Released: May 2, 2021
Highlights
Distroless Scanning
Xray now can scan Google Distroless Images that only contain your application and its runtime dependencies.
Red Hat Vulnerability Scanner Certification
JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification. The certification recognizes Xray as a trusted Red Hat security partner, enabling Xray to deliver consistent and more accurate processing of Red Hat products and packages and reporting of vulnerabilities, minimizing false positives and other discrepancies.
Feature Enhancements
Impact Analysis Performance Improvements
Improved the Impact Analysis performance significantly reducing the database server CPU and I/O levels.
Red Hat Packages Enhancements
Improved Red Hat packages scanning to support CPE matching to enhance Red Hat vulnerabilities detection. Xray also supports Red Hat Modules for better scanning of Red Hat OS packages.
Go Version Upgrade
The Go version with Xray has been upgraded to version 1.16.1, solving some security vulnerabilities described in CVE-2021-27918.
PostgreSQL Version Bundling
Xray bundling with PostgreSQL has been updated to use a newer PostgreSQL version 13.x
Resolved Issues
JIRA Number | Description |
|---|---|
XRAY-7347 | Fixed vulnerability issue CVE-2021-27918. |
XRAY-6979 | Fixed vulnerability issue CVE-2020-26160. |