Released: September 8, 2020
Xray 3.8.3 is Available as a Cloud Version
The Xray 3.8.3 release is currently available only as a Cloud version. For the On-Premise version, the 3.8.3 content is available as part of version 3.8.5.
Feature Enhancements
License Detection Improvements
Improved license detection performance and success rate to reduce CPU utilization.
Resolved Issues
Fixed an issue, whereby, in some cases, viewing or exporting licenses of an artifact led to a PostgreSQL server malfunction.
Fixed an issue, whereby in some cases, PyPI package licenses inside a docker image were not detected.
Fixed an issue, whereby when scanning component with GPL-2.0 with a classpath exception license, Xray recognized it as GPL-2.0.
Fixed an issue, whereby in some cases RPM OS packages were indexed with the wrong epoch in docker images. For packages that were already indexed with the wrong epoch, you can reindex to fix this using the Force Reindex API.
Fixed an issue, whereby, when trying to drill down to an inner component in the impact path graph of a vulnerability or violation, a 500 error was issued. This issue affects only SaaS users with Xray version 3.8.2.
Fixed an issue, whereby, Xray could not be set up with Azure managed PostgreSQL. A property was added to the system.yaml in order to support connecting to externally managed databases where the actual database username may differ from the connection username. The new property is
shared.database.actualUsername
.