Released: March 6, 2022
Highlights
Note
The new UI features in this release are available with Artifactory version 7.36.x and above for Cloud. Self-Hosted will be available soon.
Components Physical Path
Xray now displays the physical path (location) of a vulnerable component in an artifact. This information is displayed in the impact path graph within the CVE, export formats of Xray scans, and in the Violations and Vulnerabilities reports
This feature is also supported through REST API; Build Summary and Artifact Summary .
Exclude Violations with No Available Fixed Version
Introducing a new capability in Xray Policies, where you can set a policy rule to not generate violations for security issues that do not contain a fixed version. This new capability will help you improve your security workflow by enabling you to exclude violations at the Policy level by not failing builds for issues that do not contain a fixed version. Whenever a fixed version is available, the violation will be generated. For more information, see Trigger Violations Using Xray Policy Rules .
This feature is also supported through the Create Policy REST API.
Resolved Issues
JIRA | Description |
---|---|
XRAY-9718 | Fixed an issue whereby, a webhook payload contained critical issues that were marked as high instead of critical. |
XRAY-9587 | Improved the performance of Xray Reports generation. |
XRAY-9563 | Fixed an issue whereby, in some cases, Xray was not displaying the |
XRAY-8208 | Fixed an issue whereby, exported data in CSV format that contained vulnerabilities without a CVE, did not include the CVSS v2 score data for these vulnerabilities. |
XRAY-1084 | Fixed an issue whereby, Xray was not extracting JAR files packaged by Spring Boot. |