Released: 11 October, 2022 (Released to Cloud on 2 October, 2022)
Known Issue in this Version
Affected Audience: Users logging into the JFrog Platform with Google Authentication should refrain from upgrading to this version. For more information, click here.
JetS3t Deprecation Announcement - Applies to Self-Hosted Environments Only!
In continuation to the official email sent on the 22 of July 2022, we have officially deprecated the JetS3t library that was used in the JFrog Platform to enable an API to AWS S3 and Google Cloud Storage. You should therefore use the s3-storage-v3 instead, which uses the official, highly-maintained AWS S3 SDK. The transition is seamless between s3 to s3-storage-v3, as most parameters are the same between the two providers. To learn more, see Amazon S3 Official SDK Template.
Java 17 Compatibility
From this version, Artifactory officially supports running with JDK 17 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 17.
Access Token Scope Added to the WebUI
The scope of a user's access token (also known as a scoped token), has now been added to the JFrog Platform WebUI (in addition to the existing API endpoint) as a new column in the Security page. For more information, see Generating Scoped Tokens.
AQL Search Speed Improvements
Improved AQL internal search mechanism to support running faster queries.
Helm Indexing Improvements
Improved the speed when indexing Helm Charts in Helm repositories.
Webhooks WebUI Now Supports Using the Secret for Signing the Payload
When creating Webhooks and defining a secret authentication token, the administrator can determine the way in which the Webhook's secret token should be used:
As the X-JFrog-Event-Auth HTTP header, so that the token can be used by the service that receives the event to authenticate the event emitter
To sign the events payload- in which case the secret token must not be passed as a header
To support both options, the backend was updated to also send an HTTP header containing the payload hash value calculated based on the secret token (this hash value should be computed based on SHA1 or SHA256). With this release, the JFrog Platform now supports setting the secret for payload signing through the WebUI. See Create Webhooks in the JFrog Platform.
Allow Including/Excluding Patterns for Syncing User Entities with Access Federation
Added the option to define include or exclude patterns for users.
Important: This feature is experimental. We recommend reaching out to JFrog Support for assistance with configuring this, as it may affect other Federation setups.
Cargo Indexing Enhancement
Added support for alternative indexing in Cargo repositories based on the sparse index specifications, instead of jgit server For more information, see Setting Up Cargo Indexing Using Sparse Indexing.
User/Group WebUI Enhancements
Enhanced the User/Group WebUI with the following updates:
Enable sorting users in tables by additional columns
Enable partial search by name/email in tables
Improved the loading time of Users in the Groups page
Improved the loading time of Users/Groups in Permission Targets
Project Name Maximum Length Changed RTFACT-26156
The maximum length for a project name was increased from 32 characters to 128.
Fixed an issue whereby, running the
Fixed an issue whereby, the Conan search failed to provide correct results when searching a virtual Conan repository if the indexed files did not exist in Local Conan repositories.
Fixed an issue whereby, the Config Descriptor was corrupted due to expired CRON expressions.
Fixed the issue whereby, deploying two CocoaPods pods to a remote Smart Repository with the same source field caused one of them to be later installed incorrectly
Fixed an issue whereby, running a Copy or Move using Docker Promote left orphan layers of the Docker image in the target repository.
Fixed an issue whereby, Docker Catalog tags were not cached according to the Docker repository in the
Fixed an issue whereby, running Docker v2 Tag listing REST API, pagination was not supported and only 50 tags were displayed.
Fixed an issue whereby, Artifactory returned a 500 error message while resolving npm packages with a "relative" path from a virtual repository.
Fixed the following issues relating to npm repositories:
Fixed an issue whereby, performing a NuGet (V3 protocol) search against the nuget.org registry did not return results.
Fixed an issue whereby, under certain circumstances, accessing the Terraform backend repository using Terraform CLI returned a 403 error message even though login was successful.
Fixed an issue whereby, Docker repositories catalogs were not updated automatically for remote repositories.
Fixed an issue whereby, NuGet search queries failed when searching for packages with unencoded characters in the package metadata URL fields.
Fixed an issue whereby, Docker repositories metadata was accessible directly and visible through the JFrog UI, and now they can be accessed only using the REST API.
Fixed an issue whereby, a project admin was not able to create a repository if a Federated repository binding exists.
Fixed an issue whereby, when the source Artifactory was offline, the cached artifacts on the Artifactory Edge node could not be downloaded.
Fixed an issue whereby, modifying the default proxy settings applied the proxy settings to all remote repositories and replications even though no proxy was configured. To prevent auto-updates of a proxy, set the 'No Proxy' property. For more information, see Advanced Proxy Settings.
Fixed an issue whereby, disabling the Push Replication in the UI did not activate the license after the next Artifactory restart.
Fixed an issue whereby, the Edit Properties functionality in the JFrog Platform UI failed to store multiple values separated by a semicolon as expected.
Fixed an issue relating to Docker login whereby, the default identity tokens expiration time was too long (30 days), and has now been shortened to a default of 150 minutes. The expiration time can be modified by setting the
Fixed an issue whereby, under certain circumstances,
Fixed an issue whereby, SAML login failed if the SAML User ID contained special characters.
Fixed an issue whereby, the Support Bundle page in the WebUI did not display any Support Bundles due to a single corrupted
Fixed an issue whereby, Helm or Cran Virtual repository cache expiry caused malformed content length in S3 direct storage.