Xray 3.136.0 Cloud

Xray Release Information
Products
JFrog Xray
Content Type
Release Notes

Released: January 4, 2026

Feature Enhancements

Curation

The issue related to the selection of the NPM “latest” tag has been resolved. When the version referenced by the latest tag does not represent the most recent compliant release (for example, when newer versions exist but are not tagged as latest), the inspection process now continues to evaluate all available versions. It automatically removes any non-compliant versions from the metadata.

Xray

  • A new REST API, Get Jira Integration Status, has been introduced to enable programmatic retrieval of the current health and operational status of an existing Jira integration.

  • Added support for ingesting VEX (Contextual Analysis) information from external CycloneDX sources. Requires Advanced Security.

  • Added a new REST API endpoint, /api/v1/sbomMigration/status, to retrieve the current SBOM migration status.

  • Added support for a text output format for the License Attribution Report.

  • Added component supplier information to SPDX reports in accordance with the NTIA 2021 SBOM guidelines.

Resolved Issues

Jira

Description

XRAY-131885

Resolved an issue that intermittently caused the Indexer to crash.

XRAY-131434

Resolved an issue where dependency information did not appear in Build SBOM exports.

XRAY-131301

Resolved a security vulnerability identified as CVE-2025-47913.

XRAY-130635

Resolved an issue that caused errors when attempting to clone a report.

XRAY-129030

Resolved an issue that caused sorting preferences to reset in the Report Results view.

XRAY-127329

Resolved an issue in input parsing within the Reindex flow.

XRAY-127276

Resolved a security vulnerability identified as CVE-2025-59375.

XRAY-131616

Resolved an issue that caused errors during RabbitMQ4 installation.

XRAY-131562

Resolved an issue that prevented navigation away from the Vulnerabilities Report tab.

XRAY-131393

Resolved an issue where the completion log was printed before the analysis had finished.

XRAY-131798

Resolved an issue where re-scanning Release Bundles after deleting ignore rules did not create violations when expected.

XRAY-130339

Fixed an issue where navigating to the root (/) folder of GitLab servers under Git Repositories could result in a 500 server error.

XRAY-130154

Fixed an issue where on-demand secrets scans executed via the JFrog CLI could fail when custom secrets were matched.

XRAY-128937

Fixed an issue where opening the on-demand scans UI could result in a UI timeout.