Artifactory 7.37.13 Cloud | Self-Hosted

JFrog Release Information


Released: 14 April, 2022

Feature Enhancements

Enforce Internal Dynamic Search of Attributes in LDAP Groups

Introducing the new functionality for the LDAP group dynamic strategy which enforces dynamic internal search of attributes in a group by setting the <forceAttributeSearch>true</forceAttributeSearch> in the Config descriptor. For more information, see Enforcing Dynamic Search of Attributes for LDAP Groups.LDAP

Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories

An enhanced Maven Authentication mechanism has been implemented in Artifactory to eliminate the need to perform authentication prior to checking if a package is located in local, remote and virtual repositories. With the new authentication mechanism, when reaching Maven-local-three (which requires authentication), instead of first performing for authentication and next authorization, Artifactory will check if the requested item is located in the repository. If the requested package does exist, it will proceed to perform authentication and authorization. If not, a 404 error message will be triggered.

This feature is disabled by default and can be enabled by adding the artifactory.maven.authentication.nonPreemptive parameter to the file. Please note that a reboot of the system is required after adding the flag. For more information, see Forcing Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories.Maven Repository

Upgraded Tomcat Version

The Tomcat bundled with Artifactory has been upgraded to version 9.0.58, solving some security vulnerabilities described in CVE-2020-9484.

Anonymous Users can be routed to Login Page by Default

To provide Anonymous users in the JFrog Platform with an improved navigation experience, you can set all Anonymous users to be routed to the Login page by enabling the new 'Set the Login page as the start page' on the Anon User page.

GAVC Search REST API Supported on Virtual and Remote Repositories

Maven users can now search by Maven Coordinates (GAVC: GroupID, ArtifactID, Version, Classifier), on remote and virtual repositories, in addition to the existing support for local repositories. For more information, see the new parameters added to the GAVC Search REST API.GAVC Search

Added Support for Custom Ports to be Exposed on the NGINX Pod

As part of the alignment of the JFrog Platform with the conventional Kubernetes YAML syntax for container ports, we have added support for comments in the values.yaml file. It is self-explanatory as it is traditional Kubernetes YAML syntax and allows you to pass additional ports other than HTTP and HTTPS port to Nginx deployment and service in the values.yaml file.

New Webhook to Support Pull Replication from Remote Repositories

The newly added 'Cache' webhook event is triggered for Pull Replication events occurring opposite remote repositories. Please note that for push replication, you should use this 'Deployed' event. For more information, see the Domain:Artifact section.Webhooks

Extended the Priority Resolution feature to Support RPM Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for RPM packages.Local RepositoriesRemote Repositories

Integration Service Logs Added to Support Bundle

The integration-request.log and integration-service.log logs have been added to the Support Bundle.

Release Bundle Webhooks: Enhanced the Exclude and Include Pattern Experience in the WebUI

To prevent confusion when creating the Release Bundle Webhook, the Webhooks WebUI has been improved when setting the include and exclude patterns.

Updated the Refresh Token Mechanism

To enable refreshing a token without having to provide the old token, a new column has been added to the database that contains the token payload, the token version, and `kid` as a JSON (this is an applicable to refreshable tokens only!). Upon receiving a token request to refresh, the original data is then taken from the new column in the database. See RefreshToken.Refresh Token (Deprecated)

Resolved Issues

JIRA Issue



Fixed an issue related to downloading NuGet packages in virtual repositories running JFrog Xray whereby, Artifactory blocked downloads due to an Xray policy, and an incorrect error message was displayed. The error was 404 and has now been replaced 403.


Fix an issue related to LDAP integration whereby, an increased number of REST calls were sent to the LDAP server during UI browsing.


Fixed an issue whereby, retrieving a version of a Go package from a virtual repository using a REST Command, returned a 500 error (Null Pointer Exception) response.


Fixed an issue whereby, deploying files to a Yum virtual repository failed to merge metadata related to .xz file extensions.


Fixed an issue whereby, updating a user group by adding a user or one of the user's groups through the CLI, required adding the credentials to the Conan client.

Fixed an issue related to Conda packages whereby, deploying an attachment package to with stored entries to a local repository could not be extracted.

Fixed an issue whereby, tree browser artifacts were not sorted in a chronological list.

Fixed an issue whereby, the Direct Cloud Storage Download field and CDN redirect field in the UI were not displayed, when creating or editing a federated repository.

Fixed an issue related to configuring Artifactory with Access TLS enabled using Helm Charts, resulted in incorrect proxy_pass configurations for /artifactory/ in the default artifactory.conf file.

Fixed an issue, related to JFrog Distribution, whereby Release Bundles failed to be created from a project-assigned repository.