Released: 6 May, 2025
Breaking Change
As part of security hardening, the scope of permissions around existing repositories using access tokens has been updated. As a result, builds across some package types may result in "forbidden" or "unauthorized" errors. To resolve this, update the token scope by assigning the required permissions to the specific group or users that requires them.
Feature Enhancements
Improved Builds table
The Builds table features two important enhancements:
The maximum of 100 builds displayed in the table has been removed. The table can now display all the builds that exist in your Artifactory instance.
A search window has been added to make it easier to focus on the builds of greatest importance to you. (This new search window works in coordination with the platform search window at the top of the UI.)
Create Release Bundle v2 version from multiple sources
You can now create a Release Bundle v2 version from multiple sources, for example, a combination of artifacts, builds, and existing Release Bundles. For more information, see Create Release Bundle v2 Version.
Release Bundle v2 – support for SBOMs with remote dependencies
Previously, Release Bundle v2 did not include information about dependencies from remote repositories, which prevented the generation of a complete SBOM (software bill of materials) by Xray. This limitation has now been removed, which means that information about these dependencies will be included in the SBOM, and Xray (version 3.121.7 and above) can scan them. Having a complete SBOM increases transparency and security by providing insight into all components involved in the Release Bundle, and helps with auditing and compliance.
Note
Although information about remote dependencies is included in the SBOM, the dependencies themselves are not included in the Release Bundle in the current version.
Updated Type Definitions for Event-Driven Workers' Response
Refined TypeScript type definitions for event-driven workers' response to improve the developer experience.
Resolved Issues
JIRA Issue | Component | Severity | Description |
|---|---|---|---|
RTDEV-57054 | General | Low | Fixed an issue whereby the Audit Event popup that is displayed in the Curation User Interface was showing a name for the Origin Server that was sometimes a random string of characters, which was not useful to the user. |
RTDEV-56222 | Authentication Providers | Medium | Fixed an issue whereby customers could sometimes mistakenly deploy artifacts using a FULL ACCESS TOKEN because the FULL ACCESS TOKEN did not take into account the scoped group of the token. |
RTDEV-56117 | Release Lifecycle Management | Medium | Fixed an issue that caused the platform UI to show an inaccurate number of items inside the packages contained in a Release Bundle. |
RTDEV-56101 | Packages | Medium | Fixed an issue whereby corrupted cache from an npm remote repository was breaking the resolution of packages. |
RTDEV-56028 | Packages | Medium | Fixed an issue whereby the npm search on an npm repository with more than 20 artifacts did not provide the correct latest version. |
META-1873 | General | Medium | Fixed an issue whereby metadata was unable to handle non-existent packages requested by Xray. |