Released: November 25, 2024
Feature Enhancements
Xray Essentials
Xray Reports
Added Repo Path to the generated Violation reports.
Retention Period Enhancement
Improved the retention period of scans, which will be recalculated once the artifact is downloaded. The retention period will be remeasured from the beginning of the configured retention.
Indexing CycloneDX SBOM Files
Added Xray support for indexing CycloneDX SBOM files (*.cdx.json or *.cdx.xml in Generic or Docker repositories)
JFrog Advanced Security
NuGet Support in Secrets
Secrets scanning is now supported on NuGet repositories.
JFrog Curation
Use JFrog Catalog Labels as Waivers in a Policy
This feature enables the security team to specify multiple packages and versions that can be excluded from the Policy (i.e., not violating it) allowing them to enter the repository. Waivers are added as labels on a per-policy basis, using preset labels from the JFrog Catalog.
Resolved Issues
Jira | Description |
---|---|
XRAY-91233 | The Scan Build REST API failed when the build contained a project key, |
XRAY-90830 | Report requests were stuck due to backend events. |
XRAY-78247 | Xray didn’t block the download of a folder via REST API when the folder contained non-downloadable artifacts. |
XRAY-76649 | Improved secret management by storing secrets as environment variables rather than reading them from mounted secret files. This change improves security and compliance. |
XRAY-85322 | A notification was not sent for the Notify deployer policy action for existing scans. |
XRAY-82897 | In the report REST API, when the |
XRAY-81898 | The Export Details V2 REST API retrieved data only for the latest build version that was scanned. |
XRAY-91759 | Xray installation on Debian 11 failed because the libllvm13 package was introduced as a new dependency for installing the bundled PostgreSQL package on Debian 11. |
XRAY-87616 | Xray could not scan artifacts from build info if the build was published using REST API without including the same values for the |
XRAY-80970 | In the Scans List, the violation details right pane displayed two different severities for the violation. |
XRAY-39533 | When using include or exclude patterns in build resources for a Watch and selecting the Apply on Existing Content option, the Watch violations on the applied builds were consistently generated. |
XRAY-81898 | The Export Details v2 REST API generated details only for the latest build version that was scanned. |
XRAY-80178 | Scans of composer artifacts failed due to a corrupted package. |
XRAY-84554 | JFrog Advanced scan failed when scanning a repository that contains over 65K artifacts. |
XRAY-85577 | In some cases, a repository scan status was stuck at 99%. |
XRAY-75943 | When creating an Ignore Rule via UI, and a Path filter was set, the rule wasn’t created. |
XRAY-82730 | A warning message "No connection to Access" in Xray Monitoring was falsely displayed. |
XRAY-75864 | Contextual Analysis results discrepancy between the JFrog Platform and the REST API. |
XRAY-72663 | A user with Xray permissions could not add a Webhook notification. |