January 2020 - Initial JFrog Platform GA

Manage Components is now Manage Xray Metadata

View Components is now included in the Read permission

Users/Groups with Xray Admin and Artifactory Admin permissions will be converted to Administrators in the JFrog Platform.

Users/Groups with only Xray Admin permissions will be converted to have Read, Manage, Manage Policies and Manage Watch permissions on all the resources.

Manage Policies and Manage Watches are now a global permissions that are enabled on the user or group level. Previously this was a permission option in the permission target.

View Watches is now integrated with the Manage Watches global permission. It is not available as a separate permission.

Manually invoking a re-scan of a watch will apply on all resources defined in the watch. Previously you could set the re-scan on part of the resources.

Licnese Control is deprecated. Its functionality is included in the Xray integration and provides richer information and support for additional package types.

Stash Search Results: allowing you to save your search results and go back to them later, has been removed.

HTTP Requests Are No Longer Supported: as part of hardening our cloud security policy in the JFrog Platform, we no longer support non-secure HTTP traffic requests and have enabled HSTS strict headers which will cause all HTTP requests (including browsers) to be automatically redirected to HTTPS.

Also, we deprecated the Legacy TLS 1.0 and 1.1 versions and it effectively enforces the cipher suite floor as well.

Out of the box integrations: with Aqua, WhiteSource and Black Duck, are deprecated. Custom integration are still available, supporting integrating to any external source of your choice. The VulnDB integration, now transparently integrated into Xray, provides the industry's most comprehensive security vulnerability database. This eliminates the need for these out of the box 3rd party integrations.

Xray Homepage: as part of the JFrog Platform UI unification, this page has been removed.

Viewing Packages/Builds/Release Bundles: The UI will only load only up to 100 results and up to 100 versions per package/builds/Release Bundle.

Removal of support for non-SNI clientsFor improved network security, support for non-SNI (Server Name Indication) clients is removed. If you are using HTTP clients that do not support SNI, your requests for download/upload will fail. To avoid failures, make sure to upgrade your clients to an officially supported version.

Required support for 302 HTTP RedirectsDownload requests using clients that do not support 302 redirects will fail in most cases for the following list of package types. To avoid failures, make sure to upgrade your clients to a version that supports 302 redirects.Docker, Debian, Npm, RPM, Generic, Bower, Composer, Conan, Cran, Git LFS, Gradle, Helm, Maven, Pypi and Vagrant.

See example use case here . See list of approved client versions here.

Deprecated the artifactoryonline.com domain: Following previous notifications regarding the deprecation of the artifactoryonline.com domain, backward compatibility for the deprecated artifactoryonline.com domain will no longer be maintained. If you are still using artifactoryonline.com to access your cloud services, please make sure to use servername.jfrog.io/ instead.

Egress Traffic Whitelisting

If you are limiting egress traffic from your network to JFrog Cloud services on AWS, or you have applied such a setting on any of your nodes that are accessing JFrog Cloud services, make sure to extend the list of whitelisted IPs to include theAWS S3 IP ranges.

Continue to get updated with the latest AWS IP address range changes.

Component Search: searching for components that are not artifacts in your Artifactory instance, but are known to Xray as a result of its recursive scan capability. This functionality will be available in later JFrog Platform releases.

Xray Permissions