Released: April 29, 2025
Feature Enhancements
JFrog Xray
Upgraded bundled PostgreSQL to 16.8 in native, archive, and Docker Compose installers.
Upgraded bundled PostgreSQL to 16.6 in Helm installers.
JFrog Source Code
The results of on-demand scans run using the CLI
jf audit --secretscommand are now displayed in the Scans List table.You can now export Git repository scan data directly from the user interface via Platform > Xray > Scans List.
Advanced Security
You can now create and generate an Exposures Report that gives you a visual representation of which components in your code and binaries are actively invoked and potentially exploitable. This helps you focus on real-world security risks rather than theoretical vulnerabilities. Use advanced filters and scoped views to customize the report to your specific needs and environments. The Exposures Report is also supported via the new REPORTS REST APIs:
JFrog Curation
Curation now supports Google Maven repositories.
Enhancements to JFrog Curation Audit Capability:
Improved package search functionality for easier navigation and discovery.
Clearer distinctions between blocked, allowed, and dry-run packages.
Introduced a new PASSED package type for items that successfully passed curation without specific policy inspection, providing the user a full view of the Curation process.
Resolved Issues
Jira | Description |
|---|---|
XRAY-114127 | Mismatch in counts on the Reports page due to pagination issues |
XRAY-114124 | CVE and CVSS columns on the Reports page were not populated for Vulnerability Reports. |
XRAY-24708 | An incorrect number of vulnerabilities was sent to the Metadata Server. |
XRAY-101346 | Fixed missing applicability details in violation results returned by the Scan Build V2 API. |