory with bad credentials or while experiencing connection issues.

For a complete list of changes, please refer to our JIRA Release Notes.

 


Artifactory 5.9

Released: February 18, 2018

Highlights

Audit trail Log

Artifactory will maintain an audit trail log that records all actions related to permissions, users, groups and access tokens. This enables auditing and tracking of all security related actions allowing you to enforce different security policies in your organization. Some examples of actions that will be recorded in the audit trail log are:

  • creating a new user
  • adding a user to a group
  • changing a user password
  • adding a user to a Permission Target

The audit trail log is enabled by default and can be disabled. For more details, please refer to Audit Trail Log.

Improved UI Performance

Artifactory has undergone significant changes in the UI implementation to improve performance in the Tree Browser

Enhanced Password Encryption Security

Artifactory will now use 128-Bit AES for password encryption which is a more secure algorithm than the previously used PBEwithSHA1AndDESede. New installations will use the new encryption algorithms, however, if you are upgrading to this version, the encryption algorithm does not automatically change. Following an upgrade, to change the encryption algorithm from PBEwithSHA1AndDESede to the new A128-bit AES, simply deactivate key encryption using the Deactivate Artifactory Key Encryption REST API endpoint, and then re-enable it using the Activate Artifactory Key Encryption REST API

Feature Enhancements 

Respecting Cache-Control Headers

Artifactory will now return a “Cache-Control: no-store” header for all expirable metadata files. 

This means that if you have a proxy cache (e.g. Nginx) between Artifactory and the client, the proxy will always go to Artifactory to fetch these metadata files and will not cache them.

Issues Resolved

  1. Publishing to an npm repository with a tag. 
    When publishing a new version with a tag to an npm repository, the version would also automatically be assigned the "latest" tag. This meant that running npm install package would install the "tagged" version even though it was explicitly given a different tag and should, therefore, not have been identified as the "latest". For example, when using npm publish --tag=beta , the published version would incorrectly get the "latest" tag. This is now fixed and Artifactory will only assign a published version with the "latest" tag if no other tag is explicitly specified in npm publish command. 

  2.  Fixed an issue in which when distributing a Docker image to JFrog Bintray through a distribution repository in Artifactory, the operation would succeed the first time, however would fail if you tried to redistribute the same image through the distribution repository.

  3. Fixed an issue in which Helm charts whose representation did not comply with the SemVer 2 specification would not be served. For example, the Helm client would not be able to resolve a chart named myPackage-0.1, however, a chart named myPackage-0.1.0 would work. 

  4. Fixed an issue in which resolving an npm package from an npm remote repository in Artifactory that proxied an npm repository in JFrog Bintray, would fail.

  5. Fixed an issue in which when pushing several Docker images with common layers in high concurrency, some of the push requests would fail.

  6. Fixed an issue in which the Storage Summary for a cache-fs filestore would show the maximum available and used values incorrectly. Instead of displaying values for the cache, the values for the whole file system were displayed instead. This has now been fixed and the Storage Summary for a cache-fs filestore correctly displays the actual and maximum available cache size.

  7. Fixed an issue with the use of filestore sharding in an HA cluster. When an HA cluster with two or more nodes used the sharding-cluster binary provider, if you deployed an artifact to one of the secondary nodes while the primary node was down, the artifact would not get copied over to the primary node, even if the redundancy was set to 2 or more. 

  8. Fixed an issue with metadata calculation for npm repositories. When triggering a metadata calculation using the REST API or through the UI, if the repository contained an npm package with faulty or corrupt metadata that Artifactory couldn't parse, the whole process of metadata calculation would stop without calculating metadata for packages that came after the faulty package.

  9. Fixed an issue in which, for Maven repositories, when LDAP users would try to download the settings.xml from the Set Me Up page, the password field would not be populated and remain blank. 

  10. Fixed an issue in which when using the Distribute Artifact REST API endpoint with an unauthorized user, Artifactory returned a 500 error. Artifactory will now return error 403, as expected. 

For a complete list of changes please refer to our JIRA Release Notes. 


Artifactory 5.9.1

Released: March 6, 2018

Issues Resolved

The search functionality for npm packages, through the npm client using the "npm search" command, has been fixed for both remote and virtual repositories. And now works for all repository types.

Important Notice

To enable the "npm search" to search according to a package name, description and keyword, it is required to recalculate the metadata for all relevant npm repositories (including local and remote cache).
This can be done from the Artifactory UI by right clicking on the repository and selecting ‘Recalculate Index’, or by executing the Calculate Npm Repository Metadata REST API.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.9.3

Released: March 21, 2018

Issues Resolved

  1. Fixed an issue with Artifactory instances running versions 5.9.0 and above which displayed the following behavior: in some cases certain users would not be able to login to Artifactory, retrieving the list of users through the UI or the REST API would fail with an exception, and Backups and System Exports would fail. For details, please refer to the relevant JIRA item in the link below.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.9.5

Release: April 18, 2018

Using PyPI Remote Repositories?

If you are using PyPI remote repositories, you need to upgrade to this patch to overcome a breaking change introduced to the public PyPI repository.

Issues Resolved

PyPI is undergoing changes and the PyPI administrators have announced that by April 30th, the current URL at which the index is available will be deprecated, and the PyPI public repository will only be available at http://pypi.org.

In addition, the internal structure of the PyPI index is changing.

These are breaking changes if you are using Artifactory remote PyPI repositories that proxy the PyPI index at its current URL of http://pypi.python.org.

This patch addresses these changes and allows you to continue working with remote PyPI repositories.

Important notes: 

  • We strongly recommend upgrading to this patch only if you are using remote PyPI repositories that proxy the public PyPI index at http://pypi.python.org
  • As part of the change PyPI have introduced, the index is now located under http://pypi.org and the binaries (packages) are stored under a different URL: (https://files.pythonhosted.org). 
  • In this patch, Artifactory aligns with the changes introduced on PyPI, both new index structure and the new URL.

To continue working with PyPI remote repositories, follow these instructions:

  • Upgrade to Artifactory 5.9.5 or 5.10.3 and above. 
  • For all Artifactory PyPI remote repositories that are configured with the URL of https://pypi.python.org

Note: upon upgrading to this version, the Registry URL of all of the remote PyPI repositories will be set to the same value as repository's URL. 
If the index file and the binaries are stored in the same URL, you should not make any changes in these remote PyPI repositories. 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.9.7

Released: April 30, 2018

Issues Resolved

  1. Fixed an issue that caused a degradation in PyPI API performance when a Derby database has node_props table containing many entries.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.8

Released: January 1, 2018

Highlights

Helm Chart Repositories

Artifactory now natively supports Helm Chart repositories, giving you full control of your deployment process to Kubernetes. You can create secure and private local Helm chart repositories with fine-grained access control. Remote Helm chart repositories proxy remote Helm chart resources and cache downloaded Helm charts to keep you independent of the network and the remote resource, and virtual Helm chart repositories give you a single URL through which to manage the resolution and deployment of all your Helm charts.

YAML Configuration File

Applying configuration changes to Artifactory can now be done using an easy to use YAML configuration file. Run a single or multiple configuration changes as needed, to create, update and delete any elements in the your Artifactory instance. For example, creating new repositories, setting up replication, and modifying any specific configuration changes. 

Multiple Secure Private Docker Registries Without a Reverse Proxy

Artifactory has supported multiple secure private Docker registries since the early days of Docker, however that support required the use of a reverse proxy. From version 5.8, the need for a reverse proxy is removed, and you can create and use multiple Docker registries out-of-the-box without the need for any reverse proxy configuration. All you need to do is select the Repository Path 

Feature Enhancements 

Automatically associate a HTTP SSO user to an LDAP Group

Artifactory will now accept users logging in through HTTP SSO to be associated with existing LDAP groups. HTTP SSO users will now inherit the permissions specified in the corresponding LDAP group in Artifactory. This is supported for both HTTP SSO users that are internally created in Artifactory and also for transient users.

Issues Resolved

  1. Fixed an issue where overwriting an existing artifact would permanently delete it. These artifacts will now be sent to the trash can, available to be recovered if needed.

  2. Fixed an issue in which enabling the External Dependency Rewrite configuration in npm virtual repositories, caused some npm packages, such as "equals", to not be resolved with an npm 500 error displayed in the logs. This occurred only for packages where dependencies were declared in the following format:
    https://github.com/<repo>/<...>

  3. Fixed an issue where adding a keypair in the Signing Keys UI admin component, caused the remote repo admin page in the UI to appear as empty without any fields.
  4. Fixed an issue with an incorrect response for cached Chef cookbooks.
  5. Fixed an issue where the metadata for some PyPI packages, such as nose 1.3.3 and above, would not be extracted correctly and incorrect information would be displayed in the UI for the package. This would happen only for packages that had multiple PKG-INFO file, causing Artifactory to identify the wrong PKG-INFO package metadata file.
  6. Fixed an issue in which adding more than 1,000 users to a group using Oracle DB would fail with an ‘error updating groups’ or a ‘maximum number of expressions in a list is 1000’ SQLSyntaxErrorException.
  7. Fixed an issue where some Debian packages were not added to the Debian repository index.
  8. Fixed an issue where running an npm search against an npm repository failed to return packages that contained the maintainers field in the package.json in the following structure:
    “maintainers” : { "name": "john", "email": "john@company.com" }
  9. Fixes to remediate CVE-2017-7525 and CVE-2017-15095 vulnerabilities.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.8.1

Released: January 4, 2018

Issues Resolved

  1. Fixed an issue in which an upgrade from versions below 5.7, to versions 5.7 and above with the Artifactory Key Encryption activated, failed with the following error:
    Couldn't convert configs encryption: javax.crypto.BadPaddingException: Given final block not properly padded : Couldn't convert configs encryption

  2. Fixed an issue, for HA setups, in which an upgrade process with the following steps failed with the following error:
    Encrypted password found and no Master Key file exists at /clusterhome/ha-etc/security/artifactory.key
    Steps:
    1. upgrade to version 5.x (below 5.7), from version 4.x with NFS and the Artifactory Key Encryption deactivated
    2. upgrade to version 5.7 and above, with the Artifactory Key Encryption activated

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.8.2

Released: January 8, 2018

Issues Resolved

  1. Fixed an issue with HA clusters in which in rare cases, when modifying files that are synced through the database (for example, adding/modifying user plugins, changing the Artifactory Encryption Key, or modifying Artifactory system properties), the changes would not be propagated to the secondary nodes in the cluster.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.8.3

Released: January 9, 2018

Issues Resolved

  1. Fixed an issue in which pushing or pulling from an Artifactory Docker registry would fail when using Docker client version 1.12 or below and while the reverse proxy is configured to listen on ports 443/80.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.8.4

Released: February 7, 2018

Issues Resolved

  1. Fixed an issue with Artifactory Docker registries in which in some cases, file descriptors created following a HEAD request for a Docker manifest, would not be closed at the end of the request, but only when garbage collection was run.

For a complete list of changes please refer to our JIRA Release Notes

Artifactory 5.8.9

Release: April 18, 2018

Using PyPI Remote Repositories?

If you are using PyPI remote repositories, you need to upgrade to this patch to overcome a breaking change introduced to the public PyPI repository.

Issues Resolved

PyPI is undergoing changes and the PyPI administrators have announced that by April 30th, the current URL at which the index is available will be deprecated, and the PyPI public repository will only be available at http://pypi.org.

In addition, the internal structure of the PyPI index is changing.

These are breaking changes if you are using Artifactory remote PyPI repositories that proxy the PyPI index at its current URL of http://pypi.python.org.

This patch addresses these changes and allows you to continue working with remote PyPI repositories.

Important notes: 

  • We strongly recommend upgrading to this patch only if you are using remote PyPI repositories that proxy the public PyPI index at http://pypi.python.org
  • As part of the change PyPI have introduced, the index is now located under http://pypi.org and the binaries (packages) are stored under a different URL: (https://files.pythonhosted.org). 
  • In this patch, Artifactory aligns with the changes introduced on PyPI, both new index structure and the new URL.

To continue working with PyPI remote repositories, follow these instructions:

  • Upgrade to Artifactory 5.8.9, 5.9.5 or 5.10.3 and above. 
  • For all Artifactory PyPI remote repositories that are configured with the URL of https://pypi.python.org

Note: upon upgrading to this version, the Registry URL of all of the remote PyPI repositories will be set to the same value as repository's URL. 
If the index file and the binaries are stored in the same URL, you should not make any changes in these remote PyPI repositories. 

Additional Issues Resolved
Fixed an issue that caused initialization of event replication to fail on systems with many event-based push replications configured.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.8.10

Released: April 30, 2018

Issues Resolved

  1. Fixed an issue that caused a degradation in PyPI API performance when a Derby database has node_props table containing many entries.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 5.7

Released: December 20, 2017

Using PostgreSQL?

Before upgrading to this version, you need to ensure that your PostgreSQL JDBC driver is version 9.4 build 1202 or higher.

To update your driver, simply place the new driver JAR file in $ARTIFACTORY_HOME/tomcat/lib.

Highlights

Improved HA Installation and Upgrade Process

The HA installation and setup process has been redesigned to create a simple and even more secure infrastructure for your Artifactory HA clusters. Through the use of a Master Key, Artifactory adds a new security layer that replaces the previously used Bootstrap bundle mechanism, which is now deprecated.

With this release, Artifactory will handle all configuration and encrypted security related files. To create new Artifactory nodes in a cluster, administrators will only need to supply a single Master Key and db.properties file, used by all nodes in the cluster.

Existing Artifactory installations will be upgraded to this new infrastructure automatically when updating from version 5.x and up.

Sort, Filter and Add Favorite Repositories in the UI Tree

View only the repositories you need by customizing the Artifact Repository Browser with your favorite repositories, and applying sort and filter options. Use as many different favorite, sort and filter combinations to narrow down the Artifact tree to display exactly what you need.

Feature Enhancements

Promote Build to Virtual Repository REST API

Promoting builds to a virtual repository is now supported, in addition to the previously supported local repositories, using the Build Promotion REST API. Upon build promotion to a virtual repository, the files will be promoted (copied/moved) to the Default Deployment Repository that is configured as part of the virtual repository. 

Support for AWS SSE-KMS

Added support for AWS SSE-KMS (Key Management Service) for your S3 Object Storage. This allows you to set an AWS KMS encryption key on the S3 bucket that your Artifactory uses as an object store.

Support for LZMA and XZ Index Compression Formats in Debian Repositories

Artifactory now lets you create LZMA (.lzma) and XZ (.xz) compression Debian indices, in addition to the already supported Gzip (.gzip) and Bzip2 (.bz2) extensions. The Bzip2 index file can be disabled if it's not needed.

Improved AQL Performance

Significant performance improvement for AQL queries when searching artifacts according to build name and number.

Improved Concurrent Configuration Changes Performance

Performance improvement when concurrently applying configuration changes to the Config Descriptor file. 

Issues Resolved

  1. Fixed an issue in which users, associated with groups that are configured with admin privileges, could not perform admin-only actions through REST API when using an API key for authentication.

  2. Fixed an issue in which deploying a large NuGet package (larger than 2GB) would fail with an OutOfMemory exception.

  3. Fixed an issue in which TCP connections were not being closed when push replication was configured with an incorrect target URL or bad credentials, causing unresponsiveness. The TCP connections were not being closed on the source Artifactory (the instance where artifacts were replicated from).

  4. Fixed an issue where when clients (such as Yum clients) tried to fetch sqlite.bz2 files from Yum virtual repositories, it took longer than expected since it triggered a synchronous calculation, even though Artifactory does not aggregate sqlite files. Artifactory responses to YUM clients in returning sqlite.bz2 files will now be faster.
  5. Fixed an issue where the email address of users imported into Artifactory from a Crowd server was not updated in Artifactory when it was updated on the Crowd server.
  6. Fixed an issue in which resolving artifacts from a remote repository with a URL that contained spaces in it did not work.
  7. Fixed an issue when aborted upload processes, to an Artifactory with a filestore configuration on the cloud (S3/GCP/Azure), would leave a partial file in the Eventual folder that would not get cleaned up.
  8. Fixed an issue in which an API key created by exernally authenticated users (eg. OAuth) would not get inserted correctly into code snippets generated by the Set Me Up page.
  9. Fixed an issue with the indexing rpm metadata files which caused clients (such as Yum clients) to fetch the src.rpm file instead of the rpm package file. This would happen when the RPM repository contained both source and corresponding package.
  10. Fixed an issue where "NA" was recorded in the access log instead of the user id for denied login attempts. The user id will now be displayed.
    For example: [DENIED LOGIN] for john/0:0:0:0:0:0:0:1
  11. Fixed an issue in which include and exclude patterns would be ignored on local NuGet repositories.
  12. Fixed an issue in which deploying files that contained a colon in the artifact name, ‘:’ or %3a (encoded or decoded), would fail with an 409 error.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.7.1

Released: December 22, 2017

Issues Resolved

  1. Fixed an issue in which, when upgrading to version 5.7.0, if you have more than 2 Docker repositories that are configured using the ports method, an exception is generated during the upgrade process. Artifactory does start up, but you are unable to save the configuration descriptor unless you remove the configuration.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.7.2

Released: December 24, 2017

Issues Resolved

  1. Fixed an issue that prevented upgrading to version 5.7.x with an MS SQL database (version 2014 and below) when you have an artifact with a property and value whose combined length is greater than 900 characters.

For a complete list of changes please refer to our JIRA Release Notes

 


Artifactory 5.6

Released: November 15, 2017

Upgrade Notice

Before Upgrading to Artifactory 5.6.0

  1. The Artifactory Security Replication User Plugin (securityReplication.groovy) has not yet been updated to support 5.6.0. We’re working on a new version that will be available soon.

    If you are using this plugin and need to upgrade to Artifactory 5.6.0, please contact support@jfrog.com.

  2. For Artifactory HA installations, single-phase upgrades (with downtime) from version 4.x to version 5.6 without going through version 5.4.6 fails. Please refer to the Upgrade Notice in the Artifactory 5.5 Release Notes.

  3. There is a known issue in which running apt-get update on Ubuntu Trusty (14.04) against Debian repositories fails with the following error: Sub-process https received a segmentation fault


A fix for this issue is available in version 5.6.1 and we therefore recommend upgrading to 5.6.1.

Highlights

Improved Debian Performance

Significant improvement in performance when indexing Debian repositories.

Feature Enhancements

Tomcat Version Upgrade

The Tomcat bundled with Artifactory has been upgraded to version 8.5.23. 

Get Distribution Repository Details

The Get Repositories REST API now also includes distribution repositories. To get the distribution repositories details only, you can add type=distribution as a query param. 

UI Performance Improvement

Performance of displaying the environment and system variables data in the Builds module in the UI has been significantly improved.

Downloading a Folder for Anonymous Users 

Admin users can now also enable folder download configuration for anonymous users, in addition to internal users.

Limit REST API Search Results

Added the ability to limit the number of API search results for internal users, previously available only for anonymous users. To add a limit, edit the artifactory.system.properties file with artifactory.search.limitAnonymousUsersOnly=false (default is true), and a limit artifactory.search.userQueryLimit  (default is 1000).

Filter Expirable Access Tokens

Added an option to filter the expirable tokens in the Access Tokens page in the Artifactory UI

Issues Resolved

  1. Fixed an issue allowing unsupported special characters to be used in the key field when adding properties via REST API, as already enforced in the UI.
    The following characters are forbidden: )(}{][*+^$\/~`!@#%&<>;=,±§ and the Space character.

  2. Fixed an issue where a file with the same filename and filepath of a file that was previously deleted, could not be deleted a second time. For this scenario, the latest file deleted will now be under the file path in the trash.

  3. Fixed an issue where NuGet package names containing a hyphen character "-" would be automatically considered as pre-release packages which allowed users without Delete/Overwrite permissions to overwrite them.
    For example: Sample-Package.1.0.0.nupkg
    Artifactory is now aligned with the NuGet spec, and these packages will only be considered as pre-release if the hyphen character follows the version number.
    For example: Sample-Package.1.0.0-RC.nupkg

  4. Fixed an issue where installing an npm package, with the following date format (2010-11-09T23:36:08Z) in its metadata file, would fail with an IllegalArgumentException.

  5. Fixed an issue in which installing an npm package from a virtual repository would fail if the package did not have the time closure in the package.json.
  6. Fixed an issue in which users imported from Crowd and associated to a group with admin privilages would be created in Artifactory with the “Can Update Profile” option disabled. This option will now be enabled for this usecase.
  7. Fixed an issue in which users associated to a group imported from SAML and associated with admin privileges were not granted the appropriate admin privilages.
  8. Fixed an issue where uploading a Conan package that contains declared environment variables with the "=" character, the package would be deployed without its metadata.
    For Example: conan install lib/1.0@user/stable -e MYFLAG="one==tricky==value" --build

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.6.1

Released: November 22, 2017

Issues Resolved

  1. Fixed an issue in which a single-phase upgrade of an HA cluster with downtime (by adding the artifactory.upgrade.allowAnyUpgrade.forVersion system property) from a version below 5.0 directly to version 5.6.0 would fail. Note that the recommended two-phase upgrade with zero downtime was not affected.  

  2. Fixed an issue in which when logging into Artifactory, if the group name sent in a SAML assertion as a SAML attribute was in mixed-case (i.e., at least one character is not lower-case), and the corresponding group in Artifactory was all in lower case, then the SAML user would not inherit the permissions associated with that group. This affected both internal groups and imported LDAP groups.

  3. Fixed an issue in which running apt-get update on Ubuntu Trusty (14.04) against Debian repositories would fail with the following error: 
    Sub-process https received a segmentation fault

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.6.2

Released: November 27, 2017

Issues Resolved

  1. Fixed a critical issue in which a user would sometimes lose permissions due to a collision between an update action and a "GET" operation that occurred concurrently.

  2. Fixed an issue that prevented connection to Artifactory through SSH. This also resulted in JFrog CLI not being able to work with Artifactory.

For a complete list of changes please refer to our JIRA Release Notes

 


Artifactory 5.6.3

Released: December 18, 2017

Issues Resolved

  1. Fixed an issue in which deployment of an artifact which already existed in Artifactory would result in its SHA-256 value being null. This would cause the indexing of repository types like Debian and Git LFS to be incorrect since they rely on artifacts' SHA-256 value.

  2. Fixed a performance issue in which users being authenticated via external means (e.g. LDAP) would sometimes experience unusually long authentication time due to a large number of database queries causing an increased load on the database.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.5

Released: September 25, 2017

Due to a critical issue discovered in this version, you should not install it. Instead, you should upgrade to version 5.5.1 or later.

Upgrade Notice 

For an Artifactory HA installation, there are two options to upgrade to version 5.5 from a version below 5.4.6

This note only refers to upgrading Artifactory Enterprise HA installations.

Artifactory 5.5 implements a database schema change to natively support SHA-256 checksums. If your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

If your current version is below 5.4.6, to accommodate this change, you may select one of the following two upgrade options:

  1. Two-phase, zero downtime
    In this option, you first need to upgrade your HA cluster to version 5.4.6. Once this upgrade is completed, you can then proceed to upgrade your HA cluster to version 5.5. In both phases, you follow the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

  2. One phase with downtime
    This option requires you to add a system property to your primary node during the upgrade procedure. For details, please refer to Upgrading an Enterprise HA Cluster.  
    If you try upgrading directly to version 5.5 without adding this system property, the upgrade will fail and the following message will be logged in the artifactory.log file:
    To upgrade your HA installation to this version, you first need to upgrade to version 5.4.6 which implements changes required to accommodate a database schema change.

 

Highlights

Event-based Pull Replication

JFrog Artifactory now supports event based pull replication, in addition to the already supported event based push replication. This configuration allows your remote Artifactory instances get updated in near-real-time by a pull replication that's triggered by any changes made to your local repositories, such as new or deleted artifacts. This is great for automation purposes where you want to make your artifacts available in all of your instances as soon as they are deployed.

As a best practice, setting a Cron expression for regularly scheduled replication is still required in addition to event-based replication. This will ensure that all of the artifacts in your repository are synced and up to date, which is important in case of an event sync failure (for example, due to maintenance operations).

Native Support for SHA-256 Checksums

Artifactory now supports SHA-256 checksums. This improved algorithm to calculate checksums enables a more secure environment for your binaries letting you use SHA-256 checksums to validate the integrity of downloaded artifacts. You can also use the SHA-256 value for a variety of features as described in SHA-256 Support. Whenever a new artifact is deployed, in addition to automatically calculating its MD5 and SHA1 checksums, Artifactory will now also calculate and store its SHA-256 checksum. The SHA-256 value can be used when searching for artifacts, or displayed as output for AQL queries in the same way SHA1 and MD5 checksums are used from both the UI and the REST API.

From version 5.5, Artifactory will automatically calculate the SHA-256 checksums for new artifacts deployed to your instance. . Depending on the number of artifacts in your system, this process may take some time. To help you monitor the process, progress and status messages will be printed to a dedicated log file, sha256_migration.log, with some additional general messages to the artifactory.log file.

To maintain backward compatibility with existing scripts, the Set Item SHA256 Checksum REST API endpoint is still supported. 

Feature Enhancements

Improve Performance on RPM Repositories

The performance of metadata calculation on RPM repositories has been significantly enhanced by performing different metadata calculations in parallel making resolving and deploying packages with RPM repositories much faster. 

Improve Performance of NuGet Repositories

NuGet repository performance has been significantly improved when resolving dependencies or searching for artifacts. The improved performance is especially significant for repositories that host many artifacts. 

Keep Multiple Versions of  Metadata Files on RPM Repositories

Artifactory will now maintain previous metadata file versions on RPM repositories (primary, other, filelists) making them available for download while new ones are being generated.

This is very useful when RPM metadata is updated very frequently. If a client working with an Artifactory RPM repository downloads the repomd.xml file, and the rest of the metadata files (primary, other, filelists) expire in the meantime, the expired version of these files will still be available allowing the client to complete the required download.

Retrieve Plugin Source Code by Name

Artifactory now provides access to the Groovy source code of user plugins through the Retrieve Plugin Code REST API endpoint.  

Allow LDAP Users to Access Profile Page

You can now configure Artifactory to allow new users who are created by logging in via LDAP to be able to access their profile page. This means that these users can now access a set of functions such as generating their API key, setting their SSH public key, configuring their JFrog Bintray credentials, and updating their password. 

Support Additional MIME types in the UI

Artifactory now supports additional MIME types to allow viewing .log, .yml and .yaml files directly in the UI (as opposed to having to download them first). These file types are now added to the preconfigured mimetypes.xml file. 

Enable Password Encryption by Default

For new Artifactory installations, Artifactory automatically generates a Master Encryption Key and then uses it to encrypt all passwords hosted on the instance. Decrypting passwords and encrypting them back is possible through the REST API. 

To maintain consistent behavior for existing installations, upgrading to this new version will not automatically encrypt passwords.

Configurable Web Session Timeout

You can now configure Artifactory's UI session timeout using the artifactory.ui.session.timeout.minutes system property.

Checksum-Based Storage with S3 Object Store

Artifactory's checksum-based storage stores files in folders named after the first two characters of their checksum. When using S3 object storage, this feature has been enhanced allowing you to configure the number of characters that should be used to name the folder. For example, you can configure your S3 binary provider to store objects under folders named after the first 4 characters of their checksum. 

Issues Resolved

  1. Fixed an issue in which Artifactory would return an error when trying to resolve an npm package because it would fail to parse an npm dependency declaration that was presented in an unexpected format.
  2. Fixed an issue in which the Set Me Up screen for virtual repositories that aggregated only remote repositories would be blank.
  3. Fixed an issue that caused batch download from a virtual Git LFS repository, that aggregated more than one repository, to fail.
  4. Fixed an issue in which the Build Artifacts Search REST API endpoint would not return Artifacts that had been promoted to it from a different repository correctly.
  5. Fixed an issue in which resolving private Docker images from a Docker remote repository that points to Docker hub failed when passwords in Artifactory were encrypted.
  6. Fixed an issue in which NuGet virtual repositories that aggregated several repositories would omit results when searching for a package.
  7. Fixed an issue that would sometimes cause a NullPointerException to be thrown when there were many deployments on a Maven repository that had a watch configured on it. The NullPointerException would cause metadata calculation to stop and was due to the multiple deployments causing a race condition.  

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.5.1

Released: September 26, 2017

This version replaces version 5.5.0 in which a critical issues was discovered.

Upgrade Notice 

For an Artifactory HA installation, there are two options to upgrade to version 5.5.1 and above from a version below 5.4.6

This note only refers to upgrading Artifactory Enterprise HA installations.

Artifactory versions 5.5.1 implements a database schema change to natively support SHA-256 checksums. If your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

If your current version is below 5.4.6, to accommodate this change, you may select one of the following two upgrade options:

  1. Two-phase, zero downtime
    In this option, you first need to upgrade your HA cluster to version 5.4.6. Once this upgrade is completed, you can then proceed to upgrade your HA cluster to version 5.5.1 and above. In both phases, you follow the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

  2. One phase with downtime
    This option requires you to add a system property to your primary node during the upgrade procedure. For details, please refer to Upgrading an Enterprise HA Cluster.  
    If you try upgrading directly to version 5.5.1 or above without adding this system property, the upgrade will fail and the following message will be logged in the artifactory.log file:
    To upgrade your HA installation to this version, you first need to upgrade to version 5.4.6 which implements changes required to accommodate a database schema change.

 

For a complete list of changes please refer to our JIRA Release Notes

 


Artifactory 5.5.2

Released: October 29, 2017

Highlights

Support for Acquire-By-Hash flag in Debian Repositories

Hash sum mismatch errors may sometimes cause apt-get update requests to Debian repositories to fail due to rotation of Debian metadata files. Artifactory now overcomes this issue by storing historical versions of the metadata files by their checksum and supporting the Acquire-By-Hash flag for Debian repositories. This allows  Debian clients to download package metadata files by their checksum. 

This is very useful when Debian metadata is updated very frequently. If a client working with an Artifactory Debian repository downloads the metadata files, and they expire in the meantime, the expired version of these files will still be available allowing the client to complete the required download.

Bypassing HEAD requests for remote repositories

Artifactory remote repositories normally send a HEAD request to a remote resource before downloading an artifact that should be cached. In some cases, the remote resource rejects the HEAD request even though downloading artifacts is allowed. Through the remote repository configuration, Artifactory now lets you specify that remote repositories should skip sending HEAD requests before downloading artifacts to cache. 

Feature Enhancements

Automatically Rewriting External Dependencies in NPM Registries

Artifactory now supports rewriting external dependencies for various Git and GiHub URLs. For a full list of supported URLs, please refer to Automatically Rewriting External Dependencies 

Issues Resolved

  1. Bitbucket Server version 5.1.0 deprecated the Bitbucket Archive Plugin which remote repositories for package formats that use a Git provider in Artifactory relied on. These include Bower, VCS, CocoaPods and PHP Composer. As a result, when upgrading to Bitbucket 5.1.0, these remote repositories stopped working. This has now been fixed by adding an option to choose “Stash / Private Bitbucket (Prior to 5.1.0)” as the Git provider in the remote repository configuration for these package formats while the “Stash/Private Bitbucket” option covers Bitbucket Server version 5.1.0 and above. 
  2. Fixed an issue in which when executing the /api/search/latestVersion REST API endpoint, Artifactory would erroneously query remote repositories. This has now fixed, so Artifactory will only search in remote repositories (in addition to local and remote repository caches)  when remote = 1 is added as query param.
  3. Fixed an issue in which authenticating against Artifactory Docker registries while HTTP SSO is set would fail. This has now been fixed so you can work with Artifactory Docker registries while HTTP SSO is enabled. 
  4. Fixed an issue in which when a REST API call included a “Range” header, the ETag returned would incorrectly include the Range provided in the header as a suffix. In turn, different clients would interpret this as a file modification. Artifactory now returns the correct ETag.
  5. Fixed an issue in which system import or replication of an artifact that includes a “:” (colon) character would fail. For example, before this fix, replicating a Docker image with a LABEL that included a colon would fail.
  6. Fixed an issue in which running npm search against an npm registry would fail if one of the packages in the results would be in the following structure: “maintainers” : “<user name> <user email>”, because Artifactory was expecting the structure to be: 
    "maintainers": [ {"name": "<user name>", "email": "<user email" } ]
  7. Fixed an issue in which a 500 error with be returned when running one of the following REST API endpoints on Docker registries while  and using an API key for authentication:

    /api/storage
    /api/docker/{repo-key}/v2/{image name}/tags/list
    /api/docker/{repo-key}/v2/_catalog		
  8. Fixed an issue which caused checksum deploy to sometimes fail with a 500 error. A common manifestation of this issue was replications that would fail for certain artifacts.  When this error occurred, a stack trace similar to the below could be seen in the log files.

    java.lang.NullPointerException: null
    at org.artifactory.repo.db.DbStoringRepoMixin.shouldProtectPathDeletion(DbStoringRepoMixin.java:814)
    at org.artifactory.repo.db.DbStoringRepoMixin.shouldProtectPathDeletion(DbStoringRepoMixin.java:792)

For a complete list of changes please refer to our JIRA Release Notes

 


Artifactory 5.4

Released: June 20, 2017

 

Due to a known issue with this version, after upgrading an Artifactory HA cluster from version 5.x to 5.4.x, new nodes that you add to your Artifactory HA cluster will not start up. For a workaround, please refer to  RTFACT-14530.

Highlights

Access Tokens as a Separate Service

The management of Access Tokens, which were introduced in Artifactory 5.0, has moved to a separate service named Access. which is installed as a separate web application. This change has no impact on how access tokens are used, however, the Artifactory installation file structure now also includes an added WAR file, access.war, under the $ARTIFACTORY_HOME/webapps folder. Artifactory communicates with the Access Service over HTTP and assumes it is running in the same Tomcat using the context path of "access"

Using access tokens through the new Access service is backwards compatible, so tokens created with earlier versions can be used for authentication with this latest version of Artifactory.

Breaking Change: Note that the change is not forwards compatible, so tokens created from version 5.4 and above cannot be used for authentication with versions previous to 5.4. This may impact a circle of trust in which some instances are running versions below 5.4 while others are running version 5.4 and above.

Running Artifactory as a service?

If you are running Artifactory as a service, once you complete the steps to upgrade to this version or later, and have replaced all files removed during the upgrade process, you need to run the InstallService script as described at the end of the upgrade instructions.

Support for Microsoft Azure Blob Storage

JFrog Artifactory now supports Azure Blob Storage as a new object storage provider to store artifacts. Azure Blob Storage offers massively scalable enterprise storage for Artifactory supporting unstructured data of any type with strong consistency, object mutability, geo-redundancy and more. This new option opens up the opportunity to co-locate Artifactory and its storage together with all the other services that you use on the Microsoft Azure platform.

Secure Connection to Remote Repositories via SSL/TLS Client Certificates

Artifactory now supports client certificates for remote repositories facilitating secure connections with remote resources that require them (e.g., Red Hat Network that requires a Red Hat client certificate for authentication). This means that Artifactory will now be able to send the client certificate when attempting to connect to the remote resource over HTTPS.  

Feature Enhancements

  1. RPM repositories have been enhanced to give you control over whether the RPM file lists metadata file should be indexed by Artifactory or not. Disabling indexing of the file lists metadata improves the performance of RPM repositories with many artifacts when different clients try to resolve packages from the repository. Note that for new RPM repositories, indexing the file lists metadata file is disabled by default, however, when upgrading from previous versions to 5.4.0 and above, indexing for RPM repositories that already existed will remain enabled to maintain consistent behavior with the previous version.
  2. Artifactory now supports the  npm login command as a way to authenticate the NPM client. Basic authentication is also still supported. 
  3. Previously, Artifactory was not able handle decoded slash characters in NPM scoped packages, so you had to modify your reverse proxy so that it wouldn't decode the slash. Artifactory now handles decoded slash characters correctly out-of-the-box, so there is no longer any need to modify your reverse proxy.  
  4. Artifactory can now be configured to add Debian packages' MD5 checksum to the Packages metadata file in order to comply with the requirement of some tools (e.g. Aptly) that the MD5 is available for validation of the package.
  5. The Control Build Retention REST API endpoint now accepts a query param to make deleting old builds an asynchronous process. When set, the API response acknowledges the request and outputs errors, if any, to the log. 
  6. The default value of the lenientLimit parameter for a Sharding-Cluster Binary Provider has been modified to be 1. This will allow users to continue uploading to a cluster node even if it is the only active node without having to reconfigure this parameter. Note that for filestores configured with a custom chain, the lenientLimit parameter will remain 0 to maintain consistency with previous versions. Therefore, the lenientLimit parameter will only default to 1 when using built-in templates. 
  7. Using the Create Token REST API endpoint, access tokens can now be created to provide the same access privileges that are given to the group of which the logged in user is a member. 

Issues Resolved

  1. Fixed an issue in which performing a full system import on an Artifactory HA cluster would fail. The full system import on an Artifactory HA cluster has been changed and is fully described under System Import and Export for an HA Cluster.
  2. Fixed an issue in which Python metadata calculation would fail if the metadata version in the METADATA or PKG-INFO files was set to 1.2.
  3. Fixed an issue in which when Enable Dependency Rewrite was enabled for NPM repositories, Artifactory would only rewrite dependencies specified in the "dependencies" element of the package.json file and would skip the dependencies listed in the optionalDependencies and devDependencies elements.
  4. Fixed an issue in which Artifactory would fail to install npm packages that contained square brackets ('[' or ']') in the "description" field of the package.json file. 
  5. Fixed an issue in which externally authenticated users (i.e. those not created in Artifactory) logging in through an external provider (e.g. LDAP) would not be able to complete artifact downloads that took a long time since the LDAP token used for authentication with Artifactory would expire. This was fixed by exposing the artifactory.artifactory.tokens.cache.idleTimeSecs system property that managed this timeout and increasing its default value from 5 minutes to 10 minutes. 
  6. Fixed an issue in which existing repositories enabled for indexing by JFrog Xray did not trigger indexing automatically and required you to manually trigger indexing through the JFrog Xray UI or using the REST API. 

  7. Fixed an issue in which using mvn site-deploy with the maven-site-plugin to upload a site to Artifactory would fail when the site's URL contained a dot ('.') in its path (e.g. libs-snapshot-local/./file.jar)

  8. Fixed an issue in which NuGet virtual repositories that aggregated more than one local or remote repository would omit results or return duplicate results when searching for a package.

  9. Fixed an issue in which Artifactory 5.x would not display certain builds in the UI because it failed to parse dates presented in  ISO 8601format (e.g. 2016-09-08T21:02:17.781+03:00)
  10. Fixed an issue in which upload to a repository would fail, if an event-based replication defined for the repository failed for any reason. Following the fix, uploading a file to the repository succeeds even if replication fails.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.4.1

Released: June 22, 2017

Issues Resolved

  1. Fixed an issue in which the schema version of a Docker image manifest would change from 2 to 1 when the image was distributed from Artifactory to JFrog Bintray.
  2. Fixed an issue that caused batch downloads from a virtual Git LFS repository that aggregated both local and remote repositories to fail. 
    This happened when Artifactory would find one of the files in an aggregated local repository (and therefore should have stopped searching for it), but would still go on to search for it in the aggregated remote repositories. If the file did not exist in any of the remote repositories, Artifactory would not serve the file.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.4.2

Released: June 30, 2017

Issues Resolved

  1. Fixed an issue in which Artifactory failed to start up when Tomcat was configured to only serve HTTPS content, or was configured to serve both HTTP and HTTPS, but on different ports.
  2. Fixed an issue in which when an Artifactory HA installation's filestore configuration used the eventual-cluster binary provider (for example, when using one of the cloud storage providers), in rare cases, when uploading files involving a large number of transactions, Artifactory would indicate that files were successfully uploaded to storage, when in fact, the uploads failed.
  3. Fixed an issue in which Artifactory was unable to connect to the Access Service (and as a result failed to start) when Tomcat was configured with a self signed chain certificate.

For a complete list of changes please refer to our  JIRA Release Notes.


Artifactory 5.4.3

Released: July 3, 2017


Due to a known issue with this version, after upgrading an Artifactory HA cluster from version 5.x to 5.4.x, new nodes that you add to your Artifactory HA cluster will not start up. For a workaround, please refer to RTFACT-14530.

Issues Resolved

  1. Fixed an issue in which uploading or downloading files to Artifactory using access tokens may have failed with error 500. This happened when running Artifactory 5.4.2 and using access tokens with a subject that was longer than 64 characters.
  2. Fixed an issue in which upgrading an RPM or Debian installation of Artifactory that use the systemd init system would have fail with a “The currently installed Artifactory version does not have the same layout as this DEB!” error.

For a complete list of changes please refer to our  JIRA Release Notes.


Artifactory 5.4.4

Released: July 6, 2017

 

Issues Resolved

  1. Fixed an issue in which after upgrading an Artifactory HA cluster from version 5.x to 5.4.x, new nodes that were added to the Artifactory HA cluster would not start up.

For a complete list of changes please refer to our  JIRA Release Notes.


Artifactory 5.4.5

Released: July 18, 2017

Highlights

Puppet Repositories Support librarian-puppet and r10k

Artifactory's support for Puppet repositories has been significantly upgraded by introducing support for librarian-puppet and r10k  allowing extended configuration management with these popular Puppet clients. In addition, Artifactory also exposes new REST API endpoints to retrieve Puppet modules and releases to facilitate automated configuration management using Puppet.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.4.6

Released: August 7, 2017

Feature Enhancements

Support Pagination for Docker v2 APIs

Artifactory now supports pagination when listing Docker image tags and retrieving a registry's catalog using the REST API.
This can be useful for automation purposes and Docker clients that use pagination parameters.

Issues Resolved

  1. Fixed an issue in which when resolving a package from an npm repository, Artifactory would throw a deserialize error to the log file if one of the package's dependencies in the corresponding package.json file was declared using the following format:“<dependency_name>” : { “version” : “<version_number>” }.
    For example: the "deep-diff" package uses this format. As a result, the npm client would fail to resolve the package.

  2. Fixed an issue that prevented using Git LFS client v1.x with Git LFS repositories in Artifactory when using SSH. 

  3. Fixed an issue in which NuGet virtual repositories that aggregated several repositories would omit search results when searching for a package.

For a complete list of changes please refer to our JIRA Release Notes

 


Artifactory 5.3

Released: May 11, 2017

Due to a critical issue, if you are upgrading from a version below 4.4.1 directly to version 5.3, Artifactory will fail to start up. A patch has been released, and if your current version is below 4.4.1 you should upgrade to Artifactory 5.3.1

Highlights

Grant Admin Privileges to a Group of Users

Artifactory now supports granting Admin privileges to a group of users which greatly improves the user experience since previously you could only provide Admin privileges to users individually. 

This allows you to import a group from your LDAP or Crowd server and grant Admin privileges to the whole group in a single action. 

Automatically Associate a SAML SSO User to an Artifactory Group

Artifactory will now accept a custom SAML attribute that can be mapped to existing groups (including imported LDAP groups). If a SAML user has the custom SAML attribute he will now inherit the permission specified in the corresponding group in Artifactory for the current login session. 

Feature Enhancements

  1. Performance of displaying data in the Builds module in Artifactory UI has been significantly improved. This creates a much better user experience, especially for Artifactory instances with many builds or when viewing a project with many builds. 
  2. When importing users via SAML SSO, the users' email addresses are now also fetched and populate the corresponding field in their Artifactory user profile.
  3. The installation script that installs Artifactory as a service has been enhanced to use systemd on Linux distributions that support it. The script will automatically detect if systemd is supported, and if not, will use init.d as currently implemented.
  4. In the Tree Browser, when selecting the Effective Permissions tab for the selected repository, you may now view the permission targets associated with that repository.
  5. Previously, virtual repositories would only provide a General tab with basic information about selected artifacts. Now, virtual repositories provide additional tabs that show all data about artifacts selected similar to the data that is provided when selecting the artifacts directly from the aggregated local or remote repositories.

Issues Resolved

  1. Fixed an issue that prevented using Git LFS client v2.x with Git LFS repositories in Artifactory when using SSH.  

  2. Fixed a resource leak that was introduced when "Enable Dependency Rewrite" was enabled in virtual NPM repositories. This issue may have caused depletion of different resources such as open file handles, database connections and storage streams.

  3. Fixed an issue that prevented pushing or pulling Docker images that had foreign layers when the image also had a "history" field in its config.json file.

  4. Fixed an issue that caused a login failure when the "List Contents" permission in Active Directory was enabled for an Admin, but not for the user that was attempting to log in.

  5. Fixed an issue related to Maven repositories in which the wrong artifact may have been retrieved for a download request since Artifactory did not consider the full path beyond the GAV coordinates.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.3.1

Released: May 24, 2017

Highlights

This is a patch that fixes a critical issue that was discovered in version 5.3.0 in which after upgrading from a version below Artifactory 4.4.1 directly to Artifactory 5.3.0, Artifactory failed to start up.

Note that this issue did not affect upgrades from Artifactory 4.4.1 and above.

 

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.3.2

Released: June 7, 2017

Issues Resolved

  1. Fixed an issue in which, when upgrading an Artifactory HA cluster with 2 or more nodes, from version 5.x to version 5.3.x, Artifactory would throw a HazelcastSerializationException when displaying the UI. In the process of upgrading the cluster, you will still encounter this issue from nodes that have not yet been upgraded. 

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.2

Released: March 28, 2017

Main Updates
  1. Improved the performance of property search when using PostgreSQL. 
    This will significantly improve Docker operations on Artifactory Docker registries as the property search mechanism is used upon searching for Docker layers.

  2. Improved the performance of Docker layers search mechanism on Artifactory Docker registries. This will be mostly significant when working with Docker layers that are being used by thousands of Docker images.
  3. The Tomcat bundled with Artifactory has been upgraded to version 8.0.41.
  4. Artifactory now regards the content.xml.xz and the artifacts.xml.xz files on a remote P2 repository as expirable resources, so whenever there is a metadata change in one of these files, Artifactory will use the updated file instead of the expired one. 
  5. When working with Conan repositories, Artifactory now supports variables with multiple values in the conanfile.txt file. This enables Artifactory to fully extract [env] variables with multiple values and assign all those values to the corresponding property annotating the package in Artifactory.
  6. Fixed an issue in which deploying multiple files to a virtual repository through the UI would fail. 
  7. Fixed a bug related to remote Docker registries in Artifactory that left connections and input streams open following docker pull operations. 
  8. Fixed an issue related to Debian repositories. Artifactory now adds an empty line at the end of the Packages file to fully support Debian tools such as debootstrap
  9. Fixed an issue related to Debian repositories in which the Components section in the generated Release file was named "Component" when there was indeed only one component. This has been fixed by naming the section "Components", regardless of the number of components. Following the fix, Artifactory now fully support tools such as debootstrap
  10. Fixed an issue occurring in Artifactory HA clusters. When a node was stopped for any reason, its state as reported by the UI remained as Running. This has now been fixed so the state for a stopped node is displayed as Unavailable.

For a complete list of changes please refer to our  JIRA Release Notes.


Artifactory 5.2.1

Released: April 13, 2017

Highlights

Access Tokens

Authentication using access tokens has undergone two significant enhancements. 

  1. Any valid user in Artifactory can now create access tokens for personal use whereas previously only an Artifactory admin could create access tokens. This removes the burden of creating and managing access tokens for all users from the admin's shoulder, and gives non-admin users more freedom to operate within their ecosystem.
  2. An Artifactory administrator can now create access tokens with admin privileges whereas previously, access privileges were specified by inclusion in different groups. This enhances the integration of external applications which may need admin privileges to work seamlessly with Artifactory.

Feature Enhancements

  1. When upgrading an Artifactory HA installation from version 4.x to version 5.x, managing the bootstrap bundle has been improved to become an automatic and seamless process. Artifactory will now create the bootstrap bundle on the primary node automatically, and extract it to the secondary nodes, so there is no longer any need to create and copy the bootstrap bundle manually. 

  2. Control Build Retention : A new REST endpoint that lets you specify parameters for build retention has been added. Previously build retention could only be specified when uploading new build info. This enhancement provides an easy way to configure cleanup procedures for different jobs, and reduces the risk of timing out when deploying heavy build info.

  3. By default, the "latest" version of an NPM package is the one with the highest SemVer version number. NPM repositories have now been enhanced so you can override the default behavior by setting a system property to assign a "latest" tag to the package that was most recently uploaded.  
  4. The Artifactory Docker image now comes with the PostgreSQL driver built in, so there is no need to mount it separately or build it into a separate Docker image. 

Issues Resolved

  1. Artifactory is now aligned with the Docker spec and returns an authentication challenge for each Docker endpoint (even when anonymous access is enabled). This means that when using internal Artifactory Docker endpoints, you must first retrieve an authentication token which must then be used for all subsequent calls by your Docker client. 

  2. Fixed an issue in which NuGet virtual repositories that aggregated more than one local or remote repository may have omitted results when searching for a package.

  3. When an Artifactory user with no "Delete" permissions was trying to deploy a build while specifying build retention, Artifactory would try and delete old builds and return a 500 error. This has now been fixed, and Artifactory will, instead, return a 403 error.

  4. Fixed an issue in which Artifactory failed to pull a Docker image according to the digest of the manifest file from a remote Docker registry. 
  5. Fixed an issue in which aborting a download of a folder as an archive could leave open connections that were not closed which in turn would prevent further download of folders. 
    This has now been fixed so download slots are freed and the connection is closed properly. 

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.1

Released: February 21, 2017

Configuration Management with Chef

Artifactory meets the heart of DevOps adding full support for configuration management with Chef. Share and distribute proprietary Cookbooks in local Chef Cookbook repositories, and proxy remote Chef supermarkets and cache remote cookbooks locally with remote repositories. Virtual Cookbook repositories let you access multiple Cookbook repositories through a single URL overcoming the limitation of the Knife client that can only access one repository at a time.

Configuration Management with Puppet

Artifactory now also fully supports configuration management with Puppet. Use local Puppet repositories to share and distribute proprietary Puppet modules, and use remote Puppet repositories to proxy and cache Puppet Forge and other remote Puppet resources. Use a virtual Puppet repository so the Puppet client can access multiple repositories from a single URL. 

Main Updates
  1. Support configuration management with Chef through Chef Cookbook repositories. Artifactory fully supports the Knife client for authenticated access, and also supports Berkshelf for anonymous access. Authenticated access for Berkshelf will be added in a forthcoming release. 
  2. Support configuration management with Puppet through Puppet repositories. Full support for Puppet command line along with local, remote and virtual repositories for hosting and provisioning Puppet modules. 
  3. For Artifactory administrators, a list of common actions is available from the top ribbon in the Artifactory UI for quick and easy access. This makes it easy to do things like creating repositories, adding users, adding groups and more. 
  4. Artifactory can now be run as a standalone instance in a Kubernetes cluster. For details, please refer to JFrog's examples using Docker on GitHub.
  5. Artifactory now supports disabling UI access (i.e. the user may only access Artifactory through the REST API) through the addition of the disableUIAccess element in the Security Configuration JSON.  
  6. The default order of repository types in the tree browser has been changed to show virtual and distribution repositories first, as these are accessed more frequently, and then local and remote repositories.
  7. Modified NGINX reverse proxy configuration generated by Artifactory to enable using NPM scoped packages. 
  8. A performance issue with the login and logout procedure has been fixed, so the time to login or logout is now significantly reduced.
  9. A bug in which duplicate files simultaneously uploaded to a sharded filestore occasionally caused deletion of the files, was fixed.
  10. A bug in permissions management that disabled the Admin module after removing the default "Anything" and "Anonymous" permissions, was fixed.
  11. Fixed an issue when upgrading Artifactory 4.x to 5.x in which the IAM role settings for S3 object storage in the binarystore.xml were not correctly migrated to the upgrade has been fixed.

For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.1.2

Released: March 8, 2017

Note: Due to a critical issue found when uploading files larger than 100MB to S3 compatible storage, this version has been removed from JFrog Bintray.

Main Updates
  1. Fixed a performance issue related to the "Most Downloaded Artifacts" widget on the Artifactory Home Page which, when refreshed, could cause the Artifactory database to stall on instances with a large number of artifacts.

  2. Added support for Conan client v0.20.0 which includes a new section in the conanfile to allow adding environment variables and custom properties. These are indexed in Artifactory as properties and can be used in searches.

  3. Improved performance of queries for artifacts which include an underscore character ("_") in their name. This is especially important for resolution of Docker images since all Docker layers include an underscore in the layer name.


For a complete list of changes please refer to our  JIRA Release Notes. 


Artifactory 5.1.3

Released: March 9, 2017

Main Updates
  1. Fixed issue related to uploading files larger than 100MB to S3 bucket.

  2. Fixed issue causing display wrong information in “Most Downloaded Artifacts” when working with OraleDB.


For a complete list of changes please refer to our JIRA Release Notes


Artifactory 5.1.4

Released: March 19, 2017

Main Updates
  1. Fixed an issue preventing Artifactory from starting up following an upgrade to version 5.x on Windows when Artifactory is configured with a Keystore

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.0

Released: January 31, 2017 

Improvements in Artifactory HA
  • Cloud Native Storage: Artifactory HA infrastructure has undergone significant changes and now fully supports cloud native storage. We have completely removed the requirement for using a Network File System (NFS). This release introduces a new type of binary provider that manages distribution of files and configuration across the cluster nodes. This new functionality supports scaling out your storage by relying on object storage solutions or using the nodes' filesystem without the limitations of a traditional NFS, while enjoying other benefits such as distributed storage and redundancy.
  • Removal of Sticky Sessions: Artifactory no longer requires that the load balancer used in the Artifactory HA network configuration support session affinity (sticky sessions). You may need to change or remove NGINX configurations that related to sticky sessions.
  • Cluster License Management: Managing licenses for an Artifactory HA cluster is much simpler in Artifactory 5.x. Instead of registering a license per node, just upload all your cluster license keys to any cluster node, and Artifactory will transparently allocate them as new nodes are added to and removed from the cluster. This allows automatic provisioning of cluster nodes without the need to deal with manually assigning a license for each node. 
Compatibility with JFrog Mission Control

If you are managing your Artifactory licenses through JFrog Mission Control, Cluster License Management will also be supported in Mission Control, starting from version 1.8, scheduled for release with the next release of Artifactory which is scheduled for February 2017.

To perform a clean installation of Artifactory HA, please refer to HA Installation and Setup.

To upgrade your current installation of Artifactory HA, please refer to Upgrading Artifactory HA.

Running Artifactory as a Docker Container

Installing and running the Artifactory Docker image has been greatly simplified. Essentially it is now a matter of running docker pull and then docker run, while passing in mounted volumes to maintain persistence. 

Access Tokens

Artifactory 5.0 introduces access tokens as a new and flexible means of authentication allowing cross-instance authentication, authenticating both users and non-users, providing time-based access control and group-level access control. 

Enriched and Simplified Onboarding Experience

When starting up for the first time, Artifactory presents two new ways to get you through basic setup and configuration so you can get started immediately. The first is the Onboarding Wizard that creates default repositories for package types you select, sets up a reverse proxy, sets the Admin password and more. The second is a YAML Configuration File in which you can configure the same parameters that the wizard is used for. For example, once you have configured your first instance of Artifactory through the Onboarding Wizard, you can generate the YAML Configuration File from it and use that to spin up additional instances with the same initial configuration.

New Home Screen

The Artifactory Home Screen has been completely redesigned in version 5.0. The new Home Screen provides quick and easy access to some of the most common actions taken by users including searching for artifacts using any of the search methods available, creating new repositories, displaying the "Set Me Up" dialog for any repository, showing information on the latest builds and downloaded artifacts and more.



Breaking Changes

Artifactory HA Infrastructure has Undergone Several Changes
  • Removal of NFS requirement: Previously, Artifactory HA required setting up a mount that was used by the $CLUSTER_HOME folder to synchronize configuration and binary files between the cluster nodes. This requirement is now removed. Configuration files are maintained in the database, and binaries may be stored on alternative storage such as local storage on each node or on a cloud storage provider.  To learn how to migrate your filestore from NFS to alternative storage, please refer to Migrating Data from NFS.
  • Bootstrap Bundle: When setting up an HA cluster, you need to create a bootstrap bundle on the primary node, and then copy it to each secondary node you add to the cluster before starting it up. 
  • License Management: Artifactory HA licenses are now fully managed through the Cluster License Manager. 
  • Unlicensed Nodes: When adding and starting up a node, if a valid license is not available to the Cluster License Manager, the node will continue to run, but will remain unlicensed and return a 503 error to any requests it receives. To keep your HA cluster running until the node is licensed, you can modify your reverse proxy configuration to redirect requests to the next upstream if a 503 error is received by adding 
    proxy_next_upstream http_503 non_idempotent;

    Please refer to Configuring a Reverse Proxy where you can generate a new Reverse Proxy Configuration that includes the modification needed.
Black Duck Code Center Integration Deprecated

Artifactory's direct integration with Black Duck Code Center has been deprecated. To continue using the Black Duck service, you can connect Artifactory to JFrog Xray which has integrated with Black Duck as an external provider of issues and vulnerabilities. 

Global /repo Repository Deprecated

The Artifactory /repo repository endpoint is being deprecated. As part of the deprecation, any requests to the global /repo repository will no longer be valid, regardless to the value of the artifactory.repo.global.disabled system property. If you believe this deprecation will affect existing build jobs or scripts that are referencing the global repo, due to the deprecation, you will now be able to create your own standard Virtual Repository and call it “repo”, since the name will no longer be reserved.

Change in Startup and Shutdown Scripts

The startup and shutdown scripts have changed in Artifactory 5.0. Previously, these scripts used to create the "Artifactory" user as a standard user. To improve security, the user is now created without a login shell and the execution scripts use "su -s" (instead of "su -l") which means that the Artifactory user will not be available for any purpose other than for startup and shutdown.

Set Item Properties REST API Endpoint Changed

The version of Tomcat used in Artifactory 5.0 has been upgraded to 8.0.39. This version of Tomcat no longer supports unencoded URLs, so the REST API endpoints which used a pipe character ("|") as a separator have undergone corresponding changes so you can use a semicolon (";") as a separator instead, or use escaping to represent a pipe as %7C. Any scripts that use these endpoints may have to be changed to support the new specification. For details, please refer to Set Item Properties as an example. 

Session ID Cookie Changed

Your Artifactory session ID is now stored in a SESSION cookie (instead of a JSESSIONID cookie).

 


Main Updates
  1. Artifactory can now be installed in a High Availability configuration without needing an NFS.  
  2. Cluster License Manager for Artifactory HA installations automatically manages licensing for your cluster nodes. This will also be supported by JFrog Mission Control in its forthcoming release.
  3. Greatly simplified Artifactory Docker image installation.
  4. Authentication using Access Tokens
  5. Greatly simplified onboarding using either a UI wizard or a YAML file. 
  6. Home Screen has been redesigned with a new look and feel for easy access to common actions and a rich user experience.  
  7. Search has been redesigned and is now available as a separate module for easy access from anywhere. 
  8. UI notifications in Artifactory have been improved for clarity.
  9. Monitoring Storage is updated with a new look and feel.
  10. Removed the requirement for session affinity in the load balancer used in an Artifactory HA cluster.
  11. Direct integration with Black Duck has been deprecated. You may continue using Black Duck through JFrog Xray.
  12. Global /repo repository has been deprecated.
  13. Artifactory Tomcat version was upgraded to 8.0.39.
  14. From version 5, the YUM package type is replaced with RPM. i.e. what used to be a YUM repository is now referred to as an RPM repository. YUM will continue to be supported as a package type when creating repositories through the REST API for backward compatibility.  
  15. Users who are logged in through a SAML server can be associated with LDAP groups through the use of a user plugin. Use this user plugin as a reference as an example of a user plugin.
  16. LDAP login performance was improved by narrowing Arifactory's search filter so it only searches through groups that have been imported to Artifactory rather than the full set of LDAP groups.
  17. Added support for Docker manifest to reference remote layers by URL that will be pulled by the Docker engine before running the image.
  18. Added metadata validation for Debian packages to ensure Debian repositories are not corrupted by malformed packages. 
  19. Fixed an issue in which Docker images which were imported to Artifactory and then exported sometimes failed to produce the correct schema.
  20. Fixed an issue regarding email notifications for backups so that now, a notification is sent for both manual and automatic scheduled backups if the backup fails.
  21. Fixed an issue in which downloading from a virtual Git LFS repository would fail if the file would not exist in the first positioned repository in the list. 
  22. Fixed an issue in which YUM metadata GPG signing was skipped if the passwords in Artifactory were encrypted.
  23. Fixed an issue in which Git LFS repositories that require authentication will fail push requests when Anonymous Access is enabled.

For a complete list of changes please refer to our JIRA Release Notes.


Artifactory 5.0.1

Released: February 7, 2017

Main Updates
  1. A memory leak that was discovered in the new cluster license manager implementation has been fixed. This issue may have caused Artifactory to stop responding and is now resolved.
  2. A limitation in Artifactory HA, that potentially prevented you from accessing large support bundles, and prevented Artifactory from starting up, has been removed. Now, you can access the support bundle for any node in an HA cluster regardless of its size.

  3. An issue preventing Artifactory from starting up when using IBM JDK 8 has been fixed.

For a complete list of changes please refer to our JIRA Release Notes.


Previous Release Notes

For release notes of previous versions of JFrog Artifactory, please refer to Release Notes under the Artifactory 4.x User Guide