Artifactory 7.46

JFrog Release Information
ft:sourceType
Paligo

Issue ID

Description

Fix Version

Additional Information

RTDEV-31139

In some cases, Following the appearance of “Exception message: Failed to release lock (inconsistent state) for: {}. Current thread is not the owner of the lock.LockInfo{category='hqc_total_artifact_count', key='hqc_total_artifact_count'," Error in artifactory-service.log, Artifactory might stop responding for a short time.

7.59.x

It is recommended to upgrade to Artifactory version 7.59 or higher.

RTDEV-28314

Build info links containing artifactory/webapp in the URL are redirected to the packages page in the JFrog Platform UI:

https://ART_HOST/ui/packages#/builds/<BUILD_NAME>/<BUILD_NUMBER>

instead of the information page for the selected build number.

Workaround:Edit the URL manually by removing the packages# prefix. This fix will redirect the link to the build number information page:

https://ART_HOST/ui/builds/<BUILD_NAME>/<BUILD_NUMBER>

RTFACT-27545

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49 has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

7.49.6

RTFACT-29933

When modifying the userLockPolicy settings through the YAML configuration file, the changes were not applied accordingly.

7.70.2

JA-4703

Any changes made to the security configurations UI will override the custom configurations defined in the Access YAML Configuration .Introduction to the General Security SettingsAccess YAML Configuration

7.46.21

Customers with an Enterprise+ subscription that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations UI.Introduction to the General Security Settings

RTFACT-29239

The default expiration of Access Tokens created by the deprecated Artifactory Create Token REST API (/api/security/token) was increased from 1 hour to 1 year. As a result, newly created Access tokens become revocable tokens and do not support cross-instance authentication through a "Circle of Trust".Create Token (Deprecated)Circle of Trust (Cross-Instance Authentication)

Suggested Workarounds:

  1. Reduce the expiration period of new tokens created by Artifactory REST API by defining "expires_in" as less than 21600 seconds (the default value of revocable-expiry-threshold).Access YAML Configuration

  2. Restore Artifactory properties to be as before 7.46.x by adding the following properties to the artifactory.system.properties file and restarting Artifactory:

    artifactory.access.token.expiresIn.default=3600
artifactory.access.token.non.admin.max.expires.in=3600

RTFACT-29203

NPM installation fails if a bundledDependencies is present in the package.json.

7.47.10

RTFACT-29193

The List Docker Tags API does not work as expected - when executing this API, Artifactory queries the remote resource only once and caches the response. As a result, it will always use the cached response and will not query the remote again.

7.49.5

RTDEV-28501

Users are unable to log into Artifactory when there is an IP address in the X-Forwarded-For Header in the format <ip:port> in the schema name.

7.49.6

Suggested workaround:

Add a header rewrite for X-Forwarded-For header in the application gateway. The header value should be:{var_add_x_forwarded_for_proxy}

RTDEV-28125

Users performing Google authentication to the JFrog Platform will receive an error.

7.46.6

JA-4295/JA-4233

When there are more than five outbound servers configured in Access Federation, Artifactory fails to start.

7.46.17