Released: April 7, 2022
Xray can now provide information about the operational risk of using open source software components. These include the risk of using outdated versions or inactive open source software components in your projects. In the current version of this release, we will provide operational risk information for Maven and npm packages. More package types will be added in future releases. For more information, see Components Operational Risk .
This feature is available with Artifactory version 7.37.x and above.
Fixed an issue whereby, in some cases, the Scan Build had a slow performance.
Fixed an issue whereby, in some cases, when accessing the Xray tab for specific artifacts with special characters, Xray returned an authorization error.
Fixed an issue whereby, due to a breaking change in the npm registry, Xray failed to perform an npm audit.
Fixed an issue whereby a Project Admin was unable to access the Index Resources Configuration.
Fixed an issue whereby, in some cases, MongoDB migration failed due to licenses with long names.
Fixed an issue whereby, when vulnerabilities were detected on an rpm file and not on its dependencies, the infected component, and fixed versions returned empty data.
Fixed an issue whereby, the build URL shared in the Watch email notifications for the Project builds was inaccessible.
Fixed an issue whereby, Xray Jira Integration could not show more than 30 Projects.
Fixed an issue whereby, jar files in an npm archive were classified as npm package type.
Fixed an issue whereby, in some cases, build scans failed if they included a Docker image that was scanned previously.
Fixed an issue whereby, when several components shared the same checksum the matched component ID was incorrect.
Fixed an issue whereby, Xray fails to parse
Fixed an issue whereby, too many warning messages were written to the logs and filled the persist retry queue.
Reduced the disk load by removing ping requests from the logging system.