Artifactory 7.120.1 Cloud

Released: 13 August, 2025

New Features

Support for signed attestations in OCI images
The Evidence Collection service can take signed, 3rd-party attestations uploaded to Artifactory as OCI images and convert them automatically into JFrog evidence. For example, this new feature can successfully convert attestations created using the cosign attest command. For the automatic conversion to work, the attestations must conform to both the DSSE and in-toto standards.Evidence Management

Feature Enhancements

Filtering added to Get All Repository Configurations API
You can now use query parameters to filter the results of the Get All Repository Configurations API. You can filter by package type (for example, docker, maven) and repository type (for example, local or remote).Get All Repository Configurations
Context retention in Artifacts browser
When you copy or move artifacts in the Artifacts browser, the UI no longer moves automatically to the destination path of the operation but remains in its original context. To move to the destination path after the copy or move operation is complete, click the Go to path link in the confirmation message.
Added Enforcement of Custom Configurations for Certain Remote Docker Repositories
When creating a remote Docker repository for an Azure Container Registry (*.azurecr.io) or a Microsoft Container Registry (https://mcr.microsoft.com/), Artifactory makes the following default configuration:
- Disable URL Normalization = true
When creating a remote Docker repository for a Chainguard Registry (http://cgr.dev/chainguard), Artifactory makes the following default configuration:
- Block Mismatching Mime Types = true
These default configurations are set upon remote repository creation and can be canceled afterwards. For more information, see Other Advanced Settings for Remote Repositories.

Resolved Issues

JIRA Issue	Component	Severity	Description
RTFACT-31211	Repositories	Low	Fixed an issue whereby attempts to test the connection to a remote repository using token authentication fail.
RTDEV-61309	Release Lifecycle Management	Critical	Fixed an issue whereby Artifactory was unable to collect all the multi-arch Docker images from a remote cache repository.
RTDEV-61209	Release Lifecycle Management	High	Fixed an issue whereby the Get Release Bundle v2 Versions in a Specific Environment API would return data that did not reflect the version's current environment.
RTDEV-60343	Packages	Medium	Fixed an issue whereby Conan federation did not sync all package properties.
RTDEV-58791	Archiving/Cold Storage	High	Fixed an issue with failed upgrades from Artifactory versions earlier than 7.97 to version 7.97 or later when using a non-enterprise MSSQL license.
RTDEV-58782	Archiving/Cold Storage	Medium	Fixed an issue whereby a project admin could not successfully call the Get all Package Cleanup Policies API and received a 403 error.
RTDEV-57893	Repositories	Medium	Fixed an issue whereby artifacts failed to appear in the UI browser after defining an include pattern on the virtual repository.
JA-17899	General	Medium	Fixed an issue whereby Access was throwing errors during startup.
JA-17939	General	Critical	Fixed an issue related to the role `Project-Admin` whereby, when generating an access token and then trying to perform an action, the JFrog Platform did not perform as expected.
INST-11808	Installation	Medium	Fixed an issue where setting a custom `shared.database.url` for embedded DerbyDB in system.yaml led to inconsistent configurations, causing startup failures. To prevent this, a new validation now runs during Artifactory startup, ensuring that if a custom Derby database URL is specified for `shared`, custom URLs must also be provided for all database-connected services (access, topology, jfconfig). This maintains uniform Derby database configuration across the platform.
EVT-1706	General	Medium	Fixed an issue whereby a webhook would fail if any of the repositories it was configured to listen to were deleted from the system.