Xray 3.44.1

Xray Release Information

JFrog Xray
Content Type
Release Notes

Released: March 6, 2022



The new UI features in this release are available with Artifactory version 7.36.x and above for Cloud. Self-Hosted will be available soon.

Components Physical Path

Xray now displays the physical path (location) of a vulnerable component in an artifact. This information is displayed in the impact path graph within the CVE, export formats of Xray scans, and in the Violations and Vulnerabilities reportsAnalyzing Resource Scan ResultsAnalyzing Resource Scan ResultsXray Reports

This feature is also supported through REST API; Build Summary and Artifact Summary .Build SummaryArtifact Summary

Exclude Violations with No Available Fixed Version

Introducing a new capability in Xray Policies, where you can set a policy rule to not generate violations for security issues that do not contain a fixed version. This new capability will help you improve your security workflow by enabling you to exclude violations at the Policy level by not failing builds for issues that do not contain a fixed version. Whenever a fixed version is available, the violation will be generated. For more information, see Trigger Violations Using Xray Policy Rules .Trigger Violations Using Xray Policy Rules

This feature is also supported through the Create Policy REST API.Create Policy

Resolved Issues




Fixed an issue whereby, a webhook payload contained critical issues that were marked as high instead of critical.


Improved the performance of Xray Reports generation.


Fixed an issue whereby, in some cases, Xray was not displaying the issue_id for issues in the Artifact Summary REST API.


Fixed an issue whereby, exported data in CSV format that contained vulnerabilities without a CVE, did not include the CVSS v2 score data for these vulnerabilities.


Fixed an issue whereby, Xray was not extracting JAR files packaged by Spring Boot.