Released: August 13, 2020
Highlights
Vulnerabilities Report
You can now create and generate a Vulnerabilities Report that gives you a visual representation of vulnerabilities found in your artifacts, builds, and release bundles. Narrow down what data you would like to see by setting a specific scope and advanced filters to display the exact data you want to analyze. A new reports page now is part of the JFrog platform where you can create, generate, and perform various actions on reports with the capability to export to PDF, JSON, and CSV file formats for further analysis. The Vulnerabilities report is also supported by REPORTS REST APIs.
This report type is the first of the Xray Reports feature that was introduced in this release. Other report types are planned for future releases that will provide you with further capabilities.
Manage Reports User Role
A new role was added to the users' permissions allowing users to create, generate, and manage the new Reports feature in Users and Groups. This role is also required by some APIs such as Get Component List Per Watch and Find Component by CVE.
Multiple License Permissive Approach
The new Multiple License Permissive Approach enables you to have more flexibility in the policy level and to configure a more permissive approach that allows components that have at least one of the licenses as permitted to go through without triggering a violation even if some licenses are not allowed.
Dedicated Features that Require Artifactory
The Vulnerabilities Report, the Manage Reports User Role, and the Multiple License Permissive Approach features all require Artifactory version 7.7.0 and above on the Cloud, and version 7.7.3 and above On-Prem.
System Metrics Information API and log
Xray has been enhanced to support open metrics. The new Metrics API has been added and returns metrics in the Open Metrics format. The new metric-related log file xray-{microservice}-metrics.log
was added to the file system.
RabbitMQ Upgrade
RabbitMQ has been upgraded to version 3.8.x.
Feature Enhancements
Go Version Upgrade
The Go version with Xray has been upgraded to version 1.14.6, solving some security vulnerabilities described in CVE-2020-15586.
PostgreSQL Version Support
Xray is now certified to run with PostgreSQL versions 11.x, and 12.x.
Resolved Issues
Fixed an issue whereby, the IU-Extreme-1.1.1 license URL was incorrect.
Fixed an issue whereby, after DB Sync failure, the DB Sync was reading the same faulty bundle and not downloading fixed bundles.
Fixed an issue whereby, Debian OS packages were named by "Source" instead of "Package".
Fixed an issue whereby, the Get Component List Per Watch API required Admin permissions only, preventing non-admin users from calling this REST API. A new Manage Reports user role was added to enable you to use this API.
Fixed an issue whereby, the Find Component by CVE API did not return results for users with read permissions. A new Manage Reports user role was added to enable you to use this API.
Fixed an issue whereby, Xray was not sending E-mail notifications to watch recipients when violations were found.
Fixed an issue whereby, Alert worker was consuming an excessive amount of memory.
Fixed an issue whereby, the RPM docker images were stuck in the indexing stage in an infinite loop.
Improvement in RabbitMQ clustering logic.