Xray 3.11.0

Xray Release Information

ft:sourceType
Paligo

Released: November 8, 2020

Refrain from Upgrading to 3.11 and 3.11.1

A critical issue was identified in versions 3.11 and 3.11.1 (XRAY-6597). This issue was fixed in version 3.11.2 , we recommend upgrading directly to 3.11.2.

Highlights
Violations Report

Introduced the new Violations report, which provides you with information on security and license violations for each component in the selected scope. Violations information includes information such as type of violation, impacted artifacts, and severity.Xray Report Types

Note

The Violations report is available with Artifactory version 7.10.6 and above

Feature Enhancements
Ignore Rules

Enhanced the Ignore Rules feature functionalities, including the ability to set granularity on a defined Ignore Rule. All of the Ignore Rule functionalities are supported via the REST API.

To enable these enhancements, it requires Artifactory version 7.10.5 (available) or above.

To learn more, see Ignore Rules.IGNORE RULES

New Connection Parameters in the Xray system YAML

Added support for the following two new parameters in the Xray system YAML:Xray System YAML

  • maxLifetimeSecs: The number of seconds to allow a connection to be alive before a connection is recycled and another connection is established in its place.

  • maxIdleSecs: The number of seconds a connection may be in idle mode before it is closed.

Resolved Issues

Note

The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number

Description

XRAY-6565

Fixed an issue whereby, a build number that contained a colon was not being scanned in Xray.

XRAY-6493

XRAY-6517

Fixed an issue whereby, in some cases, the DB sync failed to update database rows.

XRAY-6454

Fixed an issue whereby, Xray in some cases, was not recognizing licenses of some RPM packages.

XRAY-6232

Fixed an issue whereby, the Impact Analysis sometimes ignored messages in case of errors, which caused some information loss.

XRAY-5291

Fixed an issue whereby, build selection in the Watch configuration and in the report definition is very slow when there is a large number of builds available.

XRAY-4323

Fixed an issue whereby, Xray failed to add custom licenses to components due to a race condition in the code.

XRAY-3412

Fixed an issue whereby, indexing all repositories sometimes failed when there was a large number of repositories.

XRAY-3104

Fixed an issue whereby, the Analysis microservice failed to process some messages due to panic errors.

XRAY-6275

Performance improvements to reduce the load on the database.

XRAY-6501

Fixed an issue, whereby, in some cases, Xray misclassified RPM packages as generic packages.

XRAY-6265

Fixed an issue, whereby the Persist & Analysis processes in some cases crashed due to high memory consumption.

XRAY-6247

Added a configurable limit for the number of rows that appear in a report. The default limit is 100,000 rows for each report.

Deprecated CommonName Field on X.509 Certificates

Disabled using the CommonName field on X.509 certificates as host name, when the certificate does not include Subject Alternative Names.