Released: September 30, 2021
The new features in this release are available with Artifactory version 7.27.3 and above.
JFrog Security CVE Research and Enrichment
Xray's integration with Vdoo introduces JFrog security CVE research and enrichment, a new capability that provides additional CVE details by the J Frog security research team, which comprises security experts that perform manual research on CVEs and suggest a new JFrog Severity Score and a deep technical overview that allows you to better understand the actual risk posed by the CVEs.
Xray Integration with Jira
Xray now can be integrated with Atlassian’s Jira Software enabling the automatic creation of Jira tickets based on Xray identified security threats and violations. To learn more, see Xray Jira Integration.
Fixed an issue whereby, in some cases, the violation's severity level in the On-Demand Binary Scan and Dependency Scan (both available through JFrog CLI) was different from the severity level given in Xray.
Improved the unknown licenses classification not to include Docker layers, manifest, and builds to avoid false positives.
Fixed an issue whereby, violations of a deleted Watch were still displayed in Xray.
Fixed an issue whereby, the Get Violations REST API by default was sorted by summary, which caused some performance issues.
Fixed an issue whereby, a license was not detected when the component version is missing in the Xray database.
Fixed an issue whereby, the On-Demand Binary Scan and Dependency Scan (both available through JFrog CLI) were not returning custom licenses properly.
Fixed an issue whereby, in some cases, when exporting Xray data on a generic artifact, the exported file (CSV/JSON/PDF) was empty.
Fixed an issue whereby generating a violations report for large repositories was taking too long.
Fixed an issue whereby, in some cases, the Xray system YAML file content was deleted when restarting Xray.
Fixed an issue whereby, returning the Watch violations count caused performance issues in the database when the number of violations was very high.
Fixed an issue whereby, for Docker images with different checksums but the same path, Xray was returning the image's previous vulnerabilities.
Fixed an issue whereby, the DB was overloaded with Impact Analysis messages when the same checksum was associated with many public components.