Released: May 19, 2020
Artifactory 7.5 is Available as a Cloud Version
The JFrog Artifactory 7.5 release is available as a Cloud version and is aligned aligned with the Artifactory 7.5.5 Self-Hosted version.
Artifactory Cloud with CDN Distribution
Artifactory Cloud Enterprise and Enterprise+ supports a fully integrated advanced CDN solution removing the need to deal with the complexity of setting up a separate external CDN Caching system. JFrog Artifactory Cloud with Amazon's CloudFront CDN solution allows you to manage, control, and distribute high volumes of software distribution across multiple locations.
The CDN solution provided in Artifactory Cloud supports distributing public content via Anonymous Access and Signed URLs, distributing private content using fine-grained permissions and Access Tokens, CNAME/SSL support, and setting IP Whitelisting and Geo Restrictions. To view the list of CDN features supported by the different JFrog subscription types, see Cloud Pricing.
From version 7.5, CDN Distribution is enabled by default for Artifactory Cloud Enterprise and Artifactory Cloud Enterprise+ users and all is that is required is to set CDN support on your repository level. For more information, see JFrog Cloud.
Support for Signed URLs
Artifactory now supports using signed URLs. Users with administrator or manage permission can generate a signed URL that provides temporary shared access to a specific artifact, using the Create Signed URL REST API. Using the Replace Signed URL Key REST API, administrators can replace the key for signing and validating signed URLs, invalidating any signed URLs previously created. This feature is supported for Artifactory Cloud Enterprise and Enterprise+ users.
Xray Block Unscanned Artifacts Timeout Policy
This version includes the capability to define the timeout policy for unscanned artifact download requests. This means that when a block unscanned artifacts policy is configured in Xray, Artifactory will wait for the predefined time of the policy, to allow Xray to perform the required scan. This will prevent download request failures that require Xray scan on the artifacts.
In addition, to improve artifact download performance, Artifactory will now only request Xray scans results for repositories configured with block download policy.
** Available with Artifactory version 7.5.x and Xray version 3.4.x.
Support for RHEL 8 AppStream
Artifactory now supports Red Hat Enterprise Linux 8 which contains support for enhanced Yum metadata for AppStream (RHEL8) or Modularity (Fedora) technology used in RHEL8. An example of this new metadata includes the
data type=modules metadata from
repomd.xml. The Content in AppStream in RPM is available in one of two formats - the familiar RPM format and an extension to the RPM format called Modules.
As part of the AppStream support in Artifactory, you can:
Proxy AppStream modules through a remote RPM repository.
Host and serve AppStream modules according to profiles and streams through a local RPM repository.
Serve local and remote content through a virtual repository.
For more information, see Deploying RPM Modules to Your Local Repository.
Fixed an issue whereby, when authenticating a Docker or Conan Packages login with a username and API key of an LDAP user, Artifactory always checked against the LDAP service, even if it was in the cache period.
Fixed an issue whereby, when using HTTP SSO and the anonymous mode was enabled, non-cookie-cached requests resulted in a 401 error if an anonymous request was sent beforehand.
Fixed an issue whereby, when event-based pull replication was enabled for a large number of repositories, the target server reached a thread pool exhaustion.
Fixed an issue whereby, in Docker repositories, pushing a container using several clients such as containers, did not work properly.
Fixed an issue whereby, proxying and caching npm packages from GitHub Packages resulted in an error.
Fixed an issue whereby, in several remote npm repositories, running an npm search that did not return any results and therefore these search requests did not close, caused a pool leak.
Fixed an issue whereby, in some cases, in Conan smart remote repositories, the pull replication from a distant Artifactory instance did not pull packages from the source Artifactory instance.
Fixed an issue whereby, in a Debian client, when using your own GPG keys, the initial GPG verification failed when resolving packages from a Debian virtual repository.
Fixed an issue whereby, in a Debian local repository, when running recalculate index to create a Release metadata file, the Component property in the Release file was missing the text before the hyphen in the name of the component. Example: acpu-base appeared just as base.
Fixed an issue whereby, when trying to resolve packages from a PyPI remote repository that is connected to a pypiserver, the download did not work due to a malformed download URL.
Fixed an issue whereby, in CRAN remote repositories, downloading and deploying CRAN packages with versions that contained more than 4 octets (e.g. 0.9.800.1.0) failed.
Fixed an issue whereby, in CRAN virtual repositories, when trying to resolve packages, the updated packages were not available until the aggregated CRAN remote repository updated its' metadata.
Fixed an issue whereby, issues were encountered in the task execution mechanism in HA clusters.
For a complete list of changes, please refer to our JIRA Release Notes.