Xray 3.44.1

Xray Release Information

Products
JFrog Xray
Content Type
Release Notes
ft:sourceType
Paligo

Released: March 6, 2022

Highlights

Note

The new UI features in this release are available with Artifactory version 7.36.x and above for Cloud. Self-Hosted will be available soon.

Components Physical Path

Xray now displays the physical path (location) of a vulnerable component in an artifact. This information is displayed in the impact path graph within the CVE, export formats of Xray scans, and in the Violations and Vulnerabilities reportsAnalyzing Resource Scan ResultsAnalyzing Resource Scan ResultsXray Reports

This feature is also supported through REST API; Build Summary and Artifact Summary .Build SummaryArtifact Summary

Exclude Violations with No Available Fixed Version

Introducing a new capability in Xray Policies, where you can set a policy rule to not generate violations for security issues that do not contain a fixed version. This new capability will help you improve your security workflow by enabling you to exclude violations at the Policy level by not failing builds for issues that do not contain a fixed version. Whenever a fixed version is available, the violation will be generated. For more information, see Trigger Violations Using Xray Policy Rules .Trigger Violations Using Xray Policy Rules

This feature is also supported through the Create Policy REST API.Create Policy

Resolved Issues

JIRA

Description

XRAY-9718

Fixed an issue whereby, a webhook payload contained critical issues that were marked as high instead of critical.

XRAY-9587

Improved the performance of Xray Reports generation.

XRAY-9563

Fixed an issue whereby, in some cases, Xray was not displaying the issue_id for issues in the Artifact Summary REST API.

XRAY-8208

Fixed an issue whereby, exported data in CSV format that contained vulnerabilities without a CVE, did not include the CVSS v2 score data for these vulnerabilities.

XRAY-1084

Fixed an issue whereby, Xray was not extracting JAR files packaged by Spring Boot.