Xray 3.21.2

Xray Release Information

JFrog Xray

Released: March 31, 2021


The new features introduced in this release require Artifactory version 7.17.4 and above.

Xray in Projects

CLOUD: Enterprise | Enterprise+ SELF-HOSTED: Enterprise | Enterprise+

Use Xray capabilities in the scope of JFrog Projects. JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. Offload and delegate Xray tasks to the different personas in your organization, such as assigning Xray security management capabilities to Project Admins on the scope of their specific projects. For more information, see Projects.Projects

Xray CVSS v3 Scoring Support

Xray now supports CVSS v3 scoring in addition to the CVSS v2 scoring. This will ensure that Xray's scoring of vulnerabilities is up-to-date and provide the latest universally standard severity ratings of vulnerabilities. For more information, see CVSS Scoring in Xray.CVSS Scoring in Xray

Xray Conan and C/C++ Support

Xray can now scan Conan packages deployed to Artifactory. Xray can also scan C/C++ dependencies as part of a build. For more information, see Conan and C/C++ Support in Xray.Conan and C/C++ Support in Xray

Feature Enhancements
Xray UI Changes

The Xray UI in the JFrog Platform has changed to create a better division of Xray tasks reflecting the different tasks by persona. Management and creation of Watches and Policies have been moved to the Administration module, as these are tasks usually performed by the administrators or users with special privileges. The Watch Violations and Reports are in the Application module.

Resolved Issues


The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.

JIRA Number



Fixed an issue whereby, the impactPathsDao.RemoveImpactPathByIds was passing too many arguments to PostgeSQL.


Fixed an issue whereby, the Xray Analysis Log contained too many error messages when a very long license string was extracted from a file during reindexing.


Fixed an issue whereby, the Scan Build REST API returned vulnerabilities and failed the build, however, the Xray data tab in the UI showed no violations.Scan Build V1


Fixed an issue whereby, in some cases, Xray crashed when the DB sync contained a vulnerability with a large size of information.


Fixed an issue whereby, exporting data in CSV format produced less data than in JSON format.


Fixed an issue whereby, Xray was issuing errors when a user's permission target is empty.