Xray 3.111.6 Cloud

Xray Release Information
Products
JFrog Xray
Content Type
Release Notes
ft:sourceType
Paligo

Released: December 15, 2024

Feature Enhancements

JFrog Xray

  • Enhanced the clarity and readability of Jira Ticket Summary and Description fields created through the Xray-Jira integration

  • Introduced a new Builds Security Overview dashboard that provides a centralized and comprehensive view of build versions where you can analyze trends, identify the most vulnerable components, and mitigate security risks effectively. For more information, see Builds Security Overview.

JFrog Curation

Introduced a new Conditions Template that allows a Security Manager to create Curation Policies based on OpenSSF scorecard results. Conditions based on this template detect and block third-party packages whose scorecard scores (one or more) match the range you defined (including aggregated scores).

Resolved Issues

Jira

Description

XRAY-90837

The Build Summary REST API did not output the name and version of the Build and thus did not align with the Component Details that are displayed in the JFrog Platform.

XRAY-90229

In the Watch Violations screen, when clicking on an Exposures violation of package type Npm an error message appears: ‘Error getting Exposure scan’. A 404 was issued due to an incorrect path in the NPM package.

XRAY-92998

In the SPDX report, JFrog was falsely assigned as the Artifact Manufacturer.

XRAY-91040

When exporting a Vulnerabilities Report for an artifact from the Scans List page, the exported PDF was not sorted by severity order.

XRAY-88893

When running the command jf audit --watches=< > --fail=true, the fail_build field was missing from the response. This issue was reported in JFrog CLI version 2.64.0.

XRAY-91154

When running the command jf docker scan <image_path> --format json, the full_path field was missing in the response. This issue was reported in JFrog CLI version 2.64.0.

XRAY-95655

When the name of a build included the special character '/', navigating through the Build Versions in the Scans List page via breadcrumbs caused the UI to become unresponsive.

XRAY-95206

Xray could not display any versions of a build that contained the special character '/' in the build name after scanning.

XRAY-92685

Resolved an issue where Xray failed to display build overview data correctly for builds with a "+" symbol in their name.

XRAY-95132

Xray indexing failed for artifacts containing .pt extension files within zipped archives.

XRAY-94615

Fixed an issue when exporting CycloneDX reports for Release Bundles.

XRAY-93036

Indexing of artifacts with large license files took longer than expected

XRAY-83997

It was not possible to view Xray data on remote repositories when both "Any Local" and "Any Remote" permissions were granted.