Page tree
Skip to end of metadata
Go to start of metadata

Aug 10, 2014

We are pleased to announce the availability of Artifactory 3.3.0.1

Important update for users of RubyGems.org

This update is only relevant for users who are using Artifactory support for RubyGems repositories.

Recently, there were reports that a large number of requests coming from Artifactory servers were causing excessive load on the RubyGems.org repository. A joint investigation led by RubyGems.org and JFrog R&D revealed that this behavior is the result of a misconfiguration of Artifactory servers. The investigation showed that many redundant requests were being sent from non-Ruby clients such as Apache Maven. These Maven clients apparently utilize a virtual repository which aggregates RubyGems.org together with other non-Ruby repositories resulting in irrelevant requests being sent to RubyGems.org.

Solution

JFrog is offering two options to resolve this issue:

  1. Upgrade Artifactory to V3.3.0.1. This version prevents download and remote listing of non RubyGems resources from remote RubyGems repositories when RubyGems Support is enabled in Artifactory.
  2. If you are not currently able to upgrade to this latest release, we recommend that you manually configure any virtual repositories in Artifactory with the recommended settings in accordance with best practice so that only relevant requests are sent to RubyGems.org. 

Virtual Repository Best Practice

A virtual repository should not aggregate repositories that are not actually accessed through it. 

For example, a virtual repository intended for a Maven client should not aggregate the RubyGems.org repository. This kind of misconfiguration dramatically slows down the resolution process causing an overall impedance on system performance. Similarly, working against the global virtual repository repo is also against best practice since it aggregates all other Artifactory repositories. Repo propagates any request it receives to all the local and remote repositories that it aggregates which significantly slows down the resolution process.

Download 

Click to download Artifactory Pro Free Trial.

Click to download Artifactory OSS version.

Installation and Upgrade

For installation instructions please refer to Installing Artifactory.

To upgrade to this release from your current installation please refer to Upgrading Artifactory.


(lightbulb) To receive automatic notifications whenever there is a new release of Artifactory, please watch us on  Bintray.

 

Enjoy Artifactory! 
The Artifactory Team

  • No labels