Artifactory 7.111.4 Self-Hosted

JFrog Release Information
Content Type
Release Notes
ft:sourceType
Paligo

Released: 23 April 2025

Important Announcements

  • Pre-Upgrade Checks for Bundled PostgreSQL

    If you are using the bundled postgresql with the Artifactory Helm chart during the upgrade to Artifactory version 7.111, it is essential to perform some pre-upgrade checks to ensure a smooth upgrade.

    Breaking Changes in Bundled PostgreSQL Upgrade

    Starting from Artifactory version 7.111.x, the bundled postgresql chart is upgraded to version 15.5.20. This update is available in the latest artifactory and artifactory-ha Helm charts.

    If you upgrade Artifactory from any older version to 7.111.x directly, there may be some challenges during the upgrade if you are using the bundled postgresql in the Helm chart. Customers using an external postgresql will not be affected.

    For more information about the pre-upgrade checks to be performed, see Pre-Upgrade Checks for Bundled PostgreSQL in Artifactory.

  • Verify Database Configurations for Go Services

    If you have customized the database URL for the Metadata microservice, it is essential to configure the Evidence database URL as well for a smooth upgrade, as both are GO services.

    Database Configuration Checks for Smooth Upgrade

    Similar to Metadata, Evidence is also a Go service with a direct connection to the Artifactory database. Note that, JFrog provides a JDBC to Go URL converter within the Artifactory application to facilitate this connection.

    However, in some cases, the converter may be unable to connect, which could affect Go services like Metadata and Evidence.

    Customers who have previously configured metadata.database.url must also add evidence.database.url before upgrading to version 7.111.x. This step is essential to maintain database connectivity after the upgrade.

New Features

  • Packages: Hex Repositories

    Hex repositories in Artifactory allow you to deploy and resolve Hex packages. For more information, refer to Hex Repositories. (GA for all customers)Hex Repositories

  • Packages: NVIDIA NIM Models

    JFrog Artifactory now integrates with NVIDIA NIM, allowing you to cache NVIDIA NIM models in Artifactory via a remote repository. NVIDIA NIM is a set of microservices designed to accelerate the deployment of foundation models across any cloud or data center, ensuring data security. It provides production-grade runtimes with ongoing security updates and stable APIs, backed by enterprise-grade support. For more information, refer to NVIDIA NIM Repositories.NVIDIA NIM Repositories

  • API Key Deprecation Control

    As part of the deprecation process, API Key has reached End of Life in Q4.24. This version includes a checkbox in the JFrog platform UI allowing you to control the API Key usage deprecation. This checkbox will be deselected by default: to block API key usage in your environment, select the Disable API Key Usage checkbox under Administration > Security > General. For more information, see JFrog API Key Deprecation Process.JFrog API Key Deprecation Process

  • New Service - JFConfig

    We have added a new service to our Self-Hosted instances. JFConfig is a service that can be used by other JFrog services to store configuration in a key-value format in DB in a centralized way.

    For more information, see Artifactory Product.

  • Support readOnlyRootFilesystem in Artifactory Containers

    Support has been added for readOnlyRootFilesystem in Artifactory containers, which is a Kubernetes security context feature. This feature enhances security by allowing Artifactory to operate in environments where containers are configured with readOnlyRootFilesystem=true. In this configuration, the entire file system of the container is set to read-only, preventing modifications to files or directories. This setting serves as a security measure to protect the application and its data from unauthorized changes.

    For more information on how to configure this setting, see Configure readOnlyRootFilesystem in Artifactory Containers.

  • Enable Logging to STDOUT and STDERR

    In the Artifactory Helm charts, container logs are supported through STDOUT and STDERR. This feature can be enabled by setting the feature flag logging.logToStdoutJson=true. When the feature is enabled, container logs will be output in JSON format via console logging, while service logs inside the container will be available only in text format, such as artifactory-service.log.

Feature Enhancements

  • Packages and Repositories

    • New Machine Learning Layout for Hugging Face Repositories

      All new Hugging Face repositories are now created with the new unified Machine Learning layout. Users can also migrate legacy Hugging Face repositories to the new Machine Learning layout on a manual basis. The Hugging Face repositories legacy layout will be deprecated in July 2025 when all repositories with the legacy layout will be automatically upgraded to the Machine Learning layout. For more information, click here.Migrating Hugging Face Repositories from the Legacy Layout to the Machine Learning Layout

    • Added Support for Chocolatey and PowerShell Clients in Nuget Repositories

      • Added support for PowerShell (minimum version 1.0.5) to interact with NuGet repositories.

      • Added support for Chocolatey (minimum version 1.2.0) to interact with Nuget repositories.

      For more information, see NuGet Repositories.NuGet Repositories

    • Hex Virtual Repositories

      Artifactory now supports Hex Virtual Repository. A Hex virtual repository aggregates Hex local and remote repositories, enabling more efficient package management. To learn more, see Hex Repositories.Hex Repositories

    • Easier Configuration of the NimModel Redirect Download Form

      The NimModel redirect download form can now be configured through the User Interface.

    • Complete Docker and OCI List Manifest Image Overwrite

      When overwriting a list.manifest file with a new one, all previous sub-manifests will be removed, enhancing storage efficiency and reducing the need for manual cleanup. For more information, click here.Tag Retention Logic

    • Support Added for the PyPI JSON API in Remote and Virtual Repositories

      Artifactory now supports PyPI’s JSON API in remote and virtual repositories.

    • Support Added for PyPI JSON API in Local Repositories

      Artifactory now supports the PyPI JSON API in local repositories with most attributes. The following attributes (JSON keys) are not supported:

      • Deprecated keys (releases, downloads, has_sig, bugtrack_url) as described in PyPI JSON API

      • The following info sub keys: description_content_type, dynamic, license_expression, license_files, maintainer, maintainer_email, project_urls, provides_extra, requires_dist

      • Vulnerabilities key

    • Permissions Added for Using Zapping Cache on Remote Repositories

      The Zapping Cache action on remote repositories now requires Manage or Delete permissions, either via the UI or API. This change is backward-compatible. For more information on UI changes, click here, and for API changes, click here.Zapping CachesZap Cache

    • Repositories can now be assigned to more than one environment

      For more information, see Assign Environments to Repositories.Assign Environments to Repositories

    • Added Tags for RPM local repositories

      Added support for the Recommends and Suggests dependency tags in the primary.xml metadata of RPM local repositories enhancing package management for clients like dnf and yum by recognizing optional dependencies.

      Feature Flag Control: The inclusion of Recommends tags in primary.xml can now be configurable via a feature flag

      yum.local.install.recommended.dependencies.enabled.

      To learn more, refer to Install RPM Packages Using Yum.Install RPM Packages Using Yum

    • Added Support for Listing Folder Items in Conan Smart Remote Repositories

      • A new setting, List Folder Items, is now available for Conan Smart Remote Repositories.

      • Enabling the List Remote Artifacts checkbox during repository creation allows folder items to be listed.

    • Improved Access for Go Remote Repositories

      Go remote repositories now support the ability to access subgroups in GitLab.

    • Bearer Authentication for Remote Repositories

      Added Bearer Authentication support for remote repositories.

    • Properties Tab for RPM Remote Packages

      Added functionality to calculate and display the properties of an RPM package after it is downloaded from a remote RPM repository. The package properties are now shown in the Properties tab on the UI. For more information, see View and Search for Properties in the UIView and Search for Properties in the UI

    • RPM Repositories - SHA-256 checksums have been integrated into Local and Virtual repositories

      Added SHA-256 checksums to the repomd.xml files of local and virtual repositories. This improvement ensures package integrity verification aligns with remote repositories' security standards.

      Local repositories previously do not have SHA-256 checksums in their repomd.xml files, increasing the risk of undetected package tampering or corruption.

      Enable SHA-256 for enhanced security in package integrity verification. To enable SHA-256 checksums, update the configuration by setting yum.local.repomd.calculate.sha2.enabled = true

    • Improved Performance of the Repository Selection Field in Set-Me-Up

      The performance of the repository selection field in Set-Me-Up has been improved by promoting a search-first approach.

    • Improvement to Maven Set-Me-Up Placeholders

      Maven set-me-up placeholders will now automatically populate.

  • Cleanup Policies

    • Support for Vagrant and Hex in Cleanup and Archive

      • Vagrant packages are now supported in Cleanup and Archive.

      • Hex packages are now supported in Cleanup and Archive.

    • Support for Alpine and SBT in Cleanup and Archive

      • Alpine packages are now supported in Cleanup and Archive.

      • SBT packages are now supported in Cleanup and Archive.

    • Improved Cleanup Release Bundle V2 Report

      The Cleanup Release Bundle V2 report has been improved. For more information, refer to Cleanup Run Report Overview.Cleanup Run Report Overview

    • Support for Conda in Cleanup and Archive

      Conda packages are now supported in Cleanup and Archive.

    • Policy Conditions - Cleanup Packages

      • Adding Property-based Policy Condition

        Enhanced package-cleanup functionality with the addition of a property-based policy condition. You can now include or exclude specific package versions from cleanup by applying a property-based policy condition. This allows for more granular control over which packages are retained or removed during cleanup actions. For more information, see Create Cleanup Policy - Package.Create Cleanup Policy - Package

      • Adding days/weeks selection for Time-based Policy Condition

        Enhanced package-cleanup functionality with the addition of days/weeks selection for Time-based policy condition. You can now configure by specifying Time-based cleanup conditions based on days/weeks for the packages. For more information, see Create Cleanup Policy - Package.Create Cleanup Policy - Package

  • Federation

    • Compile list of inconsistent Federated repositories

      A new API enables you to return a list of all Federated repositories in your local Artifactory instance that have a configuration mismatch with one or more remote members. After getting the list of mismatches, you can use the Synchronize Federated Member Configuration REST API on each mismatch to synchronize the members. For more information, see Get List of Inconsistent Federated Repositories.Synchronize Federated Member ConfigurationGet List of Inconsistent Federated Repositories

    • New API for removing Federation members

      A new REST API enables you to remove a member from all repository Federations to which it belongs. This can be used, for example, when a site is taken out of commission. This API removes the member on this site from all the Federations in which it was a part. For more information, see Remove Federation Member.Remove Federation Member

  • Release Lifecycle Management

    • Improved Release Lifecycle Management Kanban board

      The Release Lifecycle Management Kanban board has been redesigned to provide more information at a glance, including clear indications of failed promotions. For more information, see Use the Release Bundle v2 Promotions Kanban Board.Use the Release Bundle v2 Promotions Kanban Board

    • Auto-creation of Release Bundle v2 versions after build promotion

      By default, Artifactory now creates a Release Bundle v2 version automatically when you promote a build using the JFrog CLI or REST API. It also promotes the Release Bundle to the environment associated with the build's target repository, if defined. Both copy promotions and move promotions are supported. Having a Release Bundle provides better visibility and control over your release candidate as it progresses through your SDLC. For more information, see Release Bundle v2 Auto-Creation.Build PromotionRelease Bundle v2 Auto-Creation

      • Creating project-specific environments during build promotion

        When promoting a build, if the target repository (targetRepo) is part of a project, a project-specific environment is created for the auto-created Release Bundle v2. The environment is named after the status value of the build.Promote a BuildProjectsEnvironmentsRelease Bundle v2 Auto-Creation

      • Giving build status priority over an existing target environment during build promotion

        If the status is defined for a build, the environment represented by that status is always given priority during promotion. For example, if an environment assigned to the targetRepo matches the status, the auto-created Release Bundle v2 is promoted to that environment. (That is, it is given priority over other environments that might also be assigned to the targetRepo.) If no environment exists for the status, a new environment is created for the promoted Release Bundle v2 with the name of the status, even when other environments are available.EnvironmentsPromote a BuildRelease Bundle v2 Auto-Creation

    • Searching for distributed Release Bundle versions containing a specific artifact

      The Get Release Bundle v2 Versions with a Specific Artifact REST API (introduced in 7.107.1) has a new query parameter has a new query parameter that can return distributed Release Bundle versions (origin=target) containing the artifact in addition to created Release Bundle versions (origin=source). This new query parameter makes it possible to run the API on Edge nodes in addition to standard Artifactory instances.Get Release Bundle v2 Versions with a Specific Artifact

    • Moving artifacts during Release Bundle v2 promotion

      When promoting a Release Bundle v2 version, you can optionally move the contents of the Release Bundle from the source to the destination instead of copying them (the behavior until now). For example, if you promote a Release Bundle v2 version from the DEV environment to the QA environment and select the Move option, the artifacts are removed from the repositories associated with DEV and moved to the repositories associated with QA. The option to move artifacts can be executed using the JFrog CLI, API, or platform UI.Promote a Release Bundle (v2) to a Target EnvironmentEnvironmentsPromote Release Bundle v2 VersionPromote a Release Bundle (v2) to a Target Environment

    • Release Bundle v2 version creation using artifacts in virtual repositories

      You can now create a Release Bundle v2 version using artifacts located in a virtual repository, provided the source path of the artifacts points to a local repository (not a remote repository) aggregated by the virtual repository. This feature is relevant when creating a Release Bundle version from a list of artifacts.Virtual RepositoriesSource Type – Artifacts

    • Support for SemVer sorting in Release Bundle v2 APIs

      SemVer sorting support has been added to the Get Release Bundle v2 Versions and Get Release Bundle v2 Versions in a Specific Environment APIs. This support is limited to the 1000 latest records and does not support pagination. This option pulls the latest 1000 records only and does not support pagination. Versions that do not conform to SemVer rules are sorted afterward lexicographically.Get Release Bundle v2 VersionsGet Release Bundle v2 Versions in a Specific Environment

    • New API for returning all Release Bundle v2 versions containing a specified artifact

      A new REST API endpoint is available that returns a list of Release Bundle v2 versions containing a specified artifact. The origin query parameter enables you to distinguish between versions created on a device (origin=source) as opposed to versions distributed to a device (origin=target). This enables you to run this API on Edge nodes in addition to standard Artifactory instances. For more information, see Get Release Bundle v2 Versions with a Specific Artifact.Get Release Bundle v2 Versions with a Specific Artifact

    • New API for returning all Release Bundle v2 promotions containing a specified artifact

      A new REST API endpoint is available that returns a list of promoted Release Bundle v2 versions containing a specified artifact. For more information, see Get Release Bundle v2 Version Promotions with a Specific Artifact.Get Release Bundle v2 Version Promotions with a Specific Artifact

    • New API for returning all Release Bundle v2 versions in a specified environment

      A new REST API endpoint is available that returns all Release Bundle v2 versions associated with a specified environment, for example, DEV or PROD. For more information, see Get Release Bundle v2 Versions in a Specific Environment.Understanding Release Bundles v2EnvironmentsGet Release Bundle v2 Versions in a Specific Environment

    • New API for adding tags to Release Bundle v2 versions

      You can now add a descriptive tag to a Release Bundle v2 version via REST API to help identify Release Bundle versions quickly. The tag will appear on the kanban board in the platform UI to enhance visibility and organization. For example, you can create tags such as nightly-build, release-candidate, bugfix-2025-33124, and so on. For more information, see Assign Tag to Release Bundle v2 Version.Use the Release Bundle v2 Promotions Kanban BoardAssign Tag to Release Bundle v2 Version

    • Get Release Bundle v2 Versions API returns tag information

      The Get Release Bundle v2 Versions REST API now returns the descriptive tag assigned to a Release Bundle version. For more information about tagging, see Assign Tag to Release Bundle v2 Version.Get Release Bundle v2 VersionsAssign Tag to Release Bundle v2 Version

    • Increased limits for Release Bundle v2 names and versions

      The maximum length of the name (release_bundle_name), version (release_bundle_version), and creator (created_by) of a Release Bundle v2 has been increased to 255 characters when working with the REST API.Create Release Bundle v2 Version

    • New promotion icons on RLM Kanban board and timeline

      New icons have been introduced to the Release Lifecycle Management kanban board and timeline. These icons indicate at a glance what type of Release Bundle promotion was performed (copy artifacts or move artifacts). Hovering over the icon provides a tooltip reminder. For more information, see Promote a Release Bundle (v2) to a Target Environment.Use the Release Bundle v2 Promotions Kanban BoardUse the Release Bundle Version TimelinePromote a Release Bundle (v2) to a Target Environment

  • Evidence

    • Evidence management – support for additional databases and installation types

      The Evidence service now supports all databases that Artifactory supports. For the complete list, see Artifactory Database Requirements. In addition, the Evidence service is now enabled by default for all installation types. For more information, see Installing Artifactory.Evidence ManagementArtifactory Database RequirementsInstalling Artifactory

    • Attach external evidence to artifacts in the local part of a virtual repository

      You can now attach external evidence to artifacts located in a local repository that is aggregated inside a virtual repository. For more information about attaching external evidence, see Evidence Service.

    • Changes to Evidence GraphQL APIs

      The repositoryKey and path fields have been deprecated from the Get Evidence and Search Evidence GraphQL APIs, and subject (which contains repositoryKey, path, name, and sha256) has been added.Get EvidenceSearch Evidence

    • Viewing Evidence in the Packages Screen

      You can now view a list of the evidence files associated with a specific package version in a selected repository. For more information, see View the Package Evidence Table.Evidence ManagementView the Package Evidence Table

    • Enable Evidence for All Installations

      Starting from Artifactory version 7.111, Evidence service is available for all installations. For more information, see Install Evidence.

  • JFrog Platform

    • Performance Improvements with Artifactory Helm Charts bundled with Nginx

      A number of performance improvements have been made when using Artifactory Helm Charts bundled with Nginx. These items can be configured in the Helm chart's values.yaml file. The enhancements include:

      • Improved performance with throughput improvements of up to 59%

      • Increased number of available Nginx workers connections: from 1024 to 8192 (worker_connections 8192)

      • Auto-scaling of the number of workers: based on the number of available CPUs (worker_processes auto)

      • The ability to use keep-alives: for reusing the Nginx > Artifactory connections

    • Added Memory Target Trigger to Artifactory Charts using HPA

      Custom metrics support for Horizontal Pod Autoscaler (HPA) has been incorporated into the Artifactory Helm chart. With these metrics, you can configure custom auto-scaling behavior for HPA.

      For the Artifactory chart, HPA will function only when the replica count is a minimum of 2 (i.e., in High Availability mode). For the Artifactory HA chart, HPA will operate as expected.

      For more information, see Add Memory Target Trigger to Artifactory Charts using HPA.

    • Improved Project Navigation

      The Projects navigation menu now includes UI usability enhancements: it is now located in the sidebar and highlights Projects filtering to clarify context switching between Project and All Projects scope.

    • Blocking Blob Uploads If a Digest Does Not Match the Blob’s SHA-256 Checksum

      Added a flag to block blob uploads if a provided digest does not match the blob’s SHA-256 checksum. This flag is disabled by default but can be enabled as needed.

    • Docker Repository Key Length Limitation on Cloud Platforms

      Artifactory cloud customers using the Docker Subdomain method will now receive a warning when creating a repository if their repository key is too long for DNS record creation. This could lead to accessibility issues if DNS is not managed internally. However, exceeding the character count does not prevent creating the repository. For more information, click here.Docker Repository Key Length Limitation on Cloud Platforms

    • Support for Triggering Partial Reindexing of Helm Charts

      Added support for triggering partial reindexing of Helm charts, enabling more efficient and targeted index.yaml updates. This improvement reduces processing time and resource usage. For more information, see Helm Charts Partial Re-Indexing,Helm Charts Partial Re-Indexing

    • Access Token Expiration Email Now Points to the CNAME Domain

      The JFrog platform will send users Access token expiration reminder emails which include the CNAME URL instead of the JFrog instance URL.

    • SCIM Token Expiry Configuration

      The JFrog Platform now supports the creation of SCIM tokens with configurable expiry times. To learn more, see Generate a Scoped Token for SCIM.Generate a Scoped Token for SCIM

    • Get Token Last Used Information

      The JFrog Platform now supports getting a token’s ‘last used’ timestamp when using Get Tokens and Get Token By ID REST APIs.Get TokensGet Token by ID

    • Support for Reading Permissions Scoped Tokens

      It is now possible for non-admin users to use the Get User ListGet a List of Groups, and Get All Permissions REST API endpoints using a scoped token. For more information, see Create Scoped Token.Get User ListGet a List of GroupsGet all permissionsCreate Scoped Token

    • Maximum placed on bad checksum search responses

      Responses to the Bad Checksum Search REST API are now limited to a maximum of 10,000 results.Bad Checksum Search

  • Storage

    • New Metric for Obtaining Shard Accessibility Status

      For Artifactory instances configured to use shards, a new metric (jfsh_shard_accessibility_status_total) has been introduced for obtaining the accessibility status of each shard. The possible values are:

      • 1: a shard is accessible

      • 0: a shard is inaccessible

      • -1: a timeout occurred while checking the accessibility status of a shard

      For more information, click here.Artifactory Service Metrics

    • New Metric for Counting Binaries Not Cached Due to Their Large Size

      A new metric (jfsh_cache_bypass_large_binary_total) has been added for counting binaries that were not cached due to their large size. For more information, click here.Artifactory Service Metrics

  • Supported Worker Features

    • New Worker Event: Before Token Expiry

      JFrog now supports creating event-driven workers to trigger before a token expires. Learn moreBefore Token Expiry Worker Code Sample

    • Alt Response event is now supported.

    • Alt All Responses event is now supported.

    • Alt Remote Content event is now supported.

    • After Download Error event is now supported.

    • Before Download Request event is now supported.

    • Before Build Info Save event is now supported.

Resolved Issues

JIRA Issue

Component

Severity

Description

RTDEV-55463

Archiving/Cold Storage

Medium

Fixed an issue whereby Artifacts that were never downloaded from Artifactory were not deleted by Time-Based Cleanup Policies.

JFUI-17125

Authentication Providers

Medium

Fixed an issue whereby when using SAML with “Auto Redirect Login Link To SAML Login” enabled, logout from another realm logged you into SAML instead of logging out completely.

RTDEV-51424

Builds

Low

Fixed an issue whereby on the Builds Tab of an artifact in the artifacts tree, the "Go to Build" button would not work if the build name contained a slash hyphen (/-).

RTDEV-52470

Builds

Medium

Fixed an issue where by when refreshing the UI, the projects build page would display different results.

RTDEV-54283

Builds

High

Fixed an issue that caused Build Uploaded and Build Deleted webhook notifications to be sent when these operations began instead of waiting for the operations to complete. This meant that if the operations failed and were rolled back, the rollback occurred after the notification indicating completion was already sent.

RTDEV-53064

Database

Medium

Fixed an issue whereby MariaDB JDBC driver 3.4.1 was not working with Artifactory 7.98.9 after upgrading from Artifactory 7.84.21.

RTDEV-54017

Federated Repositories

High

Fixed an issue in the legacy Federation service whereby, after an upgrade, repositories that failed Federated Metadata Negotiation had their status updated incorrectly from DISABLED_BY_SYSTEM to DISABLED, which prevented the auto-healing mechanism from performing recovery.

JA-16359

General

Medium

Fixed an issue whereby group information for a selected user was not displayed.

JA-16503

General

Medium

Fixed an issue whereby when the Authentication provider name contained a space character it did not render the configuration page.

JFUI-17179

General

High

Fixed an issue where the Select Log File dropdown list was not displayed properly in the UI when the screen width was too small.

RTDEV-48643

General

Medium

Fixed an issue whereby an error was returned after upgrading to the latest Artifactory version, even though the upgrade was successful.

RTDEV-51363

General

Medium

Fixed an issue whereby Apache Tomat version 10.1 that was bundled in Artifactory 7.98.7 contained an issue whereby when sending HEAD requests where the resource size was unknown, the server returned a content-length=0 header instead of omitting the header.

RTDEV-52983

General

High

Fixed an issue whereby when upload to S3 storage failed for an aritfact, a 200 OK message was entered in the artifactory-request.log.

RTDEV-53176

General

Medium

Fixed an issue whereby Artifactory could not retrieve an artifact from a remote repository if there were square brackets "[]" in the artifact name.

RTDEV-53694

General

Medium

Fixed an issue whereby calling the Create or Update Reverse Proxy Configuration API with invalid data led to a broken Artifactory configuration.

RTDEV-54115

General

Medium

Fixed an issue whereby multipart uploads were failing to virtual repositories for a non-admin user even if the user had deploy permission.

RTDEV-54667

General

Medium

Fixed an issue whereby the email date format was displaying as YYYY instead of yyyy.

RTDEV-55208

General

Low

Fixed an issue whereby the Artifact count temporarily displayed '0' while the HQC was being refreshed.

RTDEV-55266

General

Medium

Fixed an issue whereby when trying to retrieve a package from a remote Maven repository, a 404 Forbidden error was encountered.

RTFACT-30892

General

High

Fixed an issue whereby when downloading files with Chinese characters in the file name via the "File URL", a 500 error was received.

RTFACT-30931

General

Medium

Fixed an issue whereby when a non-admin user using an include pattern would attempt to delete or overwrite a repository with an artifact in it that is already in the trash can, the action would fail.

RTDEV-50452

Packages

Medium

Fixed an issue whereby Debian virtual metadata requests were triggering extra metadata calculations even if the cache had not expired.

RTDEV-50987

Packages

Medium

Fixed an issue whereby when working with a Gems virtual repository and running the API "/api/v1/versions/" a 500 error was displayed.

RTDEV-51247

Packages

High

Fixed an issue that prevented locally-generated properties of various package types from being replicated.

RTDEV-52654

Packages

Medium

Fixed an issue whereby when the “Hide Existence of Unauthorized Resources” option was enabled on a local repository and Python packages were uploaded to a virtual repository associated with that local repository, a 400 error response was received instead of a 404 error response.

RTDEV-52844

Packages

Medium

Fixed an issue whereby all Docker image layers appeared as RUN layers.

RTDEV-53162

Packages

Medium

Fixed an issue whereby uploading a batch of pub packages sometimes resulted in missing versions within the generated metadata.

RTDEV-53745

Packages

Low

Fixed an issue whereby when configuring a Hugging Face smart remote repository with the prefix api/huggingfaceml, clicking the test button resulted in a 404 error even though the test was actually successful.

RTDEV-53823

Packages

Medium

Fixed an issue whereby there was inconsistent resolution behavior when multiple remote repositories were aggregated in a Terraform virtual repository.

RTDEV-53840

Packages

Medium

Fixed an issue whereby when performing an Artifactory upgrade, updating of existing Helm local repositories failed with a 400 response code.

RTDEV-53903

Packages

Medium

Fixed an issue whereby when uploading very large files with 1,000+ parts using multipart upload, the upload would not complete.

RTDEV-54091

Packages

Medium

Fixed an issue whereby a user who does not have delete permissions would receive a 200 successful status code when calling the Promote Docker Image API with a copy:false parameter, even though certain artifacts were not removed from the source repository. Now, when this happens, the API returns a 206 status code, indicating partial success because the promotion was executed successfully but insufficient permissions prevented the deletion of certain artifacts from the origin repository.

RTDEV-54260

Packages

Medium

Fixed an issue whereby non-admin users were unable to create a Debian snapshot for a virtual repository.

RTDEV-54891

Packages

Medium

Fixed an issue whereby ‘symbols.nupkg’ was getting indexed post calling reindex endpoint and then restarting the Artifactory instance.

RTDEV-55270

Packages

Medium

Fixed an issue where maven set-me-up generated settings.xml did not support OIDC integration for use with Github actions.

RTDEV-55450

Packages

Medium

Fixed an issue whereby the Promote Docker Image API renamed sub-manifest tags according to their architectures.

RTDEV-55696

Packages

High

Fixed an issue whereby triggering indexing in a nested virtual Debian repository also triggered indexing in all parent virtual repositories.

RTDEV-55754

Packages

High

Fixed an issue whereby when trying to override an image with the exact same image, by a user without delete permission, a 403 error was encountered.

RTFE-1637

Packages

Medium

The Graph view was removed from the Packages tab.

RTFE-2467

Packages

Medium

Fixed an issue whereby when the cache retrieval period for metadata was updated via the UI, the values were not applied.

RTFE-2532

Packages

Medium

Fixed an issue whereby Gradle repositories did not have the Enable Redirect Download checkbox.

RTFE-2534

Packages

Medium

Fixed an issue whereby in the All Packages view the same data was loaded infinitely and new data was not displayed.

RTFE-2586

Packages

Medium

Fixed an issue whereby when in the Packages window and sorting by the security column, an error would be encountered.

RTFE-2641

Packages

Medium

Fixed an issue whereby when trying to create a repository in the Create a Repository window, Pub, Swift and Terraform repositories were not available.

RTFE-2648

Packages

Medium

Fixed an issue whereby when trying to use the Set me up functionality from inside the JFrog Platform Deployment with Pub, Swift, and Terraform package types, configuration options were not displayed.

RTFE-2658

Packages

Medium

Fixed an issue whereby when using a custom CNAME for a cloud instance configured using the My JFrog Portal, the instructions on the Docker repository’s Set Me Up page had a blank space instead of the URL.

RTFE-2714

Packages

Medium

Fixed an issue whereby when searching for packages and applying a filter, the page flickers and no results are displayed.

RTFACT-31012

Packages

Medium

Fixed an issue whereby when switching from Recently Viewed packages to a packages custom view, the custom view was not applied and instead all packages were listed.

RTFACT-31013

Packages

Low

Fixed an issue whereby the "deprecated" field type returned by the npm view via the Artifactory npm repository was inconsistent with the npm source register.

RTFACT-31017

Packages

Medium

Fixed an issue whereby missing Vagrant .box properties caused 500 internal server errors when resolving boxes.

RTFACT-31019

Packages

Medium

Fixed an issue whereby users could not download NuGet packages from an upstream Beckhoff TwinCAT Package Manager repository through Artifactory.

RTFACT-31023

Packages

Medium

Fixed an issue whereby when configuring a NuGet Remote Repository targeting community.chocolatey.org, no metadata was cached when executing the "choco outdated" command.

RTFACT-31038

Packages

Critical

Fixed an issue whereby an unannounced change that was introduced by Conda Forge upstream impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories.

RTFACT-31040

Packages

Medium

Fixed an issue whereby Cargo repositories failed to calculate the index of the repository if the package name contained more than one hyphen.

RTFACT-31082

Packages

Medium

Fixed an issue whereby when retrieving the Packages.gz file from a virtual repository, sometimes old package information was retrieved, which lead to certain tools reporting old packages that no longer existed in the upstream.

RTFACT-31104

Packages

Medium

Fixed an issue whereby triggering the Recalculation Index on an empty Conan local repository resulted in an error, increased the Conan metadata stuck tasks, and all packages that were uploaded after the reindexing were not indexed.

JFUI-17179

Platform Management

Medium

Fixed an issue where the Select Log File drop-down list is not displayed properly in the UI when the screen width is too small.

JA-16046

Platform Management

Medium

Fixed an issue whereby federated reference token authentication was not working correctly in Event APIs.

JA-16274

Platform Management

Medium

Fixed an issue where project access tokens were not getting revoked when the user who created them was removed.

JA-16151

Projects

Medium

Fixed an issue whereby project scope access tokens were visible from the Project Admins profile.

JA-16710

Projects

Medium

Fixed an issue whereby when calling the Update Existing Project Properties REST API, the project storage quota was set to 0 and the project description was removed.

RTDEV-53914

Release Lifecycle Management

Medium

Fixed an issue whereby Release Bundle promotion failed when the Release Bundle contained artifacts in a local repository aggregated by a virtual repository.

RTDEV-54887

Release Lifecycle Management

Low

Fixed an issue that caused the evidence graph to fail when the Release Bundle contains an artifact from a build whose build.number property contains multiple values.

RTFACT-30794

Release Lifecycle Management

Medium

Fixed an issue whereby when creating a Release Bundle v2 for an OCI Helm Image, SHA files for layers were missing.

RTFACT-31044

Release Lifecycle Management

Medium

Fixed an issue that prevented certain commands from being executed on builds containing the originalDeploymentRepo field that were promoted using the --copy flag.

RTDEV-55692

Release LIfecycle Management

Medium

Fixed an issue whereby the Xray scan of a Release Bundle v2 version would fail if any item in the Release Bundle contained a property whose value included a surrogate pair (a way to represent special characters in UTF-16, such as an emoji). Artifactory now normalizes the surrogate pair into a string that Xray can process.

RTDEV-50832

Repositories

Low

Fixed an issue whereby non-admin user selecting "Show All Included" on a virtual repository that contains another virtual repository don’t see the other virtual repository.

RTDEV-52748

Repositories

Medium

Fixed an issue where Artifactory only processed the first value for multi-value query parameters in HTTP requests to remote repositories.

RTDEV-54849

Repositories

Medium

Fixed an issue whereby the Artifactory API for creating a repository would create a Release Bundle repository instead of returning an error if an unknown or misspelled repository type was sent in the input.

RTDEV-54909

Repositories

High

Fixed an issue whereby a remote repository would remain offline even when it appeared to be back online.

RTFACT-31075

Repositories

Low

Fixed the following two issues related to using Delete Content on a repository:

  • When a user with delete permissions on a repository attempted to use Delete Content on the repository, the user was denied permission to delete.

  • When a project admin attempted to use Delete Content on a repository shared into a project, the project admin was denied permission to delete.

RTDEV-52751

Storage

Medium

Fixed an issue whereby the cache-fs synchronization process was stopped prematurely if an entry in the cache folder was inaccessible and resulted in the actual cache size being larger than the displayed cache size.

RTDEV-53825

Storage

Medium

Fixed an issue whereby when using Artifactory with S3 storage, enabling redirect download in the binarystore.xml file and setting signedUrlExpirySeconds to 0 or a negative value sometimes resulted in download failure.

RTDEV-54831

Storage

Low

Fixed an issue whereby when attempting to perform multipart upload with the wrong repository key, the upload would get stuck when getting the upload URLs and would not complete.

JA-13245

User Interface

Medium

Fixed an issue whereby a Crowd user would get an internal server error when trying to unlock a user profile with a dummy or incorrect password.

JA-15292

User Interface

Medium

Fixed an issue whereby there was no syntax validation for the OIDC provider URL.

RTFE-2445

User Interface

Low

Fixed an issue whereby when the "filter by" option was selected in the Artifactory Artifacts view, then switching from one project to another, the selection remained but Artifactory did not actually update the filter results as required to reflect the selected project.

RTFE-2543

User Interface

Medium

Fixed an issue whereby the Artifacts search window displayed erratic behavior when interacting with the drop-down menu and scroll bar.

RTFE-2577

User Interface

Low

Fixed an issue whereby when switching to compact mode on an expanded folder, an unexpected " file/folder not found" error was thrown, even though the file/folder did exist .

RTFACT-31005

User Interface

Low

Fixed an issue whereby the option to select multiple versions to delete in the 'Delete Versions' feature was not available.