Released: 12 February, 2025
New Features
Packages: Hex Repositories
Hex repositories in Artifactory allow you to deploy and resolve Hex packages. For more information, refer to Hex Repositories. (GA for all customers)
Packages: NVIDIA NIM Models
JFrog Artifactory now integrates with NVIDIA NIM, allowing you to cache NVIDIA NIM models in Artifactory via a remote repository. NVIDIA NIM is a set of microservices designed to accelerate the deployment of foundation models across any cloud or data center, ensuring data security. It provides production-grade runtimes with ongoing security updates and stable APIs, backed by enterprise-grade support. For more information, refer to NVIDIA NIM Repositories.
API Key Deprecation Control
As part of the deprecation process, API Key has reached End of Life in Q4.24. This version includes a checkbox in the JFrog platform UI allowing you to control the API Key usage deprecation. This checkbox will be deselected by default: to block API key usage in your environment, select the Disable API Key Usage checkbox under Administration > Security > General. For more information, see JFrog API Key Deprecation Process.
Feature Enhancements
Auto-creation of Release Bundle v2 versions after build promotion
By default, Artifactory now creates a Release Bundle v2 version automatically when you promote a build using the JFrog CLI or REST API. It also promotes the Release Bundle to the environment associated with the build's target repository, if defined. Both copy promotions and move promotions are supported. Having a Release Bundle provides better visibility and control over your release candidate as it progresses through your SDLC. For more information, see Release Bundle v2 Auto-Creation.
Attach external evidence to artifacts in the local part of a virtual repository
You can now attach external evidence to artifacts located in a local repository that is aggregated inside a virtual repository. For more information about attaching external evidence, see Evidence Service.
Viewing Evidence in the Packages Screen
You can now view a list of the evidence files associated with a specific package version in a selected repository. For more information, see View the Package Evidence Table.
New API for returning all Release Bundle v2 versions containing a specified artifact
A new REST API endpoint is available that returns a list of Release Bundle v2 versions containing the specified artifact. For more information, see Get Release Bundle v2 Versions with a Specific Artifact.
New API for returning all Release Bundle v2 versions in a specified environment
A new REST API endpoint is available that returns all Release Bundle v2 versions associated with a specified environment, for example, DEV or PROD. For more information, see Get Release Bundle v2 Versions in a Specific Environment.
Move artifacts during Release Bundle v2 promotion in Platform UI
When promoting a Release Bundle v2 version using the platform UI, you can optionally move the contents of the Release Bundle from the source to the destination instead of copying them (the behavior until now). For example, if you promote a Release Bundle v2 version from the DEV environment to the QA environment and select Move Artifacts, the artifacts are removed from the repositories associated with DEV and moved to the repositories associated with QA. For more information, see Promote a Release Bundle (v2) to a Target Environment.
Complete Docker and OCI List Manifest Image Overwrite
When overwriting a list.manifest file with a new one, all previous sub-manifests will be removed, enhancing storage efficiency and reducing the need for manual cleanup. For more information, click here.
Repositories can now be assigned to more than one environment
For more information, see Assign Environments to Repositories.
Improved Cleanup Release Bundle V2 Report
The Cleanup Release Bundle V2 report has been improved. For more information, refer to Cleanup Run Report Overview.
Support for Reading Permissions Scoped Tokens
It is now possible for non-admin users to use the Get User List, Get a List of Groups, and Get All Permissions REST API endpoints using a scoped token. For more information, see Create Scoped Token.
Resolved Issues
JIRA Issue | Component | Severity | Description |
|---|---|---|---|
RTFE-2648 | Packages | Medium | Fixed an issue whereby when trying to use the Set me up functionality from inside the JFrog Platform Deployment with Pub, Swift, and Terraform package types, configuration options were not displayed. |
RTFE-2641 | Packages | Medium | Fixed an issue whereby when trying to create a repository in the Create a Repository window, Pub, Swift and Terraform repositories were not available. |
RTFE-2586 | Packages | Medium | Fixed an issue whereby when in the Packages window and sorting by the security column, an error would be encountered. |
RTFE-2532 | Packages | Medium | Fixed an issue whereby Gradle repositories did not have the Enable Redirect Download checkbox. |
Packages | Low | Fixed an issue whereby the "deprecated" field type returned by the npm view via the Artifactory npm repository was inconsistent with the npm source register. | |
User Interface | Low | Fixed an issue whereby the option to select multiple versions to delete in the 'Delete Versions' feature was not available. | |
General | High | Fixed an issue whereby when downloading files with Chinese characters in the file name via the "File URL", a 500 error was received. | |
RTDEV-54017 | Federated Repositories | High | Fixed an issue in the legacy Federation service whereby, after an upgrade, repositories that failed Federated Metadata Negotiation had their status updated incorrectly from DISABLED_BY_SYSTEM to DISABLED, which prevented the auto-healing mechanism from performing recovery. |
RTDEV-53914 | Release Lifecycle Management | Medium | Fixed an issue whereby Release Bundle promotion failed when the Release Bundle contained artifacts in a local repository aggregated by a virtual repository. |
RTDEV-53903 | Packages | Medium | Fixed an issue whereby when uploading very large files with 1,000+ parts using multipart upload, the upload would not complete. |
RTDEV-53840 | Packages | Medium | Fixed an issue whereby when performing an Artifactory upgrade, updating of existing Helm local repositories failed with a 400 response code. |
RTDEV-52748 | Repositories | Medium | Fixed an issue where Artifactory only processed the first value for multi-value query parameters in HTTP requests to remote repositories. |
RTDEV-52654 | Packages | Medium | Fixed an issue whereby when the “Hide Existence of Unauthorized Resources” option was enabled on a local repository and Python packages were uploaded to a virtual repository associated with that local repository, a 400 error response was received instead of a 404 error response. |
JFUI-17179 | General | High | Fixed an issue where the Select Log File dropdown list was not displayed properly in the UI when the screen width was too small. |