Xray 3.10.3

Xray Release Information
Products
JFrog Xray
ft:sourceType
Paligo

Released: October 22, 2020

Highlights
Alpine Package Support in Xray

Xray now scans and indexes your Alpine Repositories and Alpine Packages, including recursive analysis, component graph integration, and providing detailed metadata information.

Feature Enhancements
Python Package File Format Support

Xray now supports the indexing of Python files (PyPI) inside .tar, .gz, .tgz, .whl, and .egg file formats.

Support PHP files in *.tar Archives

Xray now supports PHP files inside *.tar archives.

New Metadata REST API

Added a new Resend Artifacts Metadata REST API that enables administrators to resend artifact metadata to the Metadata Server.Resend Artifacts Metadata

Resolved Issues

Note

The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number

Description

XRAY-6196

Fixed an issue, whereby Xray did not process rules in a policy according to their order.

XRAY-6181

Fixed an issue, whereby the Index Existing option was not working properly for RPM packages.

XRAY-6127

Fixed an issue, whereby if a PostgreSQL password was not escaped correctly in the Xray system YAML file, it appeared in the Xray console log.

XRAY-6076

Fixed an issue, whereby when upgrading from Xray version 2.x to 3.x, the data migration failed when one of the Docker layers that were previously scanned by Xray contained "fslayers" with the prefix "tarsum.v1+sha256:" in the Docker's manifest.json.

XRAY-5271

Fixed an issue, whereby not all license violations were created when the same watch had more than one license policy.

XRAY-6371

Fixed an issue whereby, scan build might take longer than usual, when the builds' artifacts contained many references.

XRAY-6418

Fixed an issue whereby in some extreme cases, a message can cause Xray to crash. A mechanism was added to prevent those messages from repeatedly crashing Xray.

XRAY-6446

Fixed an issue whereby, in some cases, the scan builds did not detect any violations when the build should have failed.

XRAY-6281

Fixed an issue whereby, when searching for violations by an X number of days, the search returned all violations.

XRAY-6372

Fixed an issue whereby, two builds with the same docker images returned different violations.

XRAY-6417

Fixed an issue whereby, corrupted Certain ELF files caused the Indexer to fail.

XRAY-6449

Fixed an issue whereby, in some cases, the API /xray/ui/userIssues/details ended with 500 Server Error due to long processing.

XRAY-6475

Fixed an issue whereby, In some cases, Xray initiated a full DB sync, even when it was not needed.