Xray 3.17.2

Xray Release Information

ft:sourceType
Paligo

Released: February 4, 2021

HIghlights
REST API Open Metrics

Added metrics related to Xray DB sync time, and the total number of scanned artifacts and components. For more information, see Open Metrics.Open Metrics

Feature Enhancements
Go Version Upgrade

Upgraded Go version to 1.15.7 to fix security vulnerabilities.

Impact Path Data in Reports

You can now view the Impact Path data in the Due Diligence Report in the Get Due Diligence Report Content REST API and JSON and CSV outputs.Xray ReportsGet Due Diligence Report Content

Scan Build REST API Permissions

The Scan Build REST API no longer requires Admin permissions, only Manage Xray Metadata permissions.

Resolved Issues

Note

The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number

Description

XRAY-6955

Fixed an issue whereby, in the Builds UI page, when a build number contained characters in the Build Name, the build status did not show as scanned when the build was scanned.

XRAY-6795

Fixed an issue whereby, in some cases, the DB initial sync would unexpectedly pause.

XRAY-6708

Fixed an issue whereby, Violations were not created when the database server was down or in case of some failures occurring with the database.

XRAY-6887

Reduced the risk of getting affected by CVE-2020-29652.

XRAY-6883

Reduced the risk of getting affected by CVE-2020-26160.

XRAY-6257

Fixed an issue whereby, a security issue when indexing an artifact may cause DOS or override an OS file.

XRAY-6820

Fixed an issue whereby, a violation with multiple sources could not be ignored by an Ignore Rule with a specific component or a version of the component.

Requires Artifactory version 7.15.0 and above.

XRAY-6912

Fixed an issue whereby, ignoring a violation by using the artifact filter in the artifacts/watches screen, and the artifact existed in multiple repositories/paths and contains violations, the violation was not ignored.