Released: April 14, 2025
Feature Enhancements
JFrog Xray
Added a new capability to Xray policies, allowing a grace period for violations before blocking downloads.
JFrog Curation
Curation now supports Rust repositories.
Added a new webhook that enables security teams to understand if there were any changes in the configuration of Curation policies, including changes in the policy condition. This will not detect changes in label/package applications.
Advanced Security
Added Exposures Report capability to highlight real, exploitable risks in your software.
Source Code
Frogbot scan results are now available directly in the JFrog platform's Scans List, under the Commits tab or associated Pull Request (PR). This centralized view provides clear visibility into security issues—including Secrets, SAST findings, and vulnerabilities—detected in your source code and dependencies, helping you triage and remediate risks faster during development.
Resolved Issues
Jira | Description |
|---|---|
XRAY-108976 | Imported SBOM scans failed to recognize certain licenses |
XRAY-99827 | Users without relevant permissions could still view release bundles and their resources. |
XRAY-88886 | Adding builds for indexing via API within the Project scope behaved incorrectly. |
XRAY-27772 | Fixed an inconsistency with case sensitivity in search functionality on the Ignore Rules page. |
XRAY-89513 | While upgrading Xray, the license alias created for built-in licenses was not carried forward after the upgrade. |