Released: 16 December 2025
New Features
New REST API for preparing evidence for deployment to Artifactory
The new Prepare Evidence REST API simplifies the evidence creation process for users who do not use the JFrog CLI. The API request contains the predicate, which is a JSON containing claims about the defined evidence subject (for example, a build or artifact), and can include an optional markdown version. The API returns a payload that conforms to the in-toto attestation standard used by the JFrog platform. After signing the payload, you can deploy the evidence to the JFrog platform using the Deploy Evidence REST API. For more information, see Create Evidence using REST APIs.
Feature Enhancements
Significantly Improved Package Details User Interface
The Package Details user interface (UI) has been significantly improved, and now displays valuable information about package versions in a more user-friendly format, including:
When the Package Details view is initially displayed, details on the latest version or tag of the package appear.
Use of native terminology, based on the package context (for example, tags for Docker/OCI packages, versions for other package types).
Quick selection of a package version, allowing you to easily find the version you need.
An All Versions view, allowing quick impact analysis across all versions to see vulnerabilities and where versions are stored.
Multi-client install commands: Installation commands are provided for all officially supported clients in every package type.
More install commands for more package types: The new UI introduces 35 new install commands to help developers use the packages they are looking for.
Context-sensitive Information tabs, displaying important version information according to the package type.
For more information, see The Package Details User Interface.
Support for Kiro with AI Editor Extension repositories
You can now set up AI Editor Extension Repositories in Artifactory to securely proxy and cache the Kiro extension marketplace, and configure your Kiro IDE to download extensions from the Artifactory cache. For more information, see Get Started with AI Editor Extensions.
JFrog CLI commands for setting up IDEs with AI Editor Extension repositories
The new
jf ide setupcommand automates the process of connecting your IDE to an AI Editor Extensions repository in Artifactory. You can run the single command to configure any supported client, instead of manually granting permissions and editing configuration files. For more information, see Connect your IDE to Artifactory.Improved performance when creating Release Bundles from builds with dependencies
To enhance the user experience, we have implemented significant performance enhancements when creating Release Bundle v2 versions from builds that contain dependencies.
Include & exclude filters for patching Release Bundle v2 versions
Users can now define include and exclude filters for patching a Release Bundle v2 version via the REST API. These new options provide great flexibility and fine-grained control over the contents of the Release Bundle. For example, you can now patch an existing Release Bundle by replacing a specific package. The new filters also enable you to create a new Release Bundle version that contains a subset of the previous version's content, for example to create a version for a specific architecture. For more information, see Create Release Bundle v2 Version.
New REST APIs for evidence queries
Two new REST APIs are available for performing evidence queries. They are intended for users who prefer traditional REST APIs for integration with their existing automation tools instead of using GraphQL. For more information, see Search Evidence (REST API) and Get Evidence by ID (REST API).
Evidence GraphQL API for returning evidence by ID
You can now use GraphQL to return the details of a specific evidence item using its ID instead of using its path. For more information, see Get Evidence by ID (GraphQL).
Improved the Run reports generated by Retention Policies for packages (Cleanup and Smart Archiving)
The reports now include Package Path, Created Date, Modified Date, and Last Downloaded Date columns under Run Detailed Summary to facilitate better validation and auditing of deleted or archived packages. For more information, see Smart Archiving Run Report Overview, Restore Run Report Overview and Cleanup Run Report Overview.
Granular Lifecycle Control - Retention Policies
You can now combine Time-based and Property-based conditions using a logical
ANDin your Cleanup and Smart Archiving policies. This allows for sophisticated rules, such as archiving packages that are "older than 1 year AND tagged as PROD," giving you precise control over your packages in Local and Federated repositories.
Resolved Issues
JIRA Issue | Component | Severity | Description |
|---|---|---|---|
RTDEV-67129 | Federated Repositories | Medium | Fixed an issue whereby replication creation or update could fail at runtime with a “value too long for type character varying” error by adding upfront validation that blocks configurations when the combined include/exclude pattern length exceeds the supported database limit. |
RTDEV-64090 | General | Medium | Fixed an issue whereby when an artifact that was marked as filtered was deployed to a repository with password retrieval, the artifact obtained via cURL download contained an encrypted password, whereas the artifact downloaded through the UI did not. |
RTDEV-54345 | General | High | Fixed an issue whereby during HA cluster startup, a node which acquired the so-called “HA init lock” in order to perform exclusive init operations crashed, leaving the lock in place and blocking other nodes from starting, thus leaving the entire HA cluster in downtime. |
INST-11555 | Installation | High | Fixed an issue whereby the command to perform a graceful shutdown was not working for Jfconfig and Topology services in certain negative scenarios, specifically when the Artifactory service hadn't fully started. This meant these services would sometimes remain active despite a stop command. |
RTDEV-65854 | Packages | Medium | Fixed an issue whereby a RubyGems virtual repository intermittently returned the versions file that included only versions from aggregated local repositories because UnsupportedReentrantLockException disrupted metadata calculation and caused the remote handler to fail. |
RTDEV-65622 | Packages | Medium | Fixed an issue where Nuget package downloads through a virtual repository could fail when parent and child virtual repositories used different repository layouts. |
RTFE-4040 | Packages | Medium | Fixed an issue whereby SaaS instances using the Sub-Domain method with CNAME showed incorrect Set Me Up instructions for Docker, OCI, and HelmOCI. |
RTDEV-68303 | Release Lifecycle Management | Low | Fixed an issue that prevented the Content Graph from displaying correct information after promotion rollback is performed. After the fix, the graph displays the results of the rollback accurately. |
RTDEV-66109 | Release Lifecycle Management | Medium | Fixed an issue whereby an attempt to create a Release Bundle v2 version with a non-existing artifact resulted in a 500 status code. After the fix, this type of error will result in the expected 404 error, "Release Bundle source artifact not found". |
RTDEV-61860 | Release Lifecycle Management | Medium | Fixed an issue that prevented users from federating Release Bundle v2 repositories when using the Artifactory Federation Service (RTFS). After the fix, these repositories can be federated without incident. |
RTDEV-66254 | Release Lifecycle Mangement | Medium | Fixed an issue whereby Release Bundle v2 creation failed due to a duplicate key error. This error occurred when a Docker image in the Release Bundle contained both a manifest.json and a list.manifest.json. After the fix, Artifactory can handle the duplicate key correctly and create the Release Bundle. |
JA-18797 | User Interface (UI) | Medium | Fixed an issue related to LDAP whereby, when trying to set up a repository as an LDAP user, the JFrog Platform returned a Forbidden error. |