Need help with other JFrog products?
JFrog Enterprise+
JFrog Mission Control
JFrog Xray
JFrog Distribution
[JFrog Pipelines]
JFrog Bintray
JFrog Access
JFrog CLI
Released: 25 March 2019
From Artifactory 6.9.0, Conan API v2 is supported and introduces an extension of the binary layout to support
Newtablink | ||||
---|---|---|---|---|
|
After the upgrade to Artifactory 6.9.0 is complete, your Conan packages will automatically be migrated to the Conan API v2 structure in Artifactory.
Warning | ||
---|---|---|
| ||
The Conan package migration process from Conan v1 to v2 may take some time causing your Conan repositories to be inaccessible until the process is complete. For more information on the migration process, see the Conan Package V1 Backward Compatibility section. |
Conan API v2 support is backward compatible allowing you to continue using your current Conan client version to work with your Conan repositories from Artifactory 6.9 and above.
For the Conan client to work with the revisions feature, download the Conan client 1.13 with Revisions enabled.
Added two new REST APIs to retrieve the permission targets associated with a specific user or group:
Fixed an issue whereby the Test Connection button in the Remote repositories wizard in the UI would return a 405 error if the remote repository URL was an Artifactory URL (i.e. Smart Remote Repository).
For a complete list of changes, please refer to our JIRA Release Notes.
Released: April 8, 2019
Performance improvements when installing an npm package from npm virtual repositories + reducing memory consumption.
The request.log and access.log files now include the source user ID and the IP address. This applies to users accessing Artifactory via UI, REST API, ‘docker login’ command regardless of whether the authentication was successful (i.e. good credentials) or not (i.e. bad credentials).
To provide a smaller, and more secure Docker image of our Artifactory Docker distributions (oss, cpp-ce and pro), we have changed the base image used in our Docker files to the JFrog Distroless Docker image that includes only required packages. This reduces the image sizes by more than 30%.
Note | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
If you get your JDBC driver using curl, you should now update your command to use wget.
Notice the capital ‘O’ with the wget command
|
Fixed an issue in Ruby Gems repositories where in some cases, cached dependency requests from a remote repository would not return the latest version.
Fixed an issue in Docker repositories where pulling a Docker image from a remote repository pointing to Microsoft/Azure container registry (e.g. mcr.microsoft.com) would fail with “error pulling image configuration: unknown blob”.
Fixed an issue in Docker repositories where pushing a Docker image with properties on the layers to one repository and then pushing another image with some shared layers to another repository, the layers in the second new repository would be cloned from the existing layers along with all properties. Only the "sha256" property will be cloned, the other properties will not be cloned.
Fixed an issue, relevant to version 6.4.0 and above, in which replicating Maven artifacts from a generic repository to another generic repository would not replicate the metadata, resulting in missing metadata on the target.
Fixed an issue in Maven repositories in which, when a client would ask for a snapshot and the snapshot version behaviour was ‘unique’, Artifactory would keep searching for the artifact in all the remote repositories even after the artifact was found.
Fixed an issue in which the Debian indexer would try to get artifact properties even in case non-Debian packages would be uploaded, deleted or moved from Artifactory.
Fixed an issue in RPM repositories where in some cases Artifactory would fail to parse XML metadata files on certain remote RPM repositories.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: February 14, 2019
The Support Zone has been enhanced with a simplified UI flow, which includes the ability to create a support bundle that contains the relevant data (such as system and log files) for a single Artifactory instance or multiple nodes in an HA cluster. Once a support bundle is created, it will be saved to the new default jfrog-support-bundle system repository for any future reference.
As part of the Artifactory Pro Docker distribution, the Nginx Docker Image (docker.bintray.io/jfrog/nginx-artifactory-pro) is now upgraded to Nginx version 1.15.5, running on top of Ubuntu 18.10 and provides full support for TLS v1.3.
You can now add extra Connectors to Artifactory Docker images Tomcat's server.xml, using the SERVER_XML_EXTRA_CONNECTOR environment variable
The performance for authentication of users during login that are associated with groups has been enhanced.
Fixed an issue where in some scenarios of Artifactory HA scenarios, terminating the deploy of an artifact to a repository before the deploy was completed would result in a "Failed to move file from _pre folder to filestore" error in the log.
Fixed an issue in which Artifactory would allow creating users and groups using the REST API even if the username or group name included illegal characters (/\:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.
Replication fixes:
Fixed an issue where a source Artifactory configured to replicate more than one target would only replicate to one of the targets, after restarting the source Artifactory instance.
Fixed an issue in which pull event replication in a full-mesh topology would fail in some scenarios, after restarting one of the instances in the topology.
Fixed an issue when replicating an artifact that had properties on it while there was an artifact with the same name on the target (but different content), the properties from the source would not be replicated to the target.
Fixed 2 issue in Property Sets:
In some scenarios adding new properties to a Property Set would not work.
In some scenarios changing the value of single-value property would not work.
Fixed an issue where the Access config yaml was encrypted when using the JFrog Access encrypt API, causing an issue when trying to restart an Artifactory instance after an Access encrypt was completed.
Fixed an issue where using a custom user ID to run Artifactory and Nginx Docker containers custom configurations, caused Nginx to not start and Artifactory to fail setting the custom configurations.
Fixed an issue in Opkg repositories, where in some cases the repository indexing caused performance issues.
Fixed an issue in which in some scenarios, concurrent requests to a remote Docker repository would hang connections and threads.
Fixed an issue where the ListDockerRepositories rest API would return an empty list and the ListDockerTags rest API would return an error rather than what is stored in cache, while the remote endpoint is unavailable. This fix requires setting the artifactory.docker.catalogs.tags.fallback.fetch.remote.cache system property to true (default false).
Fixed an issue in which when deploying a Gem to a local Ruby Gems package, the ‘Deployed By’ field would show _system_ instead of the actual username who deployed the package.
Fixed an issue in which retrieving the Effective Permissions for a repository or a build would not show the users who have permissions for the resource if the user got the permissions from a Group.
Fixed an issue where remote PHP repositories did not support last modified headers, which caused the client to download the same files remotely and not use the client cache.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: February 17, 2019
For a complete list of changes, please refer to our JIRA Release Notes.
Released: February 19, 2019
For a complete list of changes, please refer to our JIRA Release Notes.
Released: February 26, 2019
For a complete list of changes, please refer to our JIRA Release Notes.
Released: March 4, 2019
Fixed an issue, applicable to Artifactory versions 6.8.0 to 6.8.3, where a user that is associated with a group that is configured with admin privileges and additional non-admin group(s), did not have admin privileges.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: 12 March, 2019
Released: 14 March, 2019
For a complete list of changes, please refer to our JIRA Release Notes.
Released: January 22, 2019
Fixed an issue relevant from Artifactory 6.6.3 / 6.6.5 in which with Artifactory running on a Windows machine, it was not possible to work with RubyGems repositories.
goget.html
file instead of the corresponding Go module.GitHub.com
in a remote Go repository, Artifactory would not pass credentials to api.github.com
go-import
from the go-get
metadata for a Go package would fail if that metadata was spread out over multiple lines.For a complete list of changes, please refer to our JIRA Release Notes.
Released: January 30, 2019
For a complete list of changes, please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20531
Released: February 3, 2019
Fixed an issue in which an Artifactory Smart Remote Go repository (i.e. one that points to another Artifactory repository as its module provider) got a 404 response to get version list requests, instead of the version numbers.
Fixed an issue which occurred when using the synchronizeLdapGroups
user plugin together with PostgreSQL as the Artifactory database. With this combination, certain circumstances would cause multiple concurrent requests to the JFrog Access REST API resulting in a "duplicate index" error.
For a complete list of changes, please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20588
Released: February 6, 2019
Fixed an issue in which installing a package from a remote RubyGems repository would fail when using Bundler.
For a complete list of changes, please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=20589
For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version of
. Newtablink Text JFrog Artifactory Pro URL https://bintray.com/jfrog/product/artifactory/download
For Artifactory OSS, click to download this latest version of
. Newtablink Text JFrog Artifactory OSS URL https://www.jfrog.com/open-source/#artifactory
For Artifactory Enterprise+, click to download the latest version of
. Newtablink Text JFrog Enterprise+ URL https://www.jfrog.com/download-platform/
Released: 12 March, 2019
Released: December 18, 2018
This version introduces a new local Build Info repository. This default artifactory-build-info repository will store all build info files uploaded to Artifactory by the different CI server plugins, such as the Artifactory Jenkins Plugin, CLI, and directly through the Build Upload REST API or Artifactory UI.
The same build information will continue to be available through the REST API and the Builds page in the Artifactory UI.
Also, it is now possible to define access to the different build info files with user and group permissions such as read/deploy/delete. This is equivalent to managing permissions on repositories with include/exclude patterns on build info json paths, in the build info repository.
Additional benefits include:
Info | ||
---|---|---|
| ||
When upgrading to Artifactory 6.6, the artifactory-build-info repository is automatically created and cannot be removed. All existing builds info json files will be migrated from the DB to the repository. Depending on the number of builds in your system, this process may take some time. To help you monitor the process, progress and status messages will be printed to the You can also enhance the migration process and reduce time by adding system property settings. Build info replication will be available once the migration is complete. |
Note | ||
---|---|---|
| ||
From this version, the build info files are stored as artifacts in the Artifactory artifactory-build-info repository. This conceptual change requires the following attention: Delete Build Permission The following build related REST APIs will now require Delete permission on the build level after the upgrade to 6.6 and above: Cleanup Policies
DefaultBuildPermission
|
In addition to local and remote repositories, Artifactory now supports Debian virtual repositories. Virtual repositories allow you to aggregate multiple local, remote and virtual Debian repositories under a single endpoint and easily manage your Debian packages.
This provides additional support for managing Artifactory multi-sites.
Artifactory now enables you to extract Debian package metadata (i.e. component, distribution and architecture) from remote Debian repositories and assign them as properties on the cached packages. This can be done using the REST API or from the Artifactory UI.
This enables searching for cached Debian packages in remote repositories, as well as whitelisting remote-cached Debian packages.
To harden security when providing encrypted data (secrets) such as connection strings to external databases, from this version, when running Artifactory, you can optionally provide secrets in a temporary file. Artifactory will load the parameters specified in a temporary file at startup and then delete the file. Notice that this is an additional recommended functionality that will not change your current behaviour if not used.
Artifactory Edge nodes now include a default generic repository called artifactory-edge-uploads, to which you can deploy files.
Note: this is the only repository in an Artifactory Edge node that's available for deploying files to.
From this version, Migrating to SHA-256 can now also be done using the following two new REST API endpoints. This is in addition to ability to set the SHA-256 migration using the existing system setting configurations in Artifactory's artifactory.system.properties file.
Note | ||
---|---|---|
| ||
This note applies If you have a SHA256 migration process currently running before upgrading to Artifactory 6.6. As part of the upgrade, your existing migration process will stop running. To reinitiate it, you'll need to use the new Start SHA256 Migration Task REST API after the Artifactory 6.6 upgrade is complete. |
Fixed an issue where pip requests would ignore “If-None-Match” and If-Modified-Since” headers used with an /artifactory/api/pypi/<repo>/<path> endpoint.
Fixed an issue where in some cases where a user tried to login to Xray with SSO they received the following error message "Request was blocked. Please refer to access.log".
For a complete list of changes, please refer to our JIRA Release Notes.
Released: December 26, 2018
Fixed an issue that occurred only in Artifactory 6.6, in which if more than one Artifactory schema/catalog combination exists on the same database instance, and the user with which Artifactory connects to the database has permissions to see all of them, the Build Info Migration from the database to the artifactory-build-info-repository would sometimes be completed with an error or a log entry indicating that the migration had failed with no specified reason.
For a complete list of changes please refer to our JIRA Release Notes.
Released: 31 December 2018
For Docker Image Artifactory installations, you can set the pool.max.active and pool.max.idle parameters in the etc/db.properties by setting the following environment variables:
In the following example, we set the maximum active database connection pool to 500:
Code Block |
---|
docker run ...... -e DB_POOL_MAX_ACTIVE=500 -e DB_POOL_MAX_IDLE=50 ....... docker.bintray.io/jfrog/artifactory-pro:6.6.3 |
Added support for configuring Tomcat server.xml values. Just pass the values as environment variables with your Docker execution command and they will be injected into Tomcat's server.xml. For more information, see Supported Environment Variables.
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 8, 2019
Released: 12 March, 2019
Released: October 11, 2018
Note | ||
---|---|---|
| ||
The combination of Artifactory 6.5.0 and with PostgreSQL database enforces property values limit of 2400 characters. Upgrading to version 6.5.0 without trimming the property values first, may result with old indexes or partial indexes for the ‘node_props’ database table and cause an error. See fix here: Recovering from Error: An incompatible index has been found for the Artifactory ‘node_props’ database table. |
As part of the Distribution flow that was introduced with Enterprise+, Artifactory now supports release bundle repositories.
The Release bundle repository protects the artifacts created in the Artifactory source instance, by copying them into a separate repository where their contents cannot be edited or removed.
Whenever a new release bundle is created and signed, it is copied and saved into an immutable release-bundles repository in Artifactory. This ensures consistency in the artifacts being distributed among target instances.
*This feature is available when upgrading to both Artifactory 6.5 and Distribution 1.3
This version adds data from JFrog Xray to the Package Viewer, enriching the information on major package types in Artifactory. Once a specific package is selected in the package viewer, Artifactory will expose data about license and security violations detected by Xray for all of the versions of the selected package.
This critical information helps users choose the right packages and version they would like to use.
This feature adds an optimization when storing your binaries on AWS S3 (S3 Binary Provider) by allowing Artifactory to redirect requests from clients that support HTTP 302 responses to download large binaries directly from the cloud storage rather than through Artifactory. By redirecting download requests, requirements for Artifactory's local storage cache is reduced since large artifacts are downloaded directly from the cloud, and in the case of multiple simultaneous download requests, Artifactory doesn't need to allocate threads and compute power to download multiple large artifacts at the same time.
This feature requires an Enterprise+ license, and is currently only available on JFrog Artifactory Cloud on AWS. To learn more, please refer to Direct Cloud Storage Download.
This version adds more capabilities for administrators to exercise greater control over the lifecycle of access tokens:
minimum-revocable-expiry
flag set in the access.config.yml
file, you can specify a minimal period of time during which a token cannot be revoked. JFrog Access is the service that manages all aspects of authentication and authorization for all JFrog services under the hood. Run as a separate service that is installed under the same Tomcat with Artifactory, it stores all Users, Groups, Permissions and Access Tokens generated by any connected JFrog service. The features and capabilities of JFrog Access were previously concentrated around the Access Tokens and Access Federation pages in the JFrog Artifactory User Guide. As the service’s capabilities were extended, and its scope widened to include all JFrog products, its documentation has been moved to a separate space to provide better visibility for its features and easier access to relevant information which now available in the JFrog Access User Guide, and will continue to be maintained and updated there.
Changes have been introduced to improve the performance of Artifactory as a Docker registry while using PostgreSQL as the database.
Fixed an issue where downloading an artifact with a name that contains an exclamation mark (i.e. !) would fail.
Note: due to this fix, when downloading an artifact from an archive requires the resource path within the archive to start with a ‘/’
For example: GET http://localhost:8081/artifactory/repo1/folder/a.jar!/META-INF/LICENSE
For a complete list of changes, please refer to our JIRA Release Notes.
Released: October 18, 2018
Artifactory now supports hosting and proxying Docker images with a
Newtablink | ||||
---|---|---|---|---|
|
For a complete list of changes, please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: October 21, 2018
Fixed an issue where Filtered Resources (for example: username and password in settings.xml files a Maven repository) would not be populated when downloading the Filtered Resources file.
For a complete list of changes, please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: November 26, 2018
For a complete list of changes, please refer to our JIRA Release Notes.
Released: November 26, 2018
For a complete list of changes, please refer to our JIRA Release Notes.
Released: November 29, 2018
Released: December 17, 2018
Enhanced the fix for an issue in which under certain circumstances, a security vulnerability may have allowed unauthorized users to log in to Artifactory.
JFrog would like to thank Timo Lindfors of Nixu Oyj for reporting this issue and for working with JFrog to help protect our customers.
Released: 12 March, 2019
Issues Resolved
Released: September 26, 2018
To complement Artifactory's universal support for all major package types, in this version, Artifactory adds support for npm packages in the Package Viewer. This provides a native experience with the look and feel that is customized for development with npm packages.
Once you select npm as the package type, the Package Viewer will restrict search results for npm packages matching the search term entered, and the details provided in the search results will be specific to npm packages. When selecting a specific search result, you can drill down to view details such as the package's readme file, properties, dependencies, builds that include it and more.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: Oct. 1, 2018
Issues Resolved
Fixed in an issue introduced in Artifactory 6.4 in which when configured with AWS S3 as the binary provider, Artifactory would not start up.
For a complete list of changes please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: November 29, 2018
Released: 12 March, 2019
Issues Resolved
Released: August 22, 2018
Note | ||
---|---|---|
| ||
JFrog Artifactory 6.3.0 is not backwards compatible with previous versions for the purposes of distributing release bundles. Therefore, when distributing release bundles between Artifactory services with JFrog Distribution, you need to ensure that either both source and target services are version 6.3.0 and above, or they are both below version 6.3.0. |
Artifactory now offers native supports for Conda Repositories, giving you full control over deploying and resolving Conda packages.
You can create secure and private local Conda repositories with fine-grained access control. Remote Conda repositories proxy remote Conda resources and cache downloaded Conda packages to keep you independent of the network and the remote resource, and virtual Conda repositories give you a single URL through which to manage the resolution and deployment of all your Conda packages.
db.properties
file in one node of an HA cluster would not get propagated to the other nodes.registry.npmjs.org
.For a complete list of changes, please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19934
Released: August 28, 2018
Fixed an issue introduced in Artifactory 6.2 in which due to the upgrade of Tomcat to version 8.5.32 in Artifactory 6.2.0, requests to Artifactory that contained square brackets would fail.
Fixed an issue relevant for Artifactory 6.2 and above running in an HA environment, in which when browsing through artifacts in the UI, transactions would be left open when the http request would complete. This could lead to contention on rows in the database resulting in outstanding database locks and duplicate key violation errors.
For a complete list of changes please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: Sept. 2, 2018
Fixed an issue in which unlocking the User Profile page in the UI would fail if the user's password contained any special characters.
Fixed an issue in which when configuring a smart remote repository in the UI and testing the connection, a the login credentials to the remote resource would be deployed in plain text in the smart remote repository cache.
For a complete list of changes please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: November 29, 2018
Released: March 12, 2019
Issues Resolved
Released: April 17, 2019
Issues Resolved
Released: August 8, 2018
This version enhances the internal session management between nodes in an Artifactory HA cluster to provide more stability. In previous versions, an HA cluster used a third-party library, Hazelcast, to manage sessions between the cluster nodes. From this version, Artifactory introduces a new mechanism that uses the database which makes session management more robust.
The Artifactory Docker container now starts and runs under an artifactory
user and no longer requires root access. Similarly, the Artifactory NGINX Docker container now starts and runs as user nginx
.
The Tomcat bundled with Artifactory has been upgraded to version 8.5.32.
dockerRepository:<tag>
tag, the call would deploy a new tag rather than overwrite the existing one resulting in orphaned layers.constant
org.artifactory.descriptor.repo.RepoType.undefined
error.package.json
file would fail when the value of its version field contained a leading "v" or "=" character.For a complete list of changes, please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19911
Released: November 29, 2018
Released: 12 March, 2019
Issues Resolved
Released: July 1, 2018
Artifactory now natively supports CRAN repositories for the R language, giving you full control of your deployment and resolve process of CRAN packages.
You can create secure and private local CRAN repositories with fine-grained access control. Remote CRAN repositories proxy remote CRAN resources and cache downloaded CRAN packages to keep you independent of the network and the remote resource, and virtual CRAN repositories give you a single URL through which to manage the resolution and deployment of all your CRAN packages.
Sharding across multiple zones allows you to create zones or regions of sharded data to provide additional redundancy in case one of your zones becomes unavailable. From 6.1, you can determine the order in which the data is written between the zones and can set the method for establishing the free space when writing to the mounts in the neighboring zones.
Added a link to the Xray tab giving you direct access to Xray from within the Artifactory Artifact tree browser.
You can force the Maven client to send credentials in order to authenticate against the virtual repository. This means that even if anonymous access is enabled for the Artifactory instance, a virtual repository configured using this field or directly in the Repository Configuration JSON, will require the Maven client to send its credentials. This will be enforced even if some of the aggregated local repositories under the virtual repository allow anonymous access.
Previously searching for NuGet packages using the ID and version via the NuGet CLI was case-sensitive causing search results to be narrowed down to an accurate result. This was very limiting, especially if you were looking for a specific version. So for example, if I was searching for junit version 1.0.2, and the repository package name was JUnit, I would not get any result. We now have improved the search to be case-insensitive, allowing for both junit or JUnit to be displayed in the search.
When promoting a build, under the Builds > Release History tab, you can now see the timestamp of the build promotion.
For a complete list of changes, please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
Released: November 29, 2018
Released: 12 March, 2019
Issues Resolved
Released: May 17, 2018
Announcing the new Enterprise+ Platform, that provides a complete solution for covering all the steps involved in creating a secure, trustworthy, and traceable software release in a multi-site development environment.
The solution works in conjunction with source version control, continuous integration, and deployment tools.
The JFrog Enterprise+ platform bundle includes:
Newtablink | ||||
---|---|---|---|---|
|
Newtablink | ||||
---|---|---|---|---|
|
Newtablink | ||||
---|---|---|---|---|
|
: all features available in Mission Control with the addition of: Newtablink Text JFrog Mission Control URL https://www.jfrog.com/confluence/display/MC/Enterprise+Plus
the ability to add instances of Jenkins-CI, JFrog Distribution and JFrog Artifactory Edge as services in the system and monitor them
Insight and analytics on build processes through as set of metrics on the end to end build process
The following dedicated Enterprise+ features are a part of the Artifactory 6.0.0 release:
JFrog Distribution and Release Bundles
Info | ||
---|---|---|
| ||
AQL has also been enhanced to support searching for release bundles and release artifacts. For more information, see Artifactory Query Language. |
For more details on the JFrog Enterprise+ platform, please refer to the
. Newtablink Text JFrog Enterprise+ User Guide URL https://www.jfrog.com/confluence/display/EP/Welcome+to+JFrog+Enterprise+Plus
SSO allows you to log into all your JFrog applications using a single set of user credentials that are stored in the Authentication Provider Artifactory instance. When SSO is applied, the user logs into the JFrog product using a set of predefined credentials and is granted access across the board to the JFrog products. SSO eliminates the need to re-enter the credentials every time a product is accessed. It is automatically enabled for all the JFrog services that use an Authentication Provider for managing security. For more information, see Authentication Using Single Sign-On.
NuGet API v3 Registry Support
Artifactory now supports NuGet API v3 and allows you to proxy remote NuGet API v3 repositories (e.g., the NuGet gallery) and other remote repositories that support API v3. For more information, see the API documentation.
NuGet SemVer 2.0 Packages
Artifactory now supports SemVer 2.0 rules for NuGet repositories (for both NuGet API v2 and API v3), which means you can now use pre-release numbers with dot notations or add metadata to the version, for example:
MyApp.3.0.0-build.60, MyApp.1.0+git.52406.
Info | ||
---|---|---|
| ||
NuGet packages with SemVer 2.0 are not available for NuGet clients using NuGet CLI versions lower than 4.3.0. This breaking change is due to required modifications made to the local repository structure in Artifactory to align with the official global repository behavior. |
For more information, see NuGet SemVer 2.0 Package Support.
This version enhances the internal locking mechanism in Artifactory HA setups to provide more stability.
Prior to this version, Artifactory HA used the third-party Hazelcast library for distributed locking during concurrent operations. From this version, Artifactory introduces a new locking mechanism relying on the database to provide added robustness and stability.
Important: Since the new mechanism relies on the database and therefore may require additional database connections. For more information, see Database Locks.
From Artifactory version 6.0.0, Artifactory supports IPv6-enabled hosts. This version allows users to configure IPv6 for both Artifactory standalone instances and for HA setups where you can configure the different nodes in the cluster to communicate over IPv6. This address is used to connect an Artifactory node to its peers over REST or TCP, when required. For more information, see IPv6 Support.
CSRF Protection was released in Artifactory 5.11. From Artifactory 6.0.0, CSRF protection is now enabled by default. Artifactory prevents CSRF attacks by using a new custom header - 'X-Requested-With', for internal UI calls. If you are using a proxy server, verify that the proxy does not filter out the 'X-Requested-With' header. For more information, see CSRF Protection.
The Builds page has a new look and feel, together with newly designed table provide an improved UI experience.
Also, a new look and feel for all tables in Artifactory.
Fixed an issue whereby an event based pull replication caused a small thread leak in the subscribed Artifactory. For example, when the source Artifactory from which the target is pulling the artifacts. Additionally, we have capped the maximum number of subscribed Artifactories per repository to 30. You can modify the maximum number of allowed subscribed Artifactories to the event based pull replication per repo by modifying the artifactory.system.properties file, by adding the following line:
artifactory.replication.eventbased.maxPullReplicationsPerRepo=<number>For a complete list of changes please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: May 24, 2018
Issues Resolved
Fixed an issue in which when running Artifactory in Microsoft Internet Explorer, several capabilities in the UI did not work: logging out from Artifactory, the Set Me Up window wouldn't close, the Artifacts tab would be blank and the Advanced options under the Admin tab would be missing.
For a complete list of changes please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: June 7, 2018
Issues Resolved
For a complete list of changes please refer to our
. Newtablink Text JIRA Release Notes URL https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19822
Released: June 25, 2018
Issues Resolved
Removed a remote code execution vulnerability that may have been exploited when a user with Admin permissions used one of the import capabilities in Artifactory.
JFrog would like to thank Jakub Zoczek of Allegro Group for reporting this issue and for working with JFrog to help protect our customers.
For a complete list of changes please refer to our
Newtablink | ||||
---|---|---|---|---|
|
Released: November 29, 2018
Released: 12 March, 2019
For JFrog Artifactory 5.x release notes, please refer to Release Notes in the JFrog Artifactory 5.x User Guide.
For JFrog Artifactory 4.x release notes, please refer to Release Notes in the JFrog Artifactory 4.x User Guide.