Released: November 9, 2025
Highlights
Curation
Curation now supports Conda packages.
Advanced Security
You can now define package-version rules for ML model types to block and/or notify risky formats and enforce approved versions.
Feature Enhancements
Xray
Added support for ant-style patterns in the specific package policy.
Jira Integration - Added support for a new macro JFrog Research Severity in Native Jira Integration. It uses severity from JFrog Research when available, falls back to CVE data, or applies your default value if neither is found.
Enhanced Vulnerabilities Reporting with Scheduling, Sharing, and Dashboards
We've introduced a powerful new experience for generating Vulnerabilities Reports. Users can now:
Use a step-by-step wizard to define report scope across repositories, builds, release bundles, and projects.
Schedule reports to run daily, weekly, or monthly.
Share reports directly with teammates via email.
View insights through a new aggregated dashboard with severity, applicability, and top 10 vulnerabilities widgets.
Filter results based on vulnerability applicability, severity, or component.
Explore full vulnerability details with remediation guidance and contextual analysis.
Export an overview PDF.
Resolved Issues
XRAY-119896 | Resolved a |
XRAY-115356 | Fixed mismatch between detected license in Xray vs Policy license selector - in license “ |
XRAY-116447 | The Any Repo option was incorrectly disabled for users without admin permissions, even if they had all the required permissions to add repositories to a watch. |