Released: 29 October 2024
Important Announcements
Note
Artifactory Release Notes Structural Update
The Artifactory Release Notes (that appear in the JFrog Release Notes) has been updated to separate the Self-Hosted and Cloud Releases into separate areas. Self-Hosted content for minor releases now lists aggregated bugs and features previously only reported as part of Cloud Releases. This enables users to better see content only relevant to their deployment type, and for Self-Hosted users to more easily review the changes between versions, providing better visibility in preparation for upgrade.
Note
JFrog Workers Release Notes
We are pleased to announce that JFrog Workers is now in general availability with separate release notes, see JFrog Workers Release Information.
Classic Navigation Sunset
The classic navigation has reached its end of life, therefore users will no longer be able to switch back to the classic navigation. For more information about how navigation menus are organized, see JFrog Platform Navigation.
API Key Creation is Disabled
The creation of new API keys has now been disabled. You can use identity tokens instead, which replace API keys and offer enhanced security. The usage of API Keys will be disabled at the end of Q4 2024. For more information, see JFrog API Key Deprecation Process.
Breaking Change for Oracle 11 Users
Artifactory has replaced the Oracle-specific ROWNUM pseudo-column with the SQL-standard FETCH FIRST clause when generating AQL queries that include the ORDER BY clause. This change breaks compatibility with users of Oracle 11 and earlier (which are Oracle versions not officially supported by Artifactory).
Breaking Change when Using Get User Details API for Details of Non-Logged-In Users
When retrieving user details for non-logged-in users via the Rest API, a random date in the distant past was returned, now a null
value will be returned. Previously, if a user never logged, in the response to the Get User Details API, the value of last_logged_in
was 1970-01-01T00:00:00.000Z
. Now, if a user never logged in, the value of last_logged_in
will be null
.
Known Issue in Tomcat 10.1
Apache Tomcat version 10.1 that is bundled in Artifactory 7.98.7 contains an issue whereby, when sending HEAD requests where the resource size is unknown, the server returns a content-length=0
header, instead of omitting the header.
New Features
Cleanup Policies
JFrog Cleanup Policies enable Platform and Project Administrators to define and customize policies based on specific criteria for removing unused binaries from across their JFrog platform. This provides control over storage utilization and ensures optimal system performance. By setting specific criteria and rules, administrators can customize a repeatable cleanup process that aligns with their organization's requirements. For more information, click here.
Also, this release includes a number of internal database indexing enhancements that improve performance during the cleanup process. JFrog recommends creating database indexes prior to upgrading, as explained here.
Support for GitHub Enterprise in Self-Hosted Environments
Users working in a Self-Hosted environment can now select GitHub Enterprise as the Git provider for Go remote repositories. When using this option, you should configure the Go remote repository with the URL of the GitHub Enterprise server located at your site. This feature requires Enterprise Server 3.10 and above.
Upgrade to Apache Tomcat 10.1.x
The Apache Tomcat version bundled with Artifactory has been upgraded to version 10.1.x.
Support for Multi-Architecture Tag Deletion
Artifactory now supports deleting multi-architecture Docker and OCI image tags with one action. For more information, see Delete Multi-Architecture Docker Tags.
Support for PostgreSQL 16
Artifactory is now certified to work with the PostgreSQL 16 database.
Feature Enhancements
Significant Changes to the Packages User Interface
Significant changes have been made to the Packages User Interface (UI). From the Packages home page, you can now view a list of the most recently viewed packages, and an upgraded filter option has been added that allows you to create refined filters on the packages list to easily see the packages that interest you. After creating the filter, you can save it as a customized view for later use and reference. For more information, click here.
Authentication Related Enhancements
OpenID Connect Integration
The JFrog Platform now includes project support, multiple values, wildcard values, and dynamic mapping for OpenID Connect integrations. Project Admins can now create identity mappings associated with specific projects. Multiple values and wildcard values are now supported for JSON Claims in identity mappings associated with OpenID Connect Integrations. Identity mappings can contain dynamic mappings that support the verification or modification of a username or group name in the token subject based on a pattern.
Multiple SAML SSO Provider Configurations
The JFrog Platform now supports multiple configurations for SAML SSO providers. Enabling multiple SAML SSO configurations can help large organizations streamline the login and authentication processes for multiple platforms, resulting in a faster and more convenient authentication experience.
Migration of SAML Authentication Provider from Artifactory Service to Access Service
As part of enhancements to the JFrog Access Service, which is becoming the primary service for authentication providers, the functionality for the SAML authentication provider has moved to the Access Service.
Breaking Change for
synchronizeLdapGroups
User PluginFollowing the migration of SAML SSO from Artifactory service to Access service, the deprecated user plugin
synchronizeLdapGroups
will no longer be used for SAML SSO user login. As an alternative, the functionality of the plugin has been implemented as part of the provider. For more information, see Enabling Synchronization of LDAP Groups for SAML SSO.Temporary Login Suspension Moved to Access Service
As part of enhancements to the JFrog Access Service, which is becoming the primary service for authentication and authorization, the implementation of Temporary Login Suspension has been moved to the Access Service starting from Artifactory version 7.98.x. For more information, see User Lock and Login Suspension.
Proxy support for OAuth Authentication Provider
The OAuth authentication provider now supports the platform default proxy. To enable this functionality, select the Use Default Proxy Configuration checkbox in the Provider Settings section.
Release Bundles Enhancements
Cannot modify or delete files that belong to a promoted Release Bundle v2
To protect the immutability of Release Bundle v2, users are now blocked from modifying or deleting a file that belongs to a promoted Release Bundle. Users must first delete the promotion or delete the Release Bundle version altogether before the files can be modified or deleted.
Release Bundles v2 protected from expired GPG keys
When a user attempts to create, promote, or distribute a Release Bundle v2 version, the action is now blocked if the GPG key has expired.
Adding pagination to Release Bundle v2 Version Details REST API
The REST API for getting Release Bundle v2 version details now includes the ability to paginate the results using the
offset
andlimit
query parameters. In addition, the response now includes thetotal_artifacts_count
.Improved UI for deleting Release Bundle v2 versions and promotions
The UI offers improved options for deleting Release Bundle v2 versions and promotions, including versions distributed to Edge nodes. For more information, see Perform Actions on a Release Bundle Version.
Federated Repository Related Enhancements
Improved Federated Repository validation
There is an improved validation check when creating Federated repositories that provides a clear error message if a Federated repository with the same name already exists on a different Federation member.
Federation recovery and auto-healing of binary tasks
The auto-healing mechanism used by Artifactory to recover synchronization of metadata events among repository Federation members now includes support for binary tasks as well. The mechanism will check periodically for any binary tasks that are in a retry or error state and use the checksum to identify whether the file was deleted from its source. If the binary was deleted, the task is deleted.
Change to Federated Repository Artifactory System Parameter:
Old name (7.90.5):
artifactory.federated.mirror.events.metadata.enabled
New name (7.92.3 and above):
artifactory.federated.mirror.events.upload.info.propagate.enabled
Cargo Related Enhancements
Cargo
index/config.json
REST API Aligned with the Cargo SpecsThe Cargo index/config.json REST API has been aligned to the Cargo specs so that it now returns a response even if a user has no permissions on a repository and invokes an auth-challenge.
Improved Cargo Status Code Responses
Cargo status code responses are now aligned with the cargo registry according to the Cargo specification.
Improvements to authenticated requests on Cargo repositories
Authenticated requests on Cargo repositories are now allowed with anonymous access.
Hugging Face Related Enhancements
The Hugging Face
readme.md
file is now accessibleThe Hugging Face
readme.md
file can now be viewed with an MD viewer for Hugging Face packages.Support for Hugging Face Modifying Deployment Expiration
Artifactory now supports using a system property to modify the expiration time for models and datasets deployment, so that you can upload larger models without encountering errors.
Projects Support for Webhooks
Artifactory now supports creating and viewing webhooks associated with a specific project.
Artifactory Performance Improvement
This version includes improvements in response time with a reduction of up to 12%. This results in an overall improvement in performance.
Added option to configure an absolute path for tempDir for certain binary providers
It is now possible to configure an absolute path for tempDir (_pre folder) for the following binary providers: cache-fs, s3-storage-v3, azure-blob-storage-v2, and file-system (or state-aware when using sharding). Before this change, tempDir was always relative to the baseDataDir, and if tempDir had an absolute path in
binarystore.xml
(for example:/tmp
), tempDir was set to$BASEDATADIR/filestore/tmp
. Now, it will be set to/tmp
, which will be a breaking change. To revert to the old behavior, use a relative path "tmp
". Configuring an absolute path allows for improved performance when baseDataDir is located in a NFS.Reduced Calls to the Database When Interacting with Virtual Generic Repositories
The number of calls to the database was significantly reduced when interacting with a virtual generic repository containing more than 3 sub-repositories, which results in improved system performance.
Logging Outgoing Requests
Introduced logging for outgoing requests in the JFConnect service to enhance debugging capabilities.
Significant Improvements in Deploying Artifacts from Archives
The Deploy Artifacts from Archive REST API now supports deploying artifacts in parallel threads as well as sequentially, significantly reducing the time it takes to deploy. For more information, see Deploy Artifacts from Archive.
Improved Failure Retry Mechanism When Working With Google Cloud Storage
The
google-storage-v2
provider now supports an improved retry mechanism when Google Cloud Storage returns 50x errors. Two new parameters have been added to the provider (maxRetries
andretryIntervalMillis
) to allow configuring this. For more information, click here.List Docker Images REST API Performance Improvements
The REST API List Docker Images now delivers faster results and uses less resources. For more information, see List Docker Images.
Support for PyPI Etag Headers
Artifactory now supports Etag headers for Pypi Package Indexes, minimizing the bandwidth used for installation flows.
Table of public keys now includes the key type
The table of public keys available to administrators in the Public Keys tab of the Keys Management window now includes the key type. For more information, see Manage Public Keys.
Tree Browser Performance Improvements
The following performance improvements were made in the artifacts tree/native browser:
Expanding a folder with a long list of artifacts is now much faster. The displayed list of artifacts is now limited to a maximum of 20K. Artifacts that are not displayed are accessible through the Search
Display of repository and artifact details is now faster
Improvements to Metadata Retrieval Performance Performance of metadata retrieval was improved following recent changes made to the npm client.
Improvements to Tree Browser Performance
For users with limited permissions, loading the list of repositories at the root level of the tree browser is now much faster
Improvements were made to tree browser performance such that the time it takes to list artifacts from remote repositories was significantly reduced. For more information, click here.
Resolved Issues
JIRA Issue | Component | Severity | Description |
---|---|---|---|
JA-14175 | Authentication Providers | Medium | Fixed an issue whereby the Crowd login failed when the Crowd server was unavailable during Artifactory restart. It may take a few minutes for the Crowd login to become available once the Crowd server restarts. |
JA-14274 | Authentication Providers | High | Fixed an issue whereby, when mTLS is enabled in Artifactory and the Router port (8082) is accessed, the mTLS user is not created in the Artifactory users list. However, the user is created when accessing the Artifactory port (8081). |
JA-14426 | Authentication Providers | Normal | Fixed an issue whereby encrypted passwords could not be created for SAML users. |
JA-14599 | Authentication Providers | High | Fixed an issue to convert group names to lowercase during synchronization and resolve groups based on their external IDs. |
Authentication Providers | Medium | Fixed an issue whereby downloading artifacts using an identity token or reference token from Maven virtual repositories with “Force Authentication” enabled and anonymous access enabled resulted in “401 Unauthorized” errors. | |
EVT-1211 | Builds | Medium | Fixed an issue whereby selecting the Any Build checkbox in the UI caused the complete list of builds to be injected instead of simply setting the anyBuild parameter to true. |
RTDEV-47671 | Builds | Low | Fixed an issue whereby build promotion failed when the same artifact was used in the build more than once. |
RTFE-1665 | Builds | Medium | Fixed an issue whereby, users were unable to select text in the table of published modules for the artifacts under the Build tab in the JFrog Platform UI. |
RTDEV-41201 | Database | Medium | Fixed an issue where Artifactory failed to verify the signatures of the signed repository when working with Debian packages and displayed an error. |
RTDEV-41232 | Database | Medium | Fixed an issue whereby when Artifactory runs with an Oracle database, database conversion errors occur when creating new indexes. |
RTDEV-45055 | Federated Repositories | Medium | Fixed an issue that caused the keys for local repositories (for example, RPM) to become unavailable after converting the repositories to Federated repositories. |
RTDEV-48547 | Federated Repositories | Medium | Fixed an issue where the pairing token was using base URL for federated repo binding end point instead of federated base URL. |
EVT-1211 | General | Normal | Fixed an issue whereby, selecting the Any Build checkbox in the UI caused the complete list of builds to be injected instead of simply setting the |
JA-14046 | General | Medium | Fixed an issue whereby OIDC token exchange failed after key rotation. |
JA-14247 | General | Normal | Fixed an issue where in some cases the modified timestamp was not being updated when an existing permission was modified, causing issues with the federation sync events. |
JA-14387 | General | Medium | Fixed an issue whereby when creating a new OIDC integration with a name that is a prefix of an existing integration, all the mappings from the existing integration were automatically copied over to the new integration. |
JFCON-986 | General | Normal | Fixed an issue where JFConnect was unable to read certificates from the TRUSTED folder. |
JOBS-559 | General | Normal | Fixed an issue whereby, the |
RTDEV-45910 | General | Medium | Fixed an issue whereby slowness with the |
RTDEV-46817 | General | Medium | Fixed an issue whereby when a storage quota notification could not be sent to a project admin because there was no email address for the project admin, the notification was also not sent to other project members who did have email addresses. |
RTDEV-47455 | General | Medium | Fixed an issue whereby certain RPM Packages were not listed in a remote repository when pointing to the Rockylinux registry. |
RTDEV-47968 | General | High | Fixed an issue whereby after upgrading to 7.90.9, users could not retrieve the latest artifact and would receive a '404 file not found' error. |
RTDEV-48199 | General | Medium | Fixed an issue whereby requests reaching Artifactory that contained no headers or null values returned a 500 error and “java.lang.NullPointerException” appeared in Tomcat logs. |
RTDEV-48398 | General | Medium | Fixed an issue whereby the Multipart upload status API /uploads/status returned a 503 error message. |
General | Medium | Fixed an issue whereby when setting an artifact property that includes a URL as the value, the property value did not appear in the user interface. | |
General | High | Fixed an issue whereby downloading files containing ‘%’ in the filename caused UI Errors. | |
General | Medium | Fixed an issue whereby, items were not displayed in a native browser in virtual repositories but were displayed in a native browser in local repositories. | |
INST-6822 | Installation | Medium | Fixed an issue whereby Artifactory failed to identify an application running inside a container while using Kubernetes clusters without a Docker engine. |
INST-8061 | Installation | Medium | Fixed an issue whereby the |
RTDEV-33287 | Packages | Low | Fixed an issue related to Conan whereby, when creating a user without read permissions the user was able to view search results instead of receiving a 404 error. |
RTDEV-44330 | Packages | Medium | Fixed an issue related to Conda whereby, under certain circumstances, users could access the full metadata from a virtual repository even if they did not have the appropriate permissions. |
RTDEV-45528 | Packages | High | Fixed an issue whereby, attempting to download a model or dataset with a letter case that does not match the exact case as in huggingface.co, failed to download. |
RTDEV-45666 | Packages | Medium | Fixed an issue related to Cocoapods whereby, Artifactory installed certain packages via a remote repository but then did not support subsequent installations. |
RTDEV-46304 | Packages | Medium | Fixed an issue where Terraform anonymous requests were causing 401 errors for other anonymous requests that were made during the same time period. |
RTDEV-46343 | Packages | Medium | Fixed an issue whereby Artifactory's "reject invalid jars" feature was incorrectly rejecting archives with a payload before the zip structure. |
RTDEV-46661 | Packages | Critical | Fixed an issue where the blob upload range header returned the wrong byte size. This resulted in a malformed |
RTDEV-46682 | Packages | Medium | Fixed a status code response for Cargo smart remote repositories. |
RTDEV-47144 | Packages | Low | Fixed an issue whereby when attempting to download an artifact from a VCS remote repository in Artifactory with an exclude/include pattern set, the download request failed with a 404 Not Found error but the error message did not state that the artifact was not downloaded due to the exclude/include pattern. |
RTDEV-47286 | Packages | Medium | Fixed an internal logging issue with PyPI metadata uploads. |
RTDEV-47967 | Packages | Medium | Fixed an issue whereby installation of Hugging Face modules was not working when using smart repository configuration. |
RTDEV-48273 | Packages | Medium | Fixed an issue whereby default features in |
RTDEV-48822 | Packages | Medium | Fixed an issue whereby the npm package indexing would fail after upload when the Xray setting to block the download of unscanned artifacts was enabled. |
RTFE-1260 | Packages | Medium | Fixed an issue whereby, when sorting package versions according to the modified timestamp in the Packages page in the JFrog Platform WebUI, when there were over 100 versions of the same package, Artifactory did not perform as expected. |
RTFE-1790 | Packages | Medium | Fixed an issue whereby the command to install a Go package on the Package Version Details was incorrect. |
Packages | Medium | Fixed an issue whereby search results in virtual repositories were not sorted by relevance. | |
Packages | Medium | Fixed an issue related to CRAN whereby, when trying to install local packages from a virtual repository using the R client, Artifactory returned an error. | |
Packages | Low | Fixed an issue whereby the Artifactory webhook did not trigger an event for | |
Packages | Medium | Fixed an issue whereby a Go remote repository was not able to proxy Go providers with package versions similar to v2.0.0-beta.1. | |
Packages | Medium | Fixed an issue whereby Artifactory returned a 400 error for a valid tag in certain circumstances when using the Docker Promote REST API to promote a Docker image. | |
Packages | Medium | Fixed an issue whereby a Yum virtual repository was unable to merge data from its repositories when one of the repositories specified the location of index files in | |
JFMC-5431 | Platform management | Low | Fixed an issue where the Register Platform Deployment page displayed unclear error messages and presented confusing UI behavior when an invalid URL was used for the connection. Following this fix, registering legacy instances (version 6.x and below) is no longer supported in the web UI and can only be done using the ADD JPD REST API. |
JFMC-5764 | Platform management | Medium | Fixed an issue whereby when Mission Control tries to prepare a database request as part of its monitoring work, an SQL error occurs. This error ( |
JA-14163 | Platform Management | Medium | Fixed an issue whereby when retrieving user details for non-logged-in users via the Rest API, a random date was returned for the time of the last login. Now null is returned for a non-logged-in user. |
Platform Management | Medium | Fixed an issue whereby the Access REST API returned a "403 Forbidden" error when attempting to delete an AWS IAM Role. | |
Projects | Medium | Fixed an issue whereby moving a repository using the Move Repository REST API caused users with read-only permissions to lose access to that repository. | |
Release Lifecycle Management | Medium | Fixed an issue whereby long usernames caused an error when creating a Release Bundle v2. Artifactory now truncates the username to 64 characters and saves the truncated name to its database. | |
RTDEV-43590 | Repositories | Medium | Fixed an issue whereby the cleanup of unused cached artifacts was deleting configuration files in remote repositories. |
RTDEV-44724 | Repositories | Medium | Fixed an issue that allowed users to migrate system repositories to Federated repositories. |
RTDEV-46832 | Repositories | High | Fixed an issue whereby cleanup cron jobs were causing Out-of-Memory crashes in Artifactory. |
RTDEV-47642 | Repositories | Medium | Fixed an issue where when using Terraform with remote Terraform repositories and anonymous access enabled, permissions did not behave as expected. This may impact users ability to access these repositories. |
RTFE-1593 | Repositories | Medium | Fixed an issue related to Helm OCI whereby, the repositories were not displayed on the Repositories page in the JFrog Platform WebUI Administration module as expected. |
RTFE-1940 | Repositories | Medium | Fixed an issue whereby the Set Me Up page showed the wrong URL for Docker repositories with a sub-domain method configured in SaaS. |
Repositories | Low | Fixed an issue whereby when attempting to update includePatterns to an empty string using the REST API, the operation reverted to the default value instead of removing the pattern entirely. | |
Repositories | Medium | Fixed an issue related to Smart Remote repositories whereby, when enabling the Propagate Query Params setting and then updating the repository, Artifactory saved the ‘?trace’ report as an artifact and saved this report as a cached file regardless of the valid response status. | |
RTDEV-39831 | Storage | Medium | Fixed a bug where upload failed when using mixed storage types filesystem and s3 in the same Sharding configuration. |
RTDEV-46671 | Storage | High | Fixed an issue related to S3 Cold Storage whereby Artifactory failed to move packages to the Glacier Tier. |
RTFE-1908 | User Interface | Medium | Fixed an issue whereby users could not access the Artifactory Artifacts tab when upgrading to a new Artifactory version. |
RTFE-1918 | User Interface | Medium | Fixed an issue whereby the Set Me Up page would get stuck when clicking Generate Token & Create Instructions. |
User Interface | Medium | Fixed an issue whereby when a user navigated in the native browser UI to view or download artifacts that are in ZIP files without folders, the system returned a “404 item does not exist” error. | |
User Interface | Low | Fixed an issue whereby the Configure tab did not appear in the Set Me Up instructions for certain repositories for SAML users. | |
RTFACT-30221 | User Interface (UI) | Medium | Fixed an issue related to Docker whereby, when trying to view image information on the Packages page on the JFrog Platform WebUI, Artifactory returned an error. |
RTFE-1748 | User Interface (UI) | Medium | Fixed an issue with the Artifactory native browser whereby, when clicking Load More in the WebUI, there was a missing trailing slash ( /) after the |
User Interface (UI) | Low | Fixed an issue related to the Tree Browser repositories search input textbox, whereby, when writing unnecessary spaces in the search input, Artifactory did not remove the white spaces from the query string and returned an empty result. | |
JA-13021 | User Management | High | Fixed an issue whereby password-less access to EKS did not work with AWS GovCloud. |
JA-13226 | User Management | Critical | Fixed an issue where a disabled user can change his/her status to locked when trying to login to Artifactory multiple times. |