Artifactory 7.16.3 Cloud | Self-Hosted

JFrog Release Information


Released: March 15, 2021


Avoiding Security Risks by Flagging Safe Repositories

You can declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for for LocalLocal Repositories and RemoteRemote Repositories repositories. Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field. This feature is currently supported for Docker, PyPI, RubyGems, and NPM packages but will be extended to all the package types in the upcoming releases.

P2P Functionality for JFrog SaaS Users

P2P peers can be configured to work opposite JFrog Artifactory and JFrog Artifactory Edge hosted by JFrog SaaS.


Database Locking Mechanism Improvements

Improved the database locking mechanism for High Availability environments.

Resolved Issues

Jira Issue



Fixed issue whereby, missing dependencies prevented Artifactory to start with the JetS3t binary provider.


Fixed an issue whereby, Docker v1 images could not be pulled by digest.


Fixed an issue, whereby a 500 error was displayed in the UI when uploading or moving a file to a folder containing the same same.


Fixed an issue whereby, the resolution order in Docker virtual repositories was not functioning correctly.


Fixed an issue whereby, the Replicator processed Maven artifacts as generic artifacts, which failed the JAR replication.


Fixed an issue whereby, Pypi remote and virtual repositories returned a 404 error even if the package existed in the public registry.


Fixed an issue whereby downloading logs from the Artifactory UI displayed the file name as null.


Fixed an issue whereby, the Docker Catalog API used incorrect permissions and include/exclude path filtering.


Fixed an issue whereby, Artifactory did not support Docker labels containing spaces.


Fixed an issue whereby, PyPI packages were not indexed if there was an emoji in the metadata.


Fixed a performance issue whereby, in high-scale environments, repository Cache rebuild was taking too long.


Fixed an issue whereby, promoting a Docker V2 image in the same repository, without a re-tag, deleted the image.


Fixing an issue related to virtual NPM repo indexing by removing shadow requests to 3rd party.


Fixed an issue whereby, Artifactory generated the RPM primary.xml with a file time that was not aligned with the RPM. spec. It was generated with milliseconds, unlike the build time.



Fixed an issue, Artifactory generated a 500 error message when resolving Nuget V.3 packages. The fix now parses NuGet packages without dependency version range as "any version".


Fixed an issue, whereby the Update Group REST API only supported adding users and not updating users.


Fixed an issue, whereby a blind SSRF was found in the /ui/api/v1/ui/ldap/test/<name> - 953900.