Artifactory 7.133.3 Self-Managed

Released: 22 January 2026

Breaking Change for JFrog Platform Logging

From this Artifactory version, two system properties (audit:enabled and db:batch-size) will be moved from the Access YAML configuration file to the System YAML configuration file, and their values will be reverted to the default value.Supported Access ConfigurationsArtifactory System YAML

This should not impact your environments; however, note that if you have defined a different value for either of these variables or wish to edit them, you can now find and edit them in the system.yaml file, located in the $JFROG_HOME/artifactory/var/etc folder.

More information about the parameters to be changed:

Parameter name in Access YAML (removed)Supported Access Configurations	Parameter name in System YAML (added)Artifactory System YAML	Description	Default value
Audit: enabled:	logging: audit: enabled:	Toggle logging of changes in Access configuration. It is highly recommended to keep this enabled.	`true`
db: batch-size:	database: batchSize:	Control the number of records in each batch when performing actions on Access resources.	`100`

Note

Timeline for the Sunset of JFrog Legacy Repository Federation

We are officially announcing the sunset plan for Legacy Repository Federation as we transition to the next-generation Artifactory Federation Service (RTFS).

Timeline

January 2026: Official declaration of the sunset plan to all customers.
Now through Mid-2027: An 18-month migration window during which customers are requested to migrate to the Artifactory Federation Service (RTFS).
July 2027: Legacy Repository Federation will be removed from the codebase of new releases. Older releases will continue to be supported based on JFrog standard support policies.

Database Requirements

RTFS requires a PostgreSQL database connection. This requirement applies only to the RTFS service itself. The main Artifactory installation remains unaffected and continues to support all currently available databases.

If Artifactory already uses PostgreSQL, the same database instance can be used.
If Artifactory uses a different database, only a separate PostgreSQL instance for RTFS is required. There is no need to migrate the entire Artifactory installation.

Why This Change?

RTFS uses a standalone microservice architecture that reduces impact on Artifactory.
All new federation features, including Unidirectional Sync, are developed exclusively for RTFS.
RTFS is already the default federation solution for all JFrog SaaS customers.
RTFS has been validated by leading enterprise customers with improved stability and performance.

Migration Support

Automatic migration tools ensure configuration and data integrity.
No downtime is required during migration.
Hybrid mode is supported, allowing RTFS and Legacy Federation to coexist during the transition.
Full rollback capabilities are available during the migration window.
Sites do not need to be migrated simultaneously.

Certificates

RTFS supports self-signed certificates and certificates signed by a custom Certificate Authority (CA) starting from Artifactory version 7.133.6.
Customers running earlier versions must upgrade to a supported version to use self-signed or custom CA certificates with RTFS.

Note: This sunset applies to Self-Hosted environments only.

Transition Default AWS SDK from v1 to v2 (Q2 Update)

In preparation for the sunset of AWS SDK v1 by Amazon Web Services, JFrog Artifactory will transition its default AWS SDK from v1 to v2 by June 30, 2026. This is a proactive step to ensure customers are positioned for long-term stability, security updates, and new features as v1 reached end-of-support at the end of 2025.

Why is JFrog making this change?

End of Support for v1: Amazon Web Services announced that SDK v1 reached end-of-support at the end of 2025. After this date, v1 no longer receives new features, availability improvements, or security updates.
Security and Compliance: Continuing to use v1 beyond 2025 exposes environments to potential security risks due to the lack of ongoing updates.
Feature Parity and Optimization: Integration with v2 allows users to leverage the latest AWS features and optimizations for a more robust and efficient storage solution.

JFrog strongly recommends that all Artifactory customers currently using SDK v1 transition to SDK v2 at this point in time and not postpone this unnecessarily. For instructions on how to do this, see Integrate Artifactory with AWS SDK v2 for S3 Storage

Important

Filebeat Removal: Removed the Filebeat component from all JFrog product installers as part of the JFrog Insight deprecation process.

Action Required: If you utilize the bundled Filebeat application for purposes other than JFrog Insight, you must install a standalone version of Filebeat before upgrading to this version to prevent service disruption.

New Features

Application metrics now available to SaaS users
Users working in SaaS (Cloud) environments can now receive a wide variety of application-related metrics (based on the Open Metrics standard) using a new REST API. For more information, see Get Artifactory Application Metrics.Get Artifactory Application Metrics
New REST API for preparing evidence for deployment to Artifactory
The new Prepare Evidence REST API simplifies the evidence creation process for users who do not use the JFrog CLI. The API request contains the predicate, which is a JSON containing claims about the defined evidence subject (for example, a build or artifact), and can include an optional markdown version. The API returns a payload that conforms to the in-toto attestation standard used by the JFrog platform. After signing the payload, you can deploy the evidence to the JFrog platform using the Deploy Evidence REST API. For more information, see Create Evidence using REST APIs.Prepare EvidenceEvidence PredicateDeploy EvidenceCreate Evidence using REST APIs

Feature Enhancements

Release Lifecycle Management

Release Bundle v2 creation dry run
You can now use the Create Release Bundle v2 REST API to perform a dry run, which simulates the creation of the Release Bundle and performs all the necessary validations, but without persistence. For more information, see Perform a Release Bundle v2 Creation Dry Run.Create Release Bundle v2 Version
New REST API for deleting the tag from a Release Bundle v2 version
To improve the user experience, you can use a new, dedicated REST API to delete a tag from a Release Bundle v2 version. For more information, see Delete Release Bundle v2 Version Tag.Delete Release Bundle v2 Version Tag
Query parameter for returning all errors during Release Bundle v2 creation
To help debug issues you may encounter during Release Bundle v2 creation, a new fail_fast query parameter has been added to the REST API. When set to false, the API will return validation errors that occur during creation as a group instead of failing after the first error. For more information, see Release Bundle v2 Creation Errors Collected by System.Create Release Bundle v2 Version
RLM promotion rollback from platform UI
To improve the user experience, you can now roll back a Release Bundle v2 version promotion from the platform UI. For more information, see Promotion Rollback. Please note that the UI icon for deleting a promotion has been removed, as rollback replaces this functionality.Promotion Rollback
Audit trail maintained when promoting duplicate Release Bundle artifacts
Previously during Release Bundle v2 promotions, the system skipped artifacts that already existed in the target stage. This behavior prevented the target stage from being updated with evidence associated with those artifacts. This enhancement guarantees that all associated evidence is copied to the target stage, ensuring a complete and verifiable audit trail throughout your SDLC.
Improved performance when creating Release Bundles from builds with dependencies
To enhance the user experience, we have implemented significant performance enhancements when creating Release Bundle v2 versions from builds that contain dependencies.

Platform UI

Significantly Improved Package Details User Interface
The Package Details user interface (UI) has been significantly improved, and now displays valuable information about package versions in a more user-friendly format, including:
- When the Package Details view is initially displayed, details on the latest version or tag of the package appear.
- Use of native terminology, based on the package context (for example, tags for Docker/OCI packages, versions for other package types).
- Quick selection of a package version, allowing you to easily find the version you need.
- An All Versions view, allowing quick impact analysis across all versions to see vulnerabilities and where versions are stored.
- Multi-client install commands: Installation commands are provided for all officially supported clients in every package type.
- More install commands for more package types: The new UI introduces 35 new install commands to help developers use the packages they are looking for.
- Context-sensitive Information tabs, displaying important version information according to the package type.
For more information, see The Package Details User Interface.The Package Details User Interface
Significant Improvements in the Repositories User Interface
The Repositories user interface has been significantly re-designed, making it much more user-friendly and efficient. When initially opening the Repositories list, there are options to view the 20 most recently viewed repositories and to view inactive repositories. Filtering capability has been added, so that you can now filter the Repositories list according to Repository type, package type, URL (for remote repositories), Project association, stage, and repositories that have a replication (for local and remote repositories). For more information, see View Repositories.View Repositories
Date picker to improve Builds page performance
To improve performance, the Builds page now features a date picker that displays only those builds within a defined timeframe. The default value is the last 7 days. Users can choose a different timeframe as needed.
Improved performance of Build Versions page in platform UI
Pagination has been added to the Build Versions page in the platform UI, which makes it faster and more convenient to use when the selected build contains many existing versions.
User Management - Permissions
Updated the tooltip for the Include All Builds checkbox to clarify that selecting this option includes all builds and preserves any defined exclude patterns. For more information, see Add Builds.Add Builds

Package Management and Repositories

Support for .dsc Source packages in local Debian repositories
Local Debian repositories now support Debian source packages. After configuring your sources.list file for source packages, you can deploy the component source package files one by one to your local repository and resolve them as a single package using apt-get source. For more information, see Connect Debian to Artifactory.Connect Debian to Artifactory
Performance Optimizations in NuGet Package Manager
Artifactory now offers a newer implementation of the NuGet package manager in Self-Managed Artifactory deployments. The new implementation significantly improves performance and efficiency with the following benefits:
- Improved package resolution speed and download efficiency
- Resolved legacy memory-related issues
- Reduced JVM heap memory usage
To enable the new NuGet handler, add the following property to the Artifactory system properties file: artifactory.package.handler.nuget=true.
The new handler is opt-in for Self-Managed Artifactory deployments at this time, but it will be the default NuGet handler for all customers in an upcoming release. The new handler is already implemented in SaaS versions of Artifactory.
Note
To ensure optimal performance, it is recommended Artifactory 7.125.0 or later before enabling this feature.
New REST APIs for VCS Remote Repositories to Obtain Data from Subgroup Repositories
New REST APIs have been added for VCS remote repositories to obtain data from subgroup repositories. Four new APIs have been added that allow you to:
Also, the legacy APIs Get VCS Tags and Get VCS Branches can be used to obtain VCS tags and branches from subgroup repositories.Get VCS TagsGet VCS Branches
Currently, branches and tags can be downloaded only in the tar.gz format.
In this Artifactory version, these APIs can be used to obtain data from the Google Source Git Provider.
Google Source Git Provider for VCS Remote Repositories
Support has been added in the Artifactory user interface for the Google Source Git Provider for VCS remote repositories. For more information, see Use VCS To Proxy Git Providers.Use VCS To Proxy Git Providers
Improvements in VCS Remote Repositories APIs
The user organization can now be used as the repository for downloading VCS tags, branches, files in a tag, and files in a branch. For more information, see Download a VCS Tag, Download a VCS Branch, Download File within a VCS Tag, and Download File within a VCS Branch.Download a VCS TagDownload a VCS BranchDownload File within a VCS TagDownload File within a VCS Branch
Smart Remote Repository URL validation
When you create or update an existing Smart Remote repository using the REST APIs, Artifactory will validate the URL to ensure that it is correct, including the prefix required by many package types. For more information about the URL prefix, see Configure a Smart Remote Repository.Configure a Smart Remote Repository
Supported Clients and Versions
- Support for Kiro with AI Editor Extension repositories
  You can now set up AI Editor Extension Repositories in Artifactory to securely proxy and cache the Kiro extension marketplace, and configure your Kiro IDE to download extensions from the Artifactory cache. For more information, see Get Started with AI Editor Extensions.Get Started with AI Editor Extensions
- Support for pnpm client with npm repositories
  You can now configure the pnpm client to connect to npm repositories in Artifactory and use it to manage npm packages. For more information, see pnpm.pnpm
- Support for uv client with PyPI repositories
  You can now configure the uv client to connect to PyPI repositories in Artifactory and use it to manage Python packages. For more information, see uv Client.uv Client
- Support for Yarn Modern with npm repositories
  Artifactory now supports natively managing npm packages with Yarn V2+ (Modern). For more information, see Connect Yarn to Artifactory.Connect Yarn to Artifactory
JFrog CLI commands for setting up IDEs with AI Editor Extension and JetBrains Plugins repositories
The new jf ide setup command automates the process of connecting your IDE to an AI Editor Extensions or JetBrains Plugins repository in Artifactory. You can run the single command to configure any supported client, instead of manually granting permissions and editing configuration files. For more information, see Connect your IDE to Artifactory.Connect your IDE to Artifactory
Curation Support Added for PHP Composer Remote Repositories
Artifactory now ensures security compliance for Composer repositories protected by JFrog Curation. If a package is blocked by security policy, Artifactory automatically prevents the Composer client from falling back to external source URLs to download.
Added Support for the Range Header in Download Requests for PyPI Repositories
Artifactory now supports Range requests when downloading Python packages from local, remote, and virtual PyPI repositories. This improves compatibility with the UV package manager and prevents redundant full-package downloads, reduces unnecessary download counts, and improves performance.
Added Support for Proxying the GitHub Enterprise Cloud Private Registry for Go Remote Repositories
Support has been added for proxying the GitHub Enterprise Cloud private registry (<comanyName>ghe.com) for Go remote repositories.
Curation Support Added for PHP Composer Remote Repositories
Artifactory now ensures security compliance for Composer repositories protected by JFrog Curation. If a package is blocked by security policy, Artifactory automatically prevents the Composer client from falling back to external source URLs to download.
This feature requires Xray version 3.137.0 or above.
URL Auto-Correct Added to Procedure for Creating a Smart Remote Repository
An auto-correct feature was added to the procedure for creating a smart remote repository for certain package types, to ensure that a correct URL is used. For more information, see Configure a Smart Remote Repository.Configure a Smart Remote Repository
Bridge URLs in Remote Repositories
Bridge URLs can now be used in remote repositories without additional configuration.

Retention and Cleanup Policies

Retention Policies - Package Version Pattern Filtering
Cleanup and Smart Archiving retention policies now support Include and Exclude Package Version Patterns. For more information, see Cleanup Policies and Smart Archiving.Cleanup PoliciesSmart Archiving
Improved the Run reports generated by Retention Policies for packages (Cleanup and Smart Archiving)
The reports now include Package Path, Created Date, Modified Date, and Last Downloaded Date columns under Run Detailed Summary to facilitate better validation and auditing of deleted or archived packages. For more information, see Smart Archiving Run Report Overview, Restore Run Report Overview and Cleanup Run Report Overview.Smart Archiving Run Report OverviewRestore Run Report OverviewCleanup Run Report Overview

Workers

Updated Payload Code Sample for "Before Download Request Worker"
The payload code sample for Before Download Request Worker has been updated for backward compatibility and to avoid compilation errors. The redundant repoPath object has been removed from the root of the event request, and the headers object is now identified as requestHeaders. For more information, see Before Download Request Worker Code Sample.

Evidence

Evidence system enhancements
- Cosign v3: The Evidence system now supports automatic evidence creation using the Sigstore bundle format. This includes compatibility with both the cosign sign and cosign attest commands with the new-bundle-format flag. Support remains in place for in-toto attestations (DSSE) created with the legacy Cosign v2 attest command.
- PSS padding: To simply integration with different systems that produce attestations, the Evidence system now supports secure PSS (Probabilistic Signature Scheme) padding for signatures when creating evidence with the REST APIs. PKCS#1 v1.5 padding is still supported.Create Evidence using REST APIs
- Base64 URL encoding: The Evidence system now supports Base64 URL encoding for the DSSE signature. Standard Base64 encoding is still supported.
New REST APIs for evidence queries
Two new REST APIs are available for performing evidence queries. They are intended for users who prefer traditional REST APIs for integration with their existing automation tools instead of using GraphQL. For more information, see Search Evidence (REST API) and Get Evidence by ID (REST API).Search Evidence (REST API)Get Evidence by ID (REST API)
Evidence GraphQL API for returning evidence by ID
You can now use GraphQL to return the details of a specific evidence item using its ID instead of using its path. For more information, see Get Evidence by ID (GraphQL).Get Evidence by ID (GraphQL)

User Integrations

Support for Advanced Patterns in OIDC Integration Dynamic Mapping
The JFrog Platform OIDC integration now supports dynamic mapping creation using more advanced patterns, which automates and streamlines the process for various use cases.

Platform Management

Added a Warning Message When Deleting a SCIM Token
The JFrog Platform now displays a warning message when attempting to delete a SCIM token, as deletion might disconnect authentication provider integrations.
Support for New SCIM REST API Endpoints
The JFrog Platform now supports getting more information about your SCIM configuration and schemas via REST API. For more information, see Get Resource Types, Get Service Provider Configuration, Get Schemas, and Get Schema by ID.Get Resource TypesGet Service Provider ConfigurationGet SchemasGet Schema by ID
New Support for Password Control Via REST API
The JFrog Platform Access service now enables you to expire and un-expire all passwords via REST API. For more information, see Expire Password for All Users and Un-Expire Password for All Users.Expire Password for All UsersUn-Expire Password for All Users
Support for Filtering Tokens by Scope via REST API
The JFrog Platform now supports filtering the results of the Get Tokens REST API using the scope parameter to get token results for a specific scope, such as group. For more information, see Get Tokens.Get Tokens
Added Support for Project Admin Permissions
The JFrog Platform now offers more granular control over project admin permissions, enabling you to grant Manage Resources permissions to project admins while preventing them from creating or managing remote repositories.
Logging of Administration Configuration Changes
The JFrog Platform now supports logging of any changes made to the access configuration, such as enabling anonymous access, in the Access audit trail log.Audit Trail Log
Support for Webhook Target Validation
The JFrog Platform now supports creating a whitelist to allow private domains or IP addresses to be used as Webhook targets without needing to disable Artifactory validation.

Storage

Support Added for Decompressing .xz and tar.xz Files
Artifactory now supports decompressing .xz and tar.xz files, similar to the already supported decompression for .zip, .tar, and .gz files.

Helm Charts

Artifactory Helm chart now supports Azure Workload Identity authentication through the new useInstanceCredentials parameter. This authentication method replaces the legacy saasTokens and accountKey configurations. For more information, see Azure Workload Identity
Artifactory Helm chart now includes the rtfs.customCertificatesSecretName parameter for the RTFS service. This ensures custom certificates are properly copied to the RTFS container’s trusted certificates folder.

Resolved Issues

JIRA Issue	Component	Severity	Description
RTDEV-66665	Artifactory	Medium	Fixed an issue whereby, event-based push replication configured on a federated repository in the config descriptor could lead to an infinite cyclic event.
JA-18771	Authentication Providers	High	Fixed an issue related to CI integration with OIDC whereby, when using group mapping and dynamic user mapping, the access token was generated without the `applied-permissions/user` scope.
JA-19208	Authentication Providers	Medium	Fixed an issue related to the OIDC integration whereby, when setting two identity mappings with the same name, the JFrog Platform returned a 500 error.
RTDEV-67140	Builds	Medium	Fixed an issue that prevented Project Administrators from defining webhooks for build events within their assigned project.
RTDEV-67129	Federated Repositories	Medium	Fixed an issue whereby replication creation or update could fail at runtime with a “value too long for type character varying” error by adding upfront validation that blocks configurations when the combined include/exclude pattern length exceeds the supported database limit.
RTDEV-69072	Federated Repositories	Medium	Fixed an issue whereby it was not possible to remove a disabled federation member.
EVT-2194	General	Medium	Fixed an issue related to webhooks whereby, when creating a webhook using a proxy and then editing it to remove the proxy, the JFrog Platform prevented leaving the Proxy field empty.
JA-18497	General	Low	Fixed an issue related to logging whereby, after upgrading Artifactory to version 7.117.16 or later, a warning was logged in the Artifactory log file related to BeforeTokenExpiryWorkerNotifyTask that was unnecessary.
JA-18498	General	Low	Fixed an issue whereby users in view-only mode could click a link that incorrectly opened an OIDC integration/mapping drawer in edit mode, leading to an error when they attempted to save unauthorized changes.
RPG-1994	General	Medium	Fixed an issue whereby, when using the router metrics REST API endpoint, the JFrog Platform did not include the `content-type` header in the response.
RTDEV-54345	General	High	Fixed an issue whereby during HA cluster startup, a node which acquired the so-called “HA init lock” in order to perform exclusive init operations crashed, leaving the lock in place and blocking other nodes from starting, thus leaving the entire HA cluster in downtime.
RTDEV-61244	General	Medium	Fixed an issue whereby there was unauthenticated access to a Docker API when anonymous access was disabled.
RTDEV-64090	General	Medium	Fixed an issue whereby when an artifact that was marked as filtered was deployed to a repository with password retrieval, the artifact obtained via cURL download contained an encrypted password, whereas the artifact downloaded through the UI did not.
RTDEV-64461	General	Medium	Fixed an issue whereby Artifactory was not following the RFC 9110 standard regarding the precedence of the precondition headers If-None-Match and If-Modified-Since.
RTDEV-65263	General	Medium	Fixed an issue whereby restoring the root folder of a repository deleted any properties that were set on the root folder.
RTDEV-65879	General	Medium	Fixed an issue where it was not possible to download a file inside an archive from the UI when the URL contained a period (“.”).
RTDEV-67058	General	Medium	Fixed an issue whereby the Hex package dependency appeared as ‘null’ for the opentelemetry package.
RTDEV-69867	General	Medium	Fixed an issue whereby the JFConnect client did not adhere to the custom router port configuration, thus causing Artifactory to fail upon initialization when the custom router port was set.
INST-11384	Installation	Medium	Fixed an issue whereby the docker-compose-all.yaml template did not expose Nginx ports by default.
INST-11555	Installation	High	Fixed an issue whereby the command to perform a graceful shutdown was not working for Jfconfig and Topology services in certain negative scenarios, specifically when the Artifactory service hadn't fully started. This meant these services would sometimes remain active despite a stop command.
RTDEV-70372	Packages	High	Fixed an issue whereby an older retention tag time could have been incorrectly used as the modification time for a later parent image, resulting in premature deletion.
RTDEV-63511	Packages	Low	Fixed an issue whereby the Downloads and Last Downloaded fields were not updated when converting an existing non-v1 Docker manifest to v1 manifest in a local Docker repository.
RTDEV-64026	Packages	Medium	Fixed an issue whereby the npm remote repository with Curation complain version selection enabled would sometimes return the uncurated metadata ETAG header, which caused the npm client to not fetch the curated metadata from the registry even though the metadata was curated and changed.
RTDEV-64188	Packages	Medium	Fixed an issue whereby the displayed download count for Conan packages on the Packages tab did not increase when packages were downloaded, and remained 0.
RTDEV-65622	Packages	Medium	Fixed an issue where Nuget package downloads through a virtual repository could fail when parent and child virtual repositories used different repository layouts.
RTDEV-65854	Packages	Medium	Fixed an issue whereby a RubyGems virtual repository intermittently returned the versions file that included only versions from aggregated local repositories because UnsupportedReentrantLockException disrupted metadata calculation and caused the remote handler to fail.
RTDEV-65894	Packages	Medium	Fixed an issue in which a user could retrieve certain metadata files from a Debian virtual repository using the anonymous user, even though the user lacked proper permissions.
RTDEV-65895	Packages	High	Fixed an issue whereby a race condition in the Debian indexing code was causing automatic indexing to not occur, which resulted in packages missing from the metadata.
RTDEV-66745	Packages	Medium	Fixed an issue whereby Helm layout enforcement was not working on federated Helm repositories.
RTDEV-68382	Packages	Medium	Fixed an issue in which Docker range uploads returned an incorrect range start offset.
RTDEV-69690	Packages	High	Fixed an issue whereby the download from a Smart Repository was performed using the actual Smart Repository and not the remote repository that it refers to.
RTDEV-70121	Packages	Medium	Fixed an issue whereby Go repositories failed to resolve nested submodules hosted in a monorepo structure on GitHub.
RTDEV-70709	Packages	High	Fixed an issue whereby Artifactory was downloading an empty .zip file to a Go directory in a GitLab project, which resulted in the Go client receiving an empty .zip file when requesting a package.
RTDEV-70712	Packages	Medium	Fixed an issue whereby the Artifactory Maven indexer left indexer files open on the JVM even after they were deleted.
JA-18318	Projects	Medium	Fixed an issue related to the JFrog Platform WebUI whereby, when sorting the results in the Project page by storage quota, the JFrog Platform did not perform as expected.
RTDEV-59638	Release Lifecycle Management	Medium	Fixed an issue whereby deleting the last version of a Release Bundle did not remove the empty folder from the Release Bundle repository.
RTDEV-61860	Release Lifecycle Management	Medium	Fixed an issue that prevented users from federating Release Bundle v2 repositories when using the Artifactory Federation Service (RTFS). After the fix, these repositories can be federated without incident.
RTDEV-65239	Release Lifecycle Management	Medium	Fixed an issue whereby the contents of multi-arch Docker/OCI images were sometimes not displayed in the platform UI. After the fix, the contents are displayed correctly.
RTDEV-66109	Release Lifecycle Management	Medium	Fixed an issue whereby an attempt to create a Release Bundle v2 version with a non-existing artifact resulted in a 500 status code. After the fix, this type of error will result in the expected 404 error, "Release Bundle source artifact not found".
RTDEV-68303	Release Lifecycle Management	Low	Fixed an issue that prevented the Content Graph from displaying correct information after promotion rollback is performed. After the fix, the graph displays the results of the rollback accurately.
RTDEV-68310	Release Lifecycle Management	Medium	Fixed an issue whereby Release Bundle v2 promotion would sometimes fail due to HTTP 404 errors.
RTDEV-68592	Release Lifecycle Management	Medium	Fixed an issue whereby promotion rollbacks were not displayed correctly in the version timeline. After the fix, the timeline adds an event indicating the rollback succeeded and crosses out the previous event that recorded the promotion.
RTDEV-69828	Release Lifecycle Management	Low	Fixed an issue that prevented users from using multiple filters to exclude specific packages when patching a Release Bundle.
RTDEV-66254	Release Lifecycle Mangement	Medium	Fixed an issue whereby Release Bundle v2 creation failed due to a duplicate key error. This error occurred when a Docker image in the Release Bundle contained both a manifest.json and a list.manifest.json. After the fix, Artifactory can handle the duplicate key correctly and create the Release Bundle.
RTDEV-62756	Repositories	Low	Fixed an issue whereby the Create Repository REST API allowed adding a repository of any type (local, remote, or virtual) to a virtual repository with a specific package type (not generic), when the added repository was for a package type that did not match the virtual repository’s package type.
RTDEV-63395	Repositories	Medium	Fixed an issue whereby when importing a repository to Artifactory, artifact file statistics, such as downloadCount, lastDownloaded, lastDownloadedBy, were not merged for artifacts that already existed in the target instance.
RTDEV-69500	Repositories	Medium	Fixed an issue whereby attempting to delete a non-existing artifact resulted in status code 204 (No Content) rather than 404 (Not Found).
RTDEV-64246	Storage	Low	Fixed an issue whereby binaries pruning was not running when the rootFoldersNameLength wasn't set as the default.
RTDEV-70880	Storage	Medium	Fixed an issue whereby AWS SDK v2 with the KMS client-side failed to decrypt large objects.
JA-18290	User Interface	Medium	Fixed an issue whereby it was not possible to revoke the OIDC exchange Access token created with the Project Roles scope.
JA-18806	User Interface	Medium	Fixed an issue related to the JFrog Platform UI whereby, when a user logs in via SAML SSO, the Email Address field in their Profile page appears as empty and uneditable.
JA-18797	User Interface (UI)	Medium	Fixed an issue related to LDAP whereby, when trying to set up a repository as an LDAP user, the JFrog Platform returned a Forbidden error.
JA-18099	User management	Low	Fixed an issue whereby, when using the create or update Groups REST API and providing a string exceeding the maximum length, the JFrog Platform returned an incorrect error message.
JA-18600	User Management	User Management	Fixed an issue related to API key whereby, when upgrading from Artifactory version 7.104.14 to 7.117.17 and attempting to regenerate the API Key via the JFrog Platform UI, the JFrog Platform returned an error.
JA-18801	User Management	Medium	Fixed an issue related to the Administration module on the JFrog Platform UI whereby, when a non-admin user with Manage Resources permissions attempted to access the Permissions page, the JFrog Platform returned an error.