Artifactory 7.71.2 Self-Hosted

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

Released: 24 October 2023

This topic describes the new features, feature enhancements, and resolved issues that are part of the Artifactory 7.71.2 release for Self-Hosted environments. It includes all improvements since Artifactory 7.68.

Breaking Change for Audience Restriction in SAML SSO Authentication Provider Configuration

From Artifactory version 7.70 and up, Audience Restriction will be enabled by default for SAML SSO without the ability to disable it. The verifyAudienceRestriction attribute for SAML SSO is set by default in the Access Configuration YAML in the JFrog Platform for new Artifactory installations.

Breaking Change: Legacy member-of-groups:"*" scope is no longer accepted in Access Tokens

In Artifactory 7.71.2, due to a parsing issue with the scope, member-of-groups:"*" , the scope for access tokens is not parsed correctly and does not provide user-scoped token permissions to the token.

To workaround the issue, you can create a token with the same scope without the quotes - member-of-groups:* . You can also use the scope, applied-permissions/user, which replaces the legacy, member-of-groups:* token scope.

Breaking Change for Conan Repositories

From Artifactory version 7.71.x and forward, when using the CLI to perform actions on a Conan package that does not exist in the upstream repository, Artifactory will return a 404 error instead of returning a 200 message and creating an empty folder.

Upcoming Behavior Change: Docker Tag Retention Enhancement

In the upcoming Artifactory version 7.74.x, we're introducing an enhancement to the Docker tag retention logic for better management of multi-architecture images.

This enhancement specifically targets multi-architecture images, which are represented with a manifest.list. Here's what to expect:

  • When a multi-architecture image exceeds its Docker tag retention limit, not only will the primary manifest be deleted, but its associated sub-manifests (or sub-images/architectures) and their related blobs will also be removed.

  • Even though these components are deleted, they're not lost. You can retrieve the manifest and its associated sub-manifests and blobs from the trash can, based on your system settings.Restoring Deleted Repositories

Known Issue in This Version

Artifactory failed to pull Go Submodules of packages when the remote repository is pointed to github.com. For more information, see Known Issues.

Known Issue in This Version

When enabling the setting Bypass HEAD Requests for one or more remote repositories, a connection leak might occur. For more information, see Known Issues.

New Features

  • Self-Hosted Support for Hugging Face ML Repositories (Beta release)  

    JFrog now supports local and remote Hugging Face repositories in Self-Hosted instances, allowing you to use Artifactory to house ML models alongside your other software components and Xray to detect malicious models and enforce license compliance. Create a single system of record for ML models that brings ML/AI development in line with your existing SSC. For more information, see Hugging Face Repositories.Hugging Face Repositories

    hf_transparent_chart.png
  • Federation Recovery and Auto-Healing

    Artifactory now features an auto-healing mechanism that can recover automatically from error exhaustion and reduce the need to perform full sync operations on Federated repositories.

    Auto-healing checks Federated repositories at regular intervals for exhausted queues (queues that have exceeded the maximum number of attempts to send events to other Federation members). This mechanism resets the failed events automatically and tries again to sync with the target mirror. For more information, see Federation Recovery and Auto-Healing.Federation Recovery and Auto-Healing

    There is also a new Federation Recovery API that enables administrators to perform recovery manually as an alternative to performing a full sync.Federation Recovery

  • Hide SSO Providers

    You can now hide the SSO providers that you configured in the JPD from the login screen. If you hide the providers, the users need to type in the SSO providers to log in to the JFrog Platform UI. For more information, see Hide SSO Providers.Hide SSO Providers

Feature Enhancements

  • Configuration Settings Added to Cached Filesystem Binary Provider 

    The following two configuration settings were added to cache-fs, the Cached Filesystem Binary Provider:

    • maxFileSizeLimit: Set the maximum limit for a binary to be saved in the cache-fs layer.

    • skipDuringUpload: A flag that allows you to skip saving binaries to cache-fs during upload requests.

    For more information, see Cached Filesystem Binary Provider.Cached Filesystem Binary Provider

  • Migration of Authentication Provider Configuration from Artifactory Service to Access Service  

    As part of enhancements to the JFrog Access Service to make it the primary service for authentication providers, from Artifactory version 7.71.x, the functionality for the following authentication providers has moved to the Access Service: Internal, LDAP, HTTP SSO, and Crowd/JIRA.Migrated Authentication Provider Properties

  • Improved Trash Can functionality

    Trash Can functionality has been improved such that if you select an artifact to be deleted to the Trash Can, and there is already an artifact in the Trash Can with the same path as the artifact that you selected for deletion, a pop-up appears and informs the user that if they continue with the deletion, the artifact currently in the Trash Can will be permanently deleted. The user can click Cancel in the pop-up if they decide that the artifact currently in the Trash Can should not be permanently deleted.

  • Package Archiving Improvement

    Prior to this release, when archiving a package to cold storage, if a package already existed in cold storage with the same name, type, version, and repository path, the older package would be overridden by the newer package. In this release, cold storage archiving of packages has been modified such that if a package already exists in cold storage with the same name, type, version, and repository path, the older package in cold storage remains there and the newer package is not archived in cold storage. When this happens, an info-level log message is written to the log to inform the user that the newer package was not archived.

  • Get Release Bundle Versions API Enhancement

    A new query parameter option in the Get Release Bundle v2 Versions API makes it possible to return the permission settings for promoting, distributing, and deleting the specified Release Bundle v2 versions.Get Release Bundle v2 Versions

Resolved Issues

JIRA Issue

Description

RTFACT-30000

Fixed an issue whereby, when trying to resolve an RPM package from a remote repository, Artifactory returned a 'Metadata file does not match checksum' error.

RTFACT-29995

Fixed an issue related to npm whereby, when installing packages through Artifactory, the client downloaded all flavors of the package, instead of downloading only the specific flavor (OS and CPU architecture) of the requested package.

RTFACT-29983

Fixed an issue whereby, when upgrading from Artifactory version 7.59.9 to 7.63.5, the filter section was missing from the repository list of replications in the JFrog Platform WebUI.

RTFACT-29956

Fixed an issue whereby, Artifactory did not support sending notification emails to admins when a project reached 75% of its storage limit on Cloud instances.

RTFACT-29955

Fixed an issue whereby, when modifying any part of the Security element in the Artifactory YAML Configuration using REST API, the HTTP SSO was set to the default value, which is disabled.

RTFACT-29933

Fixed an issue in Artifactory versions 7.46.3 and higher whereby, when modifying the userLockPolicy settings through the YAML configuration file, the changes were not applied accordingly.

RTFACT-29920

Fixed an issue whereby, the minor Garbage Collector feature did not clean up as many items as expected.

RTFACT-29895 

Fixed an issue related to Terraform whereby, when trying to resolve modules from a smart repository, Artifactory returned a 404 error.

RTFACT-29886 

Fixed an issue related to Conda whereby, Artifactory did not support retrieving artifact metadata from remote repositories that use the .ZST compression algorithm.

RTFACT-29872

Fixed an issue related to Chef whereby, when trying to resolve a package from a Smart Remote repository using the JFrog Platform WebUI, Artifactory returned an error.

RTFACT-29871

Fixed an issue whereby, Artifactory did not support downloading un-cached packages from virtual repositories using the JFrog Platform WebUI.

RTFACT-29862 

Fixed an issue whereby Federated repositories did not stay in sync after files were cleaned up by a plugin.

RTFACT-29853

Fixed an issue whereby, when using the CLI to perform actions on a Conan package that does not exist in the upstream repository, Artifactory returned a 200 message and created an empty folder.

RTFACT-29810

Fixed an issue whereby, when restoring a deleted artifact or folder from the trash can with the 'Recursive' checkbox not selected, properties from the repository level are also added to the artifact or folder.

RTFACT-29706

Fixed an issue in pull replication that caused empty folders to appear in the cache even when the include/exclude pattern should have caused the path to not be included.

RTFACT-29626

Fixed an issue whereby, after restarting an Artifactory instance, the JAR signing feature did not work as expected.

RTDEV-36089

Fixed an issue related to Docker whereby, when trying to perform orphan layer cleanup on an Artifactory instance with S3, a connection leak might occur.

RTDEV-36014

Fixed an issue whereby the Federation event mechanism would not resume after disabling and re-enabling the Federated member.

RTDEV-35969

Fixed an issue whereby, when pulling a common blob that appears over 500 times in the nodes table under local and remote repositories, Artifactory might return a blob not found error

RTDEV-35586

Fixed an issue whereby, when attempting to import the artifactory.config.import.yml file, Artifactory returned an error.

RTDEV-35216

Fixed an issue whereby, when deploying a BuildInfo resource that contains a null BuildAgent, Artifactory returned a Null Pointer Exception error, failing the deploy.

RTDEV-35001

Fixed an issue related to Maven whereby, under some circumstances, when deploying artifacts using a Maven client in version 3.9.x, the maven-metdata.xml file was not updated as expected.

RTDEV-34969

Fixed an issue whereby the optimization percentage value displayed in the storage monitoring user interface was showing a highly inaccurate and exaggerated value.

RTDEV-34814

Fixed an issue whereby Docker cleaned up a Federated Docker repository based on an outdated manifest, which resulted in removing new blobs instead of orphaned blobs.

RTDEV-34149

Fixed an issue whereby, when pushing a multi-architecture layer that already exists in the system, Artifactory created a redundant appearance of the layer with its architecture name

RTDEV-34078

Fixed an issue related to Go whereby, Artifactory did not support changing a remote repository's Git provider to "ARTIFACTORY" using the YAML configuration REST API.

RTDEV-33935

Fixed an issue in push replication that caused a replication attempt to take place even when the same artifact was already deployed to the same path on the destination instance (before replication was set to take place).

RTDEV-31458

Fixed an issue whereby, under certain circumstances, the performance of virtual PyPI repositories with multiple local repositories was impaired.

JA-5100

Fixed an issue whereby, when authenticating using LDAP in an environment containing several LDAP settings, Artifactory searched for the user's group association across all group settings, instead of only in the paired LDAP setting.

INST-6603

Fixed an issue whereby, Artifactory did not support configuring a private registry for rabbitmq pre-upgrade hook containers in Xray and platform chart.