Xray 3.12.0

Xray Release Information

JFrog Xray

Released: November 29, 2020

Feature Enhancements
Improved Indexer Functionality

Enhanced the indexer functionality with improved classification of artifacts and identification of complex cases, such as identifying inner components within other components.

This enhancement resolves the following issues: XRAY-5380, XRAY-6032, XRAY-6023, XRAY-5601, XRAY-5200, XRAY-5022, XRAY-4551, XRAY-4540, XRAY-4505, XRAY-4081, XRAY-2167, XRAY-5355, XRAY-5448, XRAY-5786, XRAY-5694, XRAY-5534, XRAY-3716, XRAY-6583, XRAY-6441, XRAY-5449.

Build Scanning Improvement

Improved the build scanning process by having Xray only download artifacts from Artifactory that are part of the build in which Xray can scan them to save resources and time.

Resolved Issues


The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number



Fixed an issue, whereby after installing Xray from scratch, it took Xray 5 minutes to fetch the Platform Proxy and Mail Configuration, which caused Xray to ignore this configuration and fail in tasks that depend on this configuration.


Fixed an issue, whereby, in some cases, Xray reported Kernel vulnerabilities on Debian/Ubuntu User Space Debian packages.


Fixed an issue, whereby creating a Support Bundle was unsuccessful when the time taken to generate it was over 30 seconds.


Fixed an issue, whereby the Violation summary page did not display all the infected components related to this violation.

The fix requires Artifactory 7.11.0 and above.


Fixed an issue, whereby when exporting violations for an artifact or a build the component data was missing the component version.


Fixed an issue, whereby PostgreSQL vacuum configuration was not working when Xray is in a HA setup.


Fixed a stored XSS (Cross-Site Scripting) vulnerability.


Fixed an issue whereby, in some cases, Xray was unable to sync security configuration to disable anonymous access.


Fixed an issue whereby the Update Watch API was failing when all-builds was selected for that watch.


Added an option to mark certain components for reevaluation during scanning instead of reusing former scan results.


Fixed an issue whereby, permissions defined on Build resources did not work.


Fixed an issue, whereby the daily DB Sync process might not complete and cause a load on the DB if stopped in the middle of the process in HA, SaaS, or K8s environments.