Released: March 2, 2020
PostgreSQL 13 is certified to be used with Xray 3.x and above.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-7048 | Fixed an issue, whereby the Xray server service might run out of memory when the Impact Analysis update impacted a large number of artifacts. |
XRAY-7068 | Fixed an issue whereby, in some cases, a Docker image was not indexed by Xray due to a runtime error. |
XRAY-7006 | Fixed an issue whereby, when a new license (from Xray Global Database) was added to a component (during DB Sync), the Impact Analysis process that was triggered was slow. |
XRAY-6741 | Improved the indexing of RPM packages by adding support for LZMA compress format scan |
XRAY-6188 | Fixed an issue whereby, Xray created new files and directories with maximum allowed permissions mask (777). Xray now will create any new files with mask 660 and new directories with mask 770. |
XRAY-7058 | Fixed an issue whereby, the Impact analysis queue continued to grow when there were many RedHat based Docker images. |
This section includes all of the Xray version 3.17 releases.
Released: February 4, 2021
Added metrics related to Xray DB sync time, and total number of scanned artifacts and components. For more information, see Open Metrics.
Upgraded Go version to 1.15.7 to fix security vulnerabilities.
You can now view the Impact Path data in the Due Diligence Report in the Get Due Diligence Report Content REST API and JSON and CSV outputs.
The Scan Build REST API no longer requires Admin permissions, only Manage Xray Metadata permissions.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6955 | Fixed an issue whereby, in the Builds UI page, when a build number contained characters in the Build Name, the build status did not show as scanned when the build was scanned. |
XRAY-6795 | Fixed an issue whereby, in some cases, the DB initial sync would unexpectedly pause. |
XRAY-6708 | Fixed an issue whereby, Violations were not created when the database server was down or in case of some failures occurring with the database. |
XRAY-6887 | Reduced the risk of getting affected by CVE-2020-29652. |
XRAY-6883 | Reduced the risk of getting affected by CVE-2020-26160. |
XRAY-6257 | Fixed an issue whereby, a security issue when indexing an artifact may cause DOS or override an OS file. |
XRAY-6820 | Fixed an issue whereby, a violation with multiple sources could not be ignored by an Ignore Rule with a specific component or a version of the component. Requires Artifactory version 7.15.0 and above. |
XRAY-6912 | Fixed an issue whereby, ignoring a violation by using the artifact filter in the artifacts/watches screen, and the artifact existed in multiple repositories/paths and contains violations, the violation was not ignored. |
Released: February 17, 2021
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6921 | Fixed an issue, whereby in a Saas environment, an error was issued for an empty package.json in an npm audit. |
XRAY-7031 | Fixed a performance issue that resulted in extensive disk access. |
XRAY-6515 | Fixed an issue, whereby Xray incorrectly detected a CPL license as a CPAL license. |
Released: January 21, 2021
Introduced a new Restore Ignored Violations REST API, which allows you to restore violations that were ignored due to defined Ignore Rules.
You can now view the Impact Path data for Vulnerabilities and Violations reports in JSON and CSV outputs.
Filter and sort the Ignore Rules by expiration date using the Get Ignore Rules, such as time-based rules that will expire before or after a specific date. You can also sort Ignore Rules by expiration date.
You can view ignored violations data in the Violation Report including the Ignore Rule ID that can be used in REST APIs.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6675 | Fixed an issue, whereby the progress of the report displayed an incorrect percent value. |
XRAY-6802 | Upgraded Go version to 1.15.6 in order to resolve security vulnerabilities in prior versions. |
XRAY-6855 | Fixed an issue, whereby scanning Docker image-based builds, in some cases, failed with timeout. |
XRAY-6856 | Fixed an issue whereby, in some cases, migrating from Xray 2.x to 3.x on large environments failed due to timeout or memory exception. |
This section includes all of the Xray version 3.15 releases.
Released: December 30, 2020
Improved the performance of the Xray Data tab in the UI.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-5560 | Fixed an issue whereby, in some cases, assigning a custom license failed, and the component was assigned an unknown license. |
XRAY-3988 | Fixed an issue, whereby Microsoft custom freeware licenses were not recognized by Xray. |
XRAY-6054 | Fixed an issue whereby, in some cases, when scanning Debian/Ubuntu components, Xray reported vulnerabilities on all affected versions. |
XRAY-6786 | Fixed an issue, whereby vulnerabilities were not reported on some Debian packages if they were first uploaded as independent packages. |
XRAY-6776 | Fixed an issue, whereby DB Sync was not triggered after Xray was down or restarted on a SaaS environment. |
XRAY-6780 | Fixed an issue, whereby an email notification was sent twice when both the Notify Mail and Notify Watch Recipients options were configured with the same email in a policy. |
XRAY-2560 | Fixed an issue whereby, in some cases, Xray did not index new files due to events remaining in the event_states DB table. |
XRAY-6220 | Fixed an issue, whereby Xray did not scan Python packages that were installed inside a Docker image using the PIP client. |
XRAY-602 | Fixed an issue whereby, in some cases, the build-scan triggered duplicate notifications. |
Released: January 7, 2020
Xray Violations and Vulnerabilities reports now include additional information regarding the severity received from the Red Hat OS advisory board. This information will be included in the CSV and JSON export formats of the reports.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6793 | Fixed an issue, whereby the Xray database disk space significantly increased after upgrading to Xray version 3.x. |
XRAY-6824 | Fixed an issue whereby, in some cases, the Watches page was not loading correctly. |
This section includes all of the Xray version 3.14 releases.
Released: December 22, 2020
Upgraded PostgreSQL driver to the latest version.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6727 | Fixed an issue whereby, in some cases, errors in MDS update queues were not handled correctly and caused unnecessary retries. |
XRAY-6711 | Fixed an issue, whereby when using Basic Authentication there was a memory leak. This will most likely occur when you heavily use Xray APIs with Basic Authentication. |
XRAY-3652 | Fixed an issue, whereby Xray was detecting false positive vulnerabilities on OpenSUSE components. |
XRAY-5962 | Fixed an issue, whereby an access token generated by a user and belonged to an admin group, was not working properly. |
XRAY-6758 | Fixed an issue, whereby Xray consumed high CPU and memory when analyzing certain artifact file structures. |
XRAY-6763 | Fixed an issue, whereby Xray failed builds that contained ignored violations. |
XRAY-6685 | Improved the handling of cases where a violation occurs on multiple components in the binary, and the Ignore Rule is set only on a subset of these components. Prior to the fix, the system did not correctly indicate on which component the violation was ignored and not ignored. |
Released: December 29, 2020
Released: December 8, 2020
Time-based ignore rule enables you to set an expiration date for an Ignore Rule in which the violation will be ignored until the Ignore Rule expires. Once that period expires, the Ignore Rule will be deleted automatically, and if the violation occurs again it will not be ignored moving forward. For more information, see Ignore Rules. This feature is also supported through REST API, as described in Ignore Rules API.
All ignored violations are now stored in the DB which enables you to view all ignored violations on the artifact, build, and Release Bundle level.
The UI now provides more information about an ignored violation in the different screens, including in the violations list for an artifact, build, and Release Bundle.
Some of the Ignore Rules enhancements require Artifactory 7.12.0 and above. Artifactory 7.12.0 is not available yet, and will be soon. |
Added the include_ignored_violations
parameter to Export Component Details API. This will return the ignore rule ID per matched policy.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-5875 | Fixed an issue, whereby adding a custom license to packages with empty archive packages was failing. |
XRAY-5816 | Fixed an issue, whereby when the severity level of a vulnerability was updated, and a violation was created out of it, Xray created a new violation instead of updating the existing one. |
XRAY-4575 | Fixed an issue, whereby Xray failed to index corrupted tar.gz archive files. |
XRAY-4767 | Improved performance in many cases where the component graph is required for the process. For example, processing vulnerabilities update from the central database. |
XRAY-6705 | Improved performance of the license analysis process when, in some cases, a database update is not necessary. |
XRAY-6607 | Fixed an issue whereby, in some cases, the Xray data tabs are taking a while to load. |
Released: 17 December 2020
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.
XRAY-6758 | Fixed an issue, whereby Xray consumed high CPU and memory when analyzing certain artifact files structures. |
XRAY-6763 | Fixed an issue, whereby scan-build reports were not cleared from ignored violations. |
Released: November 29, 2020
Enhanced the indexer functionality with improved classification of artifacts and identification of complex cases, such as identifying inner components within other components.
This enhancement resolves the following issues: XRAY-5380, XRAY-6032, XRAY-6023, XRAY-5601, XRAY-5200, XRAY-5022, XRAY-4551, XRAY-4540, XRAY-4505, XRAY-4081, XRAY-2167, XRAY-5355, XRAY-5448, XRAY-5786, XRAY-5694, XRAY-5534, XRAY-3716, XRAY-6583, XRAY-6441, XRAY-5449.
Improved the build scanning process by having Xray only download artifacts from Artifactory that are part of the build in which Xray can scan them to save resources and time.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-5550 | Fixed an issue, whereby after installing Xray from scratch, it took Xray 5 minutes to fetch the Platform Proxy and Mail Configuration, which caused Xray to ignore this configuration and fail in tasks that depend on this configuration. |
XRAY-6419 | Fixed an issue, whereby, in some cases, Xray reported Kernel vulnerabilities on Debian/Ubuntu User Space Debian packages. |
XRAY-6376 | Fixed an issue, whereby creating a Support Bundle was unsuccessful when the time taken to generate it was over 30 seconds. |
XRAY-6231 | Fixed an issue, whereby the Violation summary page did not display all the infected components related to this violation. The fix requires Artifactory 7.11.0 and above. |
XRAY-4124 | Fixed an issue, whereby when exporting violations for an artifact or a build the component data was missing the component version. |
XRAY-3472 | Fixed an issue, whereby PostgreSQL vacuum configuration was not working when Xray is in a HA setup. |
XRAY-6284 | Fixed a stored XSS (Cross-Site Scripting) vulnerability. |
XRAY-6250 | Fixed an issue whereby, in some cases, Xray was unable to sync security configuration to disable anonymous access. |
XRAY-6224 | Fixed an issue whereby the Update Watch API was failing when all-builds was selected for that watch. |
XRAY-6598 | Added an option to mark certain components for reevaluation during scanning instead of reusing former scan results. |
XRAY-6638 | Fixed an issue whereby, permissions defined on Build resources did not work. |
XRAY-6610 | Fixed an issue, whereby the daily DB Sync process might not complete and cause a load on the DB if stopped in the middle of the process in HA, SaaS, or K8s environments. |
Released: November 8, 2020
A critical issue was identified in versions 3.11 and 3.11.1 (XRAY-6597). This issue was fixed in version 3.11.2 , we recommend upgrading directly to 3.11.2. |
Introduced the new Violations report, which provides you with information on security and license violations for each component in the selected scope. Violations information includes information such as type of violation, impacted artifacts, and severity.
The Violations report is available with Artifactory version 7.10.6 and above |
Enhanced the Ignore Rules feature functionalities, including the ability to set granularity on a defined Ignore Rule. All of the Ignore Rule functionalities are supported via the REST API.
To enable these enhancements, it requires Artifactory version 7.10.5 (available) or above.
To learn more, see Ignore Rules.
Added support for the following two new parameters in the Xray system YAML:
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6565 | Fixed an issue whereby, a build number that contained a colon was not being scanned in Xray. |
XRAY-6493 XRAY-6517 | Fixed an issue whereby, in some cases, the DB sync failed to update database rows. |
XRAY-6454 | Fixed an issue whereby, Xray in some cases, was not recognizing licenses of some RPM packages. |
XRAY-6232 | Fixed an issue whereby, the Impact Analysis sometimes ignored messages in case of errors, which caused some information loss. |
XRAY-5291 | Fixed an issue whereby, build selection in the Watch configuration and in the report definition is very slow when there is a large number of builds available. |
XRAY-4323 | Fixed an issue whereby, Xray failed to add custom licenses to components due to a race condition in the code. |
XRAY-3412 | Fixed an issue whereby, indexing all repositories sometimes failed when there was a large number of repositories. |
XRAY-3104 | Fixed an issue whereby, the Analysis microservice failed to process some messages due to panic errors. |
XRAY-6275 | Performance improvements to reduce the load on the database. |
XRAY-6501 | Fixed an issue, whereby, in some cases, Xray misclassified RPM packages as generic packages. |
XRAY-6265 | Fixed an issue, whereby the Persist & Analysis processes in some cases crashed due to high memory consumption. |
XRAY-6247 | Added a configurable limit for the number of rows that appear in a report. The default limit is 100,000 rows for each report. |
Disabled using the CommonName field on X.509 certificates as host name, when the certificate does not include Subject Alternative Names. |
Released: November 9, 2020
Released: November 11, 2020
This version of Xray replaces 3.11 and 3.11.1. |
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6597 | Fixed an issue whereby, when a call to an Xray endpoint that requires authentication is done with bad credentials, consecutive API calls, even with good credentials, might fail as well. |
XRAY-6274 | Fixed an issue whereby, duplicate update Metadata server events were created causing redundant load on internal systems like RabbitMQ, PostgreSQL and MDS. |
XRAY-6591 | Fixed an issue whereby, lack of data sanitation sometimes led to SQL injection. |
This section includes all of the Xray version 3.10 releases.
Released: October 22, 2020
Xray now scans and indexes your Alpine Repositories and Alpine Packages, including recursive analysis, component graph integration, and providing detailed metadata information.
Xray now supports the indexing of Python files (PyPI) inside .tar
, .gz
, .tgz
, .whl
, and .egg
file formats.
Xray now supports PHP files inside *.tar
archives.
Added a new Resend Artifacts Metadata REST API that enables administrators to resend artifact metadata to the Metadata Server.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release. |
JIRA Number | Description |
---|---|
XRAY-6196 | Fixed an issue, whereby Xray did not process rules in a policy according to their order. |
XRAY-6181 | Fixed an issue, whereby the Index Existing option was not working properly for RPM packages. |
XRAY-6127 | Fixed an issue, whereby if a PostgreSQL password was not escaped correctly in the Xray system YAML file, it appeared in the Xray console log. |
XRAY-6076 | Fixed an issue, whereby when upgrading from Xray version 2.x to 3.x, the data migration failed when one of the Docker layers that were previously scanned by Xray contained "fslayers" with the prefix "tarsum.v1+sha256: " in the Docker's manifest.json . |
XRAY-5271 | Fixed an issue, whereby not all license violations were created when the same watch had more than one license policy. |
XRAY-6371 | Fixed an issue whereby, scan build might take longer than usual, when the builds' artifacts contained many references. |
XRAY-6418 | Fixed an issue whereby in some extreme cases, a message can cause Xray to crash. A mechanism was added to prevent those messages from repeatedly crashing Xray. |
XRAY-6446 | Fixed an issue whereby, in some cases, the scan builds did not detect any violations when the build should have failed. |
XRAY-6281 | Fixed an issue whereby, when searching for violations by an X number of days, the search returned all violations. |
XRAY-6372 | Fixed an issue whereby, two builds with the same docker images returned different violations. |
XRAY-6417 | Fixed an issue whereby, corrupted Certain ELF files caused the Indexer to fail. |
XRAY-6449 | Fixed an issue whereby, in some cases, the API /xray/ui/userIssues/details ended with 500 Server Error due to long processing. |
XRAY-6475 | Fixed an issue whereby, In some cases, Xray initiated a full DB sync, even when it was not needed. |
This section includes all of the Xray version 3.9 releases.
Released: October 4, 2020
Introduced the new Due Diligence Licenses Report, which provides you with a list of components and artifacts and their relevant licenses. This enables you to review and verify that the components and artifacts comply with the license requirements.
Improved initial vulnerabilities database synchronization by 92%. The total time is down to less than one hour with minimum Xray system requirements.
The following APIs are not supported starting from Xray version 3.9.1:
|
Released: August 13, 2020
You can now create and generate a Vulnerabilities report that gives you a visual representation of vulnerabilities found in your artifacts, builds, and release bundles. Narrow down what data you would like to see by setting a specific scope and advanced filters to display the exact data you want to analyze. A new reports page now is part of the JFrog platform where you can create, generate, and perform various actions on reports with the capability to export to PDF, JSON, and CSV file formats for further analysis. The Vulnerabilities report is also supported by REST API.
This report type is the first of the Reports feature that was introduced in this release. Other report types are planned for future releases that will provide you with further capabilities.
A new role was added to the users' permissions allowing users to create, generate, and manage the new Reports feature in Users and Groups. This role is also required by some APIs such as Get Component List Per Watch and Find Component by CVE.
The new Multiple License Permissive Approach enables you to have more flexibility in the policy level and to configure a more permissive approach that allows components that have at least one of the licenses as permitted to go through without triggering a violation even if some licenses are not allowed.
The Vulnerabilities Report, the Manage Reports User Role, and the Multiple License Permissive Approach features all require Artifactory version 7.7.0 and above on the Cloud, and version 7.7.3 and above On-Prem. |
Xray has been enhanced to support open metrics. The new Metrics API has been added and returns metrics in the Open Metrics format. The new metric-related log file xray-{microservice}-metrics.log
was added to the file system.
RabbitMQ has been upgraded to version 3.8.x.
The Go version with Xray has been upgraded to version 1.14.6, solving some security vulnerabilities described in CVE-2020-15586.
Xray is now certified to run with PostgreSQL versions 11.x, and 12.x.
Improvement in RabbitMQ clustering logic.
Released: August 23, 2020
Due to a known bug in this version, we recommend you upgrade to version 3.8.5. |
Feature Enhancements
A new Add Builds to Indexing Configuration API has been added to Xray REST API that enables you to add new builds by only providing the new build names to the list of builds selected for indexing.
Install as a service was modified to use systemd scripts for systemd supported machines.
Xray bundling with PostgreSQL has been updated to use a newer PostgreSQL version 12.x
Released: September 8, 2020
The Xray 3.8.3 release is currently available only as a Cloud version. For the On-Premise version, the 3.8.3 content is available as part of version 3.8.5. |
Improved license detection performance and success rate to reduce CPU utilization.
shared.database.actualUsername
.Released: September 10, 2020
Released: September 16, 2020
Released: September 25, 2020
Released: September 26, 2020
Released: June 28, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
Xray now provides a way to schedule the DB sync background task using the Update DB Sync Daily Update Time REST API. Xray chooses a random time on startup to get daily updates from XUC. This time can be configured through the API, and restart is not required.
Xray now prioritizes the scanning of new Artifacts/Builds/Release Bundles over events originating from a history scan or a full repository scan, and provides the capability to control the number of workers for new content versus history/full repository scan using the Configuring the Workers Count REST API. Requires Artifactory version 7.6 and above.
artifactory_id
parameter (or within a path) was required in Xray 2.x, and it is no longer required in 3.x and will be ignored.Released: July 6, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
This release includes all of the enhancements and resolved issues of the 3.6.0 Cloud release, including the resolved issue below.
Released: July 9, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
changed_file
field value was too long in the user_components_docker_layer_changed_files
table.xrayConfig
field in the configuration table contained the special character %, the upgrade failed. Released: June 21, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
Improved the process of Xray's active connections to Artifactory. To reduce the load in Artifcatory and improve performance, all HTTP client connections have a limited number of concurrent connections to Artifactory.
The process of repository indexing was enhanced. Indexing requests of Artifacts that were initiated from an index repository request are no longer persisted in the Artifactory database. This improvement reduces the network and database load in Artifactory.
manifest.json
files preventing the .wh
components to be deleted.Released: May 17, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
From Xray 3.4, you have more control over your resource allocation and you can direct Xray to use an external PostgreSQL database in use in your organization. Keep in mind that if you direct Xray to use an external database, you have full control over the database, and also full responsibility to maintain and backup the database for Xray's use.
JSON
, PDF
, and CSV
where the CVE was not displayed in the PDF
and CSV
files.ComponentID
. /xray
path.Released: April 22, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
The new Force Reindex Rest API command allows you to easily reindex artifacts that were indexed in the past. This is useful if you would like to rescan artifacts containing package types that were not supported in the past but now are, for example, Go, Python package in Docker or Alpine OS packages.
You can now install Xray using a Linux Archive installer in addition to the existing options giving more control over how to set up your environment. For more information, see Manual Linux Archive Installation.
Xray now supports Policy commands REST API V.1 and V.2. The V.2 commands support blocking Release Bundles and allowing you now to notify Watch recipients and File deployers.
request.logs
excluding Xray logs. Released: February 23, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
Released: March 30, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
Released: January 12, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |
Deprecated Features Breaking Changes REST API Changes Important: The JFrog Platform web UI is now accessed through port 8082 (For example, |
Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:
Xray 3.0 is now part of the JFrog Platform Deployment (JPD) which defines a single logical unit shared by all JFrog products. Xray pairing process to JPD was simplified and now requires only URL and shared secret (Join key). Learn More >
Xray 3.0 comes with a new installer, which affects the installation and upgrade procedures. As part of the new installers, the file structure was changed and is now aligned with the other JFrog products. When upgrading to the JFrog Platform, Xray must be connected only to a single Artifactory instance. If you have a single Xray instance connected to multiple Artifactory instances, before upgrading Artifactory and Xray, you will need to split your Xray instance to multiple instances to support this requirement. See details here.
Additional enhancements:
This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >
This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address. Xray data is located within each of your resource pages allowing you to quickly review the status of for your scanned resources - Packages, Builds, Artifacts or Release Bundles. To find the changes in Artifactory UI. Learn More >
All JFrog products now follow a standardized logging format and naming convention. Learn More >
The MongoDB database used by Xray prior to the Unified Platform, is no longer required (except during the data migration process). If you are upgrading to the new JFrog Platform, your data will automatically be migrated to PostgreSQL as part of the upgrade process.
In addition to scanning repositories and builds, the Unified Platform now allows Xray 3.0 to scan Release Bundles for vulnerability and license compliance. You can now protect your releases by defining policies and watches on your Release Bundles. Policy violations can block the distribution of a Release Bundle.
You now have more flexibility when configuring Xray indexed resources by using Exclude or Include Patterns for Builds and Release Bundles.
You now have more flexibility when configuring the Watch resources scope of repositories, builds and Release Bundles by name or using Exclude/Include patterns.
Xray 3.0 introduces a new Security and Compliance Search, part of the new Global Search Experience in the JFrog Platform. You can now search for specific vulnerability and license compliance information by resource name, CVE number, license, severity level and scan date range. Learn More >
Released: February 17, 2020
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click here. |