Xray 3.24.2

Xray Release Information

Products
JFrog Xray
Content Type
Release Notes
ft:sourceType
Paligo

Released: May 2, 2021

Highlights
Distroless Scanning

Xray now can scan Google Distroless Images that only contain your application and its runtime dependencies.

Red Hat Vulnerability Scanner Certification

JFrog Xray is now certified with the Red Hat Vulnerability Scanner Certification. The certification recognizes Xray as a trusted Red Hat security partner, enabling Xray to deliver consistent and more accurate processing of Red Hat products and packages and reporting of vulnerabilities, minimizing false positives and other discrepancies.

Feature Enhancements
Impact Analysis Performance Improvements

Improved the Impact Analysis performance significantly reducing the database server CPU and I/O levels.

Red Hat Packages Enhancements

Improved Red Hat packages scanning to support CPE matching to enhance Red Hat vulnerabilities detection. Xray also supports Red Hat Modules for better scanning of Red Hat OS packages.

Go Version Upgrade

The Go version with Xray has been upgraded to version 1.16.1, solving some security vulnerabilities described in CVE-2021-27918.

PostgreSQL Version Bundling

Xray bundling with PostgreSQL has been updated to use a newer PostgreSQL version 13.x

Resolved Issues

JIRA Number

Description

XRAY-7347

Fixed vulnerability issue CVE-2021-27918.

XRAY-6979

Fixed vulnerability issue CVE-2020-26160.