Xray 3.33.3

Xray Release Information

ft:sourceType
Paligo

Released: September 30, 2021

Note

The new features in this release are available with Artifactory version 7.27.3 and above.

Highlights
JFrog Security CVE Research and Enrichment

Xray's integration with Vdoo introduces JFrog security CVE research and enrichment, a new capability that provides additional CVE details by the J Frog security research team, which comprises security experts that perform manual research on CVEs and suggest a new JFrog Severity Score and a deep technical overview that allows you to better understand the actual risk posed by the CVEs.JFrog Security CVE Research and Enrichment

Xray Integration with Jira

Xray now can be integrated with Atlassian’s Jira Software enabling the automatic creation of Jira tickets based on Xray identified security threats and violations. To learn more, see Xray Jira Integration.Xray Jira Integration

Resolved Issues

JIRA

Description

XRAY-8303

Fixed an issue whereby, in some cases, the violation's severity level in the On-Demand Binary Scan and Dependency Scan (both available through JFrog CLI) was different from the severity level given in Xray.

XRAY-8278

Improved the unknown licenses classification not to include Docker layers, manifest, and builds to avoid false positives.

XRAY-8215

Fixed an issue whereby, violations of a deleted Watch were still displayed in Xray.

XRAY-8163

Fixed an issue whereby, the Get Violations REST API by default was sorted by summary, which caused some performance issues.Get Violations

XRAY-8097

Fixed an issue whereby, a license was not detected when the component version is missing in the Xray database.

XRAY-8043

Fixed an issue whereby, the On-Demand Binary Scan and Dependency Scan (both available through JFrog CLI) were not returning custom licenses properly.

XRAY-8007

Fixed an issue whereby, in some cases, when exporting Xray data on a generic artifact, the exported file (CSV/JSON/PDF) was empty.

XRAY-7977

Fixed an issue whereby generating a violations report for large repositories was taking too long.

XRAY-7491

Fixed an issue whereby, in some cases, the Xray system YAML file content was deleted when restarting Xray.

XRAY-7304

Fixed an issue whereby, returning the Watch violations count caused performance issues in the database when the number of violations was very high.

XRAY-7167

Fixed an issue whereby, for Docker images with different checksums but the same path, Xray was returning the image's previous vulnerabilities.

XRAY-8378

Fixed an issue whereby, the DB was overloaded with Impact Analysis messages when the same checksum was associated with many public components.