Artifactory 7.98.7 Self-Hosted

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

Released: 29 October 2024

Important Announcements

Note

Artifactory Release Notes Structural Update

The Artifactory Release Notes (that appear in the JFrog Release Notes) has been updated to separate the Self-Hosted and Cloud Releases into separate areas. Self-Hosted content for minor releases now lists aggregated bugs and features previously only reported as part of Cloud Releases. This enables users to better see content only relevant to their deployment type, and for Self-Hosted users to more easily review the changes between versions, providing better visibility in preparation for upgrade.

Note

JFrog Workers Release Notes

We are pleased to announce that JFrog Workers is now in general availability with separate release notes, see JFrog Workers Release Information.

Classic Navigation Sunset

The classic navigation has reached its end of life, therefore users will no longer be able to switch back to the classic navigation. For more information about how navigation menus are organized, see JFrog Platform Navigation.JFrog Platform Navigation

API Key Creation is Disabled

The creation of new API keys has now been disabled. You can use identity tokens instead, which replace API keys and offer enhanced security. The usage of API Keys will be disabled at the end of Q4 2024. For more information, see JFrog API Key Deprecation Process.Generate Identity TokenJFrog API Key Deprecation Process

Breaking Change for Oracle 11 Users

Artifactory has replaced the Oracle-specific ROWNUM pseudo-column with the SQL-standard FETCH FIRST clause when generating AQL queries that include the ORDER BY clause. This change breaks compatibility with users of Oracle 11 and earlier (which are Oracle versions not officially supported by Artifactory).Oracle for Artifactory

Breaking Change when Using Get User Details API for Details of Non-Logged-In Users

When retrieving user details for non-logged-in users via the Rest API, a random date in the distant past was returned, now a null value will be returned. Previously, if a user never logged, in the response to the Get User Details API, the value of last_logged_in was 1970-01-01T00:00:00.000Z. Now, if a user never logged in, the value of last_logged_in will be null.

Known Issue in Tomcat 10.1

Apache Tomcat version 10.1 that is bundled in Artifactory 7.98.7 contains an issue whereby, when sending HEAD requests where the resource size is unknown, the server returns a content-length=0 header, instead of omitting the header.

New Features

  • Cleanup Policies 

    JFrog Cleanup Policies enable Platform and Project Administrators to define and customize policies based on specific criteria for removing unused binaries from across their JFrog platform. This provides control over storage utilization and ensures optimal system performance. By setting specific criteria and rules, administrators can customize a repeatable cleanup process that aligns with their organization's requirements. For more information, click here.Cleanup Policies

    Also, this release includes a number of internal database indexing enhancements that improve performance during the cleanup process. JFrog recommends creating database indexes prior to upgrading, as explained here.

  • Support for GitHub Enterprise in Self-Hosted Environments 

    Users working in a Self-Hosted environment can now select GitHub Enterprise as the Git provider for Go remote repositories. When using this option, you should configure the Go remote repository with the URL of the GitHub Enterprise server located at your site. This feature requires Enterprise Server 3.10 and above.

  • Upgrade to Apache Tomcat 10.1.x

    The Apache Tomcat version bundled with Artifactory has been upgraded to version 10.1.x.

  • Support for Multi-Architecture Tag Deletion

    Artifactory now supports deleting multi-architecture Docker and OCI image tags with one action. For more information, see Delete Multi-Architecture Docker Tags.Delete Multi-Architecture Docker Tags

  • Support for PostgreSQL 16

    Artifactory is now certified to work with the PostgreSQL 16 database.

Feature Enhancements

  • Significant Changes to the Packages User Interface

    Significant changes have been made to the Packages User Interface (UI). From the Packages home page, you can now view a list of the most recently viewed packages, and an upgraded filter option has been added that allows you to create refined filters on the packages list to easily see the packages that interest you. After creating the filter, you can save it as a customized view for later use and reference. For more information, click here.Viewing Packages

  • Authentication Related Enhancements

    • OpenID Connect Integration 

      The JFrog Platform now includes project support, multiple values, wildcard values, and dynamic mapping for OpenID Connect integrations. Project Admins can now create identity mappings associated with specific projects. Multiple values and wildcard values are now supported for JSON Claims in identity mappings associated with OpenID Connect Integrations. Identity mappings can contain dynamic mappings that support the verification or modification of a username or group name in the token subject based on a pattern.Identity MappingsMultiple Values in JSON ClaimsWildcard Values in JSON ClaimsDynamic Mapping

    • Multiple SAML SSO Provider Configurations 

      The JFrog Platform now supports multiple configurations for SAML SSO providers. Enabling multiple SAML SSO configurations can help large organizations streamline the login and authentication processes for multiple platforms, resulting in a faster and more convenient authentication experience.SAML SSO Configuration

    • Migration of SAML Authentication Provider from Artifactory Service to Access Service 

      As part of enhancements to the JFrog Access Service, which is becoming the primary service for authentication providers, the functionality for the SAML authentication provider has moved to the Access Service.

      Breaking Change for synchronizeLdapGroups User Plugin

      Following the migration of SAML SSO from Artifactory service to Access service, the deprecated user plugin synchronizeLdapGroups will no longer be used for SAML SSO user login. As an alternative, the functionality of the plugin has been implemented as part of the provider. For more information, see Enabling Synchronization of LDAP Groups for SAML SSO.Enabling Synchronization of LDAP Groups for SAML SSO

    • Temporary Login Suspension Moved to Access Service 

      As part of enhancements to the JFrog Access Service, which is becoming the primary service for authentication and authorization, the implementation of Temporary Login Suspension has been moved to the Access Service starting from Artifactory version 7.98.x. For more information, see User Lock and Login Suspension.User Lock and Login Suspension

    • Proxy support for OAuth Authentication Provider 

      The OAuth authentication provider now supports the platform default proxy. To enable this functionality, select the Use Default Proxy Configuration checkbox in the Provider Settings section.

  • Release Bundles Enhancements

    • Cannot modify or delete files that belong to a promoted Release Bundle v2

      To protect the immutability of Release Bundle v2, users are now blocked from modifying or deleting a file that belongs to a promoted Release Bundle. Users must first delete the promotion or delete the Release Bundle version altogether before the files can be modified or deleted.Promote a Release Bundle (v2) to a Target EnvironmentDelete a PromotionDelete a Release Bundle (v2) Version

    • Release Bundles v2 protected from expired GPG keys

      When a user attempts to create, promote, or distribute a Release Bundle v2 version, the action is now blocked if the GPG key has expired.

    • Adding pagination to Release Bundle v2 Version Details REST API

      The REST API for getting Release Bundle v2 version details now includes the ability to paginate the results using the offset and limit query parameters. In addition, the response now includes the total_artifacts_count.Get Release Bundle v2 Version Details

    • Improved UI for deleting Release Bundle v2 versions and promotions

      The UI offers improved options for deleting Release Bundle v2 versions and promotions, including versions distributed to Edge nodes. For more information, see Perform Actions on a Release Bundle Version.Perform Actions on a Release Bundle Version

  • Federated Repository Related Enhancements

    • Improved Federated Repository validation

      There is an improved validation check when creating Federated repositories that provides a clear error message if a Federated repository with the same name already exists on a different Federation member.

    • Federation recovery and auto-healing of binary tasks

      The auto-healing mechanism used by Artifactory to recover synchronization of metadata events among repository Federation members now includes support for binary tasks as well. The mechanism will check periodically for any binary tasks that are in a retry or error state and use the checksum to identify whether the file was deleted from its source. If the binary was deleted, the task is deleted.

    • Change to Federated Repository Artifactory System Parameter:

      • Old name (7.90.5): artifactory.federated.mirror.events.metadata.enabled

      • New name (7.92.3 and above): artifactory.federated.mirror.events.upload.info.propagate.enabled

  • Cargo Related Enhancements

    • Cargo index/config.json REST API Aligned with the Cargo Specs

      The Cargo index/config.json REST API has been aligned to the Cargo specs so that it now returns a response even if a user has no permissions on a repository and invokes an auth-challenge.

    • Improved Cargo Status Code Responses

      Cargo status code responses are now aligned with the cargo registry according to the Cargo specification.

    • Improvements to authenticated requests on Cargo repositories

      Authenticated requests on Cargo repositories are now allowed with anonymous access.

  • Hugging Face Related Enhancements

    • The Hugging Face readme.md file is now accessible

      The Hugging Face readme.md file can now be viewed with an MD viewer for Hugging Face packages.

    • Support for Hugging Face Modifying Deployment Expiration

      Artifactory now supports using a system property to modify the expiration time for models and datasets deployment, so that you can upload larger models without encountering errors.

  • Projects Support for Webhooks

    Artifactory now supports creating and viewing webhooks associated with a specific project.

  • Artifactory Performance Improvement

    This version includes improvements in response time with a reduction of up to 12%. This results in an overall improvement in performance.

  • Added option to configure an absolute path for tempDir for certain binary providers 

    It is now possible to configure an absolute path for tempDir (_pre folder) for the following binary providers: cache-fs, s3-storage-v3, azure-blob-storage-v2, and file-system (or state-aware when using sharding). Before this change, tempDir was always relative to the baseDataDir, and if tempDir had an absolute path in binarystore.xml (for example: /tmp), tempDir was set to $BASEDATADIR/filestore/tmp. Now, it will be set to /tmp, which will be a breaking change. To revert to the old behavior, use a relative path "tmp". Configuring an absolute path allows for improved performance when baseDataDir is located in a NFS.

  • Reduced Calls to the Database When Interacting with Virtual Generic Repositories 

    The number of calls to the database was significantly reduced when interacting with a virtual generic repository containing more than 3 sub-repositories, which results in improved system performance.

  • Logging Outgoing Requests 

    Introduced logging for outgoing requests in the JFConnect service to enhance debugging capabilities.

  • Significant Improvements in Deploying Artifacts from Archives

    The Deploy Artifacts from Archive REST API now supports deploying artifacts in parallel threads as well as sequentially, significantly reducing the time it takes to deploy. For more information, see Deploy Artifacts from Archive.Deploy Artifacts from Archive

  • Improved Failure Retry Mechanism When Working With Google Cloud Storage

    The google-storage-v2 provider now supports an improved retry mechanism when Google Cloud Storage returns 50x errors. Two new parameters have been added to the provider (maxRetries and retryIntervalMillis) to allow configuring this. For more information, click here.Google Storage Binary Provider Native Client Template

  • List Docker Images REST API Performance Improvements

    The REST API List Docker Images now delivers faster results and uses less resources. For more information, see List Docker Images.List Docker Images

  • Support for PyPI Etag Headers

    Artifactory now supports Etag headers for Pypi Package Indexes, minimizing the bandwidth used for installation flows.

  • Table of public keys now includes the key type

    The table of public keys available to administrators in the Public Keys tab of the Keys Management window now includes the key type. For more information, see Manage Public Keys.Manage Public Keys

  • Tree Browser Performance Improvements

    The following performance improvements were made in the artifacts tree/native browser:

    • Expanding a folder with a long list of artifacts is now much faster. The displayed list of artifacts is now limited to a maximum of 20K. Artifacts that are not displayed are accessible through the Search

    • Display of repository and artifact details is now faster

    • Improvements to Metadata Retrieval Performance Performance of metadata retrieval was improved following recent changes made to the npm client.

    • Improvements to Tree Browser Performance

      For users with limited permissions, loading the list of repositories at the root level of the tree browser is now much faster

      Improvements were made to tree browser performance such that the time it takes to list artifacts from remote repositories was significantly reduced. For more information, click here.

Resolved Issues

JIRA Issue

Component

Severity

Description

JA-14175

Authentication Providers

Medium

Fixed an issue whereby the Crowd login failed when the Crowd server was unavailable during Artifactory restart. It may take a few minutes for the Crowd login to become available once the Crowd server restarts.

JA-14274

Authentication Providers

High

Fixed an issue whereby, when mTLS is enabled in Artifactory and the Router port (8082) is accessed, the mTLS user is not created in the Artifactory users list. However, the user is created when accessing the Artifactory port (8081).

JA-14426

Authentication Providers

Normal

Fixed an issue whereby encrypted passwords could not be created for SAML users.

JA-14599

Authentication Providers

High

Fixed an issue to convert group names to lowercase during synchronization and resolve groups based on their external IDs.

RTFACT-30599

Authentication Providers

Medium

Fixed an issue whereby downloading artifacts using an identity token or reference token from Maven virtual repositories with “Force Authentication” enabled and anonymous access enabled resulted in “401 Unauthorized” errors.

EVT-1211

Builds

Medium

Fixed an issue whereby selecting the Any Build checkbox in the UI caused the complete list of builds to be injected instead of simply setting the anyBuild parameter to true.

RTDEV-47671

Builds

Low

Fixed an issue whereby build promotion failed when the same artifact was used in the build more than once.

RTFE-1665

Builds

Medium

Fixed an issue whereby, users were unable to select text in the table of published modules for the artifacts under the Build tab in the JFrog Platform UI.

RTDEV-41201

Database

Medium

Fixed an issue where Artifactory failed to verify the signatures of the signed repository when working with Debian packages and displayed an error.

RTDEV-41232

Database

Medium

Fixed an issue whereby when Artifactory runs with an Oracle database, database conversion errors occur when creating new indexes.

RTDEV-45055

Federated Repositories

Medium

Fixed an issue that caused the keys for local repositories (for example, RPM) to become unavailable after converting the repositories to Federated repositories.

RTDEV-48547

Federated Repositories

Medium

Fixed an issue where the pairing token was using base URL for federated repo binding end point instead of federated base URL.

EVT-1211

General

Normal

Fixed an issue whereby, selecting the Any Build checkbox in the UI caused the complete list of builds to be injected instead of simply setting the anyBuild parameter to true.

JA-14046

General

Medium

Fixed an issue whereby OIDC token exchange failed after key rotation.

JA-14247

General

Normal

Fixed an issue where in some cases the modified timestamp was not being updated when an existing permission was modified, causing issues with the federation sync events.

JA-14387

General

Medium

Fixed an issue whereby when creating a new OIDC integration with a name that is a prefix of an existing integration, all the mappings from the existing integration were automatically copied over to the new integration.

JFCON-986

General

Normal

Fixed an issue where JFConnect was unable to read certificates from the TRUSTED folder.

JOBS-559

General

Normal

Fixed an issue whereby, the # UPDATED tag was removed from the OpenMetrics response in Artifactory as it was not aligned with the OpenMetrics spec.

RTDEV-45910

General

Medium

Fixed an issue whereby slowness with the /auth/current endpoint was causing rendering issues.

RTDEV-46817

General

Medium

Fixed an issue whereby when a storage quota notification could not be sent to a project admin because there was no email address for the project admin, the notification was also not sent to other project members who did have email addresses.

RTDEV-47455

General

Medium

Fixed an issue whereby certain RPM Packages were not listed in a remote repository when pointing to the Rockylinux registry.

RTDEV-47968

General

High

Fixed an issue whereby after upgrading to 7.90.9, users could not retrieve the latest artifact and would receive a '404 file not found' error.

RTDEV-48199

General

Medium

Fixed an issue whereby requests reaching Artifactory that contained no headers or null values returned a 500 error and “java.lang.NullPointerException” appeared in Tomcat logs.

RTDEV-48398

General

Medium

Fixed an issue whereby the Multipart upload status API /uploads/status returned a 503 error message.

RTFACT-30605

General

Medium

Fixed an issue whereby when setting an artifact property that includes a URL as the value, the property value did not appear in the user interface.

RTFACT-30717

General

High

Fixed an issue whereby downloading files containing ‘%’ in the filename caused UI Errors.

RTFACT-30801

General

Medium

Fixed an issue whereby, items were not displayed in a native browser in virtual repositories but were displayed in a native browser in local repositories.

INST-6822

Installation

Medium

Fixed an issue whereby Artifactory failed to identify an application running inside a container while using Kubernetes clusters without a Docker engine.

INST-8061

Installation

Medium

Fixed an issue whereby the artifactory-ha chart had hard-corded values of --max-time 1 for livenessProbe and startupProbe.

RTDEV-33287

Packages

Low

Fixed an issue related to Conan whereby, when creating a user without read permissions the user was able to view search results instead of receiving a 404 error.

RTDEV-44330

Packages

Medium

Fixed an issue related to Conda whereby, under certain circumstances, users could access the full metadata from a virtual repository even if they did not have the appropriate permissions.

RTDEV-45528

Packages

High

Fixed an issue whereby, attempting to download a model or dataset with a letter case that does not match the exact case as in huggingface.co, failed to download.

RTDEV-45666

Packages

Medium

Fixed an issue related to Cocoapods whereby, Artifactory installed certain packages via a remote repository but then did not support subsequent installations.

RTDEV-46304

Packages

Medium

Fixed an issue where Terraform anonymous requests were causing 401 errors for other anonymous requests that were made during the same time period.

RTDEV-46343

Packages

Medium

Fixed an issue whereby Artifactory's "reject invalid jars" feature was incorrectly rejecting archives with a payload before the zip structure.

RTDEV-46661

Packages

Critical

Fixed an issue where the blob upload range header returned the wrong byte size. This resulted in a malformed manifest.json file and caused the error "failed to read expected number of bytes: unexpected EOF" when pulling the image using containerd.

RTDEV-46682

Packages

Medium

Fixed a status code response for Cargo smart remote repositories.

RTDEV-47144

Packages

Low

Fixed an issue whereby when attempting to download an artifact from a VCS remote repository in Artifactory with an exclude/include pattern set, the download request failed with a 404 Not Found error but the error message did not state that the artifact was not downloaded due to the exclude/include pattern.

RTDEV-47286

Packages

Medium

Fixed an internal logging issue with PyPI metadata uploads.

RTDEV-47967

Packages

Medium

Fixed an issue whereby installation of Hugging Face modules was not working when using smart repository configuration.

RTDEV-48273

Packages

Medium

Fixed an issue whereby default features in Cargo.toml files were overwritten as true when the JSON file was deleted from the .cargo folder in the repository.

RTDEV-48822

Packages

Medium

Fixed an issue whereby the npm package indexing would fail after upload when the Xray setting to block the download of unscanned artifacts was enabled.

RTFE-1260

Packages

Medium

Fixed an issue whereby, when sorting package versions according to the modified timestamp in the Packages page in the JFrog Platform WebUI, when there were over 100 versions of the same package, Artifactory did not perform as expected.

RTFE-1790

Packages

Medium

Fixed an issue whereby the command to install a Go package on the Package Version Details was incorrect.

RTFACT-30611

Packages

Medium

Fixed an issue whereby search results in virtual repositories were not sorted by relevance.

RTFACT-30689

Packages

Medium

Fixed an issue related to CRAN whereby, when trying to install local packages from a virtual repository using the R client, Artifactory returned an error.

RTFACT-30701

Packages

Low

Fixed an issue whereby the Artifactory webhook did not trigger an event for list.manifest.json after pushing a multi-arch Docker image.

RTFACT-30720

Packages

Medium

Fixed an issue whereby a Go remote repository was not able to proxy Go providers with package versions similar to v2.0.0-beta.1.

RTFACT-30728

Packages

Medium

Fixed an issue whereby Artifactory returned a 400 error for a valid tag in certain circumstances when using the Docker Promote REST API to promote a Docker image.

RTFACT-30784

Packages

Medium

Fixed an issue whereby a Yum virtual repository was unable to merge data from its repositories when one of the repositories specified the location of index files in repomd.xml using end tags instead of self-closing tags.

JFMC-5431

Platform management

Low

Fixed an issue where the Register Platform Deployment page displayed unclear error messages and presented confusing UI behavior when an invalid URL was used for the connection. Following this fix, registering legacy instances (version 6.x and below) is no longer supported in the web UI and can only be done using the ADD JPD REST API.

JFMC-5764

Platform management

Medium

Fixed an issue whereby when Mission Control tries to prepare a database request as part of its monitoring work, an SQL error occurs. This error (RunTime SQLException) causes the monitoring jobs to stop functioning properly.

JA-14163

Platform Management

Medium

Fixed an issue whereby when retrieving user details for non-logged-in users via the Rest API, a random date was returned for the time of the last login. Now null is returned for a non-logged-in user.

RTFACT-30677

Platform Management

Medium

Fixed an issue whereby the Access REST API returned a "403 Forbidden" error when attempting to delete an AWS IAM Role.

RTFACT-30655

Projects

Medium

Fixed an issue whereby moving a repository using the Move Repository REST API caused users with read-only permissions to lose access to that repository.

RTFACT-30675

Release Lifecycle Management

Medium

Fixed an issue whereby long usernames caused an error when creating a Release Bundle v2. Artifactory now truncates the username to 64 characters and saves the truncated name to its database.

RTDEV-43590

Repositories

Medium

Fixed an issue whereby the cleanup of unused cached artifacts was deleting configuration files in remote repositories.

RTDEV-44724

Repositories

Medium

Fixed an issue that allowed users to migrate system repositories to Federated repositories.

RTDEV-46832

Repositories

High

Fixed an issue whereby cleanup cron jobs were causing Out-of-Memory crashes in Artifactory.

RTDEV-47642

Repositories

Medium

Fixed an issue where when using Terraform with remote Terraform repositories and anonymous access enabled, permissions did not behave as expected. This may impact users ability to access these repositories.

RTFE-1593

Repositories

Medium

Fixed an issue related to Helm OCI whereby, the repositories were not displayed on the Repositories page in the JFrog Platform WebUI Administration module as expected.

RTFE-1940

Repositories

Medium

Fixed an issue whereby the Set Me Up page showed the wrong URL for Docker repositories with a sub-domain method configured in SaaS.

RTFACT-30619

Repositories

Low

Fixed an issue whereby when attempting to update includePatterns to an empty string using the REST API, the operation reverted to the default value instead of removing the pattern entirely.

RTFACT-30638

Repositories

Medium

Fixed an issue related to Smart Remote repositories whereby, when enabling the Propagate Query Params setting and then updating the repository, Artifactory saved the ‘?trace’ report as an artifact and saved this report as a cached file regardless of the valid response status.

RTDEV-39831

Storage

Medium

Fixed a bug where upload failed when using mixed storage types filesystem and s3 in the same Sharding configuration.

RTDEV-46671

Storage

High

Fixed an issue related to S3 Cold Storage whereby Artifactory failed to move packages to the Glacier Tier.

RTFE-1908

User Interface

Medium

Fixed an issue whereby users could not access the Artifactory Artifacts tab when upgrading to a new Artifactory version.

RTFE-1918

User Interface

Medium

Fixed an issue whereby the Set Me Up page would get stuck when clicking Generate Token & Create Instructions.

RTFACT-30615

User Interface

Medium

Fixed an issue whereby when a user navigated in the native browser UI to view or download artifacts that are in ZIP files without folders, the system returned a “404 item does not exist” error.

RTFACT-30679

User Interface

Low

Fixed an issue whereby the Configure tab did not appear in the Set Me Up instructions for certain repositories for SAML users.

RTFACT-30221

User Interface (UI)

Medium

Fixed an issue related to Docker whereby, when trying to view image information on the Packages page on the JFrog Platform WebUI, Artifactory returned an error.

RTFE-1748

User Interface (UI)

Medium

Fixed an issue with the Artifactory native browser whereby, when clicking Load More in the WebUI, there was a missing trailing slash ( /) after the recordNum parameter in the request URL.

RTFACT-30698

User Interface (UI)

Low

Fixed an issue related to the Tree Browser repositories search input textbox, whereby, when writing unnecessary spaces in the search input, Artifactory did not remove the white spaces from the query string and returned an empty result.

JA-13021

User Management

High

Fixed an issue whereby password-less access to EKS did not work with AWS GovCloud.

JA-13226

User Management

Critical

Fixed an issue where a disabled user can change his/her status to locked when trying to login to Artifactory multiple times.