Xray 3.17.2

Xray Release Information

JFrog Xray

Released: February 4, 2021

REST API Open Metrics

Added metrics related to Xray DB sync time, and the total number of scanned artifacts and components. For more information, see Open Metrics.Open Metrics

Feature Enhancements
Go Version Upgrade

Upgraded Go version to 1.15.7 to fix security vulnerabilities.

Impact Path Data in Reports

You can now view the Impact Path data in the Due Diligence Report in the Get Due Diligence Report Content REST API and JSON and CSV outputs.Xray ReportsGet Due Diligence Report Content

Scan Build REST API Permissions

The Scan Build REST API no longer requires Admin permissions, only Manage Xray Metadata permissions.

Resolved Issues


The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number



Fixed an issue whereby, in the Builds UI page, when a build number contained characters in the Build Name, the build status did not show as scanned when the build was scanned.


Fixed an issue whereby, in some cases, the DB initial sync would unexpectedly pause.


Fixed an issue whereby, Violations were not created when the database server was down or in case of some failures occurring with the database.


Reduced the risk of getting affected by CVE-2020-29652.


Reduced the risk of getting affected by CVE-2020-26160.


Fixed an issue whereby, a security issue when indexing an artifact may cause DOS or override an OS file.


Fixed an issue whereby, a violation with multiple sources could not be ignored by an Ignore Rule with a specific component or a version of the component.

Requires Artifactory version 7.15.0 and above.


Fixed an issue whereby, ignoring a violation by using the artifact filter in the artifacts/watches screen, and the artifact existed in multiple repositories/paths and contains violations, the violation was not ignored.