Released: April 22, 2020
Database Sync Known Issue
In all current Xray 3.x versions up to Xray 3.6.2, you might experience the Database sync process getting stuck. To resolve this, it is recommended to abort the process and retry. To learn more, click Synchronize the Database when Working with Xray..
Feature Enhancements
Force Full Reindex of Existing Components Rest API
The new Force ReindexRest API command allows you to easily reindex artifacts that were indexed in the past. This is useful if you would like to rescan artifacts containing package types that were not supported in the past but now are, for example, Go, Python package in Docker or Alpine OS packages.
Added Manual Linux Archive Installation
You can now install Xray using a Linux Archive installer in addition to the existing options giving more control over how to set up your environment. For more information, see Installing Xray.
Added Dedicated Policy REST API V.2 Commands
Xray now supports Policy commands REST API V1 and V2. The V.2 commands support blocking Release Bundles and allowing you now to notify Watch recipients and File deployers.
Resolved Issues
Fixed an issue whereby, all partnership integrations that were deprecated in previous Xray versions (Xray 1.x and 2.x), were displayed in the Integrations page in the UI. From version 3.3, the deprecated integrations are automatically removed when upgrading to Xray 3.x including all the vulnerabilities in the database related to the deprecated integrations.
Fixed an issue whereby, the CVE IDs were missing from the JSON Security report.
Fixed an issue whereby, when sorting component vulnerabilities in the Security tab by Severity, all the vulnerabilities were tagged with the "High" severity.
Fixed an issue whereby after upgrading to Xray version 3.2.0, Xray did not start due to database migration issues.
Fixed an issue whereby the graph located under the Xray Data | Descendants or Ancestors tab did not display for Debian packages.
Fixed an issue whereby, impact analysis for Gems packages was not functioning.
Fixed an issue whereby when running the Get Policy REST API command, regardless of whether the minimum severity was defined as Low, Medium or High, all the severities were retrieved.
Fixed an issue whereby, the DB sync did not perform impact analysis on NuGet packages.
Fixed an issue whereby, configuring a Watch with a Mime type filter did not function for .gz and .7z file types.
Fixed an issue whereby, custom issues could not be assigned to Debian packages in the UI.
Improved the performance of loading watches and policies page in the WebUI.
Improved performance when running the Get Violations REST API command to retrieve a list for a specific watch from a database containing millions of violations.
Improved Debian package vulnerability detection based on the Distribution property that the user needs to provide when deploying Debian packages to a local repository in Artifactory.
Fixed an issue whereby an error was generated when updating a watch that included repositories or builds that previously deleted in Artifactory. Repositories and builds are now automatically deleted when saving the Watch.
Fixed an issue whereby Xray Server suffered from a memory leak during NPM audit.
Fixed an issue when running NPM audits with Xray, the vulnerabilities were added by Xray with unavailable links to VulDB as sources.
Fixed an issue whereby, we reduced the load on PostgreSQL DB during scanning.
Fixed an issue whereby scanning of Docker images for potentially infected JavaScript files heavily impacted the DB.
Fixed an issue whereby Support Bundles returned
request.logsexcluding Xray logs.Improved performance when running the Update Watch REST API v.2 command with thousands of watches in an HA environment.
Fixed an issue whereby an error was generated when updating a watch that included repositories or builds that previously deleted in Artifactory. Repositories and builds are now automatically deleted when saving the Watch.