Xray 3.12.0

Xray Release Information

Products
JFrog Xray
ft:sourceType
Paligo

Released: November 29, 2020

Feature Enhancements
Improved Indexer Functionality

Enhanced the indexer functionality with improved classification of artifacts and identification of complex cases, such as identifying inner components within other components.

This enhancement resolves the following issues: XRAY-5380, XRAY-6032, XRAY-6023, XRAY-5601, XRAY-5200, XRAY-5022, XRAY-4551, XRAY-4540, XRAY-4505, XRAY-4081, XRAY-2167, XRAY-5355, XRAY-5448, XRAY-5786, XRAY-5694, XRAY-5534, XRAY-3716, XRAY-6583, XRAY-6441, XRAY-5449.

Build Scanning Improvement

Improved the build scanning process by having Xray only download artifacts from Artifactory that are part of the build in which Xray can scan them to save resources and time.

Resolved Issues

Note

The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number

Description

XRAY-5550

Fixed an issue, whereby after installing Xray from scratch, it took Xray 5 minutes to fetch the Platform Proxy and Mail Configuration, which caused Xray to ignore this configuration and fail in tasks that depend on this configuration.

XRAY-6419

Fixed an issue, whereby, in some cases, Xray reported Kernel vulnerabilities on Debian/Ubuntu User Space Debian packages.

XRAY-6376

Fixed an issue, whereby creating a Support Bundle was unsuccessful when the time taken to generate it was over 30 seconds.

XRAY-6231

Fixed an issue, whereby the Violation summary page did not display all the infected components related to this violation.

The fix requires Artifactory 7.11.0 and above.

XRAY-4124

Fixed an issue, whereby when exporting violations for an artifact or a build the component data was missing the component version.

XRAY-3472

Fixed an issue, whereby PostgreSQL vacuum configuration was not working when Xray is in a HA setup.

XRAY-6284

Fixed a stored XSS (Cross-Site Scripting) vulnerability.

XRAY-6250

Fixed an issue whereby, in some cases, Xray was unable to sync security configuration to disable anonymous access.

XRAY-6224

Fixed an issue whereby the Update Watch API was failing when all-builds was selected for that watch.

XRAY-6598

Added an option to mark certain components for reevaluation during scanning instead of reusing former scan results.

XRAY-6638

Fixed an issue whereby, permissions defined on Build resources did not work.

XRAY-6610

Fixed an issue, whereby the daily DB Sync process might not complete and cause a load on the DB if stopped in the middle of the process in HA, SaaS, or K8s environments.