Artifactory 7.16.3 Cloud | Self-Hosted

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

Released: March 15, 2021

Highlights

Avoiding Security Risks by Flagging Safe Repositories

You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for for LocalLocal Repositories and RemoteRemote Repositories repositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for Docker, PyPI, RubyGems, and NPM packages but will be extended to all the package types in the upcoming releases.

P2P Functionality for JFrog SaaS Users

P2P peers can be configured to work opposite JFrog Artifactory and JFrog Artifactory Edge hosted by JFrog SaaS.

Enhancements

Database Locking Mechanism Improvements

Improved the database locking mechanism for High Availability environments.

Resolved Issues

Jira Issue

Description

RTFACT-25211

Fixed issue whereby, missing dependencies prevented Artifactory to start with the JetS3t binary provider.

RTFACT-24694

Fixed an issue whereby, Docker v1 images could not be pulled by digest.

RTFACT-22667

Fixed an issue, whereby a 500 error was displayed in the UI when uploading or moving a file to a folder containing the same same.

RTFACT-24791

Fixed an issue whereby, the resolution order in Docker virtual repositories was not functioning correctly.

RTFACT-24852

Fixed an issue whereby, the Replicator processed Maven artifacts as generic artifacts, which failed the JAR replication.

RTFACT-15577

Fixed an issue whereby, Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry.

RTFACT-24115

Fixed an issue whereby downloading logs from the Artifactory UI displayed the file name as null.

RTFACT-24913

Fixed an issue whereby, the Docker Catalog API used incorrect permissions and include/exclude path filtering.

RTFACT-24944

Fixed an issue whereby, Artifactory did not support Docker labels containing spaces.

RTFACT-20132

Fixed an issue whereby, PyPI packages were not indexed if there was an emoji in the metadata.

RTFACT-23838

Fixed a performance issue whereby, in high-scale environments, repository Cache rebuild was taking too long.

RTFACT-23706

Fixed an issue whereby, promoting a Docker V2 image in the same repository, without a re-tag, deleted the image.

RTFACT-21074

Fixing an issue related to virtual NPM repo indexing by removing shadow requests to 3rd party.

RTFACT-22958

Fixed an issue whereby, Artifactory generated the RPM primary.xml with a file time that was not aligned with the RPM. spec. It was generated with milliseconds, unlike the build time.

RTFACT-24642

RTFACT-24989

Fixed an issue, Artifactory generated a 500 error message when resolving Nuget V.3 packages. The fix now parses NuGet packages without dependency version range as "any version".

RTFACT-20798

Fixed an issue, whereby the Update Group REST API only supported adding users and not updating users.

RTFACT-23209

Fixed an issue, whereby a blind SSRF was found in the /ui/api/v1/ui/ldap/test/<name> - 953900.