Overview

This page describes the general and JFrog product-specific changes applied in the JFrog Platform for Cloud (SaaS) users. 

For a comprehensive list, see: Artifactory Release Notes | Xray Release Notes | Distribution Release Notes | Pipelines Release Notes | Mission Control Release Notes.

Unless otherwise stated, the updates below apply to all JFrog Cloud subscriptions.



30 September, 2021

JFrog Security CVE Research and Enrichment

Xray's integration with Vdoo introduces JFrog security CVE research and enrichment, a new capability that provides additional CVE details by the JFrog security research team, which comprises security experts that perform manual research on CVEs and suggest a new JFrog Severity Score and a deep technical overview that allows you to better understand the actual risk posed by the CVEs.

Xray Integration with Jira

Xray now can be integrated with Atlassian’s Jira Software enabling the automatic creation of Jira tickets based on Xray identified security threats and violations. 



Initial release of Insight 1.0.1 

Insight 1.0.1 includes all the trends and charts previously available with JFrog Mission Control.

New Dashboard Trends

Added a new trend, the Remote Repository Requests Metrics, which provides information on the status of remote repository requests, the performance of remote repository requests, and the Top 100 API calls.

Mission Control as a Microservice

From JFrog Artifactory version 7.27.3, Mission Control has been integrated directly into Artifactory as a service. You will no longer need to install Mission Control to use the features it provides, only to enable the service in Artifactory.


31 August, 2021

URL Normalization is Now Prevented for Remote Repositories

Remote repositories are now enabled with the new disableUrlNormalization parameter to prevent URL normalization from occurring. 







Added Namespace Support for Helm Virtual Repositories 

You can now assign namespaces to local and remote repositories in Helm virtual repositories, allowing you to explicitly state which aggregated repository to fetch.

Build Info Supports Aggregated Builds

Aggregated builds are builds that contain multiple steps and can run on multiple machines. Aggregated Builds are now represented by Build Info using the new 'type' parameter under the module section in the UI. 

Builds Info REST API Displays the VCS Parameter

The VCS property is now displayed in the BuildInfo REST API response.

PHP Composer V2 Support

Artifactory supports PHP Composer V2 in addition to V1. From Artifactory 7.24, Local PHP repositories will automatically be created in V2 that supports faster download times and enhanced performance. 

PHP Composer Drupal 7 and 8 Registry Support

You can now upload Drupal version 7 and 8 packages to PHP Composer remote repositories

Set a Grace Period before Failing Build

You can now set a grace period in a Policy for build failure, allowing you to stop a build from failing if violations exist, for the period of time you set (requires Artifactory version 7.25.x and higher).

New Filter in Watches

Filter the Watches list in the Watches page in Xray to narrow down and display only Watches that are relevant to you (requires Artifactory version 7.25.x and higher).

Filter Ignore Rules

Use an array of different filtering options to narrow down the list of Ignore Rules by the filter criteria you select (requires Artifactory version 7.25.x and higher). 

Xray Reports Clone

Create a clone of an existing report in Xray Reports to reuse a report and its defined settings, saving you the time of recreating reports that you use often. This feature requires Artifactory 7.23.x and above.

Release Bundle Details REST API

Added a new Release Bundle Details REST API that returns license and security violations found in a Release Bundle.



Support for Helm Blue-Green Deployments

Introduced three new native steps - HelmBlueGreenDeployHelmBlueGreenCleanup, and HelmBlueGreenRoleSwitch - to support Helm Blue/Green deployments on Pipelines for Helm deployments. This feature enables users to test releases in production before making them visible to users, while also providing a quick way to roll back changes if needed.

Pipeline-level Integrations and Resources

When defining a pipeline's YAML, integrations, input resources, output resources, and affinity groups can now be specified globally in the pipelines configuration section to apply them to all steps in the pipeline

Signed Pipelines Enhancements

  • Added signed pipelines support for Docker images pushed in a DockerPush step and signed release bundles created in the CreateReleaseBundle native step. For more information, see Signed Pipelines.
  • Added support for PowerShell versions for signed pipelines in the MvnBuild and GradleBuild native steps.

Support for Adding Values Definition in the UI

When using a template, you can now add values definition for the pipeline source without pointing it to an SCM repository and define the pipeline source values directly in the UI.

Support for SSH/HTTPS Clone for GitRepo Resource

The GitRepo resource now includes a new tag that can be configured to use either SSH or HTTPS protocol when cloning a Git repository.

Branch Name in Run View

When working with multi-branch pipelines, the run view now displays a breadcrumb that includes the name of the branch being used and a drop-down that lists all the branches. 

HTTPS Clone Support for BitBucket Server

Pipelines now provides HTTPS Clone support for BitBucket Server.

SMTP Credentials Integration Enhancement

Added a new option to the SMTP Credentials integration called ignoreTLS that provides more flexibility when connecting with SMTP servers.

Support for New AWS Region

Added support for the new AWS region in Osaka, prod-apne3.

31 July, 2021







Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality

The new Security Manager role enables a user to perform a wide range security-related project actions, as well as . additional functionalities for Xray in Projects, such as generating Global Xray Reports for a Project scope and applying Global Watches to Projects.

Docker Enhancements

  • Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.
  • Added Docker Buildx support, allowing you to easily build and push multi-architecture images using the Docker buildx CLI.
  • Added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

New Outbound Repository Request Log

Announcing a new Outbound Remote Repository Request Log, which allows you to track every request initiated by a remote repository including requests related to replication. 

Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu, which means that authenticated users will not need to re-authenticate to access the native browser.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+  
The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI.   

Managing Multiple Signing Keys

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+  

JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API

Generating an Identity Token through the Profile UI

The user profile now enables users to generate identity tokens, which means that any user can create a user identity token for themselves via the UI (or via REST API). Identity tokens are scoped tokens, providing limited and focused permissions, and when a user is deleted/disabled, their tokens are also revoked.

Dependencies Scan 

The Xray Dependencies Scan feature enables you to scan your source code dependencies to find security vulnerabilities and licenses violations, with the ability to scan against your Xray policies, using the JFrog CLI

On-Demand Binary Scan

Xray now provides on-demand binary scanning to address your needs using the JFrog CLI for fast results. You can point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary prior to uploading the binary or build to Artifactory.



Approval Gates

The approval gates feature enables you to insert a manual approval process for a step in a pipeline. Approvers can approve or reject steps, and receive Slack and e-mail notifications for steps that require approval.

Improved Logs for Signed Pipelines

Pipelines will now post logs to step consoles when steps are getting signed. This will help users to identify the cause of failures during the process of signing a pipeline.

Conditional Workflow

The conditional workflows feature enables users to choose if a step executes or skips based on certain conditions set for the previous upstream step, which provides more flexibility in the execution logic of a pipeline.

30 June, 2021









Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser allows browsing the contents of a repository in a plain HTML structured tree, so that authenticated users will not need to re-authenticate to access the native browser. The browser is available via the artifact URL or via the artifacts Actions menu.

A New Outbound Repository Request Log

A new Outbound Remote Repository Request log that allows you to track every request initiated by a remote repository including requests related to replication. 

Dynamic Release Bundle

Introducing the capability to create, sign, and distribute an ad-hoc.

Multiple GPG keys for Signing Release Bundles

Distribution now supports signing Release Bundles using Multiple GPG signing keys and not one key pair for all Release Bundles. This enables you to use different keys according to your organizational requirements.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+  
The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI. 

Managing Multiple Signing Keys

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+  

The JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API

Generating an Identity Token through the Profile UI

The user profile now enables users to generate scoped identity tokens. Any user can create a user identity token for themselves via the UI or via REST API. 

Docker Enhancements

As part of our ongoing effort to provide the best Docker-related experience, we have introduced enhancements related to the Docker remote repository flow, added Docker Buildx support, and added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

Improved Metadata Request Performance for Remote Repositories 

Customers can now configure the Metadata Retrieval Cache Timeout (Sec) parameter in the Remote Repository Cache Settings to control the Metadata timeout performance (the default value is 60 seconds). 




Security Manager Role in Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

The new Security Manager role can perform security-related project actions such as Manage Xray Data, Manage Reports, Manage Watches and Policies, and Ignore Global Violations.

Generate Xray Reports on a Project Scope

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +
You can now generate Global Xray Reports for selected Projects for all report types in Xray.

Apply Global Watches on Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +
You can now apply Global Watches on specific Projects enabling you to set rules and policies in the selected Projects. 

Garbage Collector

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +
Xray's Garbage Collector (GC) feature enables you to avoid race conditions between delete/create events sent by Artifactory mainly when moving Artifacts and promoting images. 

Signed Pipelines

JFrog Subscriptions: ENTERPRISE +
A new verification system that determines which pipelines/steps generated a specific artifact. The signing process creates trust and provides a way to validate the immutability of the artifacts.

31 May, 2021

JFrog Platform Integration with HashiCorp Vault

JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE +
The JFrog Platform integration with HashiCorp Vault now enables you to configure an external vault connection to use as a centralized secret management tool not only through the APIs but also using the JFrog Platform UI.

JFrog Platform SCIM Integration 

JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE +
JFrog Platform now enables you to generate a dedicated admin access token for SCIM in the JFrog Platform, which can then be used in the identity service setup. 

Signing Keys Management

JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE +
The JFrog Platform now features a centralized dashboard for creating and managing all signing keys. This feature enables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location

Extended Flagging Safe Repositories Support

Declaring local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories has been extended to support Alpine, Bower, Conan, Conda, Cran, Go, Gradle, Ivy, Maven, Nuget, and SBT Packages.

Support for Controlling Signed URL Download Methods

You now have the option to set your signed URL redirects using one of these methods: S3, CloudFront, or using a direct download without a signed URL redirect. 

Distroless Scanning

Xray now can scan Google Distroless Images that only contain your application and its runtime dependencies.

Red Hat Vulnerability Scanner Certification

JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification. The certification recognizes Xray as a trusted Red Hat security partner.


30 April, 2021


Federated Repositories

JFrog Subscriptions: ENTERPRISE | ENTERPRISE+

 The JFrog Platform enables you to create Federated repositories, which support mirroring repositories and artifacts with JFrog Platform users located on remote JFrog Deployments (JPDs) in a multisite environment.






SCIM ID Management Support 

JFrog Subscriptions: ENTERPRISE WITH SECURITY PACK | ENTERPRISE + 
JFrog supports managing both users and groups, and the association between them using the SCIM protocol 2.0. 

Rest API Related Performance Improvement

Improved the performance when running the Scan Build API.

Distroless Scanning

Xray now can scan Google Distroless Images that only contain your application and its runtime dependencies.

Red Hat Vulnerability Scanner Certification

JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification.

Red Hat Packages Enhancements

Improved Red Hat packages scanning to support CPE matching to enhance Red Hat vulnerabilities detection. Xray also supports Red Hat Modules for better scanning of Red Hat OS packages.

Impact Analysis Performance Improvements

Improved the Impact Analysis performance significantly reducing the database server CPU and I/O levels.

Limit Storage Space Used by Indexer

You can now limit the storage space used by the Indexer microservice during concurrent downloads and extraction of artifacts ensuring used storage does not exceed the default usage. 



31 March, 2021

Projects in the JFrog Platform

JFrog Subscriptions: ENTERPRISE | ENTERPRISE+

JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. 

SCIM ID Management Support 

JFrog Subscriptions: ENTERPRISE with SECURITY PACK | ENTERPRISE +

Using the SCIM protocol 2.0, JFrog enables customers to create, remove, and disable user accounts from their choice of user management tool and automatically update the platform with these changes. 

HashiCorp Vault Integration with the JFrog Platform

JFrog Subscriptions: ENTERPRISE with SECURITY PACK | ENTERPRISE +

The JFrog Platform integration with Vault enables you to configure an external vault connection to use as a centralized secret management tool.

AQL Search for Remote Repository 

Using AQL, you can now Working with Remote Repositories.

Artifact Browser with More Filters and Advanced SetMeUp

Introducing new filters and improved SetMeUp capabilities in the Artifact Browser available to all new users and those upgrading from previous Artifactory versions. This new view and capabilities are now the default Artifact Browser view in the JFrog Platform.

Xray in Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Use Xray capabilities in the scope of JFrog Projects. Offload and delegate Xray tasks to the different personas in your organization, such as assigning Xray security management capabilities to Project Admins on the scope of their specific projects.

Pipelines in Projects

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Use Pipelines capabilities in the scope of JFrog Projects. Offload and delegate Pipelines tasks, such as adding integrations, pipeline sources, and node pools, to Project Admins on the scope of their specific projects.

PrivateLink for AWS Cloud

JFrog Subscriptions: ENTERPRISE with SECURITY PACK | ENTERPRISE +
The MyJFrog Cloud Portal enables customers to establish a secure network connection from their cloud account into their JFrog Cloud instance, without going through a public Internet, by Setting up AWS PrivateLinks

Cargo Packages Support 

Artifactory natively supports Cargo Registry for the Rust language giving you full control of your deployment and resolve process of Cargo packages. Cargo downloads your Rust package's dependencies, compiles your packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry. You can contribute to this book on GitHub.

Expanded Supported for Priority Resolution for Nuget Packages 

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local  and Remote repositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories (currently supported for Docker, PyPI, RubyGems, NPM and Nuget packages).

Xray CVSS v3 Scoring Support

Xray now supports CVSS v3 scoring in addition to the CVSS v2 scoring. This will ensure that Xray's scoring of vulnerabilities is up-to-date and provide the latest universally standard severity ratings of vulnerabilities.

Xray Conan and C/C++ Support

Xray can now scan Conan Packages deployed to Artifactory. Xray can also scan C/C++ dependencies as part of a build.

Enhancements to HelmDeploy Native Step

HelmDeploy native step has been enhanced to support the input resources filespec and buildinfo.

Onboarding Wizard for Pipelines

The Pipelines UI now includes an onboarding wizard to help new users get started with adding an integration, a pipeline source, and a node pool.

Environment Variables Configuration Improvements

It is now possible to add a description and configure the possible list of values for environment variables when creating a custom run configuration. 

Search/Filter Capability

Pipeline and run views now include search and filter capabilities, which enable you to quickly search pipelines by name and filter them by status. 

Support for Extensions in Windows Node

Pipelines nodes now support Windows operating system. Windows can be set as a platform while adding Extension resources and steps

Pipelines in Projects

Pipelines capabilities are now supported in the scope of JFrog Projects.



28 February, 2021 


Enhanced Folder Download Functionality 

The 'Folder Download' feature is now aligned with the JFrog CLI and supports downloading empty folders. 

Additional Webhooks for Distribution

Added new events for Artifactory Release Bundles, which enables you to trigger events when a Release Bundle was received on an Edge node, and when a Release Bundle deletion process has started, completed successfully, or failed.

Quick Repository Setup

Admins can now use the Quick Setup to create repositories for selected package types in one go. With a couple of simple steps, admins can create local, remote, and virtual repositories for single or multiple package types.

Impact Path Data in Reports

You can now view the Impact Path data in the Due Diligence Licenses Report in the Get Due Diligence Report Content REST API and JSON and CSV outputs.



31 January, 2021





New REST API to Restore Ignored Violations 

Introduced a new Restore Ignored Violations REST API, which allows you to restore violations that were ignored due to defined Ignore Rules.

Impact Path Data in Reports

You can now view the Impact Path data for Vulnerabilities  and Violations reports in JSON and CSV outputs.

Time-based Ignore Rule Filter for REST API

Filter and sort the Ignore Rules by expiration date using the Get Ignore Rules, such as time-based rules that will expire before or after a specific date. You can also sort Ignore Rules by expiration date.

View Ignored Violations in the Violations Report

You can view ignored violations data in the Violations Report including the Ignore Rule ID that can be used in REST APIs.

Reports Enhancements

Xray Violations and Vulnerabilities reports now include additional information regarding the severity received from the Red Hat OS advisory board. This information will be included in the CSV and JSON export formats of the reports.



31  December, 2020 

Central P2P Peer Management in the JFrog Platform

JFrog Subscriptions: ENTERPRISE +

You can now modify and manage all the Peer-to-Peer(P2P) Downloads Central Peer Deployment and Management centrally by storing the configurations in the JFrog Platform. 


Advanced patterns supported for Docker Virtual Repositories

Extended Ignore/include patterns for Docker Virtual Repositories.






Sizing Improvement   

Improved the performance of the Xray Data tab in the UI.

Time-based Ignore Rule Enhancement

Time-based Ignore Rules enables you to set an expiration date for an Ignore Rule in which the violation will be ignored until the Ignore Rule expires.

Ignored Violations Stored in the DB

All ignored violations are now stored in the DB which enables you to view all ignored violations on the artifact, build, and Release Bundle level.

UI Enhancements

The UI now provides more information about an ignored violation in the different screens, including in the violations list for an artifact, build, and Release Bundle.

Export Components Details API Enhancement  

Added the include_ignored_violations parameter to Export Component Details. This will return the ignore rule ID per matched policy.

   


30 November, 2020

Hardened the User Login Messages 

User Login messages have been modified to provide consistent responses on enumeration attempts to prevent the disclosure of valid accounts. 




Helm V3 Support

Artifactory now supports Helm 3 clients, enabling you to deploy and resolve Helm Charts using Helm V2 and V3 clients.

OCI Support

Artifactory is now OCI compliant and supports OCI clients, providing you with the ability to deploy and resolve OCI images in Docker Registries. 

Improvements to RubyGems Indexing for Local Repositories 

Added Bundler Compact index support for Local repositories for RubyGems providing you with the latest version of the package that is compatible with your installed Ruby version of the project. To use this new capability, in the artifactory.system.properties file, set the artifactory.gems.compact.index.enabled=true value.

Docker Registry Alignments in Artifactory to Meet Latest Docker Rate Limits.    

Docker Registry functionality is now optimized in JFrog Artifactory to accommodate the latest Rate Limit changes announced by Docker. 




Improved Indexer Functionality 

Enhanced the indexer functionality with improved classification of artifacts and identification of complex cases, such as identifying inner components within other components.

Build Scanning Improvement

Improved the build scanning process by having Xray only download artifacts from Artifactory that are part of the build in which Xray can scan them to save resources and time.

Violations Report

Introduced the new Violations report, which provides you with information on security and license violations for each component in the selected scope.

Ignore Rules 

Enhanced the Ignore Rules feature functionalities, including the ability to set granularity on a defined Ignore Rule. All of the Ignore Rule functionalities are supported via the REST API

  


31 October , 2020 

New JFrog Platform Onboarding Experience

We have introduced a new Onboarding experience in the web UI for Admin users. This new interactive experience guides the user through the essential onboarding steps to get started with the JFrog Platform.

Verify Audience Restriction Applied for SAML SSO  

The verifyAudienceRestriction attribute for SAML SSO  has been set up by default to validate SAML SSO authentication requests.

Improved Maven Plugin Metadata Calculation

Maven plugin metadata is now calculated for every deploy or delete actions.






Alpine Package Support in Xray

Xray now scans and indexes your Alpine Repositories and Alpine Packages, including recursive analysis, component graph integration, and providing detailed metadata information. 

Python Package File Format Support

Xray now supports the indexing of Python files (PyPI) inside .tar, .gz, .tgz, .whl, and .egg file formats.

Support PHP files in *.tar Archives

Xray now supports PHP files inside *.tar archives.

New Metadata REST API

Added a new Resend Artifacts Metadata REST API that enables administrators to resend artifact metadata to the Metadata Server.

Due Diligence Licenses Report

Introduced the new Due Diligence Licenses Report, which provides you with a list of components and artifacts and their relevant licenses enabling you to review and verify that the components and artifacts comply with the license requirements. 



30 September, 2020




Peer-to-Peer (P2P) Download 

JFrog Subscriptions ENTERPRISE +

The new JFrog Peer-to-Peer (P2P) Downloads feature allows hosts to download artifacts from local, remote, and virtual repositories through a local network of peers in addition to downloading artifacts from JFrog Artifactory. 

GraphQL API for the JFrog Platform Metadata

JFrog's Metadata Service public APIs are now enabled allowing you to query the entities from the metadata server with GraphQL

Viewing and Tracking Non-Revocable Access Tokens   

You can view and track non-revocable Access Token in the UI, and filter by its revocability as well as its expiry.



Changes in Artifactory to Facilitate the New Docker Rate Limit

Artifactory has made improvements to support the usage of Remote Docker Repositories opposite Docker Hub, while taking into account the new Docker rate limits.     

Docker Remote Repository Improvements 

Docker Schema 2 is now fetched from the remote registry if no header was sent. This improves the Docker experience when the metadata expires.

Docker Pull Performance Improvements

Improved the performance of Docker pull requests by digest and tag by using more efficient queries and better utilizing the internal caching when serving Docker pull requests.

License Detection Improvements

Improved license detection performance and success rate to reduce CPU utilization.



31 August, 2020



Vulnerabilities Report

You can now create and generate a Vulnerabilities report  that gives you a visual representation of vulnerabilities found in your artifacts, builds, and release bundles. 

Manage Reports User Role

A new role was added to the users' permissions allowing users to create, generate, and manage the new Reports feature in Users and Groups. This role is also required by some APIs such as Get Component List Per Watch and Find Component by CVE.

Multiple License Permissive Approach

The new Multiple License Permissive Approach enables you to have more flexibility in the policy level by configuring a more permissive approach that allows components that have at least one of the licenses as permitted to go through without triggering a violation even if some licenses are not allowed. 



31 July, 2020

   






Users can be Assigned the Manage Resources Role  

Admins can assign users with the Manage Resources role to manage resources including create, edit, and delete permissions on any resource type including Pipeline resources (Integration, Source, and Node Pools).

GraphQL version Released in the JFrog Platform  

JFrog's Metadata Service has now enabled the integration of the metadata server with a version of GraphQL public API.  

Improved LDAP Pagination Support Usage 

Added the Used Page Results parameter in the LDAP page to support LDAP Group pagination. This is supported for LDAP servers with more than 1000 groups which support groups pagination to allow admins to use paged LDAP results. 

Persistent Expiry Threshold Token

Added the new persistent-expiry-threshold parameter allowing you to set the minimum value of expiry of a token in order for the token to be saved in the DB to the Access YAML Configuration file.

Improved Permissions Cache Invalidation

 Minimized the scope of the invalidation action to only permissions associated with the specific service that needed the cache to be cleared. This allows shorter login times and better permission validation performance.

                       

Indexing Improvements for Npm Packages  

Implemented incremental indexing as part of the existing npm indexing mechanism resulting in reduced time to build the package index.



30 June, 2020

Multi-factor Authentication

JFrog Subscriptions ENTERPRISE +

Administrators can enable Multi-factor Authentication for all users, which will require users to provide a verification code from a third-party authentication application every time users log in. 

Event-driven Webhooks  

The Webhooks feature enables you to send important events in Artifactory, (such as Artifact Deployment or Build Deployment)  to applications that are configured by setting a URL.

Alpine Linux Repository Support

Artifactory now natively supports Alpine Linux repositories, giving you full control of your deployment and resolution process of Alpine Linux (*.apk) packages.

Enhancements for Webhooks Events

Introduced a few fixes to Webhooks events, such as adding a build_started field to the Build events, additional fixes to Docker events, and improved payload data.

Artifactory Connection Management

Improved the process of Xray's active connections to Artifactory, by limiting the number of concurrent HTTP client connections.

Repository Scan Improvement  

Indexing requests of Artifacts that were initiated from an index repository request are no longer persisted in the Artifactory database, thus reducing the network and database load.  

  


31 May, 2020

Artifactory Cloud with CDN Distribution  

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Artifactory supports a fully integrated advanced CDN Distribution removing the need to deal with the complexity of setting up a separate external CDN Caching system allowing you to manage, control, and distribute high volumes of software distribution across multiple locations.

Support for Signed URLs

JFrog Subscriptions: ENTERPRISE | ENTERPRISE +

Users with administrator or manage permission can now generate a signed URL that provides temporary shared access to a specific artifact, using the Create Signed URL REST API, or replace the key for signing and validating by using the Replace Signed URL Key REST API.

Support for RHEL 8 AppStream  

Enhanced Deploying RPM Modules by supporting Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. 

Generate Maven POM File REST API

You can now Generate Maven POM File using the Artifactory REST API. 

Xray Block Unscanned Artifacts Timeout Policy   

You can now define a timeout policy for unscanned artifact download requests. 



30 April, 2020

Create Admin Access Tokens from within the UI

Administrators can now Generating Admin Tokens, for any of the services in the JFrog Platform directly from the UI.



Go Private GitHub Repositories Support 

You can now create a remote Go repository and proxy Go modules and configure Artifactory and Go client to work with GitHub private repositories.  

Conda v2 Format  

Artifactory now supports the Conda v2 metadata format. You can now use Conda clients from version 4.7, and download/upload Conda v2 format packages from all repository types (local, remote and virtual).

Debian InRelease

Added support for Debian InRelease metadata files. Artifactory will now produce an InRelease metadata file in the repository when working with GPG signing. 

Force Full Reindex of Existing Components Rest API

The new Force Reindex Rest API command allows you to easily reindex artifacts that were indexed in the past. 

Added Dedicated Policy REST API V.2 Commands

Xray now supports Policy commands REST API V.1 and V.2. The V.2 commands support blocking Release Bundles and allows you now to notify Watch recipients and File deployers.



31 March, 2020



PAT (Personal Access Token) Support for Remote Repository Authentication  

Artifactory now supports remote repository authentication using Personal Access Tokens (PAT), in addition to basic authentication, enabling you to strengthen your Artifactory security practices.

LDAP Improvements


Artifactory now supports a new type of Active Directory Nested Groups search which enables performance improvements when working with LDAP. 

Restricting System and Repository Imports.  

Artifactory allows admin users to import and export data at both the system level and the repository level. 

Support for Matrix-params with Conan Repositories

Artifactory now supports matrix parameters for Conan repositories. As a result, the Build Info for Conan packages uploaded to Artifactory SaaS is now available.



28 February, 2020

JFrog Container Registry 7.0  

JFrog Container Registry 7.0 has been released. The JFrog Container Registry provides a set of features that have been customized to serve the primary purpose of running Docker and Helm packages in a Container Registry.

 


12 January, 2020 - Initial JFrog Platform GA

This section describes the general availability release for the initial JFrog Platform, including the general and JFrog product-specific changes applied in the JFrog Platform for Cloud (SaaS) users.

  • JFrog Artifactory 7.0

  • JFrog Xray 3.0

  • JFrog Mission Control 4.0

  • JFrog Distribution 2.0

  • JFrog Pipelines 1.0

If you are an on-prem user, check out what's new on-prem.

Dedicated Cloud NAT IPs Used in the JFrog Platform 

Cloud customers that have previously set up whitelisting on their external services (such as LDAP and SAML) to support communication between their external services and JFrog Cloud, need to update their Allow list according to this updated JFrog's Cloud NAT IP list.

Features and Functionality

Unified Experience

The user interface provides a consistent experience across all JFrog products. It is designed to support the most commonly used workflows, including improved package management, security and compliance, and package distribution, continuing to provide you with full flexibility. To support this experience the internal architecture (defined as a JPD) is designed to provide JFrog users with the same user experience across the JFrog products that have been installed.

To support the different user workflows, the UI is divided into two main modules:

  • Application Module providing an easy to use interface for viewing your packages, builds and artifacts in Artifactory. Including Xray security vulnerabilities and violations, Dashboard topology and trends, Distribution release bundles and Pipelines DevOps automation.

  • Administration Module providing a consolidated place for configurations of all JFrog products (common and product specific). Including centralized settings, such as monitoring (storage, replication, service status), security and compliance, proxies, license and user management. As well as, property sets, backups, indexed resources, database sync and webhooks.

Both modules include an advanced search mechanism.

Flexible Permissions Model

Administrators get fine-grained permissions control over how users and groups access the different resources (repositories, builds, Release Bundles, destinations).

Security and Compliance Across your DevOps Pipeline

Fully integrated into the JFrog Platform, JFrog Xray protects your artifacts, repositories, builds and release bundles across the entire CI/CD pipeline.

  • Get JFrog's vulnerability database that is continuously updated with new component vulnerability data. Including VulnDB, the industry's most comprehensive security vulnerability database.

  • Identify security vulnerabilities and license violations according to your organization's needs. A dedicated Security and Compliance section in the UI allows you to set policies and watches on all your JFrog resources.

  • Configure watches and policies with the option to block artifact download, Release Bundle distribution to Edge nodes, and even break Builds.

  • Use advanced filtering that allows you to configure include /exclude patterns when setting indexed resources or when setting a Watch on the resources.

Secure Distribution Process

Manage the creation and distribution of Release Bundles to your Artifactory Edge Nodes. Gain better visibility and traceability into your distribution process with a complete view of all contents and package references of your Release Bundles.


User Interface

The following table is a quick reference to common functionalities in the JFrog Platform, including their new locations and any functional changes.

JFrog Product

Functionality

Location in the New UI

Comments 

Artifactory

Custom Base URL

Date Format

Look and Feel Settings

Custom Message

Administration module | General | Settings


Dedicated Artifactory Settings

Administration module | Artifactory

General: Settings, Property Sets
Services: Maven Indexer
Security: Anonymous access, Revoke API Keys, Signing Keys, Trusted Keys, Certificates


Xray

Xray Permissions

Administration module | Identity and Access | Permissions

As part of the JFrog Platform permissions unification, permission targets that were previously separated per product are now represented as one permission target with multiple permission options for the different JFrog products. Changes include:

  • Manage Components is now  Manage Xray Metadata

  • View Components is now included in the Read permission

As part of the permission migration process:

  • Users/Groups with Xray Admin and Artifactory Admin permissions will be converted to Administrators in the JFrog Platform. 

  • Users/Groups with only Xray Admin permissions will be converted to have Read, Manage, Manage Policies and Manage Watch permissions on all the resources.

Administration module | Identity and Access | Users

Administration module | Identity and Access | Groups

  • Manage Policies and Manage Watches are now a global permissions that are enabled on the user or group level. Previously this was a permission option in the permission target.

  • View Watches is now integrated with the Manage Watches global permission. It is not available as a separate permission.

Policies and Watches

Application module  | Security & Compliance 

  • Manually invoking a re-scan of a watch will apply on all resources defined in the watch. Previously you could set the re-scan on part of the resources.

Dedicated Xray Settings

Administration module | Xray

General: Indexed Resources, Webhooks, Integrations



Deprecated Features

JFrog Product

Feature

Artifactory

  • License Control is deprecated. Its functionality is included in the Xray integration and provides richer information and support for additional package types.

  • Stash Search Results: allowing you to save your search results and go back to them later, has been removed.

  • HTTP Requests Are No Longer Supported: as part of hardening our cloud security policy in the JFrog Platform, we no longer support non-secure HTTP traffic requests and have enabled HSTS strict headers which will cause all HTTP requests (including browsers) to be automatically redirected to HTTPS.

    It is recommended to use all HTTPS for all your requests.
    Please note that you will receive a 308 response code if you still decide to use HTTP. 

    Also, we deprecated the Legacy TLS 1.0 and 1.1 versions and it effectively enforces the cipher suite floor as well.

Xray

  • Out of the box integrations: with Aqua, WhiteSource and Black Duck, are deprecated. Custom integration are still available, supporting integrating to any external source of your choice. The VulnDB integration, now transparently integrated into Xray, provides the industry's most comprehensive security vulnerability database. This eliminates the need for these out of the box 3rd party integrations.

  • Xray Homepage: as part of the JFrog Platform UI unification, this page has been removed.

Browsers


Internet Explorer

The Internet Explorer browser is not supported in the JFrog Platform. For a list of supported browsers, see Browsers.


Breaking Changes

Category

Feature

JFrog Artifactory

  • Viewing Packages/Builds/Release Bundles: The UI will only load only up to 100 results and up to 100 versions per package/builds/Release Bundle. 

  • Removal of support for non-SNI clients
    For improved network security, support for non-SNI (Server Name Indication) clients is removed. If you are using HTTP clients that do not support SNI, your requests for download/upload will fail. To avoid failures, make sure to upgrade your clients to an officially supported version. 

  • Required support for 302 HTTP Redirects
    Download requests using clients that do not support 302 redirects will fail in most cases for the following list of package types. To avoid failures, make sure to upgrade your clients to a version that supports 302 redirects.
    Docker, Debian, Npm, RPM, Generic, Bower, Composer, Conan, Cran, Git LFS, Gradle, Helm, Maven, Pypi and Vagrant.

    See example use case hereSee list of approved client versions here.

  • Deprecated artifactoryonline.com domain
    Following previous notifications regarding the deprecation of the artifactoryonline.com domain, backward compatibility for the deprecated artifactoryonline.com domain will no longer be maintained. If you are still using artifactoryonline.com to access your cloud services, please make sure to use servername.jfrog.io/ instead.

  • Egress Traffic Whitelisting
    If you are limiting egress traffic from your network to JFrog Cloud services on AWS, or you have applied such a setting on any of your nodes that are accessing JFrog Cloud services, make sure to extend the list of whitelisted IPs to include the AWS S3 IP ranges.
    Continue to get updated with the latest AWS IP address range changes.

JFrog Xray

  • Component Search: searching for components that are not artifacts in your Artifactory instance, but are known to Xray as a result of its recursive scan capability. This functionality will be available in later JFrog Platform releases.

  • Xray Permissions

    • The Manage Watch permission is now available as a global permission on the user/group level. Previously manage watches was an option per permission target that was defined with a scope of resources. Now, users/groups with the Manage Watch permission will enable permissions for all resources. When upgrading to the JFrog Platform, the permission conversion will remove the Manage Watch permission for all users and groups. After upgrading, this permission will need to be reconfigured for all required users and groups. Defining a scope will be available in later JFrog Platform releases, as part of the Projects functionality.

    • The View Watches permission is deprecated. To view watches, enable the Manage Watches permission option for users/groups.


REST API Changes

The JFrog Platform release introduces a new unified way to access all JFrog services using a single url, using the following format:

https://<Server Name>.jfrog.io/<Service Context>/

For example:

https://myservername.jfrog.io/artifactory/ https://myservername.jfrog.io/xray/

For backward compatibility, JFrog Artifactory and Xray will continue to work as before:

https://<Server Name>.jfrog.io/<Server Name> https://<Server Name>-xray.jfrog.io/


The following table summarizes the list of changes from previous JFrog products versions to the JFrog Platform.

JFrog Product

Deprecated

New

Updated

Artifactory



Xray