Released: March 17, 2025
Feature Enhancements
JFrog Xray
Added support for Full License Text content in Legal reports.
JFrog Curation
EPSS (Exploit Prediction Scoring System) is a statistical probability of exploiting a CVE, enabling security teams to prioritize remediation efforts. The custom CVSS condition now supports a new relaxed condition: If the EPSS score is below a specified threshold, the policy will not block the corresponding CVE.
Create tickets or notifications from the system to monitor the creation of Waiver Requests and related documentation in external systems using Webhooks events. Introduced two new Webhook events for Waiver Request creation and Waiver Request update. For more information, see Webhooks.
JFrog Catalog
Catalog now supports Google Maven repositories.
JFrog CLI
You may now use the Waiver feature for Curation, using the JFrog
jf curation-auditCLI command. The Curation Waiver feature allows you to exclude specific packages or versions from policy restrictions.A Violations column was added to the Git Repositories tab under Scans List. This means that you may now see the violation count for each Git commit.
Resolved Issues
Jira | Description |
|---|---|
XRAY-106871 | Fixed a |
XRAY-96953 | Fixed an issue where running out of space during a Docker image scan ( |
XRAY-105498 | Fixed errors in CycloneDX export of CycloneDX Ingest. |
XRAY-106119 | Fixed an issue with Xray scans timing out |
XRAY-92999 | When using Builds > By pattern in the Watch resources, the Watch did not issue violations for all the builds when one of the builds did not meet the pattern in the Watch. |
XRAY-97920 | Deploy notifications for builds did not work properly when using Projects. |
XRAY-96950 | When generating a report the report included deleted artifact scan data. |
XRAY-102815 | Fixed a UI issue where Exposure violations could not be viewed correctly on the Watch Violations page. |
XRAY-101269 | Resolved a UI issue in Scans List > Git Repositories where duplicated data caused infinite scrolling. |