Xray 3.88.10

Xray Release Information

JFrog Xray

Released: January 31, 2024

Feature Enhancements

Contextual Analysis New Results

Improved Contextual Analysis by adding more granular result types for a better understanding of the scan results. For more information, see Contextual Analysis Statuses and Results.Contextual Analysis Statuses and Results

Support for Go SBOM identification

Added support for Go SBOM identification from build flags embedded in the Go binary.

Xray Upgrade Changes

Upgrade from Xray 2.x directly to Xray 3.88.x or above is no longer supported. To upgrade from Xray 2.x first upgrade to the latest 3.87.x version and after successful completion, upgrade to the desired 3.x version. For more information, see Upgrading from Xray Version 2.7 to 3.x.Upgrading from Xray Version 2.7 to 3.x

Improved Get Violations REST API

Improved The Get Violations REST API with an optional ordering direction and with additional optional filters for resources, latest create time, CVE, and violation issue identifier. For more information, see Get Violations.Get Violations

Resolved Issues




Fixed an issue whereby, Contextual Analysis in Xray 3.87.8 failed in an OpenShift environment.


Fixed an issue whereby, scanning (indexing) of an artifact failed if the filename contained the # character.


Fixed an issue whereby, the Xray Indexer service responded with a 404 error during a build scan due to the # character in the path.


Fixed an issue in JFrog Catalog, when clicking on certain CVEs caused a UI error.


Fixed an issue whereby, the full list of Ignore Rules was not displayed in the Ignore Rule tab on the Administration page.


Fixed an issue whereby, in a repository that is set for indexing, the UI displays a wrong empty state ("Activate Xray") for an unscanned artifact instead of having the option to scan the artifact.


Fixed an issue whereby, the Observability service crashed. If the service is also in a non-containerized environment, it fails to restart causing the Xray node to remain down.


Fixed an issue that prevented JFrog Advanced Security containers from running in self-hosted Xray deployments using self-signed certificates.


Fixed an issue whereby, users with read permissions and knowledge of the scan-id / URL were able to view on-demand scans conducted by other users and not only the scans they initiated.