Using Artifactory 6.x ?
JFrog Artifactory 6.x User Guide
Still using Artifactory 4.x ?
JFrog Artifactory 4.x User Guide
Have a question? Want to report an issue? Contact JFrog support
Release: April 18, 2018
Using PyPI Remote Repositories?
If you are using PyPI remote repositories, you need to upgrade to this patch to overcome a breaking change introduced to the public PyPI repository.
PyPI is undergoing changes and the PyPI administrators have announced that by April 30th, the current URL at which the index is available will be deprecated, and the PyPI public repository will only be available at http://pypi.org.
In addition, the internal structure of the PyPI index is changing.
These are breaking changes if you are using Artifactory remote PyPI repositories that proxy the PyPI index at its current URL of http://pypi.python.org.
Important notes:
Registry URL
field, which specifies the location where the repository index file resides, to the remote PyPI repository configuration.To continue working with PyPI remote repositories, follow these instructions:
URL
field to https://files.pythonhosted.orgRegistry URL
field to https://pypi.orgNote: upon upgrading to this version, the Registry URL of all of the remote PyPI repositories will be set to the same value as repository's URL.
If the index file and the binaries are stored in the same URL, you should not make any changes in these remote PyPI repositories.
In addition to this patch, to accommodate users running older versions of Artifactory, we have also released 5.8.9 and 5.9.5 with the same fix.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: April 26, 2018
Fixed an issue in which user login would sometimes fail when there was more than one LDAP configuration set up (e.g. different OUs)
Fixed an issue in which downloading artifacts from a remote repository would fail when the repository was configured to work with a proxy, and the proxy server was configured in Artifactory with a username and password.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: November 29, 2018
Released: 12 March, 2019
Issue Resolved
Released: February 18, 2018
Artifactory will maintain an audit trail log that records all actions related to permissions, users, groups and access tokens. This enables auditing and tracking of all security related actions allowing you to enforce different security policies in your organization. Some examples of actions that will be recorded in the audit trail log are:
The audit trail log is enabled by default and can be disabled. For more details, please refer to Audit Trail Log.
Artifactory has undergone significant changes in the UI implementation to improve performance in the Tree Browser.
Artifactory will now use 128-Bit AES for password encryption which is a more secure algorithm than the previously used PBEwithSHA1AndDESede. New installations will use the new encryption algorithms, however, if you are upgrading to this version, the encryption algorithm does not automatically change. Following an upgrade, to change the encryption algorithm from PBEwithSHA1AndDESede to the new A128-bit AES, simply deactivate key encryption using the Deactivate Artifactory Key Encryption REST API endpoint, and then re-enable it using the Activate Artifactory Key Encryption REST API.
Artifactory will now return a “Cache-Control: no-store” header for all expirable metadata files.
This means that if you have a proxy cache (e.g. Nginx) between Artifactory and the client, the proxy will always go to Artifactory to fetch these metadata files and will not cache them.
Publishing to an npm repository with a tag.
When publishing a new version with a tag to an npm repository, the version would also automatically be assigned the "latest" tag. This meant that running npm install package
would install the "tagged" version even though it was explicitly given a different tag and should, therefore, not have been identified as the "latest". For example, when using npm publish --tag=beta
, the published version would incorrectly get the "latest" tag. This is now fixed and Artifactory will only assign a published version with the "latest" tag if no other tag is explicitly specified in npm publish
command.
Fixed an issue in which when distributing a Docker image to JFrog Bintray through a distribution repository in Artifactory, the operation would succeed the first time, however would fail if you tried to redistribute the same image through the distribution repository.
Fixed an issue in which Helm charts whose representation did not comply with the SemVer 2 specification would not be served. For example, the Helm client would not be able to resolve a chart named myPackage-0.1
, however, a chart named myPackage-0.1.0
would work.
Fixed an issue in which resolving an npm package from an npm remote repository in Artifactory that proxied an npm repository in JFrog Bintray, would fail.
Fixed an issue in which when pushing several Docker images with common layers in high concurrency, some of the push requests would fail.
Fixed an issue in which the Storage Summary for a cache-fs filestore would show the maximum available and used values incorrectly. Instead of displaying values for the cache, the values for the whole file system were displayed instead. This has now been fixed and the Storage Summary for a cache-fs filestore correctly displays the actual and maximum available cache size.
Fixed an issue with the use of filestore sharding in an HA cluster. When an HA cluster with two or more nodes used the sharding-cluster binary provider, if you deployed an artifact to one of the secondary nodes while the primary node was down, the artifact would not get copied over to the primary node, even if the redundancy was set to 2 or more.
Fixed an issue with metadata calculation for npm repositories. When triggering a metadata calculation using the REST API or through the UI, if the repository contained an npm package with faulty or corrupt metadata that Artifactory couldn't parse, the whole process of metadata calculation would stop without calculating metadata for packages that came after the faulty package.
Fixed an issue in which, for Maven repositories, when LDAP users would try to download the settings.xml
from the Set Me Up page, the password field would not be populated and remain blank.
Fixed an issue in which when using the Distribute Artifact REST API endpoint with an unauthorized user, Artifactory returned a 500 error. Artifactory will now return error 403, as expected.
For a complete list of changes please refer to our JIRA Release Notes.
Released: March 6, 2018
Issues Resolved
Important Notice
To enable the "npm search" to search according to a package name, description and keyword, it is required to recalculate the metadata for all relevant npm repositories (including local and remote cache).
This can be done from the Artifactory UI by right clicking on the repository and selecting ‘Recalculate Index’, or by executing the Calculate Npm Repository Metadata REST API.
For a complete list of changes please refer to our JIRA Release Notes.
Released: March 21, 2018
Issues Resolved
Fixed an issue with Artifactory instances running versions 5.9.0 and above which displayed the following behavior: in some cases certain users would not be able to login to Artifactory, retrieving the list of users through the UI or the REST API would fail with an exception, and Backups and System Exports would fail. For details, please refer to the relevant JIRA item in the link below.
For a complete list of changes please refer to our JIRA Release Notes.
Release: April 18, 2018
Using PyPI Remote Repositories?
If you are using PyPI remote repositories, you need to upgrade to this patch to overcome a breaking change introduced to the public PyPI repository.
PyPI is undergoing changes and the PyPI administrators have announced that by April 30th, the current URL at which the index is available will be deprecated, and the PyPI public repository will only be available at http://pypi.org.
In addition, the internal structure of the PyPI index is changing.
These are breaking changes if you are using Artifactory remote PyPI repositories that proxy the PyPI index at its current URL of http://pypi.python.org.
Important notes:
To continue working with PyPI remote repositories, follow these instructions:
URL
field to https://pypi.orgNote: upon upgrading to this version, the Registry URL of all of the remote PyPI repositories will be set to the same value as repository's URL.
If the index file and the binaries are stored in the same URL, you should not make any changes in these remote PyPI repositories.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: April 30, 2018
For a complete list of changes, please refer to our JIRA Release Notes.
Released: November 29, 2018
Released: 12 March, 2019
Released: January 1, 2018
Artifactory now natively supports Helm Chart repositories, giving you full control of your deployment process to Kubernetes. You can create secure and private local Helm chart repositories with fine-grained access control. Remote Helm chart repositories proxy remote Helm chart resources and cache downloaded Helm charts to keep you independent of the network and the remote resource, and virtual Helm chart repositories give you a single URL through which to manage the resolution and deployment of all your Helm charts.
Applying configuration changes to Artifactory can now be done using an easy to use YAML configuration file. Run a single or multiple configuration changes as needed, to create, update and delete any elements in the your Artifactory instance. For example, creating new repositories, setting up replication, and modifying any specific configuration changes.
Artifactory has supported multiple secure private Docker registries since the early days of Docker, however that support required the use of a reverse proxy. From version 5.8, the need for a reverse proxy is removed, and you can create and use multiple Docker registries out-of-the-box without the need for any reverse proxy configuration. All you need to do is select the Repository Path
Artifactory will now accept users logging in through HTTP SSO to be associated with existing LDAP groups. HTTP SSO users will now inherit the permissions specified in the corresponding LDAP group in Artifactory. This is supported for both HTTP SSO users that are internally created in Artifactory and also for transient users.
Fixed an issue where overwriting an existing artifact would permanently delete it. These artifacts will now be sent to the trash can, available to be recovered if needed.
Fixed an issue in which enabling the External Dependency Rewrite configuration in npm virtual repositories, caused some npm packages, such as "equals", to not be resolved with an npm 500 error displayed in the logs. This occurred only for packages where dependencies were declared in the following format:https://github.com/<repo>/<...>
“maintainers” : { "name": "john", "email": "john@company.com" }
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 4, 2018
Issues Resolved
Fixed an issue in which an upgrade from versions below 5.7, to versions 5.7 and above with the Artifactory Key Encryption activated, failed with the following error:Couldn't convert configs encryption: javax.crypto.BadPaddingException: Given final block not properly padded : Couldn't convert configs encryption
Fixed an issue, for HA setups, in which an upgrade process with the following steps failed with the following error:Encrypted password found and no Master Key file exists at /clusterhome/ha-etc/security/artifactory.key
Steps:
1. upgrade to version 5.x (below 5.7), from version 4.x with NFS and the Artifactory Key Encryption deactivated
2. upgrade to version 5.7 and above, with the Artifactory Key Encryption activated
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 8, 2018
Issues Resolved
Fixed an issue with HA clusters in which in rare cases, when modifying files that are synced through the database (for example, adding/modifying user plugins, changing the Artifactory Encryption Key, or modifying Artifactory system properties), the changes would not be propagated to the secondary nodes in the cluster.
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 9, 2018
Issues Resolved
Fixed an issue in which pushing or pulling from an Artifactory Docker registry would fail when using Docker client version 1.12 or below and while the reverse proxy is configured to listen on ports 443/80.
For a complete list of changes please refer to our JIRA Release Notes.
Released: February 7, 2018
Issues Resolved
Fixed an issue with Artifactory Docker registries in which in some cases, file descriptors created following a HEAD request for a Docker manifest, would not be closed at the end of the request, but only when garbage collection was run.
For a complete list of changes please refer to our JIRA Release Notes.
Release: April 18, 2018
Using PyPI Remote Repositories?
If you are using PyPI remote repositories, you need to upgrade to this patch to overcome a breaking change introduced to the public PyPI repository.
PyPI is undergoing changes and the PyPI administrators have announced that by April 30th, the current URL at which the index is available will be deprecated, and the PyPI public repository will only be available at http://pypi.org.
In addition, the internal structure of the PyPI index is changing.
These are breaking changes if you are using Artifactory remote PyPI repositories that proxy the PyPI index at its current URL of http://pypi.python.org.
Important notes:
To continue working with PyPI remote repositories, follow these instructions:
URL
field to https://pypi.orgNote: upon upgrading to this version, the Registry URL of all of the remote PyPI repositories will be set to the same value as repository's URL.
If the index file and the binaries are stored in the same URL, you should not make any changes in these remote PyPI repositories.
For a complete list of changes, please refer to our JIRA Release Notes.
Released: April 30, 2018
For a complete list of changes, please refer to our JIRA Release Notes.
Released: November 29, 2018
Released: 12 March, 2019
Released: December 20, 2017
Using PostgreSQL?
Before upgrading to this version, you need to ensure that your PostgreSQL JDBC driver is version 9.4 build 1202 or higher.
To update your driver, simply place the new driver JAR file in $ARTIFACTORY_HOME/tomcat/lib.
The HA installation and setup process has been redesigned to create a simple and even more secure infrastructure for your Artifactory HA clusters. Through the use of a Master Key, Artifactory adds a new security layer that replaces the previously used Bootstrap bundle mechanism, which is now deprecated.
With this release, Artifactory will handle all configuration and encrypted security related files. To create new Artifactory nodes in a cluster, administrators will only need to supply a single Master Key and db.properties file, used by all nodes in the cluster.
Existing Artifactory installations will be upgraded to this new infrastructure automatically when updating from version 5.x and up.
View only the repositories you need by customizing the Artifact Repository Browser with your favorite repositories, and applying sort and filter options. Use as many different favorite, sort and filter combinations to narrow down the Artifact tree to display exactly what you need.
Promoting builds to a virtual repository is now supported, in addition to the previously supported local repositories, using the Build Promotion REST API. Upon build promotion to a virtual repository, the files will be promoted (copied/moved) to the Default Deployment Repository that is configured as part of the virtual repository.
Added support for AWS SSE-KMS (Key Management Service) for your S3 Object Storage. This allows you to set an AWS KMS encryption key on the S3 bucket that your Artifactory uses as an object store.
Artifactory now lets you create LZMA (.lzma) and XZ (.xz) compression Debian indices, in addition to the already supported Gzip (.gzip) and Bzip2 (.bz2) extensions. The Bzip2 index file can be disabled if it's not needed.
Significant performance improvement for AQL queries when searching artifacts according to build name and number.
Performance improvement when concurrently applying configuration changes to the Config Descriptor file.
Fixed an issue in which users, associated with groups that are configured with admin privileges, could not perform admin-only actions through REST API when using an API key for authentication.
Fixed an issue in which deploying a large NuGet package (larger than 2GB) would fail with an OutOfMemory exception.
Fixed an issue in which TCP connections were not being closed when push replication was configured with an incorrect target URL or bad credentials, causing unresponsiveness. The TCP connections were not being closed on the source Artifactory (the instance where artifacts were replicated from).
For a complete list of changes please refer to our JIRA Release Notes.
Released: December 22, 2017
Issues Resolved
Fixed an issue in which, when upgrading to version 5.7.0, if you have more than 2 Docker repositories that are configured using the ports method, an exception is generated during the upgrade process. Artifactory does start up, but you are unable to save the configuration descriptor unless you remove the configuration.
For a complete list of changes please refer to our JIRA Release Notes.
Released: December 24, 2017
Issues Resolved
Fixed an issue that prevented upgrading to version 5.7.x with an MS SQL database (version 2014 and below) when you have an artifact with a property and value whose combined length is greater than 900 characters.
For a complete list of changes please refer to our JIRA Release Notes.
Released: November 29, 2018
Released: 12 March, 2019
Released: November 15, 2017
Before Upgrading to Artifactory 5.6.0
apt-get update
on Ubuntu Trusty (14.04) against Debian repositories fails with the following error: Sub-process https received a segmentation fault
A fix for this issue is available in version 5.6.1 and we therefore recommend upgrading to 5.6.1.
Significant improvement in performance when indexing Debian repositories.
The Tomcat bundled with Artifactory has been upgraded to version 8.5.23.
The Get Repositories REST API now also includes distribution repositories. To get the distribution repositories details only, you can add type=distribution as a query param.
Performance of displaying the environment and system variables data in the Builds module in the UI has been significantly improved.
Admin users can now also enable folder download configuration for anonymous users, in addition to internal users.
Added the ability to limit the number of API search results for internal users, previously available only for anonymous users. To add a limit, edit the artifactory.system.properties file with artifactory.search.limitAnonymousUsersOnly=false
(default is true
), and a limit artifactory.search.userQueryLimit
(default is 1000
).
Applicable to the following REST API calls
Artifact Search, Archive Entries Search, GAVC Search, Property Search, Checksum Search (limited by UI max results), Artifacts Not Downloaded Since, Artifacts With Date in Date Range, Artifacts Created in Date Range.
Added an option to filter the expirable tokens in the Access Tokens page in the Artifactory UI.
Fixed an issue allowing unsupported special characters to be used in the key field when adding properties via REST API, as already enforced in the UI.
The following characters are forbidden: )(}{][*+^$\/~`!@#%&<>;=,±§
and the Space character
.
Fixed an issue where a file with the same filename and filepath of a file that was previously deleted, could not be deleted a second time. For this scenario, the latest file deleted will now be under the file path in the trash.
Fixed an issue where NuGet package names containing a hyphen character "-" would be automatically considered as pre-release packages which allowed users without Delete/Overwrite permissions to overwrite them.
For example: Sample-Package.1.0.0.nupkg
Artifactory is now aligned with the NuGet spec, and these packages will only be considered as pre-release if the hyphen character follows the version number.
For example: Sample-Package.1.0.0-RC.nupkg
Fixed an issue where installing an npm package, with the following date format (2010-11-09T23:36:08Z
) in its metadata file, would fail with an IllegalArgumentException.
time
closure in the package.json.Fixed an issue where uploading a Conan package that contains declared environment variables with the "=" character, the package would be deployed without its metadata.
For Example: conan install lib/1.0@user/stable -e MYFLAG="one==tricky==value" --build
For a complete list of changes please refer to our JIRA Release Notes.
Released: November 22, 2017
Fixed an issue in which a single-phase upgrade of an HA cluster with downtime (by adding the artifactory.upgrade.allowAnyUpgrade.forVersion
system property) from a version below 5.0 directly to version 5.6.0 would fail. Note that the recommended two-phase upgrade with zero downtime was not affected.
Fixed an issue in which when logging into Artifactory, if the group name sent in a SAML assertion as a SAML attribute was in mixed-case (i.e., at least one character is not lower-case), and the corresponding group in Artifactory was all in lower case, then the SAML user would not inherit the permissions associated with that group. This affected both internal groups and imported LDAP groups.
apt-get update
on Ubuntu Trusty (14.04) against Debian repositories would fail with the following error: Sub-process https received a segmentation fault
For a complete list of changes please refer to our JIRA Release Notes.
Released: November 27, 2017
Fixed a critical issue in which a user would sometimes lose permissions due to a collision between an update action and a "GET" operation that occurred concurrently.
For a complete list of changes please refer to our JIRA Release Notes.
Released: December 18, 2017
Issues Resolved
Fixed an issue in which deployment of an artifact which already existed in Artifactory would result in its SHA-256 value being null. This would cause the indexing of repository types like Debian and Git LFS to be incorrect since they rely on artifacts' SHA-256 value.
For a complete list of changes please refer to our JIRA Release Notes.
Released: November 29, 2018
Released: 12 March, 2019
Issue Resolved
Released: September 25, 2017
Due to a critical issue discovered in this version, you should not install it. Instead, you should upgrade to version 5.5.1 or later.
For an Artifactory HA installation, there are two options to upgrade to version 5.5 from a version below 5.4.6
This note only refers to upgrading Artifactory Enterprise HA installations.
Artifactory 5.5 implements a database schema change to natively support SHA-256 checksums. If your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.
If your current version is below 5.4.6, to accommodate this change, you may select one of the following two upgrade options:
artifactory.log
file:To upgrade your HA installation to this version, you first need to upgrade to version 5.4.6 which implements changes required to accommodate a database schema change.
JFrog Artifactory now supports event based pull replication, in addition to the already supported event based push replication. This configuration allows your remote Artifactory instances get updated in near-real-time by a pull replication that's triggered by any changes made to your local repositories, such as new or deleted artifacts. This is great for automation purposes where you want to make your artifacts available in all of your instances as soon as they are deployed.
As a best practice, setting a Cron expression for regularly scheduled replication is still required in addition to event-based replication. This will ensure that all of the artifacts in your repository are synced and up to date, which is important in case of an event sync failure (for example, due to maintenance operations).
Artifactory now supports SHA-256 checksums. This improved algorithm to calculate checksums enables a more secure environment for your binaries letting you use SHA-256 checksums to validate the integrity of downloaded artifacts. You can also use the SHA-256 value for a variety of features as described in SHA-256 Support. Whenever a new artifact is deployed, in addition to automatically calculating its MD5 and SHA1 checksums, Artifactory will now also calculate and store its SHA-256 checksum. The SHA-256 value can be used when searching for artifacts, or displayed as output for AQL queries in the same way SHA1 and MD5 checksums are used from both the UI and the REST API.
From version 5.5, Artifactory will automatically calculate the SHA-256 checksums for new artifacts deployed to your instance. . Depending on the number of artifacts in your system, this process may take some time. To help you monitor the process, progress and status messages will be printed to a dedicated log file, sha256_migration.log
, with some additional general messages to the artifactory.log file
.
To maintain backward compatibility with existing scripts, the Set Item SHA256 Checksum REST API endpoint is still supported.
The performance of metadata calculation on RPM repositories has been significantly enhanced by performing different metadata calculations in parallel making resolving and deploying packages with RPM repositories much faster.
NuGet repository performance has been significantly improved when resolving dependencies or searching for artifacts. The improved performance is especially significant for repositories that host many artifacts.
Artifactory will now maintain previous metadata file versions on RPM repositories (primary, other, filelists) making them available for download while new ones are being generated.
This is very useful when RPM metadata is updated very frequently. If a client working with an Artifactory RPM repository downloads the repomd.xml
file, and the rest of the metadata files (primary, other, filelists) expire in the meantime, the expired version of these files will still be available allowing the client to complete the required download.
Artifactory now provides access to the Groovy source code of user plugins through the Retrieve Plugin Code REST API endpoint.
You can now configure Artifactory to allow new users who are created by logging in via LDAP to be able to access their profile page. This means that these users can now access a set of functions such as generating their API key, setting their SSH public key, configuring their JFrog Bintray credentials, and updating their password.
Artifactory now supports additional MIME types to allow viewing .log, .yml
and .yaml
files directly in the UI (as opposed to having to download them first). These file types are now added to the preconfigured mimetypes.xml
file.
For new Artifactory installations, Artifactory automatically generates a Master Encryption Key and then uses it to encrypt all passwords hosted on the instance. Decrypting passwords and encrypting them back is possible through the REST API.
To maintain consistent behavior for existing installations, upgrading to this new version will not automatically encrypt passwords.
You can now configure Artifactory's UI session timeout using the artifactory.ui.session.timeout.minutes system property.
Artifactory's checksum-based storage stores files in folders named after the first two characters of their checksum. When using S3 object storage, this feature has been enhanced allowing you to configure the number of characters that should be used to name the folder. For example, you can configure your S3 binary provider to store objects under folders named after the first 4 characters of their checksum.
NullPointerException
to be thrown when there were many deployments on a Maven repository that had a watch configured on it. The NullPointerException
would cause metadata calculation to stop and was due to the multiple deployments causing a race condition. For a complete list of changes please refer to our JIRA Release Notes.
Released: September 26, 2017
This version replaces version 5.5.0 in which a critical issues was discovered.
For an Artifactory HA installation, there are two options to upgrade to version 5.5.1 and above from a version below 5.4.6
This note only refers to upgrading Artifactory Enterprise HA installations.
Artifactory versions 5.5.1 implements a database schema change to natively support SHA-256 checksums. If your current version is 5.4.6, you may proceed with the normal upgrade procedure described in Upgrading an Enterprise HA Cluster.
If your current version is below 5.4.6, to accommodate this change, you may select one of the following two upgrade options:
artifactory.log
file:To upgrade your HA installation to this version, you first need to upgrade to version 5.4.6 which implements changes required to accommodate a database schema change.
For a complete list of changes please refer to our JIRA Release Notes.
Released: October 29, 2017
Hash sum mismatch errors may sometimes cause apt-get update
requests to Debian repositories to fail due to rotation of Debian metadata files. Artifactory now overcomes this issue by storing historical versions of the metadata files by their checksum and supporting the Acquire-By-Hash flag for Debian repositories. This allows Debian clients to download package metadata files by their checksum.
This is very useful when Debian metadata is updated very frequently. If a client working with an Artifactory Debian repository downloads the metadata files, and they expire in the meantime, the expired version of these files will still be available allowing the client to complete the required download.
Artifactory remote repositories normally send a HEAD request to a remote resource before downloading an artifact that should be cached. In some cases, the remote resource rejects the HEAD request even though downloading artifacts is allowed. Through the remote repository configuration, Artifactory now lets you specify that remote repositories should skip sending HEAD requests before downloading artifacts to cache.
Artifactory now supports rewriting external dependencies for various Git and GiHub URLs. For a full list of supported URLs, please refer to Automatically Rewriting External Dependencies
/api/search/latestVersion
REST API endpoint, Artifactory would erroneously query remote repositories. This has now fixed, so Artifactory will only search in remote repositories (in addition to local and remote repository caches) when remote = 1
is added as query param.npm search
against an npm registry would fail if one of the packages in the results would be in the following structure: “maintainers” : “<user name> <user email>”
, because Artifactory was expecting the structure to be: "maintainers": [ {"name": "<user name>", "email": "<user email" } ]
Fixed an issue in which a 500 error with be returned when running one of the following REST API endpoints on Docker registries while and using an API key for authentication:
/api/storage /api/docker/{repo-key}/v2/{image name}/tags/list /api/docker/{repo-key}/v2/_catalog
Fixed an issue which caused checksum deploy to sometimes fail with a 500 error. A common manifestation of this issue was replications that would fail for certain artifacts. When this error occurred, a stack trace similar to the below could be seen in the log files.
java.lang.NullPointerException: null at org.artifactory.repo.db.DbStoringRepoMixin.shouldProtectPathDeletion(DbStoringRepoMixin.java:814) at org.artifactory.repo.db.DbStoringRepoMixin.shouldProtectPathDeletion(DbStoringRepoMixin.java:792)
For a complete list of changes please refer to our JIRA Release Notes.
Released: June 20, 2017
The management of Access Tokens, which were introduced in Artifactory 5.0, has moved to a separate service named Access. which is installed as a separate web application. This change has no impact on how access tokens are used, however, the Artifactory installation file structure now also includes an added WAR file, access.war,
under the $ARTIFACTORY_HOME/webapps
folder. Artifactory communicates with the Access Service over HTTP and assumes it is running in the same Tomcat using the context path of "access".
Using access tokens through the new Access service is backwards compatible, so tokens created with earlier versions can be used for authentication with this latest version of Artifactory.
Breaking Change: Note that the change is not forwards compatible, so tokens created from version 5.4 and above cannot be used for authentication with versions previous to 5.4. This may impact a circle of trust in which some instances are running versions below 5.4 while others are running version 5.4 and above.
Running Artifactory as a service?
If you are running Artifactory as a service, once you complete the steps to upgrade to this version or later, and have replaced all files removed during the upgrade process, you need to run the InstallService script as described at the end of the upgrade instructions.
JFrog Artifactory now supports Azure Blob Storage as a new object storage provider to store artifacts. Azure Blob Storage offers massively scalable enterprise storage for Artifactory supporting unstructured data of any type with strong consistency, object mutability, geo-redundancy and more. This new option opens up the opportunity to co-locate Artifactory and its storage together with all the other services that you use on the Microsoft Azure platform.
Artifactory now supports client certificates for remote repositories facilitating secure connections with remote resources that require them (e.g., Red Hat Network that requires a Red Hat client certificate for authentication). This means that Artifactory will now be able to send the client certificate when attempting to connect to the remote resource over HTTPS.
npm login
command as a way to authenticate the NPM client. Basic authentication is also still supported. lenientLimit
parameter for a Sharding-Cluster Binary Provider has been modified to be 1. This will allow users to continue uploading to a cluster node even if it is the only active node without having to reconfigure this parameter. Note that for filestores configured with a custom chain, the lenientLimit
parameter will remain 0 to maintain consistency with previous versions. Therefore, the lenientLimit
parameter will only default to 1 when using built-in templates. dependencies
" element of the package.json
file and would skip the dependencies listed in the optionalDependencies
and devDependencies
elements.package.json
file. artifactory.artifactory.tokens.cache.idleTimeSecs
system property that managed this timeout and increasing its default value from 5 minutes to 10 minutes. Fixed an issue in which existing repositories enabled for indexing by JFrog Xray did not trigger indexing automatically and required you to manually trigger indexing through the JFrog Xray UI or using the REST API.
Fixed an issue in which using mvn site-deploy
with the maven-site-plugin
to upload a site to Artifactory would fail when the site's URL contained a dot ('.') in its path (e.g. libs-snapshot-local/./file.jar
)
Fixed an issue in which NuGet virtual repositories that aggregated more than one local or remote repository would omit results or return duplicate results when searching for a package.
Fixed an issue in which upload to a repository would fail, if an event-based replication defined for the repository failed for any reason. Following the fix, uploading a file to the repository succeeds even if replication fails.
For a complete list of changes please refer to our JIRA Release Notes.
Released: June 22, 2017
For a complete list of changes please refer to our JIRA Release Notes.
Released: June 30, 2017
For a complete list of changes please refer to our JIRA Release Notes.
Released: July 3, 2017
systemd
init system would have fail with a “The currently installed Artifactory version does not have the same layout as this DEB!” error.For a complete list of changes please refer to our JIRA Release Notes.
Released: July 6, 2017
For a complete list of changes please refer to our JIRA Release Notes.
Released: July 18, 2017
Artifactory's support for Puppet repositories has been significantly upgraded by introducing support for librarian-puppet
and r10k
allowing extended configuration management with these popular Puppet clients. In addition, Artifactory also exposes new REST API endpoints to retrieve Puppet modules and releases to facilitate automated configuration management using Puppet.
For a complete list of changes please refer to our JIRA Release Notes.
Released: August 7, 2017
Artifactory now supports pagination when listing Docker image tags and retrieving a registry's catalog using the REST API.
This can be useful for automation purposes and Docker clients that use pagination parameters.
Fixed an issue in which when resolving a package from an npm repository, Artifactory would throw a deserialize error to the log file if one of the package's dependencies in the corresponding package.json
file was declared using the following format:“<dependency_name>” : { “version” : “<version_number>” }.
For example: the "deep-diff" package uses this format. As a result, the npm client would fail to resolve the package.
Fixed an issue that prevented using Git LFS client v1.x with Git LFS repositories in Artifactory when using SSH.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 11, 2017
Due to a critical issue, if you are upgrading from a version below 4.4.1 directly to version 5.3, Artifactory will fail to start up. A patch has been released, and if your current version is below 4.4.1 you should upgrade to Artifactory 5.3.1.
Artifactory now supports granting Admin privileges to a group of users which greatly improves the user experience since previously you could only provide Admin privileges to users individually.
This allows you to import a group from your LDAP or Crowd server and grant Admin privileges to the whole group in a single action.
Artifactory will now accept a custom SAML attribute that can be mapped to existing groups (including imported LDAP groups). If a SAML user has the custom SAML attribute he will now inherit the permission specified in the corresponding group in Artifactory for the current login session.
systemd
on Linux distributions that support it. The script will automatically detect if systemd
is supported, and if not, will use init.d
as currently implemented.Fixed an issue that prevented using Git LFS client v2.x with Git LFS repositories in Artifactory when using SSH.
Fixed a resource leak that was introduced when "Enable Dependency Rewrite" was enabled in virtual NPM repositories. This issue may have caused depletion of different resources such as open file handles, database connections and storage streams.
Fixed an issue that prevented pushing or pulling Docker images that had foreign layers when the image also had a "history" field in its config.json
file.
Fixed an issue that caused a login failure when the "List Contents" permission in Active Directory was enabled for an Admin, but not for the user that was attempting to log in.
Fixed an issue related to Maven repositories in which the wrong artifact may have been retrieved for a download request since Artifactory did not consider the full path beyond the GAV coordinates.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 24, 2017
This is a patch that fixes a critical issue that was discovered in version 5.3.0 in which after upgrading from a version below Artifactory 4.4.1 directly to Artifactory 5.3.0, Artifactory failed to start up.
Note that this issue did not affect upgrades from Artifactory 4.4.1 and above.
For a complete list of changes please refer to our JIRA Release Notes.
Released: June 7, 2017
Fixed an issue in which, when upgrading an Artifactory HA cluster with 2 or more nodes, from version 5.x to version 5.3.x, Artifactory would throw a HazelcastSerializationException when displaying the UI. In the process of upgrading the cluster, you will still encounter this issue from nodes that have not yet been upgraded.
For a complete list of changes please refer to our JIRA Release Notes.
Released: March 28, 2017
Improved the performance of property search when using PostgreSQL.
This will significantly improve Docker operations on Artifactory Docker registries as the property search mechanism is used upon searching for Docker layers.
conanfile.txt
file. This enables Artifactory to fully extract [env] variables with multiple values and assign all those values to the corresponding property annotating the package in Artifactory.debootstrap
. debootstrap
. For a complete list of changes please refer to our JIRA Release Notes.
Released: April 13, 2017
Authentication using access tokens has undergone two significant enhancements.
When upgrading an Artifactory HA installation from version 4.x to version 5.x, managing the bootstrap bundle has been improved to become an automatic and seamless process. Artifactory will now create the bootstrap bundle on the primary node automatically, and extract it to the secondary nodes, so there is no longer any need to create and copy the bootstrap bundle manually.
Control Build Retention : A new REST endpoint that lets you specify parameters for build retention has been added. Previously build retention could only be specified when uploading new build info. This enhancement provides an easy way to configure cleanup procedures for different jobs, and reduces the risk of timing out when deploying heavy build info.
Artifactory is now aligned with the Docker spec and returns an authentication challenge for each Docker endpoint (even when anonymous access is enabled). This means that when using internal Artifactory Docker endpoints, you must first retrieve an authentication token which must then be used for all subsequent calls by your Docker client.
Fixed an issue in which NuGet virtual repositories that aggregated more than one local or remote repository may have omitted results when searching for a package.
When an Artifactory user with no "Delete" permissions was trying to deploy a build while specifying build retention, Artifactory would try and delete old builds and return a 500 error. This has now been fixed, and Artifactory will, instead, return a 403 error.
For a complete list of changes please refer to our JIRA Release Notes.
Released: February 21, 2017
Artifactory meets the heart of DevOps adding full support for configuration management with Chef. Share and distribute proprietary Cookbooks in local Chef Cookbook repositories, and proxy remote Chef supermarkets and cache remote cookbooks locally with remote repositories. Virtual Cookbook repositories let you access multiple Cookbook repositories through a single URL overcoming the limitation of the Knife client that can only access one repository at a time.
Artifactory now also fully supports configuration management with Puppet. Use local Puppet repositories to share and distribute proprietary Puppet modules, and use remote Puppet repositories to proxy and cache Puppet Forge and other remote Puppet resources. Use a virtual Puppet repository so the Puppet client can access multiple repositories from a single URL.
disableUIAccess
element in the Security Configuration JSON. For a complete list of changes please refer to our JIRA Release Notes
Released: March 8, 2017
Note: Due to a critical issue found when uploading files larger than 100MB to S3 compatible storage, this version has been removed from JFrog Bintray.
Fixed a performance issue related to the "Most Downloaded Artifacts" widget on the Artifactory Home Page which, when refreshed, could cause the Artifactory database to stall on instances with a large number of artifacts.
Added support for Conan client v0.20.0 which includes a new section in the conanfile to allow adding environment variables and custom properties. These are indexed in Artifactory as properties and can be used in searches.
Improved performance of queries for artifacts which include an underscore character ("_") in their name. This is especially important for resolution of Docker images since all Docker layers include an underscore in the layer name.
For a complete list of changes please refer to our
JIRA Release Notes.
Released: March 9, 2017
Fixed issue related to uploading files larger than 100MB to S3 bucket.
Fixed issue causing display wrong information in “Most Downloaded Artifacts” when working with OraleDB.
For a complete list of changes please refer to our
JIRA Release Notes.
Released: March 19, 2017
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 31, 2017
If you are managing your Artifactory licenses through JFrog Mission Control, Cluster License Management will also be supported in Mission Control, starting from version 1.8, scheduled for release with the next release of Artifactory which is scheduled for February 2017.
To perform a clean installation of Artifactory HA, please refer to HA Installation and Setup.
To upgrade your current installation of Artifactory HA, please refer to Upgrading Artifactory HA.
Installing and running the Artifactory Docker image has been greatly simplified. Essentially it is now a matter of running docker pull
and then docker run
, while passing in mounted volumes to maintain persistence.
Artifactory 5.0 introduces access tokens as a new and flexible means of authentication allowing cross-instance authentication, authenticating both users and non-users, providing time-based access control and group-level access control.
When starting up for the first time, Artifactory presents two new ways to get you through basic setup and configuration so you can get started immediately. The first is the Onboarding Wizard that creates default repositories for package types you select, sets up a reverse proxy, sets the Admin password and more. The second is a YAML Configuration File in which you can configure the same parameters that the wizard is used for. For example, once you have configured your first instance of Artifactory through the Onboarding Wizard, you can generate the YAML Configuration File from it and use that to spin up additional instances with the same initial configuration.
The Artifactory Home Screen has been completely redesigned in version 5.0. The new Home Screen provides quick and easy access to some of the most common actions taken by users including searching for artifacts using any of the search methods available, creating new repositories, displaying the "Set Me Up" dialog for any repository, showing information on the latest builds and downloaded artifacts and more.
Breaking Changes
proxy_next_upstream http_503 non_idempotent;
. Artifactory's direct integration with Black Duck Code Center has been deprecated. To continue using the Black Duck service, you can connect Artifactory to JFrog Xray which has integrated with Black Duck as an external provider of issues and vulnerabilities.
The Artifactory /repo
repository endpoint is being deprecated. As part of the deprecation, any requests to the global /repo
repository will no longer be valid, regardless to the value of the artifactory.repo.global.disabled
system property. If you believe this deprecation will affect existing build jobs or scripts that are referencing the global repo, due to the deprecation, you will now be able to create your own standard Virtual Repository and call it “repo”, since the name will no longer be reserved.
The startup and shutdown scripts have changed in Artifactory 5.0. Previously, these scripts used to create the "Artifactory" user as a standard user. To improve security, the user is now created without a login shell and the execution scripts use "su -s" (instead of "su -l") which means that the Artifactory user will not be available for any purpose other than for startup and shutdown.
The version of Tomcat used in Artifactory 5.0 has been upgraded to 8.0.39. This version of Tomcat no longer supports unencoded URLs, so the REST API endpoints which used a pipe character ("|") as a separator have undergone corresponding changes so you can use a semicolon (";") as a separator instead, or use escaping to represent a pipe as %7C. Any scripts that use these endpoints may have to be changed to support the new specification. For details, please refer to Set Item Properties as an example.
Your Artifactory session ID is now stored in a SESSION cookie (instead of a JSESSIONID cookie).
/repo
repository has been deprecated.For a complete list of changes please refer to our JIRA Release Notes.
Released: February 7, 2017
A limitation in Artifactory HA, that potentially prevented you from accessing large support bundles, and prevented Artifactory from starting up, has been removed. Now, you can access the support bundle for any node in an HA cluster regardless of its size.
An issue preventing Artifactory from starting up when using IBM JDK 8 has been fixed.
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 16, 2017
As a critical link between JFrog Xray and Jenkins CI (more CI servers will be added in future releases), Artifactory adds support for Xray's CI/CD integration allowing you to fail build jobs if vulnerabilities are found in the build. Artifactory acts as an intermediary between Jenkins and JFrog Xray.
You can configure the Jenkins Pipeline to send a synchronous request to Xray to scan a build that has been uploaded to Artifactory. Artifactory passes the request on to Xray which scans the builds in accordance with Watches you defined, and respond with an indication to fail the build job if an alert is triggered.
Xray CI/CD integration is supported from Artifactory 4.16, JFrog Xray 1.6 and Jenkins Artifactory Plugin 2.9.0.
Add support for JFrog Xray CI/CD integration allowing you to fail build jobs if the build scan triggered an alert.
Fix an issue in which createdBy
and modifiedBy
fields were missing after running an import.
Released: March 15, 2017
For a complete list of changes please refer to our JIRA Release Notes.
Released: December 13, 2016
Artifactory brings binary repositories to the world of C/C++ development with support for Conan repositories. By supporting the Conan client, Artifactory offers enterprise grade repository management supporting high-availability, fine-grained access control, multi-site development, CI integration and more. Providing an in-house local repository for C/C++ binaries, Artifactory is a secure, robust source of dependencies and a target to efficiently upload packages built through Conan. C/C++ development will never be the same again.
For a complete list of changes please refer to our JIRA Release Notes.
Released: October 20, 2016
Artifactory now supports development with PHP as a fully-fledged PHP Composer repository. Create local repositories to host your internal PHP packages, or proxy remote resources that host PHP index files or PHP binary packages.
For a complete list of changes please refer to our JIRA Release Notes.
Released: November 1, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: November 27, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: December 7, 2016
If Artifactory is unable to decrypt data with the current Master Key (the contents of the artifactory.key
file), you can now set the artifactory.security.master.key.numOfFallbackKeys
property in the artifactory.system.properties
file which specifies the number of previous keys Artifactory should try and use to decrypt data .
For a complete list of changes please refer to our JIRA Release Notes .
Released: September 21, 2016
Artifactory now implements MBeans that let you monitor appenders that send log information to Sumo Logic for log analytics.
Enhancements to the Xray integration including globally enabling or disabling the integration, download blocking and specific artifact/path scanning.
JMX MBeans that monitor appenders that send log data to Sumo Logic for log analytics.
For a complete list of changes please refer to our JIRA Release Notes.
Released: October 13, 2016
An issue, in which Bower packages downloaded from virtual repositories were returned "flat" rather than in their original structure, has been fixed.
The system logs are refreshed periodically. An administrator can now pause the countdown to refresh the system log.
The order in which different repository types are sorted in the tree browser can now be set by a system property.
Performance when managing Groups and Users for permission targets has been improved.
For a complete list of changes please refer to our JIRA Release Notes.
Released: October 18, 2016
Fixed security issue and minor bugs.
For a complete list of changes please refer to our JIRA Release Notes.
Released: August 29, 2016
Note: This release replaces version 4.12.0 due to a critical issue that was found.
To monitor resource usage, Artifactory now implements JMX MBeans that monitor HTTP connections. This exposes a variety of new parameters that you can monitor such as remote repositories, JFrog Xray client connection, distribution repositories, replication queries, HA event propagation and more.
With support for virtual YUM repositories, you can both download and upload RPMs using a single URL.
Support YUM Virtual Repositories.
JMX MBeans support has been expanded to allow monitoring HTTP connections.
A remote repository and its corresponding cache are now collated in the Artifact Repository Browser and displayed together rather than in separate sections.
As a convenience feature, you can now filter users to be removed from a group or repositories to be removed from a permission target.
A targetInfo
variable has been added to the Replication User Plugin context allowing you to specify the target Artifactory URL and repository.
api/dependencies
queries has been improved.Push replication now supports synchronizing download stats (for local repositories). To avoid inadvertent deletion artifacts, this is recommended when setting up replication for disaster recovery.
For a complete list of changes please refer to our JIRA Release Notes.
Released: September 7, 2016
Fix an issue that caused existing Docker layers to be uploaded to the wrong path when deploying to a virtual repository.
This patch will also include a conversion to move layers from the wrong path to the correct path.
Fix "AWS EC2 IAM SessionCredentials" refresh token process, when using IAM role and time is set to any time zone other than GMT.
For a complete list of changes please refer to our JIRA Release Notes.
Released: September 14, 2016
Fix an issue causing DB to behave unexpectedly when using /api/gem/dependencies query on RubyGems repositories with a very large set of artifacts.
Fix an internal server error on "Artifacts Not Downloaded Since" REST api.
For a complete list of changes please refer to our JIRA Release Notes.
Released: July 31, 2016
The first official version of JFrog Xray, version 1.0 has been co-released with this version of Artifactory. JFrog Xray 1.0 supports Artifactory 4.11, and above.
To integrate JFrog Artifactory 4.11 with JFrog Xray 1.0 you need to take the following steps:
If you are doing a clean installation of JFrog Artifactory 4.11, follow the usual instructions under Installing Artifactory, and then install JFrog Xray as described in the JFrog Xray User Guide.
If you are upgrading from a previous version of JFrog Artifactory to which you had connected the JFrog Xray preview version, please follow these instructions to create a clean environment for installation.
This version presents several improvements in performance including deletion of an artifact's properties, garbage collection and data import and restoring artifacts from the trash can.
Performance when making many changes (e.g. Delete all) to an artifact's properties has been greatly improved.
Performance of the trash can has been greatly improved both when deleting artifacts or restoring them from the trash can.
Garbage collection and data import performance has been greatly improved by separating these two actions in different threads.
For artifacts that are indexed by JFrog Xray, the General tab in the tree browser now displays Xray indexing and status information.
Repository Configuration REST API endpoint has been updated to provide caller with the same information that is available, according to that user's permissions, when querying a repository through the UI .
A fix has been put in place to prevent a security issue due to "LDAP Attribute Poisoning" (CVE-2016-6501).
JFrog would like to thank Alvaro Munoz and Oleksandr Mirosh of Hewlett Packard Enterprise for reporting this issue and for working with JFrog to help protect our customers.
Null pointer exception error is thrown when a property has a NULL value (RTFACT-12058).
This might be caused by YUM metadata calculation when a YUM group is being used causing the vendor value to be NULL.
As a workaround for this issue you can set the following system property artifactory.node.properties.replace.all=true under $ARTIFACTORY_HOME/etc/artifactory.system.properties and restart Artifactory service. (in case you are using High Availability set up this change need to be done on each node).
Make sure to change the value back to false after you upgrade to a later version since this issue is already fixed and leaving it to true will result in Artifactory not using the new properties update mechanism.
For a complete list of changes please refer to our JIRA Release Notes.
Released: August 14, 2016
Several improvements have been made for Docker registries in Artifactory.
In addition to listing files in Amazon S3 storage, Artifactory can now also list files in Google S3 storage.
Artifactory is now available for installation as a Debian distribution for Xenial (Ubuntu 16.04).
For a complete list of changes please refer to our JIRA Release Notes.
Released: August 17, 2016
Fix sending unnecessary delete event to Xray when overriding file with the same checksum.
For a complete list of changes please refer to our JIRA Release Notes.
Released: July 19, 2016
This version introduces the capability for integration with Sumo Logic Log Analytics. Artifactory creates an account with Sumo Logic so you can view advanced analytics of your Artifactory logs to discover performance bottlenecks, attempts at unauthorized server access and more.
You can now configure how many snapshots of each docker image tag Artifactory should store before deleting old snapshots to avoid them accumulating and bloating your filestore.
For a complete list of changes please refer to our JIRA Release Notes.
Released: July 3, 2016
This version introduces the capability for full integration with JFrog Xray, Universal Artifact Analysis, that reveals a variety of issues at any stage of the software application lifecycle. By scanning binary artifacts and their metadata, recursively going through dependencies at any level, JFrog Xray provides radical transparency and unprecedented insight into issues that may be lurking within your software architecture.
docker login
command. Currently all Docker repositories support both authenticated and anonymous access according to the permission configuration making this field obsolete.This is especially useful for users representing different tools that interact with Artifactory such as CI servers, build tools, etc. artifactory.security.useBase64
flag in artifactory.system.properties
and as a consequence artifactory.security.authentication.encryptedPassword.surroundChars.
For a complete list of changes please refer to our JIRA Release Notes.
Released: July 14, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 23, 2016
A new repository type designed to let you push your software out to customers and users quickly and easily through JFrog Bintray. Once set up, access to Bintray is managed by Artifactory so all you need to do is put your artifacts in your distribution repository, and they automatically get pushed to Bintray for distribution.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 23, 2016
From version 4.8.1, Artifactory OSS is licensed under AGPL 3.0 (previously LGPL 3.0).
Added support for distribution dry run as well as support for both named and unnamed capture groups when specifying repositories and paths for distribution provides enormous flexibility in how you upload files to Bintray.
Major improvement in tree loading time when working on large scale tree with thousands of entries.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 23, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: March 31, 2016
Artifactory is the only repository manager that supports remote and virtual Git LFS repositories. Use remote repositories to easily share your binary assets between teams across your organization by proxying Git LFS repositories on other Artifactory instances or on GitHub. Wrap all your local and remote Git LFS repositories in a virtual repository allowing your Git LFS client to upload and download binary assets using a single URL.
AQL has two great new features!
Added a new Promotion domain. This allows you to run queries on builds according to details on their promotion status. For example, find the latest build with that has been promoted to "release" status.
In addition, we now support running queries across multiple domains, for example items.find().include("archive.entry","artifact.module.build"). This is especially useful since permissions can now be supported for domains which until now where available for admins only.
We have removed the need to configure separate repositories for anonymous and authenticated users. Previously when anonymous access was enabled, Docker repositories allowed unauthenticated access, but in order to support authenticated access, using docker login for example, you had to use the "Force Authentication" flag. This limitation is now removed and anonymous users can pull and push, according to configured permissions, to all repositories, including ones checked with the "Force Authentication" flag.
As a result, the "Force authentication" checkbox in Docker repository settings is deprecated. It is currently left in the UI in a checked and immutable state for reference only, and will be removed in a future version.
NOTE: Anonymous users can continue working with existing repositories where "Force Authentication" was set to false. In a later version when this configuration will be removed, authenticated users will be able to work with those repositories as well.
Added support to validate that a returned artifact matches the expected Mime-Type. For example, if you request a POM file but receive an HTML file, Artifactory will block the file from being cached. When such a mismatch is detected, Artifactory will return a 409 error to the client.
By default Artifactory will block HTML and XHTML Mime-Types. You can override this configuration from the Advanced tab in the remote repository configuration to specify the list of Mime-Types to block.
There's no need to save your credentials in a text file. As another way to authenticate when using AWS S3, you can now use an IAM role instead of saving the credentials in the $ARTIFACTORY_HOME/etc/storage.properties
file.
For a complete list of changes please refer to our JIRA Release Notes.
Released: April 4, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: April 4, 2016
To support disaster recovery in JFrog Mission Control, you can now globally block replication regardless of configuration in specific repositories.
Configure login link to automatically redirect users to the SAML login page.
AQL supports specifying time intervals relative to when queries are run.
Add support for the NuGet --reinstall
command.
Add support for the Npm --tag
command.
Add support for AWS version parameter in Filestore Configuration.
Exposed a method to get or set user properties in Artifactory's Public API.
For a complete list of changes please refer to our JIRA Release Notes.
Released: April 17, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: April 20, 2016
Resolution from virtual repository might result in 409 error which can cause unexpected behavior if client doesn't handle error gracefully.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 1, 2016
Added support for SHA-256 hashing for Debian packages.
Added a new REST API to schedule an immediate pull, push, or multi-push replication. This replaces the old replication REST API which has been deprecated.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 9, 2016
Significantly improved performance of Maven metadata calculation on path which contains a large number of versions.
Disable the /repo
repository for new Artifactory SaaS instances provisioned.
NOTE: For existing customers this change will take effect next time the artifactory.system.properties
is re-created. This can happen when an Artifactory server is migrated to another region, or during certain maintenance operations.
For a complete list of changes please refer to our JIRA Release Notes.
Released: May 15, 2016
Fixed PyPI compatibility issue. Package names will be normalized as described in PyPI spec (PEP 503).
After upgrading an automatic reindex will be triggered for all PyPI repositories.
For a complete list of changes please refer to our JIRA Release Notes.
Released: March 13, 2016
This release presents great advances in filestore management with the following features:
Advanced Filestore Configuration: A new mechanism that lets you customize your filestore with any number of binary providers giving you the most flexible filestore management capability available today.
Filestore Sharding: Through filestore sharding, Artifactory offers the most flexible and reliable way to scale your filestore indefinitely.
Google Cloud Storage: Artifactory now supports another option for enterprise-grade storage with Google Cloud Storage.
AWS S3 object store: Artifactory now supports server-side encryption for AWS S3 object store.
From this version, there is no limitation on the number of Docker repositories you can create on AOL. You can now access Docker repositories on AOL through {account_name}-{repo-key}.jfrog.io
The Tomcat bundled with Artifactory has been upgraded to version 8.0.32.
Artifactory is now a private Bower registry as well as a repository for Bower packages. You can now use the bower register
commands to register your packages to any remote or virtual Bower repository in Artifactory proxying your internal VCS server (e.g. Stash, Git, BitBucket).
This release includes the following main updates:
For a complete list of changes please refer to our JIRA Release Notes.
Released: March 21, 2016
For a complete list of changes please refer to our JIRA Release Notes.
Released: February 14, 2016
Manage your dependencies for Apple OS development through Artifactory. Artifactory supports CocoaPods with local and remote repositories.
For a complete list of changes please refer to our JIRA Release Notes.
Released: February 18, 2016
This release fixes a security vulnerability related to OAuth.
YUM memory management had undergone additional tuning to further improve performance.
For a complete list of changes please refer to our JIRA Release Notes.
Released: February 28, 2016
This is a minor update that provides several bug fixes.
For a complete list of changes please refer to our JIRA Release Notes.
Artifactory 4.4 brings more advancements to security capabilities including:
Artifactory is now a fully fledged Opkg repository, and generates index files that are fully compliant with the Opkg client. Create local repositories for your internal ipk packages, or proxy remote Opkg repositories. Provide GPG signatures for use with the Opkg client, and manage them using the UI or through REST API.
Artifactory now provides a trash can that prevents accidental deletion of important artifacts from the system. All items deleted are now stored for a specified period of time configured by the Artifactory administrator, before being permanently removed.
For a complete list of changes please refer to our JIRA Release Notes.
Released: January 13, 2016
An Artifactory administrator can now force all users to change their password periodically by enabling a password expiration policy.
An Artifactory administrator can now enable users, who are authenticated using external means such as SAML SSO, OAuth or HTTP SSO, to access their profile and generate an API Key or modify their password.
In addition to NGINX, Artifactory now also provides you with the code snippet you need to configure Apache as your reverse proxy. Just feed in your reverse proxy settings, including your handling of Docker repositories, and Artifactory will generate the configuration script you can just plug into your Apache reverse proxy server.
For a complete list of changes please refer to our JIRA Release Notes.
In addition to several bug fixes, this minor update fixes an issue with backward compatibility for S3 Object Store when upgrading to Artifactory v4.3 and above.
This version also presents a significant improvement in download performance.
For a complete list of changes please refer to our JIRA Release Notes.
You can now use your API key as your password for basic authentication. This means that clients that cannot provide the API key in a header, can still be authenticated with the API key by including it instead of the password in the basic authentication credentials.
Using the List Docker Images REST API, you can get a list of images in your Docker repositories.
Major improvements in performance when working with YUM repositories, showing up to 300% faster indexing of RPM packages.
This release includes the following main updates:
For a complete list of changes please refer to our JIRA Release Notes.
You may now authenticate REST API calls with an API key that you can create and manage through your profile page or through the REST API.
Run a search based on a specific packaging format with dedicated search parameters for the selected format. Performance is improved since search is restricted to repositories with the specified format only.
Generate the information that our support team needs to provide the quickest resolution for your support tickets.
Remove the dependence on external artifact resources for Bower and Npm. When downloading a Bower or Npm package, Artifactory will analyze the package metadata to evaluate if it needs external dependencies. If so, Artifactory will download the dependencies, host them in a remote repository cache, and then rewrite the dependency specification in the original package's metadata and point it to the new location within Artifactory.
JFrog S3 object store now supports S3 version 4 allowing you to sign AWS with Signature v4. Multi-part upload and very large files over 5 GB in size are now also supported.
For a complete list of changes please refer to our JIRA Release Notes.
Artifactory now provides a mechanism to generate reverse proxy configuration for NGNIX. This is very helpful when using clients, like Docker, that require a reverse proxy.
Artifactory now supports GCS as a storage provider for you Artifactory instance.
Artifactory now supports batch calls from the Git LFS client allowing batch multiple file uploads.
For a complete list of changes please refer to our JIRA Release Notes.
For a complete list of changes please refer to our JIRA Release Notes.
When issuing requests through generic remote repositories in Artifactory, you may include query params in the request, and Artifactory will propagate the parameters in its request to the remote resource.
Source Absence Detection for Smart Remote RepositoriesYou can configure whether Artifactory should indicate when an item cached in a smart remote repository has been deleted from the repository at the remote Artifactory instance.
For a complete list of changes please refer to our JIRA Release Notes.
In addition to implementing several bug fixes and minor improvements, this release introduces a Debian Artifactory installation and Deploy to Virtual repositories .
Artifactory can now be installed as a Debian package.
Artifactory now supports deploying artifacts to a virtual repository via REST API. All you need to do is specify a local repository aggregated within the virtual repository that will be the deploy target.
Artifactory now supports login and authentication using OAuth providers. Currently, Google, Open ID and GitHub Enterprise are supported.
AQL has been greatly extended to include several additional domains, including Build and Archive.Entry as primary domains, giving you much more flexibility in building queries.
For a complete list of changes please refer to our JIRA Release Notes.
Cloud Foundry UAA is now supported as an OAuth provider.
In addition to SHA1 and MD5, SHA2 checksums are now supported also.
For a complete list of changes please refer to our JIRA Release Notes.
For a complete list of changes please refer to our JIRA Release Notes.
In addition to implementing several bug fixes and minor improvements, this release introduces Smart Remote Repositories and Virtual Docker Repositories.
Define a repository in a remote Artifactory instance as your remote repository and enjoy advanced features such as automatic detection, synchronized properties and delete indications.
Aggregate all of your Docker repositories under a single Virtual Docker Repository, and access all of your Docker images through a single URL.
For a complete list of changes please refer to our JIRA Release Notes.
This is a minor update that provides a fix for clients, such as Maven, that do not use preemptive authentication.
For a complete list of changes please refer to our JIRA Release Notes.
This is a minor update that provides a fix for Docker Login with anonymous access.
For a complete list of changes please refer to our JIRA Release Notes.
JFrog-Artifactory's user interface has been rebuilt from scratch to provide the following benefits:
JFrog Artifactory 4 supports Groovy 2.4 letting you enjoy the latest Groovy language features when writing User Plugins.
We strongly recommend you verify that all of your current User Plugins continue to work seamlessly with this version of Groovy.
JFrog Artifactory 4.0 only supports Tomcat 8 as its container for both RPM and standalone versions. If you are currently using a different container (e.g. Websphere, Weblogic or JBoss), please refer to Upgrading When Using External Servlet Containers for instructions on how to migrate to Tomcat 8.
Java
JFrog Artifactory 4.0 requires Java 8
Browsers
JFrog Artifactory 4. 0 has been tested with the latest versions of Google Chrome, Firefox, Internet Explorer and Safari.
User Plugins
Some features of Groovy 2.4 are not backward compatible with Groovy 1.8. As a result, plugins based on Groovy 1.8 may need to be upgraded to support Groovy 2.4.
Multiple Package Type Repositories
JFrog Artifactory 4.0 requires you to specify a single package type for each repository. For the specified package type, Artifactory will calculate metadata and work seamlessly with the corresponding package format client. For example, a repository specified as Docker will calculate metadata for Docker images and work transparently with the Docker client.
Artifactory will not prevent you from uploading packages of a different format to any repository, however, metadata for those packages will not be calculated, and the corresponding client for those packages will not recognize the repository. For example, if you upload a Debian package to a NuGet repository, Debian metadata will not be calculated for that package, and the Debian client will not recognize the NuGet repository.
You may specify a repository as Generic and upload packages of any type, however, for this type of repository, Artifactory will not calculate any metadata and will effectively behave as a simple file system. These repositories are not recognized by clients of any packaging format.
If your system currently includes repositories that support several package types, please refer Single Package Type Repositories to learn how to migrate them to single package type repositories.
This is a minor update that provides significant enhancements to our support for Docker, additional UI improvements as well as several bug fixes.
For a complete list of changes please refer to our JIRA Release Notes.
This is a minor update that provides support for the latest Docker client 1.8.
For a complete list of changes please refer to our JIRA Release Notes.
For release notes of previous versions of JFrog Artifactory, please refer to Release Notes under the Artifactory 3.x User Guide