Released: February 4, 2021
HIghlights
REST API Open Metrics
Added metrics related to Xray DB sync time, and the total number of scanned artifacts and components. For more information, see Open Metrics.
Feature Enhancements
Go Version Upgrade
Upgraded Go version to 1.15.7 to fix security vulnerabilities.
Impact Path Data in Reports
You can now view the Impact Path data in the Due Diligence Report in the Get Due Diligence Report Content REST API and JSON and CSV outputs.
Scan Build REST API Permissions
The Scan Build REST API no longer requires Admin permissions, only Manage Xray Metadata permissions.
Resolved Issues
Note
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.
JIRA Number | Description |
|---|---|
XRAY-6955 | Fixed an issue whereby, in the Builds UI page, when a build number contained characters in the Build Name, the build status did not show as scanned when the build was scanned. |
XRAY-6795 | Fixed an issue whereby, in some cases, the DB initial sync would unexpectedly pause. |
XRAY-6708 | Fixed an issue whereby, Violations were not created when the database server was down or in case of some failures occurring with the database. |
XRAY-6887 | Reduced the risk of getting affected by CVE-2020-29652. |
XRAY-6883 | Reduced the risk of getting affected by CVE-2020-26160. |
XRAY-6257 | Fixed an issue whereby, a security issue when indexing an artifact may cause DOS or override an OS file. |
XRAY-6820 | Fixed an issue whereby, a violation with multiple sources could not be ignored by an Ignore Rule with a specific component or a version of the component. Requires Artifactory version 7.15.0 and above. |
XRAY-6912 | Fixed an issue whereby, ignoring a violation by using the artifact filter in the artifacts/watches screen, and the artifact existed in multiple repositories/paths and contains violations, the violation was not ignored. |