Artifactory 7.68.7 Self-Hosted

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

Released: 11 September, 2023

API Key Deprecation

As notified in Artifactory 7.47.10, support for API Key is slated to be removed in a future release. To ease customer migration to reference tokens, which replaces API key, we are disabling the ability to create new API keys at the end of Q3 2024. The ability to use API keys will be removed at the end of Q4 2024. For more information, see JFrog API Key Deprecation Process.User ProfileJFrog API Key Deprecation Process

Known Issue in This Version

When upgrading Artifactory to version 7.68.7 or 7.68.11, Artifactory failed to complete the upgrade due to a failure in validating the Access database schema. Users should upgrade to version 7.68.13 and later. For more information, see Known Issues.

Artifactory 7.68.7 is Available as a Cloud and Self-Hosted Version

Artifactory 7.68.7 is the Self-Hosted version and contains all the highlights, feature enhancements, and bug fixes stated in Artifactory 7.68.6 as part of our Cloud-first initiative.

Backup Path Change

When updating Artifactory to version 7.66.x and above, verify that your server path to backup does not start with JFROG_HOME/artifactory. If it does, please change it to avoid errors.

New Features

  • Support for Air-gapped Environments

    JFrog Platform now supports air-gapped environments. For more information, see Configure JFrog Platform in an Air-gapped Environment.Configure JFrog Platform in an Air-gapped Environment

  • Xray Scanning of Release Bundles v2

    JFrog Xray can now scan Release Bundles v2 for potential vulnerabilities and security risks. Security administrators can create policies that block the promotion and distribution of Release Bundles flagged by Xray, as required.

  • Support for Docker Project ID Field for Remote Repositories

    Artifactory now supports populating the Project ID field for remote repositories through the JFrog Platform WebUI, enabling GCR.io users to utilize private Docker repositories.

  • Support for PostgreSQL 14 and 15

    Artifactory is now certified to work with PostgreSQL 14 and 15 database.

Feature Enhancements

  • Internal Database Indexing Enhancements

    This release includes a number of internal database indexing enhancements that improve the performance of virtual repositories.

    For more information, see Internal Database Indexing Enhancements for Nodes Table.

  • Rest API

    • New REST API to Revoke Token by Value

      This release includes an API that can revoke an access token by providing a JSON web token (JWT) or reference token..

      For more information, see Revoke Token by Value.Revoke Token by Value

    • Workers REST APIs

      You can now use Workers REST APIs to configure and manage Worker service settings. To learn about Workers, see Workers Service.Create WorkerWorkers Service

    • Updated REST API to Get Token by ID without Validation

      This release includes an update to the Get Token by ID REST API so that the API does not require validating the audience.

      For more information, see Get Token by ID.Get Token by ID

  • Sharding

    • New Artifactory Sharding Storage Metrics

      Metrics for the sharding binary provider have been added. For more information on these metrics, see Artifactory Metrics.Artifactory Metrics

    • Sharding Improvements

      The enableShardingBalancer flag was added to the configuration options for the sharding binary provider, to allow for disabling the balancing sharding mechanism. Also, the default value for the maxBalancingRunTime setting was set to 0.0 to allow for the sharding balancing operation to complete without interruption. For more information, see Basic Sharding ConfigurationBasic Sharding Configuration

  • Cargo

    • Added Support for Renaming Cargo Dependencies

      It is now possible to rename the dependencies in the cargo.toml file when uploading crates to local repositories.

    • Added Support for Renaming Cargo Dependencies

      The Platform Get User Details REST API response now contains the effective_admin field to indicate if the user is an administrator, based on the user's associated groups.

  • Increased Number of Roles Per Project

    The number of roles allowed per project has been increased from 10 to 30.

  • Ability to Order Environments

    On the Environments page of the platform UI, it is now possible to drag and drop environments into whatever order is desired. (Global and project environments must remain separate.)

  • Block Project Administrator from Adding Anonymous Access

    JFrog has hardened anonymous access at the project level for security reasons. From Artifactory version 7.66 JFrog disabled the ability to add an anonymous user to a new project. For more information, see Allow Anonymous Access.Allow Anonymous Access

  • New Field Support for Custom Webhooks RTFACT-29754

    Artifactory now populates the jpd_origin and subscription_key fields when creating a custom webhook with a custom payload.

  • Additional UI Options for Creating Release Bundles v2

    Artifactory now enables you to create Release Bundles v2 directly from the Release Bundle window in the platform UI. When you click the Create Release Bundle button, you are given 2 options:

    • Create from Builds: Use this option to create the Release Bundle from one or more builds (including aggregated builds).

    • Create from Release Bundles: Use this option to create a new Release Bundle from one or more existing Release Bundles.

    For more information, see Create Release Bundles (v2).Create Release Bundles (v2)

    Tip

    It is still possible to create a Release Bundle from a single build directly from the Builds window (Artifactory > Builds). Use the Create Release Bundle Version REST APIs to create Release Bundles from AQL and artifacts.Create Release Bundle v2 Version

Resolved Issues

JIRA Issue

Description

EVT-913

Fixed an issue whereby, when trying to save a webhook, the validation failed if an HTTP proxy was set.

JA-6361

Fixed an issue whereby, when trying to refresh an expired token during the token.cache.expire-after-write-seconds period, Artifactory returned an error.

JA-6441

Fixed an issue whereby, when you tried to create a token in the UI for locked, disabled, or invited users did not dispaly a proper error message about why the token creation was not possible.

JA-6448

Fixed an issue whereby, it was possible to edit disabled inputs on the edit page of a single user when using the LastPass browser extension on the Artifactory WebUI.

JA-6477

Fixed an issue whereby, the JFrog Platform WebUI became unresponsive while synchronizing LDAP Groups when there were a large number of configured groups.

JA-6514

Fixed an issue whereby, the Custom Login Dialog did not appear in all logins. You can now configure whether to display the dialog only once or for every login.

JA-6528

Fixed an issue where the edge nodes that were registered to home using join-key went offline after a certain period due to the token cleanup job.

JA-6550

Fixed an issue whereby, when using mTLS to authenticate, Artifactory returned an 'invalid username' error.

JA-6616

Fixed an issue whereby, the Artifactory UI became sluggish and did not show all the content when there is a large number of Crowd groups in the system.

JFMC-5419

Fixed an issue whereby, the Mission Control microservice failed to monitor the local topology if the home JPD scaled down due to lower load.

JFMC-5434

Fixed an issue whereby, the Username field displayed masked characters and the Password field displayed plain text characters in the Register Platform Deployment screen.

JFUI-13465

Fixed a bug whereby a system/access import crashed the front-end service, requiring a restart.

RTDEV-32784

Fixed an issue that prevented the propagation of Copy Artifact and Move Artifact operations to other Federation members.

RTDEV-32806

Fixed an issue whereby, Artifactory did not support removing the Remote Layout Mapping setting once it has been set.

RTDEV-33074

Fixed an issue whereby, the artifactory.repository.config.latest.json file wasn't created during startup but only when there was a change in the repository configuration.

RTDEV-33198

When initiating the archive process, a cold manifest file is created for internal use and this file is archived with the other artifacts. In previous releases, the cold manifest file was included as part of the archived artifacts summary. In this release, this file is no longer included as part of the archived artifacts summary. To implement this change, you must upgrade both warm and cold instances.

RTDEV-33226

Fixed an issue whereby, the Set Me Up screen in the Jfrog Platform WebUI took a long time to load for non-admin users with limited permissions.

RTDEV-33494

Fixed an issue that enabled REST API users to choose a terraformType other than provider or module, which resulted in a UI error of "Federated repository is not found".

RTDEV-33953

Fixed an issue related to Conda whereby, under some circumstances, certain packages were not indexed as expected.

RTDEV-34077

Fixed an issue related to the Artifactory WebUI whereby, under some circumstances, the User Management > Permissions screen displayed incorrect information.

RTDEV-34180

Fixed an issue whereby packages that were only partially archived to cold storage were partially deleted from a warm instance, which resulted in unusable packages.

RTDEV-34340

Fixed an issue whereby, RPM re-indexing took longer than expected.

RTFACT-29357

Fixed an issue related to Distribution Webhooks whereby, when selecting release bundles to be included in the webhook, Release Bundles with targets but no sources were included in the list.

RTFACT-29385

Fixed an issue related to Debian repositories whereby, when trying to resolve an InRelease file from a virtual repository, Artifactory returned an error.

RTFACT-29429

Fixed an issue that caused the Federated Base URL to be ignored in favor of the custom Base URL when adding members to a Federation. This issue occurred when the remote JPD was added via deployment bindings.

RTFACT-29538

Fixed an issue whereby, when restoring a Folder with an identical name as an artifact, the artifact was corrupted and became unusable.

RTFACT-29540

Fixed an issue related to the YAML configuration file whereby, when creating or updating repository properties with the value null, Artifactory set the value as $$deleted=null.

RTFACT-29547

Fixed an issue that prevented the propagation of a Delete Artifact operation to other Federation members, which resulted in inconsistencies in Federated repositories.

RTFACT-29586

Fixed an issue that caused synchronization failures between JPDs due to an expired master token. These tokens, which are generated when the binding is initiated, have an expiry duration of 365 days. The fix introduces a periodic job that refreshes tokens that are about to expire.

RTFACT-29687

Fixed an issue related to PHP Composer whereby, when trying to install the roots/wordpress package, Artifactory returned an error.

RTFACT-29705

Fixed an issue related to Docker remote repositories whereby, when setting the Enable Direct Cloud Storage setting to 0, Artifactory did not support pulling images from that repository.

RTFACT-29710

Fixed an issue related to npm whereby, when deploying the same package as a scoped package and under root, the api/npm REST API did not work as expected.

RTFACT-29739

Fixed an issue whereby Federated repositories were missing the Deploy tab in the Set Me Up dialog box, regardless of the package type.

RTFACT-29746

Fixed an issue whereby, when uploading two RPM files with the same name but different SHA1 values at the same time, a SHA1 mismatch occurred.

RTFACT-29773

Fixed an issue related to Docker/OCI whereby, Artifactory did not support Docker promotion of a multi-architecture image with attestation manifests.

RTFACT-29791

Trying to create a token in the UI for locked, disabled, or invited users will now show a proper error message informing the user why the token creation is not possible.

RTFACT-29808

Fixed an issue related to Artifactory versions 7.59.9 and later whereby, when using the Synchronize LDAP Groups feature with a large number of configured groups, the JFrog Platform WebUI became unresponsive.

RTFACT-29809

Fixed an issue related to Terraform whereby, when resolving external dependencies from a Smart Remote repository pointing to a remote repository, the Smart Remote repository attempted to resolve the dependency instead of requesting it from the Remote repository.

RTFACT-29813

Fixed an issue whereby, when trying to download from a remote repository pointing to another Artifactory repository upstream, where Xray is blocking the download, Artifactory returned a status code from the remote repository and not from the upstream repository.

RTFACT-29814

Fixed an issue related to RubyGems local repositories whereby, when deleting a quick folder and recalculating the repository index, the folder was not recreated.

RTFACT-29856

Fixed an issue whereby, the Custom Base URL was reset to null when the Custom Message was enabled and disabled under General Settings.

RTFACT-29902

Fixed an issue that prevented non-Enterprise+ users from managing a permission target for Release Bundles v2 using the Get/Create/Update/Delete Permission Target REST APIs.

RTFE-287

Fixed an issue whereby, when opening the Set Me Up menu in Cloud environments with subdomains and no Custom Domain Name configured, the JFrog Platform WebUI showed the domain's technical name instead of the server name.