Xray 3.88.10

Xray Release Information
Products
JFrog Xray
ft:sourceType
Paligo

Released: January 31, 2024

Feature Enhancements

Contextual Analysis New Results

Improved Contextual Analysis by adding more granular result types for a better understanding of the scan results. For more information, see Contextual Analysis Statuses and Results.Contextual Analysis Statuses and Results

Support for Go SBOM identification

Added support for Go SBOM identification from build flags embedded in the Go binary.

Xray Upgrade Changes

Upgrade from Xray 2.x directly to Xray 3.88.x or above is no longer supported. To upgrade from Xray 2.x first upgrade to the latest 3.87.x version and after successful completion, upgrade to the desired 3.x version. For more information, see Upgrading from Xray Version 2.7 to 3.x.Upgrading from Xray Version 2.7 to 3.x

Improved Get Violations REST API

Improved The Get Violations REST API with an optional ordering direction and with additional optional filters for resources, latest create time, CVE, and violation issue identifier. For more information, see Get Violations.Get Violations

Resolved Issues

Jira

Description

XRAY-37728

Fixed an issue whereby, Contextual Analysis in Xray 3.87.8 failed in an OpenShift environment.

XRAY-26198

Fixed an issue whereby, scanning (indexing) of an artifact failed if the filename contained the # character.

XRAY-26962

Fixed an issue whereby, the Xray Indexer service responded with a 404 error during a build scan due to the # character in the path.

XRAY-37092

Fixed an issue in JFrog Catalog, when clicking on certain CVEs caused a UI error.

XRAY-25207

Fixed an issue whereby, the full list of Ignore Rules was not displayed in the Ignore Rule tab on the Administration page.

XRAY-27773

Fixed an issue whereby, in a repository that is set for indexing, the UI displays a wrong empty state ("Activate Xray") for an unscanned artifact instead of having the option to scan the artifact.

XRAY-37322

Fixed an issue whereby, the Observability service crashed. If the service is also in a non-containerized environment, it fails to restart causing the Xray node to remain down.

XRAY-38081

Fixed an issue that prevented JFrog Advanced Security containers from running in self-hosted Xray deployments using self-signed certificates.

XRAY-16269

Fixed an issue whereby, users with read permissions and knowledge of the scan-id / URL were able to view on-demand scans conducted by other users and not only the scans they initiated.