Artifactory 7.46.3 Cloud | Self-Hosted

JFrog Release Information


Released: 11 October, 2022 (Released to Cloud on 2 October, 2022)

Known Issue in this Version

Affected Audience: Users logging into the JFrog Platform with Google Authentication should refrain from upgrading to this version. For more information, click here.

JetS3t Deprecation Announcement - Applies to Self-Hosted Environments Only!

In continuation to the official email sent on the 22 of July 2022, we have officially deprecated the JetS3t library that was used in the JFrog Platform to enable an API to AWS S3 and Google Cloud Storage. You should therefore use the s3-storage-v3 instead, which uses the official, highly-maintained AWS S3 SDK. The transition is seamless between s3 to s3-storage-v3, as most parameters are the same between the two providers. To learn more, see Amazon S3 Official SDK Template.Amazon S3 Official SDK Template

Feature Enhancements

Java 17 Compatibility

From this version, Artifactory officially supports running with JDK 17 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 17.

Access Token Scope Added to the WebUI

The scope of a user's access token (also known as a scoped token), has now been added to the JFrog Platform WebUI (in addition to the existing API endpoint) as a new column in the Security page. For more information, see Generating Scoped Tokens.Generate Scoped Tokens

AQL Search Speed Improvements

Improved AQL internal search mechanism to support running faster queries.

Helm Indexing Improvements

Improved the speed when indexing Helm Charts in Helm repositories.

Webhooks WebUI Now Supports Using the Secret for Signing the Payload

When creating Webhooks and defining a secret authentication token, the administrator can determine the way in which the Webhook's secret token should be used:

  • As the X-JFrog-Event-Auth HTTP header, so that the token can be used by the service that receives the event to authenticate the event emitter

  • To sign the events payload- in which case the secret token must not be passed as a header

To support both options, the backend was updated to also send an HTTP header containing the payload hash value calculated based on the secret token (this hash value should be computed based on SHA1 or SHA256). With this release, the JFrog Platform now supports setting the secret for payload signing through the WebUI. See Create Webhooks in the JFrog Platform.Create Webhooks in the JFrog Platform

Allow Including/Excluding Patterns for Syncing User Entities with Access Federation

Added the option to define include or exclude patterns for users.


Important: This feature is experimental. We recommend reaching out to JFrog Support for assistance with configuring this, as it may affect other Federation setups.

Cargo Indexing Enhancement

Added support for alternative indexing in Cargo repositories based on the sparse index specifications, instead of jgit server For more information, see Setting Up Cargo Indexing Using Sparse Indexing.Cargo Package Registry

User/Group WebUI Enhancements

Enhanced the User/Group WebUI with the following updates:

  • Enable sorting users in tables by additional columns

  • Enable partial search by name/email in tables

  • Improved the loading time of Users in the Groups page

  • Improved the loading time of Users/Groups in Permission Targets

Project Name Maximum Length Changed RTFACT-26156

The maximum length for a project name was increased from 32 characters to 128.

Resolved Issues

JIRA Issue



Fixed an issue whereby, running theGET binary/providers/info Rest API, triggered an exception

when the binarystore.xml was configured to use the sharding binary-provider with the redundancy value greater than the number of sub-providers. For example,when using cluster-s3-storage-v3 template with redundancy set to 3.


Fixed an issue whereby, the Conan search failed to provide correct results when searching a virtual Conan repository if the indexed files did not exist in Local Conan repositories.


Fixed an issue whereby, the Config Descriptor was corrupted due to expired CRON expressions.


Fixed the issue whereby, deploying two CocoaPods pods to a remote Smart Repository with the same source field caused one of them to be later installed incorrectly


Fixed an issue whereby, running a Copy or Move using Docker Promote left orphan layers of the Docker image in the target repository.


Fixed an issue whereby, Docker Catalog tags were not cached according to the Docker repository in the tags.json file.


Fixed an issue whereby, running Docker v2 Tag listing REST API, pagination was not supported and only 50 tags were displayed.


Fixed an issue whereby, Artifactory returned a 500 error message while resolving npm packages with a "relative" path from a virtual repository.


Fixed the following issues relating to npm repositories:

  • npm virtual repositories could not detect specific URLs.

  • Installing an npm package from a virtual repository did not acknowledge the include/exclude pattern set in the virtual repository.


Fixed an issue whereby, performing a NuGet (V3 protocol) search against the registry did not return results.


Fixed an issue whereby, under certain circumstances, accessing the Terraform backend repository using Terraform CLI returned a 403 error message even though login was successful.


Fixed an issue whereby, Docker repositories catalogs were not updated automatically for remote repositories.


Fixed an issue whereby, NuGet search queries failed when searching for packages with unencoded characters in the package metadata URL fields.


Fixed an issue whereby, Docker repositories metadata was accessible directly and visible through the JFrog UI, and now they can be accessed only using the REST API.


Fixed an issue whereby, a project admin was not able to create a repository if a Federated repository binding exists.


Fixed an issue whereby, when the source Artifactory was offline, the cached artifacts on the Artifactory Edge node could not be downloaded.


Fixed an issue whereby, modifying the default proxy settings applied the proxy settings to all remote repositories and replications even though no proxy was configured. To prevent auto-updates of a proxy, set the 'No Proxy' property. For more information, see Advanced Proxy Settings.Advanced Settings


Fixed an issue whereby, disabling the Push Replication in the UI did not activate the license after the next Artifactory restart.


Fixed an issue whereby, the Edit Properties functionality in the JFrog Platform UI failed to store multiple values separated by a semicolon as expected.


Fixed an issue relating to Docker login whereby, the default identity tokens expiration time was too long (30 days), and has now been shortened to a default of 150 minutes. The expiration time can be modified by setting the artifactory.docker.tokens.expiration.timeSecs parameter.


Fixed an issue whereby, under certain circumstances, npm install failed if metadata was omitted.


Fixed an issue whereby, SAML login failed if the SAML User ID contained special characters.


Fixed an issue whereby, the Support Bundle page in the WebUI did not display any Support Bundles due to a single corrupted service_manifest.json.


Fixed an issue whereby, Helm or Cran Virtual repository cache expiry caused malformed content length in S3 direct storage.