Artifactory 7.21.3 Cloud | Self-Hosted

JFrog Release Information

ft:sourceType
Paligo

Released: 1 July, 2021

Tomcat Future Breaking Change: Action Required

Towards the end of 2021, JFrog is planning to upgrade the Tomcat version that is bundled with Artifactory from version 8.5 to 9.0.48, in preparation for the upcoming end-of-life of Tomcat version 8.5. From Tomcat version 9.0.48, the Reason-Phrase feature will no longer be supported by this Tomcat version or retrievable as part of the automation responses. More information can be found here.

To help you evaluate the impact of this change in advance, and to gain a better understanding of this update's impact on your CI/CD flows, especially if your CI/CD flows rely on responses with Reason-Phrase (versus responses with numeric IDs only), we have released Artifactory 7.21 with Tomcat 8.5 withsendReasonPhraseset to 'false' in the Artifactory System YAML.

If this change is affecting your flows, you can reset the value to 'true'; however, you will need to make the necessary adjustments to your automation so that they work properly without the need to consume the Reason-Phrase. This will mitigate any effect in the future when new versions of Tomcat 9 are released.

Bintray Premium Offering Sunset Announcement

As of July 4th, 2021, JFrog Bintray Premium will no longer be supported and will be replaced with a set of advanced JFrog Cloud hosting solutions that are based on Artifactory's enhanced capabilities, which include a set of dedicated features for managing, controlling, and distributing your software packages. To learn more about migrating to JFrog's Advanced Cloud hosting solutions, see the JFrog Bintray Migration Guide.

Feature Enhancements

Docker Enhancements

As part of our ongoing effort to provide the best Docker-related experience, we have introduced the following enhancements:

  • Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.

  • Added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

Announcing a New Outbound Repository Request Log

Announcing the release of the new Outbound Remote Repository Request log, which allows you to track every request initiated by a remote repository including requests related to replication.

Extended the Priority Resolution feature to Support Puppet Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for Puppet packages.

Improved Metadata Request Performance for Remote Repositories

You can now configure the Metadata Retrieval Cache Timeout (Sec) parameter in the Remote Repository Cache Settings to control the Metadata timeout performance. If the timeout is reached, the local cached artifact is served and the previous metadata is returned to the client (the default value is 60 seconds).

Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu. Authenticated users will not need to re-authenticate to access the native browser.

Note

PowerShell users

Due to Known Issues, this feature will affect the users that are using PowerShell automation and configuration management program to download the content from JFrog Platform. Please use the suggested workaround until the issue will be addressed.

Expanded Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality

The new Security Manager role enables a user to perform security-related project actions such as Manage Xray Data, Manage Reports, Manage Watches and Policies, and Ignore Global Violations. This version also introduces additional functionalities for Xray in Projects, such as generating Global Xray Report for a Project scope and applying Global Watches to Projects. This expanded role and capabilities require using Xray version 3.27 and above.Manage Project Roles and Members

Docker/Conan GetToken Request Improvements

Improved the response time of Docker / Conan getToken requests and reduced the number of DB calls.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

CLOUD: Enterprise with Security Pack | Enterprise+ SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI. You can see the list of available connectors in the new HashiCorp Vault Connectors window. To learn more, see Vault.Vault

Managing Multiple Signing Keys

CLOUD: Enterprise with Security Pack | Enterprise+ SELF-HOSTED: Enterprise X | Enterprise+

The JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API. The JFrog Platform supports managing multiple pairs of GPG signing keys to sign packages for authentication of several package types such as Debian, Opkg, and RPM through the Keys Management UI and REST API. To learn more, see Manage Signing Keys.Manage Signing Keys

Generating an Identity Token through the Profile UI

The user profile now enables users to generate identity tokens. Any user can create a user identity token for themselves via the UI or via REST API. Identity tokens are scoped tokens, which means that they provide limited and focused permissions, making them more secure and, therefore, preferable to API keys. In addition, when a user is deleted/disabled, their tokens are also revoked. To learn more, see Identity Token.User Profile

Added Capability to Ignore Download Statistics

The new skipUpdateStats parameter can now be added to Rest requests, allowing you to ignore statistics generated by 3rd party tools.

Resolved Issues

Jira Issue

Description

RTFACT-25623

Fixed an issue whereby, running the Docker Promote API failed to promote images using a multiplatform image or against images that included a list.manifest.json under its tag.

RTFACT-26006

Fixed an issue whereby, Helm Charts containing artifact hub complex annotations disrupted working with Artifactory Helm repositories.

RTFACT-25995

Fixed an issue whereby, uploading artifacts using the REST API in Artifactory version 7.19.4 tagged the URL to the files in the JSON response as 'slf' as opposed to 'URL' in earlier Artifactory versions.

RTFACT-25902

Fixed an issue whereby, deploying to Debian local repositories caused the InRelease file to be unreachable when fetched from the Debian virtual repository.

RTFACT-25912

Fixed an issue whereby, running Docker Pulls from Docker Hub failed due to case-sensitivity HTTP header handling.

RTFACT-25936

Fixed an issue whereby, running virtual Helm repository indexing returned a partialindex.yaml to users with no read permissions for one of the repositories under the virtual repository.

RTFACT-15802

Fixed an issue whereby, the time in the UI was displayed incorrectly for certain timezones.

RTFACT-24947

Fixed an issue whereby, archiving and browsing of executable spring boot JAR/WAR files was permitted.

RTFACT-25212

Fixed an issue whereby, performance issues were encountered for RubyGems virtual repositories with the Bundler compact index.

RTFACT-23012

Fixed an issue whereby, emails sent by Artifactory 7.x Mail Server integration contained legacy URLs causing incorrect redirects.

Fixed an issue whereby, uploading an artifact using the REST API generated errors when null values were retrieved.

Fixed an issue whereby, users that were deleted and then re-created in the same cache period, received a 401 error.

Fixed an issue whereby, Artifactory HA nodes were out of sync.

Fixed an issue whereby, all the requests via a virtual repository were stuck when one of the Docker remote repositories was marked with token authentication that was not supported.

Fixed an issue whereby, pushing images using Docker buildx failed and returned an unexpected 400 status.

Fixed an issue whereby, accessing a repository native browser, triggered a pop-up that constantly requested a username and password even after accessing with a valid user.

Fixed an issue whereby, after upgrading from Artifactory 7.12.6 to 7.16.3, the Direct Cloud Storage Download configuration was removed.

Fixed an issue whereby, the RepoPathFactory.create function did not work correctly with Artifactory user plugins.

Fixed an issue whereby, build promotion failed for Artifactory.

Fixed an issue whereby, RPM consumed part of the metadata by adding a missing condition, causing a number of entries to be filtered out incorrectly.