JFrog Artifactory

Need help with other JFrog products?

JFrog Enterprise+
JFrog Mission Control
JFrog Xray
JFrog Distribution
[JFrog Pipelines]
JFrog Bintray
JFrog Access
JFrog CLI

Expand all   Collapse all

Versions Compared

Old Version 488

changes.mady.by.user Adi Atzmony

Saved on

compared with

New Version 489

changes.mady.by.user Adi Atzmony

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 Overview

This page presents release notes for JFrog Artifactory describing the main fixes and enhancements made to each version as it is released. For a complete list of changes in each version, please refer to the JIRA Release Notes linked at the end of the details for each release.

If you need release notes for earlier versions of Artifactory, please refer to the 

Newtablink
TextRelease Notes
URLhttps://www.jfrog.com/confluence/display/RTF3X/Release+Notes
 in the Artifactory 3.x User Guide.

Download 

For an Artifactory Pro or Artifactory Enterprise installation, click to download the latest version of

Newtablink
TextJFrog Artifactory Pro
URLhttps://bintray.com/jfrog/product/artifactory/download
.

For an Artifactory OSS installation, click to download the latest version of

Newtablink
TextJFrog Artifactory OSS
URLhttps://www.jfrog.com/open-source/#artifactory
.

Previous Versions

Previous versions of JFrog Artifactory Pro and JFrog Artifactory OSS are available for download on JFrog Bintray.

Click to download previous versions of

Newtablink
TextJFrog Artifactory Pro
URLhttps://bintray.com/jfrog/artifactory-pro/jfrog-artifactory-pro-zip
.

Click to download previous versions of JFrog Artifactory OSS as a

Newtablink
TextZIP
URLhttps://bintray.com/jfrog/artifactory/jfrog-artifactory-oss-zip/view
 or
Newtablink
TextRPM
URLhttps://bintray.com/jfrog/artifactory-rpms/jfrog-artifactory-oss-rpm/view
.

Upgrade Notice

Artifactory 5.5 implements a database schema change to natively support SHA-256 checksums. This change affects the upgrade procedure for an Enterprise Artifactory HA cluster (upgrading an Artifactory Pro or OSS installation is not affected).

For an Artifactory Enterprise HA cluster, if your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.

If your current version is below 5.4.6, there are two options to upgrade to the latest version (5.5 and above): a two-phase option with zero downtime or a single phase option that incurs downtime.

For details, please refer to the Upgrade Notice under the release notes for Artifactory 5.5.1.  

Note
titleLonger upgrade time

Due to the changes implemented in version 5.5, upgrading to this version or above from version 5.4.6 or below may take longer than usual and depends on the database you are using.

For an Artifactory Pro installation and for the Primary node of an Artifactory HA cluster, if you use MySQL database, the upgrade may take up to 5 minutes for each 1 million artifacts in your repositories for a typical setup. If you are using one of the other supported databases, the extra upgrade time will be less noticeable and should only take several seconds longer than usual.

Installation and Upgrade

For installation instructions please refer to Installing Artifactory.

To upgrade to this release from your current installation please refer to Upgrading Artifactory.

(lightbulb) To receive automatic notifications whenever there is a new release of Artifactory, please watch us on Bintray.

Known Issues

For a list of known issues in the different versions of Artifactory, please refer to Known Issues.

Panel
titlePage Contents

Table of Contents
maxLevel3
minLevel2
excludeHighlights|Feature Enhancements|Issues Resolved

Artifactory 6.9

Released: 25 March 2019

Highlights

Conan v2 Supports Conan Package Revisions 

From Artifactory 6.9.0, Conan API v2 is supported and introduces an extension of the binary layout to support

Newtablink
TextConan Package Revisions
URLhttps://docs.conan.io/en/latest/mastering/revisions.html
. Revisions allow you to change your artifacts while keeping the same Conan reference, allowing immutable binary artifacts whether it be because of changes to the recipe, or minor code changes between revisions (similar to snapshot builds in other languages).

After the upgrade to Artifactory 6.9.0 is complete, your Conan packages will automatically be migrated to the Conan API v2 structure in Artifactory.

Warning
titleConan Repositories not Accessibile During Migration
The Conan package migration process from Conan v1 to v2 may take some time causing your Conan repositories to be inaccessible until the process is complete. For more information on the migration process, see the Conan Package V1 Backward Compatibility section.

Conan API v2 support is backward compatible allowing you to continue using your current Conan client version to work with your Conan repositories from Artifactory 6.9 and above.

For the Conan client to work with the revisions feature, download the Conan client 1.13 with Revisions enabled.

Added Two New Target Endpoint Rest API Commands

Added two new REST APIs to retrieve the permission targets associated with a specific user or group:

Issues Resolved

  1. Fixed an issue whereby modifying a permission target containing an Admin user failed, and displayed the following error: ‘Permission target contains a reference to a non-existing user <username>’. 
  2. Fixed an issue whereby multiple entries with the following error: 'Couldn't find user named "xray" in ldap' were added to the Artifactory log when JFrog Xray was enabled with LDAP/ Crowd.
  3. Fixed an issue, from Artifactory 6.8.0, whereby the Nginx image in the Artifactory Docker image did not contain the cURL utility.
  4. Fixed an issue, from Artifactory 6.5.1, whereby using the RedHat CDK to pull Docker images with a manifest list (i.e. fat manifest) from https://registry.access.redhat.com would fail. 
  5. Fixed an issue in PyPI repositories whereby packages containing “>” or “<” characters in the “data-requires-python” section of the package metadata file could not be downloaded.
  6. Fixed an issue whereby Artifactory did not find metadata files (PKG-INFO/METADATA)in the root of the archive.
  7. Fixed an issue whereby npm packages with Emoji characters in the package’s description field could not be downloaded when MySQL is set as the database.

  8. Fixed an issue whereby the Test Connection button in the Remote repositories wizard in the UI would return a 405 error if the remote repository URL was an Artifactory URL (i.e. Smart Remote Repository). 

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.9.1

Released: April 8, 2019

Feature Enhancements

npm virtual repository performance improvements

Performance improvements when installing an npm package from npm virtual repositories + reducing memory consumption. 

Access and Request log improvements 

The request.log and access.log files now include the source user ID and the IP address. This applies to users accessing Artifactory via UI, REST API, ‘docker login’ command regardless of whether the authentication was successful (i.e. good credentials) or not (i.e. bad credentials).

Artifactory Docker installation using the Distroless base Docker image

To provide a smaller, and more secure Docker image of our Artifactory Docker distributions (oss, cpp-ce and pro), we have changed the base image used in our Docker files to the JFrog Distroless Docker image that includes only required packages. This reduces the image sizes by more than 30%.

Note

If you get your JDBC driver using curl, you should now update your command to use wget.
Example for mysql driver:

Code Block
titleOld command
`curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar`

Notice the capital ‘O’ with the wget command

Code Block
titleNew command
`wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar`

Issues Resolved

  1. Fixed an issue in Ruby Gems repositories where in some cases, cached dependency requests from a remote repository would not return the latest version.

  2. Fixed an issue in Docker repositories where pulling a Docker image from a remote repository pointing to Microsoft/Azure container registry (e.g. mcr.microsoft.com) would fail with “error pulling image configuration: unknown blob”.

  3. Fixed an issue in Docker repositories where pushing a Docker image with properties on the layers to one repository and then pushing another image with some shared layers to another repository, the layers in the second new repository would be cloned from the existing layers along with all properties. Only the "sha256" property will be cloned, the other properties will not be cloned.

  4. Fixed an issue, relevant to version 6.4.0 and above, in which replicating Maven artifacts from a generic repository to another generic repository would not replicate the metadata, resulting in missing metadata on the target. 

  5. Fixed an issue in Maven repositories in which, when a client would ask for a snapshot and the snapshot version behaviour was ‘unique’, Artifactory would keep searching for the artifact in all the remote repositories even after the artifact was found.

  6. Fixed an issue in which the Debian indexer would try to get artifact properties even in case non-Debian packages would be uploaded, deleted or moved from Artifactory.

  7. Fixed an issue in RPM repositories where in some cases Artifactory would fail to parse XML metadata files on certain remote RPM repositories. 

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.8

Released: February 14, 2019

Highlights

Support Bundle Repository

The Support Zone has been enhanced with a simplified UI flow, which includes the ability to create a support bundle that contains the relevant data (such as system and log files) for a single Artifactory instance or multiple nodes in an HA cluster. Once a support bundle is created, it will be saved to the new default jfrog-support-bundle system repository for any future reference. 

Feature Enhancements

Artifactory Pro Nginx Docker Image Upgrade with TLS v1.3 Support

As part of the Artifactory Pro Docker distribution, the Nginx Docker Image (docker.bintray.io/jfrog/nginx-artifactory-pro) is now upgraded to Nginx version 1.15.5, running on top of Ubuntu 18.10 and provides full support for TLS v1.3.

Tomcat Extra Connectors for Artifactory Docker Images Support

You can now add extra Connectors to Artifactory Docker images Tomcat's server.xml, using the SERVER_XML_EXTRA_CONNECTOR environment variable

Improved Performance for Users Managed within a Group

The performance for authentication of users during login that are associated with groups has been enhanced.

Issues Resolved

  1. Fixed an issue where in some scenarios of Artifactory HA scenarios, terminating the deploy of an artifact to a repository before the deploy was completed would result in a "Failed to move file from _pre folder to filestore" error in the log.

  2. Fixed an issue in which Artifactory would allow creating users and groups using the REST API even if the username or group name included illegal characters (/\:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.

  3. Replication fixes:

    1. Fixed an issue where a source Artifactory configured to replicate more than one target would only replicate to one of the targets, after restarting the source Artifactory instance.

    2. Fixed an issue in which pull event replication in a full-mesh topology would fail in some scenarios, after restarting one of the instances in the topology.

    3. Fixed an issue when replicating an artifact that had properties on it while there was an artifact with the same name on the target (but different content), the properties from the source would not be replicated to the target.  

  4. Fixed 2 issue in Property Sets:

    1. In some scenarios adding new properties to a Property Set would not work.

    2. In some scenarios changing the value of single-value property would not work.

  5. Fixed an issue where the Access config yaml was encrypted when using the JFrog Access encrypt API, causing an issue when trying to restart an Artifactory instance after an Access encrypt was completed.

  6. Fixed an issue where using a custom user ID to run Artifactory and Nginx Docker containers custom configurations, caused Nginx to not start and Artifactory to fail setting the custom configurations. 

  7. Fixed an issue in Opkg repositories, where in some cases the repository indexing caused performance issues.

  8. Fixed an issue in which in some scenarios, concurrent requests to a remote Docker repository would hang connections and threads.

  9. Fixed an issue where the ListDockerRepositories rest API would return an empty list and the ListDockerTags rest API would return an error rather than what is stored in cache, while the remote endpoint is unavailable. This fix requires setting the artifactory.docker.catalogs.tags.fallback.fetch.remote.cache system property to true (default false).

  10. Fixed an issue in which when deploying a Gem to a local Ruby Gems package, the ‘Deployed By’ field would show _system_ instead of the actual username who deployed the package.

  11. Fixed an issue in which retrieving the Effective Permissions for a repository or a build would not show the users who have permissions for the resource if the user got the permissions from a Group.

  12. Fixed an issue where remote PHP repositories did not support last modified headers, which caused the client to download the same files remotely and not use the client cache.

  13. Fixed an issue when deleting/deploying files to Helm or Cran remote repositories, a metadata calculation was unnecessarily triggered.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.8.1

Released: February 17, 2019

Issues Resolved

  1. Fixed an issue where manually starting Artifactory version 6.8 on Windows using the artifactory.bat file or the artifactory.sh on RPM and Debian would fail with an 'Application could not be initialized: Timed out waiting for join.key file to be made available aty' error.
  2. Fixed an issue where setting the loginBlockDelay system property to 0, caused Artifactory to fail to start with the following error: 'Application could not be initialized: / by zero'.
  3. Fixed an issue where access tokens created before Artifactory version 5.4 could not be used for authentication and returned a 401 error.
  4. Significantly reduced the memory footprint of the global permissions cache held by Artifactory at runtime.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.2

Released: February 19, 2019

Issues Resolved

  1. Fixed an issue where creating a new or distributing an existing release bundle would fail, after an upgrade to Artifactory versions 6.8.0 and 6.8.1.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.3

Released: February 26, 2019

Issues Resolved

  1. Fixed an issue whereby when pulling a Docker image from a Docker repository, Artifactory would try to fetch the manifest list (i.e. fat manifest) file even if the image did not have a manifest list. This prevented users with Read-only permissions from pulling Docker images that did not have a manifest list.
  2. Fixed an issue regarding Mission Control Disaster Recovery, whereby permission targets were not replicated from source to target instances.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.8.4

Released: March 4, 2019

Issues Resolved

  1. Fixed an issue, applicable to Artifactory versions 6.8.0 to 6.8.3, where a user that is associated with a group that is configured with admin privileges and additional non-admin group(s), did not have admin privileges.

For a complete list of changes, please refer to our JIRA Release Notes.


Artifactory 6.8.6

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.8.7

Released: 14 March, 2019

Issues Resolved

  1. Fixed an issue whereby performance was degraded when processing a massive Access Control List (ACL). 
  2. Fixed an issue that applies from Artifactory 6.6 and above, whereby starting Artifactory takes minutes due to index validation in the Oracle database.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.7

Released: January 22, 2019

Issues Resolved

  1. Fixed an issue relevant from Artifactory 6.6.3 / 6.6.5 in which with Artifactory running on a Windows machine, it was not possible to work with RubyGems repositories.

  2. Fixed an issue in which for Artifactory instances that were  upgraded to version 5.5 (in which SHA-256 checksums were introduced) and above, but whose database was not migrated to SHA-256 checksums, reindexing an entire Debian repository could take a long time.
  3. Fixed an issue in which indexing of a Debian virtual repository that aggregates a local Debian repository would fail in one of the following scenarios:
    • a user triggers indexing of the local Debian repository using the REST API
    • a user with limited permissions deploys a Debian package into the local Debian repository
  4. Fixed an issue in which Artifactory would not clean up temporary metadata files that were created during the Debian metadata calculation.
  5. Fixed an issue in which under certain circumstances, an Artifactory remote Go repository would cache a goget.html file instead of the corresponding Go module.
  6. Fixed an issue whereby an Artifactory remote Go repository pointed to an Artifactory as a module provider (smart remote repository) resulting in the following:
    - Failure to fetch the real zip content by returning an empty zip file.
    - Failure to fetch info, MOD or Zip files if the remote URL contained a trailing slash.
  7. Fixed an issue whereby an Artifactory remote Go repository pointed to an Artifactory as the module provider (smart remote repository) resulting in failure to fetch info, mod and zip files if the remote URL had trailing slash.
  8. Fixed an issue in which when proxying GitHub.com in a remote Go repository, Artifactory would not pass credentials to api.github.com
  9. Fixed an issue in which parsing the go-import from the go-get metadata for a Go package would fail if that metadata was spread out over multiple lines.
  10. Fixed an issue in which when importing LDAP groups, Artifactory would not display results if a search for existing LDAP groups yielded more than 1000 results.
  11. Fixed an issue in which after setting a custom SERVER_XML environment variable as part of a Docker execution command, the Docker container would succeed starting up the first time, but fail starting up from then on.
  12. Fixed an issue in which Artifactory would allow creating a repository with a repository key that is longer than 64 characters using the REST API. While creating the repository succeeded, deploying to the repository would fail and the log would display the following error messages:
    • Could not acquire lock within 120 seconds
    • Couldn't acquire lock for: 120000 milliseconds
    When creating a repository using the REST API, Artifactory will now validate that the repository key is no longer than 64 characters (as is enforced when creating a repository through the UI).
  13. Fixed an issue in which when deploying the same artifact under two different paths to a NuGet repository, and then deleting it from the first upload path, the NuGet repository would not get reindexed and the artifact would also not be available from its second upload path.
  14. Fixed an issue in which Artifactory would allow creating a repository through the REST API even if the repository key included illegal characters (/\:|?*"<>). Artifactory now validates that the repository key only includes legal characters as is done when creating a repository through the UI.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.7.1

Released: January 30, 2019

Issues Resolved

  1. Fixed an issue with npm in which proxying https://registry.npm.taobao.org/ with an npm remote repository would fail. 

  2. Fixed an issue in which editing a Permission Target from the Artifactory UI when running on Internet Explorer would result in a blank screen.

  3. Fixed an issue with Go remote repositories in which proxying a Go remote repository in another Artifactory instance and clicking Test Connection in the UI would fail with a 405 error.

  4. Fixed an issue in which upgrading from an Artifactory version 5.6 or below to version 6.6.5 or above when Artifactory had MSSQL configured as its database would fail in certain scenarios.

For a complete list of changes, please refer to our 

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20531
.

Artifactory 6.7.2

Released: February 3, 2019

Issues Resolved

  1. Fixed an issue in which an Artifactory Smart Remote Go repository (i.e. one that points to another Artifactory repository as its module provider) got a 404 response to get version list requests, instead of the version numbers. 

  2. Fixed an issue which occurred when using the synchronizeLdapGroups user plugin together with PostgreSQL as the Artifactory database. With this combination, certain circumstances would cause multiple concurrent requests to the JFrog Access REST API resulting in a "duplicate index" error.

For a complete list of changes, please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20588
.

Artifactory 6.7.3

Released: February 6, 2019

Issues Resolved

  1. Fixed an issue in which installing a package from a remote RubyGems repository would fail when using Bundler.

For a complete list of changes, please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20589
.

For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version of

Newtablink
TextJFrog Artifactory Pro
URLhttps://bintray.com/jfrog/product/artifactory/download
.

For Artifactory OSS, click to download this latest version of

Newtablink
TextJFrog Artifactory OSS
URLhttps://www.jfrog.com/open-source/#artifactory
.

For Artifactory Enterprise+, click to download the latest version of 

Newtablink
TextJFrog Enterprise+
URLhttps://www.jfrog.com/download-platform/
.

Artifactory 6.7.5

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.6

Released: December 18, 2018

Highlights

Build Info Repository and Permissions Management

This version introduces a new local Build Info repository. This default artifactory-build-info repository will store all build info files uploaded to Artifactory by the different CI server plugins, such as the Artifactory Jenkins Plugin, CLI, and directly through the Build Upload REST API or Artifactory UI. 

The same build information will continue to be available through the REST API and the Builds page in the Artifactory UI.

Also, it is now possible to define access to the different build info files with user and group permissions such as read/deploy/delete. This is equivalent to managing permissions on repositories with include/exclude patterns on build info json paths, in the build info repository.

Additional benefits include: 

  • improved accessibility to the build info json files and overall performance of the Builds module
  • build info replication to other instances, since they are stored as artifacts in a repository
    (Available using REST API only. Configuring replication for this repository through the UI will be added in future releases.)
Info
titleMigrating to the artifactory-build-info Repository

When upgrading to Artifactory 6.6, the artifactory-build-info repository is automatically created and cannot be removed. All existing builds info json files will be migrated from the DB to the repository.

Depending on the number of builds in your system, this process may take some time. To help you monitor the process, progress and status messages will be printed to the artifactory.log file. During the migration, your system will continue to work without being affected.

You can also enhance the migration process and reduce time by adding system property settings.

Build info replication will be available once the migration is complete.

Note
titleBreaking Changes

From this version, the build info files are stored as artifacts in the Artifactory artifactory-build-info repository. This conceptual change requires the following attention:

Delete Build Permission

The following build related REST APIs will now require Delete permission on the build level after the upgrade to 6.6 and above:

Cleanup Policies

  • If you have existing cleanup policies, defined in Artifactory User Plugins, that delete artifacts from your local repositories according to a policy, they will also affect the artifactory-build-info repository andshould be updated accordingly. Exclude this repository from your cleanup policies to ensure that your build info files are not deleted.

DefaultBuildPermission

  • During the upgrade, all existing users/groups will be assigned with an artifactory-system-default-build-permission permission target. This will provide them with the same build access they had before the upgrade (i.e. users who could view build info files or deploy new build info files will still be able to do so). It is highly recommended to remove this default permission target and define new ones for each user/group.
  • New users added to Artifactory will require permission to read/deploy/delete build info artifacts. Notice that these are additional permissions that must be set specifically for the build info repository permissions. These permissions are managed separately
Support for Debian Virtual Repositories

In addition to local and remote repositories, Artifactory now supports Debian virtual repositories. Virtual repositories allow you to aggregate multiple local, remote and virtual Debian repositories under a single endpoint and easily manage your Debian packages.

This provides additional support for managing Artifactory multi-sites

Calculate Debian package coordinates from remote repositories

Artifactory now enables you to extract Debian package metadata (i.e. component, distribution and architecture) from remote Debian repositories and assign them as properties on the cached packages. This can be done using the REST API or from the Artifactory UI.  

This enables searching for cached Debian packages in remote repositories, as well as whitelisting remote-cached Debian packages.

Hardened Security for Secrets

To harden security when providing encrypted data (secrets) such as connection strings to external databases, from this version, when running Artifactory, you can optionally provide secrets in a temporary file. Artifactory will load the parameters specified in a temporary file at startup and then delete the file. Notice that this is an additional recommended functionality that will not change your current behaviour if not used.

Artifactory Edge Uploads Repository

Artifactory Edge nodes now include a default generic repository called artifactory-edge-uploads, to which you can deploy files.
Note: this is the only repository in an Artifactory Edge node that's available for deploying files to.

SHA 256 Migration Task REST API Endpoints

From this version, Migrating to SHA-256 can now also be done using the following two new REST API endpoints. This is in addition to ability to set the SHA-256 migration using the existing system setting configurations in Artifactory's artifactory.system.properties file.

Note
titleExisting migration process

This note applies If you have a SHA256 migration process currently running before upgrading to Artifactory 6.6.

As part of the upgrade, your existing migration process will stop running. To reinitiate it, you'll need to use the new Start SHA256 Migration Task REST API after the Artifactory 6.6 upgrade is complete.

Feature Enhancements

  1. The permission target page has been updated with a new view for easier navigation.
  2. Artifactory Docker container can be configured to run as any user/group id.
  3. Improved performance on Microsoft SQL when performing Property Search through UI or REST API.
  4. In addition to the REST API, deleting a build directly from the Artifactory UI is now supported.

Issues Resolved

  1. Fixed an issue in npm repositories where uploading npm packages that contained Emoji symbols in the package.json file would fail with an error.
  2. Fixed an issue where Artifactory did not support Go module names that did not have a slash (/) in their names. For example, the go4.org module used by golang.org/x/build.
  3. Fixed an issue where Go Package deployment to Artifactory Go repositories, using JFrog CLI, would fail and return a ‘Header Or Cookie Too Large’ error for packages with large mod files.
    This fix requires Artifactory 6.6 and JFrog CLI 1.23.0.
  4. Fixed an issue where NuGet repository $batch requests resulted in an error.
  5. Fixed an issue in NuGet virtual repositories where if a certain package would exist in more than one of the aggregated repositories, Artifactory would return all of those packages when the NuGet client would ask for the latest version of this package.
  6. Fixed an issue in NuGet repositories where if the same NuGet package would exist in two different paths, when deleting the package from one of the paths, the package would not be returned to the client although it did exist in the other path. The only way to get around this was by manually running the recalculate index.

  7. Fixed an issue where pip requests would ignore “If-None-Match” and If-Modified-Since” headers used with an /artifactory/api/pypi/<repo>/<path> endpoint.

  8. Fixed an issue where in some cases where a user tried to login to Xray with SSO they received the following error message "Request was blocked. Please refer to access.log".

  9. Fixed an issue where in a target HA instance for an event based pull replication, an exception was thrown when trying to propagate replication event between cluster nodes after deploy or delete events.
  10. Fixed an issue where in some scenarios, remote pull replication did not work for Artifactory Cloud instances.
  11. Fixed an issue in HA in which uploading a logo file to Artifactory through one of the nodes would update the logo for this specific node but not for the others node in the cluster.
  12. Fixed an issue where Azure blob storage endpoint configuration was not supported. You can now use the default https://<ACCOUNT_NAME>.blob.core.windows.net/ endpoint or define your own.
  13. Fixed an issue in virtual repositories where in some cases the resolution order was not enforced and packages were not downloaded from the expected repository order list.
  14. Fixed an issue in which executing a repository listing request through REST API with an Access Token would fail with a 403 error.
  15. Fixed an issue where in some scenarios, remote pull replication did not sync the properties from the source Artifactory instance correctly.
  16. Fixed an issue where using a checksum-deploy with push replication between local repositories, did not replicate the following artifact metadata: Last modifiedCreatedCreated By and Modified By.
  17. Fixed an issue where pip did not download from its local cache for some packages when using an Artifactory PyPI repository as its custom package index.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.6.1

Released: December 26, 2018

Issues Resolved

  1. Fixed an issue that occurred only in Artifactory 6.6, in which if more than one Artifactory schema/catalog combination exists on the same database instance, and the user with which Artifactory connects to the database has permissions to see all of them, the Build Info Migration from the database to the artifactory-build-info-repository would sometimes be completed with an error or a log entry indicating that the migration had failed with no specified reason.

  2. Fixed an issue in which when using JFrog CLI to upload a Go module containing upper case characters in the module name, those characters would be converted to lower case characters pre-pended with an exclamation mark.
  3. Fixed an issue with HTTP SSO where users working under a proxy would fail to access the Update Profile page.

For a complete list of changes please refer to our JIRA Release Notes

Artifactory 6.6.3

Released: 31 December 2018

Feature Enhancements

For Artifactory Docker Images: Setting the Database Connection Pool Size is Now Supported                        

For Docker Image Artifactory installations, you can set the pool.max.active and pool.max.idle parameters in the etc/db.properties by setting the following environment variables:

  • DB_POOL_MAX_ACTIVE
  • DB_POOL_MAX_IDLE

In the following example, we set the maximum active database connection pool to 500:

Code Block
docker run ...... -e DB_POOL_MAX_ACTIVE=500 -e DB_POOL_MAX_IDLE=50 ....... docker.bintray.io/jfrog/artifactory-pro:6.6.3
For Artifactory Docker Images: Added Support for Environment Variables to Customize Tomcat server.xml Values 

Added support for configuring Tomcat server.xml values. Just pass the values as environment variables with your Docker execution command and they will be injected into Tomcat's server.xml. For more information, see Supported Environment Variables.

Issues Resolved

  1. Fixed an issue whereby selecting the 'Remember Me' option to log in to the Artifactory UI did not work as expected. Logging in with 'Remember Me' is now valid for 14 days.
  2. Fixed an issue whereby the NuGet API v3 feed for remote NuGet repositories did not get updated with the latest index.json of a package. This resulted in Artifactory not retrieving the metadata from the NuGet feed.
  3. Fixed an issue whereby Artifactory instances installed on Windows-based systems would fail to proxy NuGet API v3 feeds.
  4. Fixed an issue when searching from a NuGet client (e.g. Visual Studio) for a certain package that had more than 100 versions in a remote NuGet repository, returned only the first 100 versions in the search. 
  5. Fixed an issue whereby memory consumption was high when calculating the index for the Gems virtual repository.
  6. Fixed an issue whereby tagging npm packages did not work properly.

For a complete list of changes please refer to our JIRA Release Notes

Artifactory 6.6.5

Released: January 8, 2019

Issues Resolved

  1. Fixed an issue relevant for version 6.6.0 and above in which in some cases, migration to the artifactory-build-info repository would fail with errors in the log.

Artifactory 6.6.8

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.5

Released: October 11, 2018

Note
titleBreaking change

The combination of Artifactory 6.5.0 and with PostgreSQL database enforces property values limit of 2400 characters.

Upgrading to version 6.5.0 without trimming the property values first, may result with old indexes or partial indexes for the ‘node_props’ database table and cause an error.

See fix here: Recovering from Error: An incompatible index has been found for the Artifactory ‘node_props’ database table.

Highlights

Release Bundle Repository

As part of the Distribution flow that was introduced with Enterprise+, Artifactory now supports release bundle repositories. 

The Release bundle repository protects the artifacts created in the Artifactory source instance, by copying them into a separate repository where their contents cannot be edited or removed. 

Whenever a new release bundle is created and signed, it is copied and saved into an immutable release-bundles repository in Artifactory. This ensures consistency in the artifacts being distributed among target instances.

*This feature is available when upgrading to both Artifactory 6.5 and Distribution 1.3

Xray Data in Package Native UI

This version adds data from JFrog Xray to the Package Viewer, enriching the information on major package types in Artifactory. Once a specific package is selected in the package viewer, Artifactory will expose data about license and security violations detected by Xray for all of the versions of the selected package.

This critical information helps users choose the right packages and version they would like to use.

Direct Cloud Storage Download

This feature adds an optimization when storing your binaries on AWS S3 (S3 Binary Provider) by allowing Artifactory to redirect requests from clients that support HTTP 302 responses to download large binaries directly from the cloud storage rather than through Artifactory. By redirecting download requests, requirements for Artifactory's local storage cache is reduced since large artifacts are downloaded directly from the cloud, and in the case of multiple simultaneous download requests, Artifactory doesn't need to allocate threads and compute power to download multiple large artifacts at the same time.
This feature requires an Enterprise+ license, and is currently only available on JFrog Artifactory Cloud on AWS. To learn more, please refer to Direct Cloud Storage Download

Access Tokens Lifecycle Management

This version adds more capabilities for administrators to exercise greater control over the lifecycle of access tokens:

  • Previously, expirable tokens could not be revoked. This version moderates this feature in that now, all tokens can be revoked, but with the minimum-revocable-expiry flag set in the access.config.yml file, you can specify a minimal period of time during which a token cannot be revoked. 
JFrog Access User Guide

JFrog Access is the service that manages all aspects of authentication and authorization for all JFrog services under the hood. Run as a separate service that is installed under the same Tomcat with Artifactory, it stores all Users, Groups, Permissions and Access Tokens generated by any connected JFrog service. The features and capabilities of JFrog Access were previously concentrated around the Access Tokens and Access Federation pages in the JFrog Artifactory User Guide. As the service’s capabilities were extended, and its scope widened to include all JFrog products, its documentation has been moved to a separate space to provide better visibility for its features and easier access to relevant information which now available in the JFrog Access User Guide, and will continue to be maintained and updated there. 

Feature Enhancements

Changes have been introduced to improve the performance of Artifactory as a Docker registry while using PostgreSQL as the database.

Issues Resolved

  1. Fixed an issue where download requests to a remote RubyGems repository, marked as offline, would respond with a 500 error and the download request would fail.
  2. Fixed an issue where in some cases, list browsing in the UI for artifacts path with very long name (For example: /central/org/springframework/boot/spring-boot-starter-cloud-connectors/1.2.0.RELEASE/) would fail with a 404 error.
  3. Fixed an issue where new users created by REST API, would not automatically get added to default groups marked with ‘Automatically Join New Users to this Group’.

  4. Fixed an issue where downloading an artifact with a name that contains an exclamation mark (i.e. !) would fail. 
    Note: due to this fix, when downloading an artifact from an archive requires the resource path within the archive to start with a ‘/’
    For example: GET http://localhost:8081/artifactory/repo1/folder/a.jar!/META-INF/LICENSE

  5. Fixed an issue where deploying a Go build info to Artifactory, the artifacts’ path would not be displayed in the Builds page in the UI. This would happen only when Artifactory was configured behind NGINX.
    Available with JFrog CLI V1.20.2.
  6. Fixed an issue in which the ‘Last Login’ field would be updated for REST API calls. The field will now only be updated when logging through the UI.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.5.1

Released: October 18, 2018

Feature Enhancements

Support for Docker Manifest List (Fat Manifests)

Artifactory now supports hosting and proxying Docker images with a 

Newtablink
TextManifest List
URLhttps://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list

Issues Resolved

  1. Fixed a UI issue with Xray data in the Package Viewer in which if the same Docker tag existed in different repositories, the Xray graph would not be displayed.
  2. Fixed an issue in which pulling a Docker image from a remote Docker registry, for which "Block Unscanned Artifacts" was checked in Xray, would generate an "Unknown: Forbidden" error. 

For a complete list of changes, please refer to our 

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20122
.

Artifactory 6.5.2

Released: October 21, 2018

Issues Resolved

  1. Fixed an issue where Filtered Resources (for example: username and password in settings.xml files a Maven repository) would not be populated when downloading the Filtered Resources file.

For a complete list of changes, please refer to our 

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20143
.

Artifactory 6.5.3


Released: November 13, 2018

Feature Enhancements

  1. The security entities (users, groups and permissions) migration process from Artifactory to Access has been improved for large scale environments.
  2. Improved performance when syncing security entities (users, groups and permissions and access tokens) in Access Federation.

Issues Resolved
  
  1. Fixed an issue whereby the System Import could fail if import included a large number of users, groups, or permissions.
  2. Fixed an issue whereby if the configured database was PostgreSQL, then during the upgrade to Artifactory 6.5.x, the index for the ‘node_props’ DB table was deleted causing degradation in Artifactory performance.

Artifactory 6.5.6

Released: November 26, 2018

Issues Resolved

  1. Fixed an issue whereby a security vulnerability may have allowed unauthorized users to log in to Artifactory.
    JFrog would like to thank Gilbert Clark of Symantec for reporting this issue and for working with JFrog to help protect our customers.
  2. Fixed an issue starting from Artifactory 6.5.1, whereby is some cases users received the following error stating they did not have permissions to push a Docker image to the repository:
    "Unauthorized: The client does not have permission to push to the repository."

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.5.8

Released: November 26, 2018

Issues Resolved

  1.  Fixed an issue whereby LDAP authentication required sending up to three requests to retrieve all groups. This was resolved by adding a cache for all imported LDAP groups, using default TTL of 1 minute, configurable in artifactory.system.property under artifactory.security.ldap.group.cacheRetentionSecs=60 [secs].
  2. Fixed an issue whereby resolving a Go module failed if the module name did not include a slash

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.5.9

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers. 

Artifactory 6.5.13

Released: December 17, 2018

Issues Resolved

  1. Enhanced the fix for an issue in which under certain circumstances, a security vulnerability may have allowed unauthorized users to log in to Artifactory

    JFrog would like to thank Timo Lindfors  of Nixu Oyj for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.5.15

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.4

Released: September 26, 2018


Highlights

Package Native UI for npm

To complement Artifactory's universal support for all major package types, in this version, Artifactory adds support for npm packages in the Package Viewer. This provides a native experience with the look and feel that is customized for development with npm packages.

Once you select npm as the package type, the Package Viewer will restrict search results for npm packages matching the search term entered, and the details provided in the search results will be specific to npm packages. When selecting a specific search result, you can drill down to view details such as the package's readme file, properties, dependencies, builds that include it and more.

Feature Enhancements

  1. Artifactory can now download Docker foreign layers, from a whitelist defined by an Artifactory administrator, to an Artifactory Docker Remote Repository. This makes them available from Artifactory for future Docker pulls.
    This functionality is disabled by default, and can be enabled from the UI or using REST API.
  2. During replication, metadata files will be calculated by the target instance repository rather than replicated from the source repository, saving time and bandwidth.
  3. Properties being created as a result actions such as replication, restore from trashcan and add, will now trigger the create and delete user plugin execution points that can be used for catching the property event on the target Artifactory instance.
    For example: afterPropertyCreate, beforePropertyCreate, afterPropertyDelete and beforePropertyDelete
  4. Artifactory now supports Conda client versions 4.3.0 and above which requires metadata files in bz2 format. 

Issues Resolved

  1. Fixed an issue where HA system import failed and caused Artifactory to disconnect from Access. HA import will now work properly without requiring a restart to migrate users/groups/permissions and an additional system import to get the full import working.
  2. Fixed an issue where Artifactory became unavailable when running Garbage Collection and the Artifactory Trashcan contained an extreme amount of artifacts.
  3. Fixed an issue where Artifactory was sometimes unable to connect to Xray if the system default proxy was on.
  4. Fixed an issue where REST API requests that resolved Maven jar files, did not contain the Cache-Control header in the response.

For a complete list of changes, please refer to our JIRA Release Notes.

Artifactory 6.4.1

Released: Oct. 1, 2018

Issues Resolved

  1. Fixed in an issue introduced in Artifactory 6.4 in which when configured with AWS S3 as the binary provider, Artifactory would not start up.

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20124


Artifactory 6.4.2

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.


Artifactory 6.4.3

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.3

Released: August 22, 2018


Note
titleUsing Artifactory with JFrog Distriibution

JFrog Artifactory 6.3.0 is not backwards compatible with previous versions for the purposes of distributing release bundles. Therefore, when distributing release bundles between Artifactory services with JFrog Distribution, you need to ensure that either both source and target services are version 6.3.0 and above, or they are both below version 6.3.0.

Highlights

Support for Conda Repositories

Artifactory now offers native supports for Conda Repositories, giving you full control over deploying and resolving Conda packages.

You can create secure and private local Conda repositories with fine-grained access control. Remote Conda repositories proxy remote Conda resources and cache downloaded Conda packages to keep you independent of the network and the remote resource, and virtual Conda repositories give you a single URL through which to manage the resolution and deployment of all your Conda packages.

Issues Resolved

  1. Fixed an issue in which encryption or decryption of the db.properties file in one node of an HA cluster would not get propagated to the other nodes.
  2. Fixed an issue in which an npm artifact resolved from a local npm registry would have a different package.json file compared to the one it had in its default public registry at registry.npmjs.org.
  3. Fixed an issue in which if a remote Docker registry was marked by JFrog Xray to block the download of unscanned artifacts, Artifactory would not be able to cache remote Docker images in that repository for scanning.

For a complete list of changes, please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19934
 

Artifactory 6.3.2

Released: August 28, 2018

Issues Resolved

  1. Fixed an issue introduced in Artifactory 6.2 in which due to the upgrade of Tomcat to version 8.5.32 in Artifactory 6.2.0, requests to Artifactory that contained square brackets would fail.

  2. Fixed an issue relevant for Artifactory 6.2 and above running in an HA environment, in which when browsing through artifacts in the UI, transactions would be left open when the http request would complete. This could lead to contention on rows in the database resulting in outstanding database locks and duplicate key violation errors.

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?version=20096&styleName=&projectId=10070&Create=Create&atl_token=A2FC-71WL-YZYO-9T7A%7Ceefdb089c7ebaccf238b5c73d4e2bb4d7aff94c1%7Clin

Artifactory 6.3.3

Released: Sept. 2, 2018

Issues Resolved

  1. Fixed an issue in which unlocking the User Profile page in the UI would fail if the user's password contained any special characters.

  2. Fixed an issue in which when configuring a smart remote repository in the UI and testing the connection, a the login credentials to the remote resource would be deployed in plain text in the smart remote repository cache.

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20097


Artifactory 6.3.4

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.


Artifactory 6.3.6

Released: March 12, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.3.7

Released: April 17, 2019

Issues Resolved

  1. Fixed an issue in which under certain circumstances, push replication to a target repository would fail due to timeout errors.

Artifactory 6.2

Released: August 8, 2018

Feature Enhancements

Session Management for HA

This version enhances the internal session management between nodes in an Artifactory HA cluster to provide more stability. In previous versions, an HA cluster used a third-party library, Hazelcast, to manage sessions between the cluster nodes. From this version, Artifactory introduces a new mechanism that uses the database which makes session management more robust.

Artifactory Docker Container

The Artifactory Docker container now starts and runs under an artifactory user and no longer requires root access. Similarly, the Artifactory NGINX Docker container now starts and runs as user nginx

Tomcat Version Upgrade

The Tomcat bundled with Artifactory has been upgraded to version 8.5.32.  

Issues Resolved

  1. Fixed an issue which prevented updating propertySets in the YAML configuration file.
  2. Fixed an issue in which when Xray Integration was enabled, for all artifacts scanned by Xray, the download counter would increase by one and the "Last Downloaded By" would indicate being downloaded by Xray.
  3. Fixed an issue in which upgrading from Artifactory 5.x to Artifactory 6.x would fail if an SSL/TLS certificate was configured on one or more of the remote repositories.
  4. Fixed an issue in which when promoting a Docker tag with the REST API using an existing dockerRepository:<tag> tag, the call would deploy a new tag rather than overwrite the existing one resulting in orphaned layers.
  5. Fixed an issue in which using the UI to deploy a single artifact from a folder in a repository would sometimes fail with a constantorg.artifactory.descriptor.repo.RepoType.undefined error.
  6. Fixed an issue in which when reloading user plugins, whether through a scheduled task or on-demand via the REST API, new JARS would be loaded, but existing JARS would not, even if they had been modified.
  7. Fixed an issue in which installation of npm packages would fail because parsing the npm repository's package.json file would fail when the value of its version field contained a leading "v" or "=" character.
  8. Fixed an issue in which downloading an individual file from within a ZIP file, the file would not be cached. This resulted in long resolution times every time you needed to resolve the file (because the file was never cached).
  9. Artifactory has been enhanced to correctly manage the new character encoding that the Go client uses for capital letters.

For a complete list of changes, please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19911
 

Artifactory 6.2.1

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.


Artifactory 6.2.2

Released: 12 March, 2019

Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Artifactory 6.1

Released: July 1, 2018

Highlights

CRAN Repository Support 

Artifactory now natively supports CRAN repositories for the R language, giving you full control of your deployment and resolve process of CRAN packages. 
You can create secure and private local CRAN repositories with fine-grained access control. Remote CRAN repositories proxy remote CRAN resources and cache downloaded CRAN packages to keep you independent of the network and the remote resource, and virtual CRAN repositories give you a single URL through which to manage the resolution and deployment of all your CRAN packages.

Cross-Zone Sharding Enhancements

Sharding across multiple zones allows you to create zones or regions of sharded data to provide additional redundancy in case one of your zones becomes unavailable. From 6.1, you can determine the order in which the data is written between the zones and can set the method for establishing the free space when writing to the mounts in the neighboring zones.

Feature Enhancements

Direct Access to Xray from the Xray Info tab

Added a link to the Xray tab giving you direct access to Xray from within the Artifactory Artifact tree browser. 

Force Authentication on Virtual Maven Repositories

You can force the Maven client to send credentials in order to authenticate against the virtual repository. This means that even if anonymous access is enabled for the Artifactory instance, a virtual repository configured using this field or directly in the Repository Configuration JSON, will require the Maven client to send its credentials. This will be enforced even if some of the aggregated local repositories under the virtual repository allow anonymous access.

NuGet Search is Now Case-insensitive

Previously searching for NuGet packages using the ID and version via the NuGet CLI was case-sensitive causing search results to be narrowed down to an accurate result. This was very limiting, especially if you were looking for a specific version. So for example, if I was searching for junit version 1.0.2, and the repository package name was JUnit, I would not get any result. We now have improved the search to be case-insensitive, allowing for both junit or JUnit to be displayed in the search. 

Build Promotion Timestamp Added to Release History Tab 

When promoting a build, under the Builds > Release History tab, you can now see the timestamp of the build promotion.

Issues Resolved

  1. Fixed an issue in PyPI repositories in which PyPI packages set with metadata version 2.1 in the METADATA or PKG-INFO files were not indexed by Artifactory and were not available for download. 
  2. Fixed an issue with npm repositories resulting in improved performance.  Deploying a new version of an npm package that already exists in the repository caused Artifactory to calculate the metadata for all the package versions instead of calculating the metadata for the specific deployed package.
  3. Fixed an issue with npm repositories. This issue relates to tagging the version of a specific package that is not the ‘highest’ in terms of SemVer.  When an npm client was trying to install the ‘latest’ package he would receive the ‘highest’ version instead of the package that was tagged as the "latest'. An example: if I have MyApp-1.0.0, MyApp-1.0.1, MyApp-1.0.2 and I tag 1.0.1 as the latest one (with npm tag command) when trying to install the latest package (e.g. npm install MyApp), MyApp-1.0.2 would be returned.
  4. Fixed an issue whereby users with special characters in their password (e.g. colon), tried to access their profile page by entering their password and would be redirected to a page with the following message: 
    "You are already logged in. You can go to the home page or log out."
  5. Fixed an issue whereby pulling a Docker image caused the "Number of Downloads" counter for the image to be increased by two.
  6. Fixed an issue whereby setting the Password Encryption to ‘Required’, prevented anonymous users from performing authentication opposite the Docker repositories. A 401 error was generated.
  7. Fixed an issue regarding PyPI repositories whereby an Artifactory behind a proxy no longer ignores the "X-Artifactory-Override-Base-Url" header which overrides Artifactory base URL.
  8. Fixed an issue in Debian repositories. Artifactory could not extract metadata in Debian packages that contained a control metadata file archived as a ‘control.tar’ or a ‘control.tar.xz.

For a complete list of changes, please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
 

Artifactory 6.1.4

Released: November 29, 2018

Issues Resolved

  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.



Artifactory 6.1.5

Released: 12 March, 2019


Issues Resolved

  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.


Artifactory 6.0

Released: May 17, 2018

Highlights

JFrog Enterprise+

Announcing the new Enterprise+ Platform, that provides a complete solution for covering all the steps involved in creating a secure, trustworthy, and traceable software release in a multi-site development environment.

The solution works in conjunction with source version control, continuous integration, and deployment tools.

The JFrog Enterprise+ platform bundle includes:

  • Newtablink
    TextJFrog Artifactory
    URLhttps://www.jfrog.com/confluence/display/RTF/Enterprise+Plus
    :     all features available with an Enterprise license as well as Access Federation and the ability to work with Artifactory Edge.
  • Newtablink
    TextJFrog Distribution
    URLhttps://www.jfrog.com/confluence/display/DIST/Welcome+to+JFrog+Distribution
    : an on-premise, centralized platform that lets you provision software release distribution.
  • Newtablink
    TextJFrog Xray
    URLhttps://www.jfrog.com/confluence/display/XRAY/Enterprise+Plus
    : universal analysis of binary software components at any stage of the application lifecycle providing unprecedented visibility into issues lurking in components anywhere in your organization.

  • Newtablink
    TextJFrog Mission Control
    URLhttps://www.jfrog.com/confluence/display/MC/Enterprise+Plus
    : all features available in Mission Control with the addition of: 

    • the ability to add instances of Jenkins-CI, JFrog Distribution and JFrog Artifactory Edge as services in the system and monitor them

    • Insight and analytics on build processes through as set of metrics on the end to end build process

Enterprise+ Dedicated Features

The following dedicated Enterprise+ features are a part of the Artifactory 6.0.0 release:

For more details on the JFrog Enterprise+ platform, please refer to the 

Newtablink
TextJFrog Enterprise+ User Guide
URLhttps://www.jfrog.com/confluence/display/EP/Welcome+to+JFrog+Enterprise+Plus
.

Single Sign-On Support

SSO allows you to log into all your JFrog applications using a single set of user credentials that are stored in the Authentication Provider Artifactory instance. When SSO is applied, the user logs into the JFrog product using a set of predefined credentials and is granted access across the board to the JFrog products. SSO eliminates the need to re-enter the credentials every time a product is accessed. It is automatically enabled for all the JFrog services that use an Authentication Provider for managing security. For more information, see Authentication Using Single Sign-On.

NuGet Enhancements

  • NuGet API v3 Registry Support 
    Artifactory now supports NuGet API v3 and allows you to proxy remote NuGet API v3 repositories (e.g., the NuGet gallery) and other remote repositories that support API v3. For more information, see the API documentation.

  • NuGet SemVer 2.0 Packages
    Artifactory now supports SemVer 2.0 rules for NuGet repositories (for both NuGet API v2 and API v3), which means you can now use pre-release numbers with dot notations or add metadata to the version, for example:
    MyApp.3.0.0-build.60, MyApp.1.0+git.52406.

    Info
    titleBackward Compatibility for NuGet CLI Versions Lower Than 4.3.0

    NuGet packages with SemVer 2.0 are not available for NuGet clients using NuGet CLI versions lower than 4.3.0. This breaking change is due to required modifications made to the local repository structure in Artifactory to align with the official global repository behavior.
    To continue using NuGet packages in versions lower than 4.3.0, add the artifactory.nuget.disableSemVer2SearchFilterForLocalRepos = true property to $ARTIFACTORY_HOME/etc/artifactory.system.properties and proceed to restart your Artifactory service.

    For more information, see NuGet SemVer 2.0 Package Support.

Artifactory HA Enhancement

This version enhances the internal locking mechanism in Artifactory HA setups to provide more stability.
Prior to this version, Artifactory HA used the third-party Hazelcast library for distributed locking during concurrent operations. From this version, Artifactory introduces a new locking mechanism relying on the database to provide added robustness and stability. 
Important: Since the new mechanism relies on the database and therefore may require additional database connections. For more information, see Database Locks. 

IPv6 Support

From Artifactory version 6.0.0, Artifactory supports IPv6-enabled hosts. This version allows users to configure IPv6 for both Artifactory standalone instances and for HA setups where you can configure the different nodes in the cluster to communicate over IPv6. This address is used to connect an Artifactory node to its peers over REST or TCP, when required. For more information, see IPv6 Support.

Breaking Change
CSRF Protection

CSRF Protection was released in Artifactory 5.11. From Artifactory 6.0.0, CSRF protection is now enabled by default. Artifactory prevents CSRF attacks by using a new custom header - 'X-Requested-With', for internal UI calls. If you are using a proxy server, verify that the proxy does not filter out the 'X-Requested-With' header. For more information, see CSRF Protection

Feature Enhancements

Improved Builds Page and New Improved Table Design 

The Builds page has a new look and feel, together with newly designed table provide an improved UI experience.
Also, a new look and feel for all tables in Artifactory.

Issues Resolved

  1. (Applies only if you are upgrading from Artifactory versions 5.10.x and 5.11.x.): Fixed an issue whereby API keys were no longer valid when deactivating an Artifactory Key Encryption and then reactivating it.
  2. Fixed an issue whereby Artifactory redirected to an incorrect URL resulting in a 404 error when navigating in PyPI repositories using the Native Browser and browsing a package. 

  3. Fixed an issue whereby an event based pull replication caused a small thread leak in the subscribed Artifactory. For example, when the source Artifactory from which the target is pulling the artifacts. Additionally, we have capped the maximum number of subscribed Artifactories per repository to 30.  You can modify the maximum number of allowed subscribed Artifactories to the event based pull replication per repo by modifying the artifactory.system.properties file, by adding the following line:

    artifactory.replication.eventbased.maxPullReplicationsPerRepo=<number>
    In addition, we have added a new REST API call to Get Remote Repositories Registered for Replication. 
  4. Fixed an issue whereby a Docker image would exist on two different repositories with the same tag, causing it to fail when distributing it to Bintray using a Distribution repository.
  5. Fixed an issue whereby changes made to Distribution repository rules (e.g., when modifying an existing rule), would not take effect and required restarting Artifactory.
  6. Fixed an issue in which two Helm charts containing different build metadata but sharing the same version would count as the same version.
  7. Fixed an issue whereby packing a Helm package not using the Helm client prevented the charts to be indexed.

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19508
. 

Artifactory 6.0.1

Released: May 24, 2018

Issues Resolved

  1. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer, several capabilities in the UI did not work: logging out from Artifactory, the Set Me Up window wouldn't close, the Artifacts tab would be blank and the Advanced options under the Admin tab would be missing. 

  2. Fixed an issue in which when running Artifactory in Microsoft Internet Explorer 11 or Microsoft Edge 15, the contents of the Builds and the Packages tab in the UI would be misplaced.
  3. Fixed an issue in which the Distribute build button in the Builds page in the UI was missing. 

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19792

Artifactory 6.0.2

Released: June 7, 2018

Issues Resolved 

  1. Fixed an issue related to the JFrog Xray integration in which artifacts could still be downloaded from a remote repository even though it was configured to Block Unscanned Artifacts
  2. Fixed UI issues in the Builds module. 

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19822

Artifactory 6.0.3

Released: June 25, 2018

Issues Resolved

  1. Removed a remote code execution vulnerability that may have been exploited when a user with Admin permissions used one of the import capabilities in Artifactory.

    JFrog would like to thank Jakub Zoczek of Allegro Group for reporting this issue and for working with JFrog to help protect our customers.

For a complete list of changes please refer to our

Newtablink
TextJIRA Release Notes
URLhttps://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19900

Artifactory 6.0.4

Released: November 29, 2018

Issue Resolved
  1. Fixed an issue in which under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. JFrog would like to thank the Adobe Security Team for reporting this issue and for working with JFrog to help protect our customers.


Artifactory 6.0.5

Released: 12 March, 2019

Issue Resolved
  1. Fixed an issue whereby under certain circumstances, users could gain access to security APIs that are otherwise exposed only to administrators.
    JFrog would like to thank CipherTechs for reporting this issue and for working with JFrog to help protect our customers.

Previous Release Notes

For JFrog Artifactory 5.x release notes, please refer to Release Notes in the JFrog Artifactory 5.x User Guide

For JFrog Artifactory 4.x release notes, please refer to Release Notes in the JFrog Artifactory 4.x User Guide