Released: 29 September, 2025
Feature Enhancements
Expanded support for distributing and exporting Release Bundle v2 versions
To make distributing and exporting Release Bundle v2 versions easier, you can now use JFrog Distribution with Release Bundle v2 versions signed with the default key in Artifactory. To support this change, the default key type has been changed from RSA to GPG, and the name of the default key has been changed to default-lifecycle-key. For more information, see Create Signing Keys for Release Bundles (v2).
Improved visibility for nested Release Bundles
The Release Bundle v2 content graph now provides a clear, visual representation of nested Release Bundles. Seeing the complete hierarchy enables you to understand how the Release Bundle is constructed, even when it contains other Release Bundles. For more information, see View Release Bundle v2 Evidence.
Improved aggregated Release Bundle creation
Artifactory has improved its handling of aggregated Release Bundles (meaning, a Release Bundle v2 version that is comprised of other Release Bundle versions). If the Release Bundle version you are trying to create contains multiple Release Bundles with the same artifact but different metadata (evidence or properties), Artifactory will create the version successfully using the newer version of the artifact.
Change of status code when creating Release Bundle v2 from build with missing artifact
To improve reporting accuracy, errors caused by missing artifacts during Release Bundle v2 creation will be returned as a 422 error (SC_UNPROCESSABLE_ENTITY) rather than a different status code that triggered unnecessary monitoring alerts. The 422 status code represents the event more accurately as it is the expected behavior when an artifact cannot be found.
Evidence for artifacts in virtual repositories displayed in Artifacts tree
You can now view evidence related to artifacts in a virtual repository in the Artifacts tree. This is particularly useful when attaching evidence to a Docker image created in a tool such as GitHub Actions. In such cases, users typically work with the Docker image as part of a virtual repository in Artifactory. The virtual repository must contain at least one local repository to house the evidence. For more information, see View the Artifact Evidence Table.
Enhanced Support for npm Audit
In addition to npm virtual repositories, npm Audit is now also enabled by default on npm remote repositories that support npm Audit directly. For more information, see Use npm Audit.
Updated Artifactory Worker Events
Updated the following Worker Events with
repoTypeInput Parameter:Before Property Replication
Before File Replication
Before Statistics Replication
Before Directory Replication
Before Delete Replication
Resolved Issues
JIRA Issue | Component | Severity | Description |
|---|---|---|---|
Release Lifecycle Managment | Medium | Fixed an issue whereby, when viewing a build’s dependencies within an Artifactory project and selecting Show in Tree for a dependency, the UI redirected to a repository that was not included in the project. | |
RTDEV-62997 | User Interface | Low | Fixed an issue in the Storage Monitoring UI, whereby when clicking the sort icon in the Percentage column to display the results in ascending order, the results were displayed in descending order (and vice versa). |
RTDEV-62995 | User Interface | Low | Fixed an issue whereby in the Monitoring Storage UI, there was an unexpected appearance of the ` character. |
RTDEV-62985 | Packages | Medium | Fixed an issue whereby when deploying a .pom file for Maven or Gradle repository types that start with an empty line or used UTF-8 non-breaking spaces in an XML structure, a 409 error was encountered. |
RTDEV-63240 | Packages | Medium | Fixed an issue whereby, copying or moving a Debian package to a path where a package with the same filename but a different checksum already existed caused metadata duplication. |
RTDEV-62928 | General | Medium | Fixed an issue whereby Artifactory would fail to start with a partial GPG key configuration. |
JFUI-18973 | General | Medium | Fixed an issue whereby the Show offline node checkbox under Administration > Monitoring > Service Status was not working and preventing users from viewing offline nodes in an HA cluster. |
JFUI-18972 | General | Medium | Fixed an issue where setting up log rotation for frontend metrics logs in Artifactory's system.yaml file didn't work, as the logs did not rotate after a service restart. |
JA-18101 | User Interface | Medium | Fixed an issue related to the OIDC integration configuration in the JFrog Platform WebUI whereby, when reopening the Identity Mapping configuration following initial setup and saving it again without making any changes, group names containing spaces were not displayed as expected. |
JA-18337 | General | Medium | Fixed an issue whereby the empty-state image was missing when navigating to Access MFE pages in the JFrog Platform Web UI. |