Xray 3.107.11 Self-Hosted

Xray Release Information

Products
JFrog Xray
Content Type
Release Notes
ft:sourceType
Paligo

Released: November 25, 2024

Feature Enhancements

Xray Essentials

Xray Reports

Added Repo Path to the generated Violation reports.

Retention Period Enhancement

Improved the retention period of scans, which will be recalculated once the artifact is downloaded. The retention period will be remeasured from the beginning of the configured retention.

Indexing CycloneDX SBOM Files

Added Xray support for indexing CycloneDX SBOM files (*.cdx.json or *.cdx.xml in Generic or Docker repositories)

JFrog Advanced Security

NuGet Support in Secrets

Secrets scanning is now supported on NuGet repositories.

JFrog Curation

Use JFrog Catalog Labels as Waivers in a Policy

This feature enables the security team to specify multiple packages and versions that can be excluded from the Policy (i.e., not violating it) allowing them to enter the repository. Waivers are added as labels on a per-policy basis, using preset labels from the JFrog Catalog.Use Labels as Waiver in Policy

Resolved Issues

Jira

Description

XRAY-91233

The Scan Build REST API failed when the build contained a project key,

XRAY-90830

Report requests were stuck due to backend events.

XRAY-78247

Xray didn’t block the download of a folder via REST API when the folder contained non-downloadable artifacts.

XRAY-76649

Improved secret management by storing secrets as environment variables rather than reading them from mounted secret files. This change improves security and compliance.

XRAY-85322

A notification was not sent for the Notify deployer policy action for existing scans.

XRAY-82897

In the report REST API, when the impacted_artifact parameter contained special characters or space the API returned “Request payload is invalid as an impacted artifact is invalid"

XRAY-81898

The Export Details V2 REST API retrieved data only for the latest build version that was scanned.

XRAY-91759

Xray installation on Debian 11 failed because the libllvm13 package was introduced as a new dependency for installing the bundled PostgreSQL package on Debian 11.

XRAY-87616

Xray could not scan artifacts from build info if the build was published using REST API without including the same values for the build.timestamp and body request started parameter.

XRAY-80970

In the Scans List, the violation details right pane displayed two different severities for the violation.

XRAY-39533

When using include or exclude patterns in build resources for a Watch and selecting the Apply on Existing Content option, the Watch violations on the applied builds were consistently generated.

XRAY-81898

The Export Details v2 REST API generated details only for the latest build version that was scanned.

XRAY-80178

Scans of composer artifacts failed due to a corrupted package.

XRAY-84554

JFrog Advanced scan failed when scanning a repository that contains over 65K artifacts.

XRAY-85577

In some cases, a repository scan status was stuck at 99%.

XRAY-75943

When creating an Ignore Rule via UI, and a Path filter was set, the rule wasn’t created.

XRAY-82730

A warning message "No connection to Access" in Xray Monitoring was falsely displayed.

XRAY-75864

Contextual Analysis results discrepancy between the JFrog Platform and the REST API.

XRAY-72663

A user with Xray permissions could not add a Webhook notification.