Artifactory 7.125.3 Cloud (SaaS)

Cleanup - Builds

Artifactory now supports a build cleanup policy to delete unintended builds. For more information, see Cleanup Policies.Cleanup Policies

New Remote Repository Types for IDE Plugins

Two new remote repository types, AI Editor Extensions and JetBrains Plugins, are now available to proxy IDE plugin marketplaces. The AI Editor Extensions repository supports proxying extension marketplaces for VSCode, Cursor, and Windsurf. This repository type is integrated with JFrog Curation to enable policy-based blocking of unwanted plugins. The JetBrains Plugins repository supports proxying the JetBrains Marketplace for JetBrains IDEs such as IntelliJ IDEA and PyCharm.AI Editor Extension RepositoriesJetBrains Plugins Repositories

With both repository types, you can browse and install extensions and plugins natively within each IDE.

The repositories are available to customers with an Ultimate bundle subscription.

New Remote Repository Type for Bazel Modules

The new Bazel Modules remote repository type supports caching and proxying the Bazel Central Registry (BCR) in Artifactory. This repository type is designed to support module dependency management in accordance with Bazel 9 requirements. Maintaining a secure cache and proxy of the BCR ensures that developers pull only approved and vetted dependencies, enhancing security and streamlining the development process. For more information, see Bazel Modules Repositories.Bazel Modules Repositories

Artifactory Now Natively Supports the Terraform Provider Registry Protocol

Artifactory now natively supports the HashiCorp Terraform Provider Registry Protocol, acting as a fully compliant Provider Origin Registry for both Terraform and OpenTofu. This enhancement simplifies client configuration, enhances security with GPG verification, and provides smarter protocol-aware proxying. This new method applies to local, virtual, and federated repositories and adds to the network_mirror approach. For more information, see Documentation.Terraform/OpenTofu and Terraform Backend Repositories

Update Password Policy Via REST API

The JFrog Platform now supports creating and updating your instance’s password policy via REST API, for easier access for Cloud instances. For more information, see Password Policy.Password Policy

system properties to enable/disable

Introduced new configuration options via system properties to manage Federation Auto-Healing email notifications:

artifactory.auto.healing.send.mail.notifications: Set to false to disable all Auto-Healing email notifications (default is true).

artifactory.auto.healing.send.mail.interval.hour: Set the minimum interval in hours between notification emails for the same mirror recovery (default is 1).

Redesigned platform UI for Release Lifecycle Management

The platform UI for Release Lifecycle Management has been redesigned to provide a clearer, more consolidated view of your Release Bundles. The new design centralizes all critical information for each Release Bundle version, including its timeline, contents, security scans, evidence, and properties, in an accessible and intuitive interface. For more information, see Release Lifecycle Management.Release Lifecycle Management

Release Bundle v2 versions now associated with stages and lifecycles

This version replaces environments with the concept of stages and lifecycles, to provide users with more flexibility and control over their SDLC. Administrators can create global and project stages as needed and assign them to different SDLC categories, such as Code and Promote. The administrator then adds selected stages to the lifecycle to represent the progression of release candidates through your SDLC. For more information, see Stages & Lifecycle.Stages & Lifecycle

Support for webhooks for project-related Release Bundles

Artifactory now supports the creation of webhooks for Release Bundle v2 versions associated with specific projects. This enables you to receive notifications whenever a Release Bundle in a particular project is uploaded, promoted, or deleted. To create a Release Bundle webhook for a specific project, you must be working within the scope of the project (as opposed to All Projects).WebhooksProjects

For guidelines about creating a Release Bundle v2 webhook for a specific project, see Domain: Release Bundle v2.Domain: Release Bundle v2

Created-by information provided for Sigstore evidence

To improve understanding and traceability, the API response when creating and deploying Sigstore evidence now includes the username associated with the JFrog token instead of ‘internal’.

More accurate error messages during Release Bundle promotion

To improve user understanding, validation errors during the Release Bundle v2 promotion process will now return a BAD REQUEST error message (HTTP 400) rather than a generic HTTP 500 error.

Release Bundle v2 auto-creation feature removed

The Release Bundle v2 auto-creation feature, which was introduced to help customers transition from build promotion to the expanded feature set offered by Release Lifecycle Management, has been removed from the platform UI after having served its purpose.Release Lifecycle Management

Support for Easy Copying of Administration Values

The JFrog Platform WebUI now supports a Copy button, allowing you to copy values in the Administration module pages with a single click.

The following values will now be easily copiable:

Support for Updating the Access Bootstrap YAML File

The JFrog Platform now supports making changes to the access.security.bootstrap.yml file without creating a new configuration or modifying the existing Artifactory YAML file. For more information, see Access Bootstrap YAML File.Access Bootstrap YAML File

Improved Artifact Lifecycle Management

Artifactory now updates the creation timestamp of an artifact when it is copied or moved to a new repository to the current date and time of the operation. Previously, the original creation timestamp was retained when moving or copying an artifact to another repository, which led to incorrect assumptions about the artifact's age and relevance in the new location. The "last modified" timestamp remains unchanged to preserve the integrity of the artifact's last update. This enhancement helps in the effective adoption of cleanup policies and aligns with industry standards. To ensure backward compatibility, this feature is implemented behind a feature flag and is disabled by default.

Additional Configuration for GCP Internal Actions

The ability to configure readTimeout was added to Google Cloud Platform (GCP) internal actions.

New Setting Added to Complete a List Manifest Image Overwrite

A new setting has been added under Package Settings called Complete list manifest image overwrite. When this setting is enabled, overwriting a list manifest image will asynchronously overwrite all of its sub-manifests.

Improved Resolving of Subgroups When Accessing Subgroups in Gitlab with Go Remote Repositories

When accessing subgroups in GitLab with Go remote repositories (by selecting the Resolve Subgroups checkbox, as explained here), Artifactory now resolves the correct dependency version even if the URL contents contain both subgroups and submodules.Proxy GitLab with Go

Optimized Nuget Version

Tightened validation to require all NuGet packages to use strict Semantic Versioning (SemVer 2.0). See specification.

Nuget Packages - Rate Limit

Introduced a new rate-limiting mechanism for search APIs to prevent excessive calls and ensure service stability.

Viewing Release Bundles distributed to Edge nodes

To align the platform UI with the REST API, only admin users are permitted to view distributed Release Bundle versions (v1 and v2) in the Received tab on Edge nodes. For more information, see View Release Bundles on Edge Nodes.View Release Bundles on Edge Nodes