Artifactory Changelog

What's new in Artifactory 7.77.7

Mar 12, 2024

Fixed an issue where YAML configuration changes couldn't be applied if the file size exceeded 3 MB.
Fixed an issue whereby, when trying to resolve an un-cached artifact from a remote repository pointing to a registry that does not allow content browsing through the Native Browse, Artifactory returned a 404 error.
Fixed an issue related to Docker whereby, when trying to resolve an artifact from a repository blocked by Xray remote validation, Artifactory returned a 404 instead of a 403 error.
Fixed an issue whereby, when using a dotnet NuGet client with incorrect authentication credentials, Artifactory returned a 500 server error instead of a 401 error.
Fixed an issue related to Terraform whereby, Artifactory did not support dereferenced commits for Terraform modules when proxying remote registries.
Fixed an issue related to RPM whereby, when adding GPG keys without extension with a file name containing ‘GPG’, Artifactory did not support making the keys expirable.

New in Artifactory 7.63.12 (Aug 13, 2023)

New in Artifactory 7.63.11 (Aug 10, 2023)

New in Artifactory 7.64 (Jul 23, 2023)

New in Artifactory 7.59.9 (May 28, 2023)

New in Artifactory 7.55.8 (Mar 16, 2023)

New in Artifactory 7.55.6 (Mar 7, 2023)

New in Artifactory 7.55.3 (Mar 3, 2023)

New in Artifactory 7.53.4 (Feb 26, 2023)

New in Artifactory 7.49.8 (Feb 22, 2023)

New in Artifactory 7.49.6 (Jan 29, 2023)

New in Artifactory 7.49.5 (Jan 11, 2023)

New in Artifactory 7.47.14 (Dec 19, 2022)

New in Artifactory 7.46.13 (Nov 16, 2022)

New in Artifactory 7.46.11 (Nov 4, 2022)

New in Artifactory 7.46.9 (Oct 27, 2022)

New in Artifactory 7.46.6 (Oct 14, 2022)

New in Artifactory 7.42.1 (Jul 31, 2022)

Feature Enhancements:
Added a Full Broadcast Function to the Access Federation UI
Added the option to trigger a full broadcast from a specific Access Federation source via the Access Federation UI. See Full Broadcast.
CRAN Local Repository Improvements:
Aligned the CRAN Local repository to follow the CRAN spec when populating the Archive folder by introducing the following enhancements:
Added the cran.archiveMover.enabled system property that will allow the storage of the archives in the correct hierarchy.
Added a new Move Archives CRAN REST API, which moves the existing archives to the correct location (if the system property is enabled).
For more information, see Applying the CRAN Official Spec on Local CRAN Repositories.
Cold Storage UI Improvements:
Added a new Skip Trash Can checkbox allowing you to skip moving items to the trash can when creating or modifying Cold Storage Archive policies in the WebUI.
Property Set /name validation endpoint changed to /propertyName:
Changed the property set endpoint from /Name to /propertyName.
Projects Enhancements:
Modified the Project Key Name length limitation from three to two characters.
Resolved Issues:
Fixed a Cargo package-related issue, whereby a remote Cargo remote repository could not be created without providing the gitRegistryUrl which prevented Artifactory from starting.
Fixed a PyPI-related issue whereby, remote PyPI artifacts yanked from the registry would not be processed by Artifactory if there were no yanked details in the remote repository.
Fixed an issue whereby, submitting repository-related REST API requests without a repository key returned a 500 error instead of a 400 status error.
Fixed an issue whereby, Crowd users were unable to download artifacts via the URL-to-File requests.
Fixed an issue whereby, running the Get LDAP Groups Rest API returned forceAttributeSearch as false even if it was set as true in the config.xml file.
Fixed an issue whereby, when running NuGet-related REST APIs, the NuGet HTTP status code returned a 403 status message instead of a 409 status message for users with write and not overwrite access while trying to upload an already-existing package.
Fixed an issue whereby, running NPM audit fix on the latest versions of NPM and Node version did not function.
Fixed an issue whereby, the contents of a virtual repository could not be listed when there is a broken remote repository.
Fixed an issue whereby users with the "Manage Resources" permission granted users access to Admin Settings page.
Fixed a Cargo package-related issue, whereby the Cargo search could not find the carte if the carte name contained more than one hyphen. For example, openid-connect-mock.
Fixed an issue whereby, Helm virtual repositories that were set as the target of a Smart remote repository, downloaded new artifacts even if the artifactoryRequestCanRetreiveRemoteArtifacts flag was disabled (Default setting).
Fixed an issue whereby, running the Create Repository REST API, to create a virtual repository with multiple local repositories with the same name, displayed the local repositories many times in the WebUI.
Fixed an issue related to NPM packages whereby, a 404 error message was generated when running NPM Install if the package.json located under the local repo contained an extra slash.
Fixed an issue whereby, under certain circumstances, running a Docker Pull generated an "Unknown Blob" error if the remote cache was deleted and the client had a partial cache.

New in Artifactory 7.41.6 (Jul 22, 2022)

New in Artifactory 7.41.4 (Jul 11, 2022)

Resolved Issue:
RTFACT-18610
Fixed the issue, whereby running the Create Virtual repository REST API allowed duplicating the same local repository in the Virtual repository.
RTFACT-26704
Fixed an issue whereby, attempting to move files to a virtual repository caused files to disappear.
RTFACT-26903
Fixed an issue whereby, creating permission targets using the REST API was faulty.
RTFACT-26430 Fixed an issue whereby, NPM Info did not include all the artifact data collected from the package.json file.
RTFACT-27116 Fixed an issue whereby, under certain circumstances, NuGet v3 packages containing a version with upper case characters in the 'Prerelease' parameter were omitted from the registration item results if they were in the lower or upper entry of the list.
RTFACT-27056
Fixed an issue whereby, converting a local repository to a federated repository removed the repository from the Project.
RTFACT-26388
Fixed an issue whereby, Helm charts containing annotations with a regex of '[0-9] +e [0-9]' broke the index.yaml.
RTFACT-26430
Fixed an issue whereby, the Npm Info did not include all the artifact metadata that should have been collected from the package.json file.
RTFACT-26709
Fixed an issue where beforeDownloadRequest callback is not working with the NPM Virtual repository.
RTFACT-26718
Fixed an issue whereby, Debian Source packages could not be downloaded if the 'Store Artifacts Locally' option was disabled.
RTFACT-26843
Fixed an issue whereby, uploading Docker images to Federated repositories did not sync to other federated members if the repository name contained more than 34 characters.
RTFACT-26903
Fixed an issue whereby, users with the Manage Resources role could not create the permission targets through REST API.
RTFACT-27056
Fixing an issue whereby, converting local repositories to federated repositories removed the repository from the Project.
RTFACT-27090
Fixed an issue whereby, the GAVC Search returned artifact versions without the SNAPSHOT.
RTFACT-26779
Fixed an issue relating to npm packages, whereby the npm client configured opposite a virtual repository and the remote repository within this repository is offline, the npm audit command fails. This audit command should return results as Artifactory is connected to Xray and therefore should return the results from Xray.
RTDEV-26681
Fixed an issue whereby, under certain circumstances, Go Virtual repositories may have returned a 404 response when the remote repository response was 200.

New in Artifactory 7.39.4 (Jun 14, 2022)

New in Artifactory 7.38.10 (May 19, 2022)

New in Artifactory 7.38.7 (May 8, 2022)

New in Artifactory 7.37.15 (May 6, 2022)

New in Artifactory 7.37.14 (Apr 18, 2022)

New in Artifactory 7.37.13 (Apr 18, 2022)

Feature Enhancements:
Enforce Internal Dynamic Search of Attributes in LDAP Groups:
Introducing the new functionality for the LDAP group dynamic strategy which enforces dynamic internal search of attributes in a group by setting the <forceAttributeSearch>true</forceAttributeSearch> in the Config descriptor. For more information, see Enforcing Dynamic Search of Attributes for LDAP Groups.
Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories:
An enhanced Maven Authentication mechanism has been implemented in Artifactory to eliminate the need to perform authentication prior to checking if a package is located in local, remote and virtual repositories. With the new authentication mechanism, when reaching Maven-local-three (which requires authentication), instead of first performing for authentication and next authorization, Artifactory will check if the requested item is located in the repository. If the requested package does exist, it will proceed to perform authentication and authorization. If not, a 404 error message will be triggered.
This feature is disabled by default and can be enabled by adding the artifactory.maven.authentication.nonPreemptive parameter to the artifactory.system.properties file. Please note that a reboot of the system is required after adding the flag. For more information, see Forcing Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories.
Anonymous Users can be routed to Login Page by Default:
To provide Anonymous users in the JFrog Platform with an improved navigation experience, you can set all Anonymous users to be routed to the Login page by enabling the new 'Set the Login page as the start page' on the Anon User page.
GAVC Search REST API Supported on Virtual and Remote Repositories:
Maven users can now search by Maven Coordinates (GAVC: GroupID, ArtifactID, Version, Classifier), on remote and virtual repositories, in addition to the existing support for local repositories. For more information, see the new parameters added to the GAVC Search REST API.
Added Support for Custom Ports to be Exposed on the NGINX Pod:
As part of the alignment of the JFrog Platform with the conventional Kubernetes YAML syntax for container ports, we have added support for comments in the values.yaml file. It is self-explanatory as it is traditional Kubernetes YAML syntax and allows you to pass additional ports other than HTTP and HTTPS port to Nginx deployment and service in the values.yaml file.
New Webhook to Support Pull Replication from Remote Repositories:
The newly added 'Cache' webhook event is triggered for Pull Replication events occurring opposite remote repositories. Please note that for push replication, you should use this 'Deployed' event. For more information, see the Domain:Artifact section.
Extended the Priority Resolution feature to Support RPM Packages:
You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for Local and Remote repositories for RPM packages.
Integration Service Logs Added to Support Bundle:
The integration-request.log and integration-service.log logs have been added to the Support Bundle.
Release Bundle Webhooks: Enhanced the Exclude and Include Pattern Experience in the WebUI:
To prevent confusion when creating the Release Bundle Webhook, the Webhooks WebUI has been improved when setting the include and exclude patterns.
Updated the Refresh Token Mechanism:
To enable refreshing a token without having to provide the old token, a new column has been added to the database that contains the token payload, the token version, and `kid` as a JSON (this is an applicable to refreshable tokens only!). Upon receiving a token request to refresh, the original data is then taken from the new column in the database. See Refresh Token.
Resolved issues:
Fixed an issue related to downloading NuGet packages in virtual repositories running JFrog Xray whereby, Artifactory blocked downloads due to an Xray policy, and an incorrect error message was displayed. The error was 404 and has now been replaced 403.
Fix an issue related to LDAP integration whereby, an increased number of REST calls were sent to the LDAP server during UI browsing.
Fixed an issue whereby, retrieving a version of a Go package from a virtual repository using a REST Command, returned a 500 error (Null Pointer Exception) response.
ixed an issue whereby, deploying files to a Yum virtual repository failed to merge metadata related to .xz file extensions.
Fixed an issue whereby, updating a user group by adding a user or one of the user's groups through the CLI, required adding the credentials to the Conan client.
Fixed an issue related to Conda packages whereby, deploying an attachment package to with stored entries to a local repository could not be extracted.
Fixed an issue whereby, tree browser artifacts were not sorted in a chronological list.
Fixed an issue whereby, the Direct Cloud Storage Download field and CDN redirect field in the UI were not displayed, when creating or editing a federated repository.
Fixed an issue related to configuring Artifactory with Access TLS enabled using Helm Charts, resulted in incorrect proxy_pass configurations for /artifactory/ in the default artifactory.conf file.

New in Artifactory 6.16.0 (Dec 2, 2019)

Highlights
Upgraded the Microsoft Azure Storage SDK version included in Artifactory to V8
Artifactory has been upgraded to support Microsoft Azure Storage SDK for Java v8 enabling users to upload files larger than 12GB in the Azure Blob storage.
Running ‘go get’ commands from Github are Supported for Go Version 1.13 and Above
Artifactory supports serving and caching 'gosumdb' requests from a GoSumDb provider - for example, GoCenter.
Updated ‘Set Me Up’ for PyPI
The ‘Set Me Up’ function for PyPI remote repositories now includes your user credentials, thus allowing you to resolve packages using the ‘pip install <package>’ request without having to reinsert your Artifactory credentials for each request.
Issues Resolved
RTFACT-18718
Artifactory now supports indexing of npm packages versions, containing build metadata, enabling packages to be resolved by the npm client.
RTFACT-19110
Running “docker pull” on images with schema 1 download the manifest.json file, using the correct file name of 'list.manifest.json'.
RTFACT-19146
Improved the copying and processing Conan packages from one repository to another. Under certain circumstances in the past, during the copy/move process, the ‘index.json’ locks error was generated causing the process to take longer than expected and eventually failed.
RTFACT-19586
Under certain circumstances, Conan packages were copied or promoted, sometimes causing the index file to be overwritten by the package.json from the source with the revision of the destination until the next re-indexing process ran.
RTFACT-20380
Running the 'go get' command from Github, returns the correct pre-release version names.
RTFACT-20031
Resolving packages according to properties is now configurable and can be enabled using an Artifactory system property. Artifactory will no longer support resolving packages from an incorrect path by properties alone.
RTFACT-20410
All ‘Pull’ replications will not run after enabling the ‘Global Replication Blocking’ configuration.
RTFACT-20424
When working with Go artifacts, any potential connection leaks are prevented when working In FullDB mode, whereby a GO artifact with a 'zip' extension is requested from a remote in Artifactory, and the artifact exists in the remote repository-cache but not in the file-system cache-fs.
RTFACT-16926
Artifactory indexes Helm packages uploaded with an empty ‘requirements.yaml’ file.
RTFACT-20717
Docker and Helm repositories are only available for JFrog Container Registry, JFrog Pro licenses and above.
RTFACT-15685
Using Artifactory Query Language, with several virtual repositories, returns the full list of results based on the query used.
Access-related Issues
The 'access_federation_log' table does not get overpopulated when using Access Federation.
Implemented a “file-system” PATCH mechanism for patching Access’s configuration using an access.config.patch.yml file.

New in Artifactory 6.14.0 (Nov 3, 2019)

New in Artifactory 6.13.1 (Oct 8, 2019)

New in Artifactory 6.13.0 (Oct 7, 2019)

New in Artifactory 6.12.2 (Sep 11, 2019)

New in Artifactory 6.12.1 (Aug 28, 2019)

New in Artifactory 6.12.0 (Aug 20, 2019)

New in Artifactory 6.11.3 (Jul 22, 2019)

New in Artifactory 6.10.4 (Jun 19, 2019)

New in Artifactory 6.10.3 (Jun 11, 2019)

New in Artifactory 6.10.2 (Jun 3, 2019)

New in Artifactory 6.10.1 (May 21, 2019)

New in Artifactory 6.10 (May 6, 2019)

Highlights:
Support for Conan Remote and Virtual repositories:
In addition to local repositories, Artifactory now supports Conan remote and virtual repositories. Remote Conan repositories proxy remote Conan resources and cache downloaded Conan packages to keep you independent of the network and the remote resource. Virtual repositories allow you to aggregate multiple local, remote and virtual Conan repositories under a single endpoint and easily manage the resolution and deployment of all your Conan packages.
Support for npm audit:
Artifactory now supports npm audit, allowing you to get vulnerabilities on your npm projects’ dependencies tree.
Audit reports contain information about security vulnerabilities of dependencies and can help fix a vulnerability by providing npm commands and recommendations for further troubleshooting.
This functionality will be enabled by default on npm virtual repositories that aggregate at least one remote repository that supports npm audit. For example, a remote repository that points to https://registry.npmjs.org or Artifactory Smart Remote repository.
JFrog Xray users with Artifactory Pro X / Enterprise / Enterprise+ license, will get an enhanced audit report that includes security vulnerabilities from Xray's database. When Xray is configured to work with Artifactory, an audit report can be generated from scratch even without connecting to any remote repository.
Java 11 Compatibility:
From this version, Artifactory officially supports running with JDK 11 on all installation types (e.g. Linux, Docker, Debian, RPM, Windows). The Artifactory Docker image is shipped with JDK 11.
Java 8 support end of life is coming up, and Artifactory contains components that require Java to run properly and include Java runtime as part of Artifactory.
Feature Enhancements:
New Artifactory User Plugins hooks:
The Artifactory User Plugins now include two new hooks:
Upload.beforeUploadRequest, useful for overriding the actual repository path during the Artifactory upload process.
Download.altAllResponses, used to provide an alternative response during the Artifactory download process, by setting response headers, status code, error message or inputStream and size context variables.
Issues Resolved:
Fixed an issue where downloading a Docker image from remote repositories did not cache layers that existed on the local drive of the user trying to download the image, resulting in missing layers in the remote cache repository. Artifactory will now search for any missing layers in all repositories the user has permissions for and copy them to the remote cache repository for full image coverage that contains all layers.
GoLang repository fixes and enhancements:
Go .mod and .info files can now be viewed from within the Artifactory UI.
Added both golang.org and k8s.io to the default whitelisted Go virtual repositories external dependencies.
Fixed an issue where a 400 response instead of a 404 response was returned when trying to resolve directly from a remote Go repository REST resource.
Fixed an issue where a NullPointerException was printed to Artifactory logs, when setting up a remote repository with Artifactory as the module provider and the url as github.com, and requesting a mod file.
Fixed an issue when resolving artifacts from a remote Go repository, the go-get.html file was stored instead of the info module. Unused go-get.html files will now be removed.
Fixed an issue where downloading a Go module with a version that contains upper case characters would fail
Fixed an issue where virtual Docker repositories composed of aggregated local/remote repositories that had one repository configured with exclude patterns, would return 404 when trying to resolve Docker images. Artifactory will now search for the Docker image in all of the aggregated repositories of the virtual repository.
Fixed an issue where using the Gems client to search for packages in a virtual repository did not return any results.
Fixed an issue where communication between Artifactory instances in an HA configuration did not work in some cases where the service ID was changed.
Fixed an issue in the UI where in Admin > Users > [specific user] > User Permissions table, the same permission target would be listed more than once, based on the number of groups the specific user would be associated with.
Fixed an issue in which trying to get the IP address of a user in User Plugins requests would sometimes return null.
Fixed an issue in which deploying packages that contain the plus sign character (+) when deploying multiple files would convert the plus sign to spaces.
Fixed an issue in the UI > Permissions page when using Internet Explorer, where creating a new permission the scroll bar would not work in the Available/Included Repositories/Builds drag and drop components.
Fixed an issue in which if the proxy settings being used for the Sumo Logic integration settings in the Log Analytics page are incorrect, Artifactory would try to reach Sumo Logic directly without going through a proxy, causing potential timeouts.

New in Artifactory 6.9.1 (Apr 8, 2019)

Feature Enhancements:
npm virtual repository performance improvements:
Performance improvements when installing an npm package from npm virtual repositories + reducing memory consumption.
Access and Request log improvements:
The request.log and access.log files now include the source user ID and the IP address. This applies to users accessing Artifactory via UI, REST API, ‘docker login’ command regardless of whether the authentication was successful (i.e. good credentials) or not (i.e. bad credentials).
Issues Resolved:
Fixed an issue in Ruby Gems repositories where in some cases, cached dependency requests from a remote repository would not return the latest version.
Fixed an issue in Docker repositories where pulling a Docker image from a remote repository pointing to Microsoft/Azure container registry (e.g. mcr.microsoft.com) would fail with “error pulling image configuration: unknown blob”.
Fixed an issue in Docker repositories where pushing a Docker image with properties on the layers to one repository and then pushing another image with some shared layers to another repository, the layers in the second new repository would be cloned from the existing layers along with all properties. Only the "sha256" property will be cloned, the other properties will not be cloned.
Fixed an issue, relevant to version 6.4.0 and above, in which replicating Maven artifacts from a generic repository to another generic repository would not replicate the metadata, resulting in missing metadata on the target.
Fixed an issue in Maven repositories in which, when a client would ask for a snapshot and the snapshot version behaviour was ‘unique’, Artifactory would keep searching for the artifact in all the remote repositories even after the artifact was found.
Fixed an issue in which the Debian indexer would try to get artifact properties even in case non-Debian packages would be uploaded, deleted or moved from Artifactory.
Fixed an issue in RPM repositories where in some cases Artifactory would fail to parse XML metadata files on certain remote RPM repositories.

New in Artifactory 6.8.7 (Mar 14, 2019)

New in Artifactory 6.8.6 (Mar 13, 2019)

New in Artifactory 6.8.4 (Mar 4, 2019)

New in Artifactory 6.8.3 (Feb 26, 2019)

New in Artifactory 6.8.2 (Feb 19, 2019)

Highlights:
Support Bundle Repository:
The Support Zone has been enhanced with a simplified UI flow, which includes the ability to create a support bundle that contains the relevant data (such as system and log files) for a single Artifactory instance or multiple nodes in an HA cluster. Once a support bundle is created, it will be saved to the new default jfrog-support-bundle system repository for any future reference.
Feature Enhancements:
Artifactory Pro Nginx Docker Image Upgrade with TLS v1.3 Support:
As part of the Artifactory Pro Docker distribution, the Nginx Docker Image (docker.bintray.io/jfrog/nginx-artifactory-pro) is now upgraded to Nginx version 1.15.5, running on top of Ubuntu 18.10 and provides full support for TLS v1.3.
Tomcat Extra Connectors for Artifactory Docker Images Support:
You can now add extra Connectors to Artifactory Docker images Tomcat's server.xml, using the SERVER_XML_EXTRA_CONNECTOR environment variable
Improved Performance for Users Managed within a Group:
The performance for authentication of users during login that are associated with groups has been enhanced.
Issues Resolved:
Fixed an issue where in some scenarios of Artifactory HA scenarios, terminating the deploy of an artifact to a repository before the deploy was completed would result in a "Failed to move file from _pre folder to filestore" error in the log.
Fixed an issue in which Artifactory would allow creating users and groups using the REST API even if the username or group name included illegal characters (/:|?*"<>). Artifactory now validates that the username and group name only include legal characters as is done when creating a user or a group through the UI.
Replication fixes
Fixed an issue where a source Artifactory configured to replicate more than one target would only replicate to one of the targets, after restarting the source Artifactory instance.
Fixed an issue in which pull event replication in a full-mesh topology would fail in some scenarios, after restarting one of the instances in the topology.
Fixed an issue when replicating an artifact that had properties on it while there was an artifact with the same name on the target (but different content), the properties from the source would not be replicated to the target.
Fixed 2 issue in Property Sets:
In some scenarios adding new properties to a Property Set would not work.
In some scenarios changing the value of single-value property would not work.
Fixed an issue where the Access config yaml was encrypted when using the JFrog Access encrypt API, causing an issue when trying to restart an Artifactory instance after an Access encrypt was completed.
Fixed an issue where using a custom user ID to run Artifactory and Nginx Docker containers custom configurations, caused Nginx to not start and Artifactory to fail setting the custom configurations.
Fixed an issue in Opkg repositories, where in some cases the repository indexing caused performance issues.
Fixed an issue in which in some scenarios, concurrent requests to a remote Docker repository would hang connections and threads.
Fixed an issue where the ListDockerRepositories rest API would return an empty list and the ListDockerTags rest API would return an error rather than what is stored in cache, while the remote endpoint is unavailable. This fix requires setting the artifactory.docker.catalogs.tags.fallback.fetch.remote.cache system property to true (default false).
Fixed an issue in which when deploying a Gem to a local Ruby Gems package, the ‘Deployed By’ field would show _system_ instead of the actual username who deployed the package.
Fixed an issue in which retrieving the Effective Permissions for a repository or a build would not show the users who have permissions for the resource if the user got the permissions from a Group.
Fixed an issue where remote PHP repositories did not support last modified headers, which caused the client to download the same files remotely and not use the client cache.
Fixed an issue when deleting/deploying files to Helm or Cran remote repositories, a metadata calculation was unnecessarily triggered.

New in Artifactory 6.8.1 (Feb 18, 2019)

New in Artifactory 6.7.3 (Feb 6, 2019)

New in Artifactory 6.7.2 (Feb 3, 2019)

New in Artifactory 6.7.1 (Jan 30, 2019)

New in Artifactory 6.7 (Jan 23, 2019)

Issues Resolved:
Fixed an issue relevant from Artifactory 6.6.3 / 6.6.5 in which with Artifactory running on a Windows machine, it was not possible to work with RubyGems repositories.
Fixed an issue in which for Artifactory instances that were upgraded to version 5.5 (in which SHA-256 checksums were introduced) and above, but whose database was not migrated to SHA-256 checksums, reindexing an entire Debian repository could take a long time.
Fixed an issue in which indexing of a Debian virtual repository that aggregates a local Debian repository would fail in one of the following scenarios:
A user triggers indexing of the local Debian repository using the REST API
A user with limited permissions deploys a Debian package into the local Debian repository
Fixed an issue in which Artifactory would not clean up temporary metadata files that were created during the Debian metadata calculation.
Fixed an issue in which under certain circumstances, an Artifactory remote Go repository would cache a goget.html file instead of the corresponding Go module.
Fixed an issue whereby an Artifactory remote Go repository pointed to an Artifactory as a module provider (smart remote repository) resulting in the following:
Failure to fetch the real zip content by returning an empty zip file.
Failure to fetch info, MOD or Zip files if the remote URL contained a trailing slash.
Fixed an issue whereby an Artifactory remote Go repository pointed to an Artifactory as the module provider (smart remote repository) resulting in failure to fetch info, mod and zip files if the remote URL had trailing slash.
Fixed an issue in which when proxying GitHub.com in a remote Go repository, Artifactory would not pass credentials to api.github.com
Fixed an issue in which parsing the go-import from the go-get metadata for a Go package would fail if that metadata was spread out over multiple lines.
Fixed an issue in which when importing LDAP groups, Artifactory would not display results if a search for existing LDAP groups yielded more than 1000 results.
Fixed an issue in which after setting a custom SERVER_XML environment variable as part of a Docker execution command, the Docker container would succeed starting up the first time, but fail starting up from then on.
Fixed an issue in which Artifactory would allow creating a repository with a repository key that is longer than 64 characters using the REST API. While creating the repository succeeded, deploying to the repository would fail and the log would display the following error messages:
Could not acquire lock within 120 seconds
Couldn't acquire lock for: 120000 milliseconds
When creating a repository using the REST API, Artifactory will now validate that the repository key is no longer than 64 characters (as is enforced when creating a repository through the UI).
Fixed an issue in which when deploying the same artifact under two different paths to a NuGet repository, and then deleting it from the first upload path, the NuGet repository would not get reindexed and the artifact would also not be available from its second upload path.
Fixed an issue in which Artifactory would allow creating a repository through the REST API even if the repository key included illegal characters (/:|?*"<>). Artifactory now validates that the repository key only includes legal characters as is done when creating a repository through the UI.
For a complete list of changes, please refer to our JIRA Release Notes.
For an Artifactory Pro or Artifactory Enterprise installation, click to download this latest version of JFrog Artifactory Pro.
For Artifactory OSS, click to download this latest version of JFrog Artifactory OSS.
For Artifactory Enterprise+, click to download the latest version of JFrog Enterprise+.

New in Artifactory 6.6.5 (Jan 8, 2019)

New in Artifactory 6.6.3 (Dec 31, 2018)

New in Artifactory 6.6.1 (Dec 26, 2018)

New in Artifactory 6.6.0 (Dec 19, 2018)

New in Artifactory 6.5.8 (Nov 27, 2018)

New in Artifactory 6.5.6 (Nov 26, 2018)

New in Artifactory 6.5.3 (Nov 14, 2018)

New in Artifactory 6.5.2 (Oct 22, 2018)

New in Artifactory 6.5.1 (Oct 19, 2018)

New in Artifactory 6.5.0 (Oct 11, 2018)

Highlights:
Release Bundle Repository:
As part of the Distribution flow that was introduced with Enterprise+, Artifactory now supports release bundle repositories.
The Release bundle repository protects the artifacts created in the Artifactory source instance, by copying them into a separate repository where their contents cannot be edited or removed.
Whenever a new release bundle is created and signed, it is copied and saved into an immutable release-bundles repository in Artifactory. This ensures consistency in the artifacts being distributed among target instances.
This feature is available when upgrading to both Artifactory 6.5 and Distribution 1.3
Xray Data in Package Native UI:
This version adds data from JFrog Xray to the Package Viewer, enriching the information on major package types in Artifactory. Once a specific package is selected in the package viewer, Artifactory will expose data about license and security violations detected by Xray for all of the versions of the selected package.
Direct Cloud Storage Download:
This feature adds an optimization when storing your binaries on AWS S3 (S3 Binary Provider) by allowing Artifactory to redirect requests from clients that support HTTP 302 responses to download large binaries directly from the cloud storage rather than through Artifactory. By redirecting download requests, requirements for Artifactory's local storage cache is reduced since large artifacts are downloaded directly from the cloud, and in the case of multiple simultaneous download requests, Artifactory doesn't need to allocate threads and compute power to download multiple large artifacts at the same time. This feature requires an Enterprise+ license, and is currently only available on JFrog Artifactory Cloud.
Access Tokens Lifecycle Management:
This version adds more capabilities for administrators to exercise greater
control over the lifecycle of access tokens:
Previously, expirable tokens could not be revoked. This version moderates this feature in that now, all tokens can be revoked, but with the minimum-revocable-expiry flag used in the Create Token REST API endpoint, you can specify a minimal period of time during which a token cannot be revoked.
Previously, non-admin users could only create an access token with an maximal expiry of one hour. This version adds a non-admin-max-duration flag to the Access YAML configuration file allowing an administrator to change the default maximal expiry period
JFrog Access User Guide:
JFrog Access is the service that manages all aspects of authentication and authorization for all JFrog services under the hood. Run as a separate service that is installed under the same Tomcat with Artifactory, it stores all Users, Groups, Permissions and Access Tokens generated by any connected JFrog service. The features and capabilities of JFrog Access were previously concentrated around the Access Tokens and Access Federation pages in the JFrog Artifactory User Guide. As the service’s capabilities were extended, and its scope widened to include all JFrog products, its documentation has been moved to a separate space to provide better visibility for its features and easier access to relevant information which now available in the JFrog Access User Guide, and will continue to be maintained and updated there.
Issues Resolved:
Fixed an issue where download requests to a remote RubyGems repository, marked as offline, would respond with a 500 error and the download request would fail.
Fixed an issue where in some cases, list browsing in the UI for artifacts path with very long name (For example: /central/org/springframework/boot/spring-boot-starter-cloud-connectors/1.2.0.RELEASE/) would fail with a 404 error.
Fixed an issue where new users created by REST API, would not automatically get added to default groups marked with ‘Automatically Join New Users to this Group’.
Fixed an issue where downloading an artifact with a name that contains an exclamation mark (i.e. !) would fail.
Note: due to this fix, when downloading an artifact from an archive requires the resource path within the archive to start with a ‘/’
For example: GET http://localhost:8081/artifactory/repo1/folder/a.jar!/META-INF/LICENSE
Fixed an issue where deploying a Go build info to Artifactory, the artifacts’ path would not be displayed in the Builds page in the UI. This would happen only when Artifactory was configured behind NGINX.
Available with JFrog CLI V1.20.2.

New in Artifactory 6.4.1 (Oct 2, 2018)

New in Artifactory 6.4.0 (Sep 28, 2018)

New in Artifactory 6.3.3 (Sep 3, 2018)

New in Artifactory 6.3.2 (Aug 29, 2018)

New in Artifactory 6.3 (Aug 23, 2018)

New in Artifactory 6.2 (Aug 8, 2018)

Enhancements:
Session Management for HA:
This version enhances the internal session management between nodes in an Artifactory HA cluster to provide more stability. In previous versions, an HA cluster used a third-party library, Hazelcast, to manage sessions between the cluster nodes. From this version, Artifactory introduces a new mechanism that uses the database which makes session management more robust.
Artifactory Docker Container:
The Artifactory Docker container now starts and runs under an artifactory user and no longer requires root access. Similarly, the Artifactory NGINX Docker container now starts and runs as user nginx.
Issues Resolved:
Fixed an issue which prevented updating propertySets in the YAML configuration file.
Fixed an issue in which when Xray Integration was enabled, for all artifacts scanned by Xray, the download counter would increase by one and the "Last Downloaded By" would indicate being downloaded by Xray.
Fixed an issue in which upgrading from Artifactory 5.x to Artifactory 6.x would fail if an SSL/TLS certificate was configured on one or more of the remote repositories.
Fixed an issue in which when promoting a Docker tag with the REST API using an existing dockerRepository:<tag> tag, the call would deploy a new tag rather than overwrite the existing one resulting in orphaned layers.
Fixed an issue in which using the UI to deploy a single artifact from a folder in a repository would sometimes fail with a constantorg.artifactory.descriptor.repo.RepoType.undefined error.
Fixed an issue in which when reloading user plugins, whether through a scheduled task or on-demand via the REST API, new JARS would be loaded, but existing JARS would not, even if they had been modified.
Fixed an issue in which installation of npm packages would fail because parsing the npm repository's package.json file would fail when the value of its version field contained a leading "v" or "=" character.
Fixed an issue in which downloading an individual file from within a ZIP file, the file would not be cached. This resulted in long resolution times every time you needed to resolve the file (because the file was never cached).
Artifactory has been enhanced to correctly manage the new character encoding that the Go client uses for capital letters.

New in Artifactory 6.1 (Jul 2, 2018)

CRAN Repository Support
Artifactory now natively supports CRAN repositories for the R language, giving you full control of your deployment and resolve process of CRAN packages.
You can create secure and private local CRAN repositories with fine-grained access control. Remote CRAN repositories proxy remote CRAN resources and cache downloaded CRAN packages to keep you independent of the network and the remote resource, and virtual CRAN repositories give you a single URL through which to manage the resolution and deployment of all your CRAN packages.
Cross-Zone Sharding Enhancements
Sharding across multiple zones allows you to create zones or regions of sharded data to provide additional redundancy in case one of your zones becomes unavailable. From 6.1, you can determine the order in which the data is written between the zones and can set the method for establishing the free space when writing to the mounts in the neighboring zones.
Enhancements
Direct Access to Xray from the Xray Info tab
Added a link to the Xray tab giving you direct access to Xray from within the Artifactory Artifact tree browser.
Force Authentication on Virtual Maven Repositories
You can force the Maven client to send credentials in order to authenticate against the virtual repository. This means that even if anonymous access is enabled for the Artifactory instance, a virtual repository configured using this field or directly in the Repository Configuration JSON, will require the Maven client to send its credentials. This will be enforced even if some of the aggregated local repositories under the virtual repository allow anonymous access.
NuGet Search is Now Case-insensitive
Previously searching for NuGet packages using the ID and version via the NuGet CLI was case-sensitive causing search results to be narrowed down to an accurate result. This was very limiting, especially if you were looking for a specific version. So for example, if I was searching for junit version 1.0.2, and the repository package name was JUnit, I would not get any result. We now have improved the search to be case-insensitive, allowing for both junit or JUnit to be displayed in the search.
Build Promotion Timestamp Added to Release History Tab
When promoting a build, under the Builds > Release History tab, you can now see the timestamp of the build promotion.
Issues Resolved
Fixed an issue in PyPI repositories in which PyPI packages set with metadata version 2.1 in the METADATA or PKG-INFO files were not indexed by Artifactory and were not available for download.
Fixed an issue with npm repositories resulting in improved performance. Deploying a new version of an npm package that already exists in the repository caused Artifactory to calculate the metadata for all the package versions instead of calculating the metadata for the specific deployed package.
Fixed an issue with npm repositories. This issue relates to tagging the version of a specific package that is not the ‘highest’ in terms of SemVer. When an npm client was trying to install the ‘latest’ package he would receive the ‘highest’ version instead of the package that was tagged as the "latest'. An example: if I have MyApp-1.0.0, MyApp-1.0.1, MyApp-1.0.2 and I tag 1.0.1 as the latest one (with npm tag command) when trying to install the latest package (e.g. npm install MyApp), MyApp-1.0.2 would be returned.
Fixed an issue whereby users with special characters in their password (e.g. colon), tried to access their profile page by entering their password and would be redirected to a page with the following message:
"You are already logged in. You can go to the home page or log out."
Fixed an issue whereby pulling a Docker image caused the "Number of Downloads" counter for the image to be increased by two.
Fixed an issue whereby setting the Password Encryption to ‘Required’, prevented anonymous users from performing authentication opposite the Docker repositories. A 401 error was generated.
Fixed an issue regarding PyPI repositories whereby an Artifactory behind a proxy no longer ignores the "X-Artifactory-Override-Base-Url" header which overrides Artifactory base URL.
Fixed an issue in Debian repositories. Artifactory could not extract metadata in Debian packages that contained a control metadata file archived as a ‘control.tar’ or a ‘control.tar.xz.

New in Artifactory 6.0.3 (Jun 25, 2018)

New in Artifactory 6.0.2 (Jun 8, 2018)

New in Artifactory 6.0.0 (May 21, 2018)

New in Artifactory 5.11.0 (May 17, 2018)

Highlights:
Go Registries:
Artifactory now provides native support for Go registries, giving you full control over deployment and resolution of Go source control packages. You can create secure and private local Go registries with fine-grained access control, remote repositories to proxy remote Go resources and cache downloaded Go packages to keep you independent of the network and remote resources. Virtual repositories let you set up a Go registry with a single URL through which to manage the resolution and deployment of all your Go packages.
Support for Go repositories is currently integrated with the vgo client which can be downloaded from the vgo GitHub Repository.
CSRF Protection:
Artifactory can now prevent CSRF attacks by using a new custom header, X-Requested-With, for internal UI calls. This feature is disabled by default because it may require a change in your proxy server (if you are using one) to ensure it does not filter out this header. The feature can be enabled by modifying a system property and restarting Artifactory. For details, please refer to CSRF Protection under Configuring Security.
Allow Crowd Users to Access Their Profile Page
Artifactory users who are created by logging in via Crowd can now be given access to their profile page through a configuration in Artifactory. These users can now access a set of functions such as setting their SSH public key, configuring their JFrog Bintray credentials, and updating their password.
Issues Resolved:
Fixed an issue with RPM repositories which sometimes caused download requests to fail in. The issue occurred when in some cases, uploading an RPM package would result in deletion of the newly generated metadata files (primary, other, filelists) instead of the old ones. This, in turn, would cause download requests for certain RPM packages to fail.
Fixed an issue with NPM repositories in which presence of a corrupt package or metadata file caused indexing to be aborted rather than just skipping the corrupt file and continuing.
Fixed an issue which caused a memory leak in some cases when working with HTTP SSO.
Fixed an issue that caused initialization of replication to fail on systems with many event-based push replications configured.
Fixed an issue in which it would take Artifactory a long time to generate the information displayed in the Admin module under Advanced | Storage Summary, or the response for the Get Storage Summary Info REST API endpoint.
Fixed an issue which would sometimes cause deployment of artifacts to fail when the Storage Quota Control feature was enabled.
Fixed an issue in which an Artifactory instance trying to resolve packages from a remote repository in another Artifactory instance, which itself was proxying a remote repository in another Artifactory instance, would sometimes fail.

New in Artifactory 5.10.4 (Apr 27, 2018)

New in Artifactory 5.10.3 (Apr 19, 2018)

New in Artifactory 5.10.2 (Apr 13, 2018)

New in Artifactory 5.10.1 (Mar 30, 2018)

New in Artifactory 5.10.0 (Mar 28, 2018)

Package Native UI:
To complement Artifactory's universal support for all major package types, version 5.10 offers a new Package Viewer that provides a native experience with the a look and feel that is customized for a specific package type. Once you select a package type, Package Viewer will only search for packages of the selected type using the search term entered. More significantly, the details provided in the search results are also specific to the package type. For example, when searching for Docker images, the Package Viewer will search for Docker tags, and you can drill down into each search result to see details of the layers comprising the tag. Currently, the Package Viewer supports Docker with additional formats to be added in forthcoming releases.
MariaDB:
In addition to the set of databases currently supported, from version 5.10, Artifactory also supports MariaDB.
Xray Integration:
Artifactory 5.10, jointly released with JFrog Xray 1.12, presents significant changes in how these two complementary applications are integrated to improve usability and stability including:
a new mechanism for reporting scan status
configuring download blocking through Xray
Scan Status - Breaking Change:
Previously, Artifactory displayed the scan status (e.g., last scan time, highest severity of any vulnerabilities found etc.) of an artifact as a set of properties that Xray attached to each artifact it scanned. Upon upgrading to version 5.10, these properties will be removed, and instead, Artifactory will display an artifact's scan status by querying Xray and displaying the results on-demand when the artifact is selected in the Tree Browser. To support this behavior, the artifact's scan status is now displayed in a separate Xray information tab.
Download Blocking:
From this version, configuration of Download Blocking is moved from Artifactory to Xray. For details, please refer to Download Blocking in the JFrog Xray User Guide. In addition, when trying to download a complete folder, if any of the artifacts in the folder are blocked for download, then downloading the folder will fail.
NuGet Performance Improvements:
Performance of indexing Nuget repositories has been improved.
Retrying Database Connections:
From this version, if Artifactory fails to connect to the database, it will retry several times before dropping the connection.
Pagination for Docker:
Artifactory now supports pagination when calling the List Docker Repositories and List Docker Tags REST API endpoints on virtual repositories.
Issues Resolved:
Fixed an issue with the native browser in which Artifactory would encode space characters to a ‘+’ character resulting in incorrect URLs for paths that included spaces.
Fixed an issue in which for users with a realm that is LDAP, SAML, HTTP SSO and OAuth, their Last Logged In field would remain empty after logging in to Artifactory.
Fixed an issue in which LDAP users who were trying to authenticate against Artifactory with bad credentials would be removed from the LDAP groups they were associated with.
Fixed an issue with Bower repositories in which registering a package from GitHub using SSH would fail with an "Unable to determine coordinates from url" error. The following is an example that would cause this error:
Fixed an issue in which when uploading multiple files from the UI to a virtual repository, non-admin users would fail with a "Forbidden UI REST call from user <x>" error.
Fixed an issue in which the custom expires_in field of refreshable access tokens created by non-admin users would be erased, and upon refreshing a token, the expires_in field would be set with the default value of 3600 seconds.
Fixed an issue with Docker registries in which when promoting a Docker tag properties annotating the tag would not be promoted with it.
Fixed an issue with npm repositories in which resolving an npm package using npm install would fail if the package was present in both a local and remote-cache repository, but have a different checksum in each.
Fixed an issue in which the ‘Test Connection’ button in remote repositories would not work when the URL to which the connection was being tested was a private npm repository.
Fixed an issue in which user plugin event deletion would not be detected so the user plugin would not be deleted from the database and would be reloaded again.
Fixed an issue that prevented users from certain organizations authenticated via Crowd SSO from logging in to Artifactory.

New in Artifactory 5.9.3 (Mar 21, 2018)

New in Artifactory 5.9.1 (Mar 7, 2018)

New in Artifactory 5.9.0 (Feb 20, 2018)

HIGHLIGHTS:
Audit trail Log:
Artifactory will maintain an audit trail log that records all actions related to permissions, users, groups and access tokens. This enables auditing and tracking of all security related actions allowing you to enforce different security policies in your organization. Some examples of actions that will be recorded in the audit trail log are: creating a new user, adding a user to a group, changing a user password, adding a user to a Permission Target. The audit trail log is enabled by default and can be disabled.
Improved UI Performance:
Artifactory has undergone significant changes in the UI implementation to improve performance in the Tree Browser.
Enhanced Password Encryption Security:
Artifactory will now use 128-Bit AES for password encryption which is a more secure algorithm than the previously used PBEwithSHA1AndDESede. New installations will use the new encryption algorithms, however, if you are upgrading to this version, the encryption algorithm does not automatically change. Following an upgrade, to change the encryption algorithm from PBEwithSHA1AndDESede to the new A128-bit AES, simply deactivate key encryption using the Deactivate Artifactory Key Encryption REST API endpoint, and then re-enable it using the Activate Artifactory Key Encryption REST API.
FEATURE ENHANCEMENTS:
Respecting Cache-Control Headers:
Artifactory will now return a “Cache-Control: no-store” header for all expirable metadata files.
This means that if you have a proxy cache (e.g. Nginx) between Artifactory and the client, the proxy will always go to Artifactory to fetch these metadata files and will not cache them.
ISSUES RESOLVED:
Publishing to an npm repository with a tag.
When publishing a new version with a tag to an npm repository, the version would also automatically be assigned the "latest" tag. This meant that running npm install package would install the "tagged" version even though it was explicitly given a different tag and should, therefore, not have been identified as the "latest". For example, when using npm publish --tag=beta , the published version would incorrectly get the "latest" tag. This is now fixed and Artifactory will only assign a published version with the "latest" tag if no other tag is explicitly specified in npm publish command. For example
Fixed an issue in which when distributing a Docker image to JFrog Bintray through a distribution repository in Artifactory, the operation would succeed the first time, however would fail if you tried to redistribute the same image through the distribution repository.
Fixed an issue in which Helm charts whose representation did not comply with the SemVer 2 specification would not be served. For example, the Helm client would not be able to resolve a chart named myPackage-0.1, however, a chart named myPackage-0.1.0 would work.
Fixed an issue in which resolving an npm package from an npm remote repository in Artifactory that proxied an npm repository in JFrog Bintray, would fail.
Fixed an issue in which when pushing several Docker images with common layers in high concurrency, some of the push requests would fail.
Fixed an issue in which the Storage Summary for a cache-fs filestore would show the maximum available and used values incorrectly. Instead of displaying values for the cache, the values for the whole file system were displayed instead. This has now been fixed and the Storage Summary for a cache-fs filestore correctly displays the actual and maximum available cache size.
Fixed an issue with the use of filestore sharding in an HA cluster. When an HA cluster with two or more nodes used the sharding-cluster binary provider, if you deployed an artifact to one of the secondary nodes while the primary node was down, the artifact would not get copied over to the primary node, even if the redundancy was set to 2 or more.
Fixed an issue with metadata calculation for npm repositories. When triggering a metadata calculation using the REST API or through the UI, if the repository contained an npm package with faulty or corrupt metadata that Artifactory couldn't parse, the whole process of metadata calculation would stop without calculating metadata for packages that came after the faulty package.
Fixed an issue in which, for Maven repositories, when LDAP users would try to download the settings.xml from the Set Me Up page, the password field would not be populated and remain blank.
Fixed an issue in which when using the Distribute Artifact REST API endpoint with an unauthorized user, Artifactory returned a 500 error. Artifactory will now return error 403, as expected.

New in Artifactory 5.8.4 (Feb 7, 2018)

New in Artifactory 5.8.3 (Jan 10, 2018)

New in Artifactory 5.8.1 (Jan 5, 2018)

New in Artifactory 5.8.0 (Jan 3, 2018)

Helm Chart Repositories:
Artifactory now natively supports Helm Chart repositories, giving you full control of your deployment process to Kubernetes. You can create secure and private local Helm chart repositories with fine-grained access control. Remotse Helm chart repositories proxy remote Helm chart resources and cache downloaded Helm charts to keep you independent of the network and the remote resource, and virtual Helm chart repositories give you a single URL through which to manage the resolution and deployment of all your Helm charts.
YAML Configuration File:
Applying configuration changes to Artifactory can now be done using an easy to use YAML configuration file. Run a single or multiple configuration changes as needed, to create, update and delete any elements in the your Artifactory instance. For example, creating new repositories, setting up replication, and modifying any specific configuration changes.
Multiple Secure Private Docker Registries Without a Reverse Proxy:
Artifactory has supported multiple secure private Docker registries since the early days of Docker, however that support required the use of a reverse proxy. From version 5.8, the need for a reverse proxy is removed, and you can create and use multiple Docker registries out-of-the-box without the need for any reverse proxy configuration. All you need to do is select the Repository Path
Feature Enhancements:
Automatically associate a HTTP SSO user to an LDAP Group:
Artifactory will now accept users logging in through HTTP SSO to be associated with existing LDAP groups. HTTP SSO users will now inherit the permissions specified in the corresponding LDAP group in Artifactory. This is supported for both HTTP SSO users that are internally created in Artifactory and also for transient users.
Issues Resolved:
Fixed an issue where overwriting an existing artifact would permanently delete it. These artifacts will now be sent to the trash can, available to be recovered if needed.
Fixed an issue in which enabling the External Dependency Rewrite configuration in npm virtual repositories, caused some npm packages, such as "equals", to not be resolved with an npm 500 error displayed in the logs. This occurred only for packages where dependencies were declared in the following format:
https://github.com/<repo>/<...>
Fixed an issue where adding a keypair in the Signing Keys UI admin component, caused the remote repo admin page in the UI to appear as empty without any fields.
Fixed an issue with an incorrect response for cached Chef cookbooks.
Fixed an issue where the metadata for some PyPI packages, such as nose 1.3.3 and above, would not be extracted correctly and incorrect information would be displayed in the UI for the package. This would happen only for packages that had multiple PKG-INFO file, causing Artifactory to identify the wrong PKG-INFO package metadata file.
Fixed an issue in which adding more than 1,000 users to a group using Oracle DB would fail with an ‘error updating groups’ or a ‘maximum number of expressions in a list is 1000’ SQLSyntaxErrorException.
Fixed an issue where some Debian packages were not added to the Debian repository index.
Fixed an issue where running an npm search against an npm repository failed to return packages that contained the maintainers field in the package.json in the following structure:
“maintainers” : { "name": "john", "email": "[email protected]" }

New in Artifactory 5.7.2 (Dec 28, 2017)

New in Artifactory 5.7.1 (Dec 28, 2017)

New in Artifactory 5.7 (Dec 28, 2017)

Highlights:
Improved HA Installation and Upgrade Process:
The HA installation and setup process has been redesigned to create a simple and even more secure infrastructure for your Artifactory HA clusters. Through the use of a Master Key, Artifactory adds a new security layer that replaces the previously used Bootstrap bundle mechanism, which is now deprecated.
With this release, Artifactory will handle all configuration and encrypted security related files. To create new Artifactory nodes in a cluster, administrators will only need to supply a single Master Key and db.properties file, used by all nodes in the cluster.
Existing Artifactory installations will be upgraded to this new infrastructure automatically when updating from version 5.x and up.
Sort, Filter and Add Favorite Repositories in the UI Tree:
View only the repositories you need by customizing the Artifact Repository Browser with your favorite repositories, and applying sort and filter options. Use as many different favorite, sort and filter combinations to narrow down the Artifact tree to display exactly what you need.
Feature Enhancements:
Promote Build to Virtual Repository REST API:
Promoting builds to a virtual repository is now supported, in addition to the previously supported local repositories, using the Build Promotion REST API. Upon build promotion to a virtual repository, the files will be promoted (copied/moved) to the Default Deployment Repository that is configured as part of the virtual repository.
Support for AWS SSE-KMS:
Added support for AWS SSE-KMS (Key Management Service) for your S3 Object Storage. This allows you to set an AWS KMS encryption key on the S3 bucket that your Artifactory uses as an object store.
Support for LZMA and XZ Index Compression Formats in Debian Repositories:
Artifactory now lets you create LZMA (.lzma) and XZ (.xz) compression Debian indices, in addition to the already supported Gzip (.gzip) and Bzip2 (.bz2) extensions. The Bzip2 index file can be disabled if it's not needed.
Improved AQL Performance:
Significant performance improvement for AQL queries when searching artifacts according to build name and number.
Improved Concurrent Configuration Changes Performance:
Performance improvement when concurrently applying configuration changes to the Config Descriptor file.
Issues Resolved:
Fixed an issue in which users, associated with groups that are configured with admin privileges, could not perform admin-only actions through REST API when using an API key for authentication.
Fixed an issue in which deploying a large NuGet package (larger than 2GB) would fail with an OutOfMemory exception.
Fixed an issue in which TCP connections were not being closed when push replication was configured with an incorrect target URL or bad credentials, causing unresponsiveness. The TCP connections were not being closed on the source Artifactory (the instance where artifacts were replicated from).
Fixed an issue where when clients (such as Yum clients) tried to fetch sqlite.bz2 files from Yum virtual repositories, it took longer than expected since it triggered a synchronous calculation, even though Artifactory does not aggregate sqlite files. Artifactory responses to YUM clients in returning sqlite.bz2 files will now be faster.
Fixed an issue where the email address of users imported into Artifactory from a Crowd server was not updated in Artifactory when it was updated on the Crowd server.
Fixed an issue in which resolving artifacts from a remote repository with a URL that contained spaces in it did not work.
Fixed an issue when aborted upload processes, to an Artifactory with a filestore configuration on the cloud (S3/GCP/Azure), would leave a partial file in the Eventual folder that would not get cleaned up.
Fixed an issue in which an API key created by exernally authenticated users (eg. OAuth) would not get inserted correctly into code snippets generated by the Set Me Up page.
Fixed an issue with the indexing rpm metadata files which caused clients (such as Yum clients) to fetch the src.rpm file instead of the rpm package file. This would happen when the RPM repository contained both source and corresponding package.
Fixed an issue where "NA" was recorded in the access log instead of the user id for denied login attempts. The user id will now be displayed.
For example: [DENIED LOGIN] for john/0:0:0:0:0:0:0:1
Fixed an issue in which include and exclude patterns would be ignored on local NuGet repositories.
Fixed an issue in which deploying files that contained a colon in the artifact name, ‘:’ or %3a (encoded or decoded), would fail with an 409 error.

New in Artifactory 5.5.2 (Oct 29, 2017)

HIGHLIGHTS:
Support for Acquire-By-Hash flag in Debian Repositories:
Hash sum mismatch errors may sometimes cause apt-get update requests to Debian repositories to fail due to rotation of Debian metadata files. Artifactory now overcomes this issue by storing historical versions of the metadata files by their checksum and supporting the Acquire-By-Hash flag for Debian repositories. This allows Debian clients to download package metadata files by their checksum.
This is very useful when Debian metadata is updated very frequently. If a client working with an Artifactory Debian repository downloads the metadata files, and they expire in the meantime, the expired version of these files will still be available allowing the client to complete the required download.
Bypassing HEAD requests for remote repositories:
Artifactory remote repositories normally send a HEAD request to a remote resource before downloading an artifact that should be cached. In some cases, the remote resource rejects the HEAD request even though downloading artifacts is allowed. Through the remote repository configuration, Artifactory now lets you specify that remote repositories should skip sending HEAD requests before downloading artifacts to cache.
FEATURE ENHANCEMENTS:
Automatically Rewriting External Dependencies in NPM Registries:
Artifactory now supports rewriting external dependencies for various Git and GiHub URLs. For a full list of supported URLs, please refer to Automatically Rewriting External Dependencies
ISSUES RESOLVED:
Bitbucket Server version 5.1.0 deprecated the Bitbucket Archive Plugin which Bower remote repositories in Artifactory relied on. As a result, when upgrading to Bitbucket 5.1.0, Bower remote repositories stopped working. This has now been fixed by adding an option to choose “Stash / Private Bitbucket (Prior to 5.1.0)” as the Git provider in the Bower remote repository configuration while the “Stash/Private Bitbucket” option covers Bitbucket Server version 5.1.0 and above.
Fixed an issue in which when executing the /api/search/latestVersion REST API endpoint, Artifactory would erroneously query remote repositories. This has now fixed, so Artifactory will only search in remote repositories (in addition to local and remote repository caches) when remote = 1 is added as query param.
Fixed an issue in which authenticating against Artifactory Docker registries while HTTP SSO is set would fail. This has now been fixed so you can work with Artifactory Docker registries while HTTP SSO is enabled.
Fixed an issue in which when granting admin privileges for Groups imported from SAML SSO, users belonging to the corresponding groups would not be granted the admin privileges.
Fixed an issue in which when a REST API call included a “Range” header, the ETag returned would incorrectly include the Range provided in the header as a suffix. In turn, different clients would interpret this as a file modification. Artifactory now returns the correct ETag.
Fixed an issue in which system import or replication of an artifact that includes a “:” (colon) character would fail. For example, before this fix, replicating a Docker image with a LABEL that included a colon would fail.
Fixed an issue in which running npm search against an npm registry would fail if one of the packages in the results would be in the following structure: “maintainers” : “<user name> <user email>”, because Artifactory was expecting the structure to be:
"maintainers": [ {"name": "<user name>", "email": "<user email" } ]
Fixed an issue in which a 500 error with be returned when running one of the following REST API endpoints on Docker registries while and using an API key for authentication:

New in Artifactory 5.5 (Sep 25, 2017)

New in Artifactory 5.4.6 (Aug 7, 2017)

New in Artifactory 5.4.5 (Aug 7, 2017)

New in Artifactory 5.4.4 (Jul 7, 2017)

New in Artifactory 5.4.3 (Jul 4, 2017)

New in Artifactory 5.4.2 (Jun 30, 2017)

New in Artifactory 5.3.2 (Jun 7, 2017)

New in Artifactory 5.2.1 (Apr 14, 2017)

Access Tokens:
Authentication using access tokens has undergone two significant enhancements.
Any valid user in Artifactory can now create access tokens for personal use whereas previously only an Artifactory admin could create access tokens. This removes the burden of creating and managing access tokens for all users from the admin's shoulder, and gives non-admin users more freedom to operate within their ecosystem.
An Artifactory administrator can now create access tokens with admin privileges whereas previously, access privileges were specified by inclusion in different groups. This enhances the integration of external applications which may need admin privileges to work seamlessly with Artifactory.
Feature Enhancements:
When upgrading an Artifactory HA installation from version 4.x to version 5.x, managing the bootstrap bundle has been improved to become an automatic and seamless process. Artifactory will now create the bootstrap bundle on the primary node automatically, and extract it to the secondary nodes, so there is no longer any need to create and copy the bootstrap bundle manually.
Control Build Retention : A new REST endpoint that lets you specify parameters for build retention has been added. Previously build retention could only be specified when uploading new build info. This enhancement provides an easy way to configure cleanup procedures for different jobs, and reduces the risk of timing out when deploying heavy build info.
By default, the "latest" version of an NPM package is the one with the highest SemVer version number. NPM repositories have now been enhanced so you can override the default behavior by setting a system property to assign a "latest" tag to the package that was most recently uploaded.
The Artifactory Docker image now comes with the PostgreSQL driver built in, so there is no need to mount it separately or build it into a separate Docker image.
Issues Resolved:
Artifactory is now aligned with the Docker spec and returns an authentication challenge for each Docker endpoint (even when anonymous access is enabled). This means that when using internal Artifactory Docker endpoints, you must first retrieve an authentication token which must then be used for all subsequent calls by your Docker client.
Fixed an issue in which NuGet virtual repositories that aggregated more than one local or remote repository may have omitted results when searching for a package.
When an Artifactory user with no "Delete" permissions was trying to deploy a build while specifying build retention, Artifactory would try and delete old builds and return a 500 error. This has now been fixed, and Artifactory will, instead, return a 403 error.
Fixed an issue in which Artifactory failed to pull a Docker image according to the digest of the manifest file from a remote Docker registry.
Fixed an issue in which aborting a download of a folder as an archive could leave open connections that were not closed which in turn would prevent further download of folders.
This has now been fixed so download slots are freed and the connection is closed properly.

New in Artifactory 5.2 (Apr 14, 2017)

Main Updates:
Improved the performance of property search when using PostgreSQL.
This will significantly improve Docker operations on Artifactory Docker registries as the property search mechanism is used upon searching for Docker layers.
Improved the performance of Docker layers search mechanism on Artifactory Docker registries. This will be mostly significant when working with Docker layers that are being used by thousands of Docker images.
The Tomcat bundled with Artifactory has been upgraded to version 8.0.41.
Artifactory now regards the content.xml.xz and the artifacts.xml.xz files on a remote P2 repository as expirable resources, so whenever there is a metadata change in one of these files, Artifactory will use the updated file instead of the expired one.
When working with Conan repositories, Artifactory now supports variables with multiple values in the conanfile.txt file. This enables Artifactory to fully extract [env] variables with multiple values and assign all those values to the corresponding property annotating the package in Artifactory.
Fixed an issue in which deploying multiple files to a virtual repository through the UI would fail.
Fixed a bug related to remote Docker registries in Artifactory that left connections and input streams open following docker pull operations.
Fixed an issue related to Debian repositories. Artifactory now adds an empty line at the end of the Packages file to fully support Debian tools such as debootstrap.
Fixed an issue related to Debian repositories in which the Components section in the generated Release file was named "Component" when there was indeed only one component. This has been fixed by naming the section "Components", regardless of the number of components. Following the fix, Artifactory now fully support tools such as debootstrap.
Fixed an issue occurring in Artifactory HA clusters. When a node was stopped for any reason, its state as reported by the UI remained as Running. This has now been fixed so the state for a stopped node is displayed as Unavailable.

New in Artifactory 5.1.4 (Mar 22, 2017)

New in Artifactory 5.1.0 (Feb 21, 2017)

Configuration Management with Chef:
Artifactory meets the heart of DevOps adding full support for configuration management with Chef. Share and distribute proprietary Cookbooks in local Chef Cookbook repositories, and proxy remote Chef supermarkets and cache remote cookbooks locally with remote repositories. Virtual Cookbook repositories let you access multiple Cookbook repositories through a single URL overcoming the limitation of the Knife client that can only access one repository at a time.
Configuration Management with Puppet:
Artifactory now also fully supports configuration management with Puppet. Use local Puppet repositories to share and distribute proprietary Puppet modules, and use remote Puppet repositories to proxy and cache Puppet Forge and other remote Puppet resources. Use a virtual Puppet repository so the Puppet client can access multiple repositories from a single URL.
Main Updates:
Support configuration management with Chef through Chef Cookbook repositories Artifactory fully supports the knife client for authenticated access, and also supports Berkshelf for anonymous access Authenticated access for Berkshelf will be added in a forthcoming release
Support configuration management with Puppet through Puppet repositories Full support for Puppet command line along with local, remote and virtual repositories for hosting and provisioning Puppet modules
For Artifactory administrators, a list of common actions is available from the top ribbon in the Artifactory UI for quick and easy access This makes it easy to do things like creating repositories, adding users, adding groups and more
Artifactory can now be run as a standalone instance in a Kubernetes cluster For details, please refer to JFrog's examples using Docker on GitHub
Artifactory now supports disabling UI access (ie the user may only access Artifactory through the REST API) through the addition of the disableUIAccess element in the Security Configuration JSON
The default order of repository types in the tree browser has been changed to show virtual and distribution repositories first, as these are accessed more frequently, and then local and remote repositories
Modified NGINX reverse proxy configuration generated by Artifactory to enable using NPM scoped packages
A performance issue with the login and logout procedure has been fixed, so the time to login or logout is now significantly reduced
A bug in which duplicate files simultaneously uploaded to a sharded filestore occasionally caused deletion of the files, was fixed
A bug in permissions management that disabled the Admin module after removing the default "Anything" and "Anonymous" permissions, was fixed
Fixed an issue when upgrading Artifactory 4x to 5x in which the IAM role settings for S3 object storage in the binarystorexml were not correctly migrated to the upgrade has been fixed

New in Artifactory 5.0.1 (Feb 7, 2017)

New in Artifactory 4.16.0 (Jan 16, 2017)

New in Artifactory 4.15.0 (Dec 13, 2016)

New in Artifactory 4.14.3 (Dec 7, 2016)

New in Artifactory 4.14.2 (Nov 28, 2016)

New in Artifactory 4.14.1 (Nov 2, 2016)

New in Artifactory 4.13 (Sep 22, 2016)

New in Artifactory 4.12.2 (Sep 22, 2016)

New in Artifactory 4.12.1 (Sep 22, 2016)

New in Artifactory 4.12.0.1 (Sep 22, 2016)

New in Artifactory 4.11.2 (Aug 17, 2016)

New in Artifactory 4.11.1 (Aug 17, 2016)

New in Artifactory 4.11 (Aug 17, 2016)

New in Artifactory 4.10 (Aug 17, 2016)

New in Artifactory 4.9.1 (Jul 14, 2016)

New in Artifactory 4.9.0 (Jul 4, 2016)

New in Artifactory 4.8.2 (Jun 23, 2016)

New in Artifactory 4.8.1 (Jun 23, 2016)

New in Artifactory 4.8.0 (May 23, 2016)

New in Artifactory 4.7.7 (May 16, 2016)

New in Artifactory 4.7.6 (May 9, 2016)

New in Artifactory 4.7.5 (May 3, 2016)

New in Artifactory 4.7.4 (Apr 20, 2016)

New in Artifactory 4.7.3 (Apr 18, 2016)

New in Artifactory 4.7.2 (Apr 18, 2016)

New in Artifactory 4.7.1 (Apr 4, 2016)

New in Artifactory 4.6.1 (Mar 21, 2016)

New in Artifactory 4.6.0 (Mar 14, 2016)

New in Artifactory 4.5.1 (Feb 19, 2016)

New in Artifactory 4.5.0 (Feb 15, 2016)

New in Artifactory 4.4.3 (Feb 9, 2016)

New in Artifactory 4.4.2 (Jan 18, 2016)

New in Artifactory 4.4.1 (Jan 14, 2016)

New in Artifactory 4.4.0 (Jan 4, 2016)

New in Artifactory 4.3.3 (Dec 21, 2015)

New in Artifactory 4.3.1 (Dec 6, 2015)

New in Artifactory 4.3.0 (Nov 23, 2015)

New in Artifactory 4.2.1 (Nov 2, 2015)

New in Artifactory 4.2.0 (Oct 19, 2015)

New in Artifactory 4.1.3 (Sep 28, 2015)

New in Artifactory 4.1.2 (Sep 21, 2015)

New in Artifactory 4.1.0 (Sep 8, 2015)

New in Artifactory 4.0.2 (Aug 13, 2015)

New in Artifactory 4.0.1 (Aug 11, 2015)

New in Artifactory 4.0.0 (Aug 3, 2015)

New User Interface - JFrog-Artifactory's user interface has been rebuilt from scratch to provide the following benefits:
Intuitive: Configuration wizards for easy repository management
Fresh and modern: New look and feel providing a rich user experience
Set Me Up: Convenient code snippets to support simple copy/paste integration with software clients and CI tools
Context-focused repositories: Repositories are optimized to calculate metadata for single package types
Easy access control: Easily implement your access policies with intuitive user, group and permission management
Smart tables: Group and filter any data that is presented in tables
Groovy 2.4 for User Plugins:
JFrog Artifactory 4 supports Groovy 2.4 letting you enjoy the latest Groovy language features when writing User Plugins.
We strongly recommend you verify that all of your current User Plugins continue to work seamlessly with this version of Groovy.
Tomcat 8 as the Container:
JFrog Artifactory 4.0 only supports Tomcat 8 as its container for both RPM and standalone versions. If you are currently using a different container (e.g. Websphere, Weblogic or JBoss), please refer to Upgrading When Using External Servlet Containers for instructions on how to migrate to Tomcat 8.
Breaking Changes:
User Plugins:
Some features of Groovy 2.4 are not backward compatible with Groovy 1.8. As a result, plugins based on Groovy 1.8 may need to be upgraded to support Groovy 2.4.
Multiple Package Type Repositories:
JFrog Artifactory 4.0 requires you to specify a single package type for each repository. For the specified package type, Artifactory will calculate metadata and work seamlessly with the corresponding package format client. For example, a repository specified as Docker will calculate metadata for Docker images and work transparently with the Docker client.
Artifactory will not prevent you from uploading packages of a different format to any repository, however, metadata for those packages will not be calculated, and the corresponding client for those packages will not recognize the repository. For example, if you upload a Debian package to a NuGet repository, Debian metadata will not be calculated for that package, and the Debian client will not recognize the NuGet repository.
You may specify a repository as Generic and upload packages of any type, however, for this type of repository, Artifactory will not calculate any metadata and will effectively behave as a simple file system. These repositories are not recognized by clients of any packaging format.
If your system currently includes repositories that support several package types, please refer Single Package Type Repositories to learn how to migrate them to single package type repositories.

New in Artifactory 3.9.2 (Jul 11, 2015)

New in Artifactory 3.9.1 (Jun 25, 2015)

New in Artifactory 3.9.0 (Jun 22, 2015)

New in Artifactory 3.8.0 (Jun 1, 2015)

New in Artifactory 3.7.0 (May 18, 2015)

New in Artifactory 3.6.0 (Apr 14, 2015)

New in Artifactory 3.5.3 (Mar 23, 2015)

New in Artifactory 3.5.2 (Feb 24, 2015)

New in Artifactory 3.5.1 (Feb 4, 2015)

New in Artifactory 3.5.0 (Feb 2, 2015)

New in Artifactory 3.4.2 (Dec 2, 2014)

New in Artifactory 3.4.1 (Oct 25, 2014)

New in Artifactory 3.4.0 (Sep 30, 2014)

New in Artifactory 3.3.1 (Sep 13, 2014)

New in Artifactory 3.3.0 (Jul 14, 2014)

New in Artifactory 3.2.2 (Jun 23, 2014)

New in Artifactory 3.2.1 (Jun 1, 2014)

New in Artifactory 3.2.0 (Mar 31, 2014)

New in Artifactory 3.1.1 (Feb 10, 2014)

New in Artifactory 3.1.0 (Dec 16, 2013)

New in Artifactory 3.0.4 (Oct 28, 2013)

New in Artifactory 3.0.3 (Aug 21, 2013)

Bug:
[RTFACT-4720] - Should enable Nuget calculation on already exists repository with deployed artifacts
[RTFACT-5457] - NuGet is missing files
[RTFACT-5597] - Nuget packages are not listed in version order
[RTFACT-5627] - Artifactory search from 'package manager console' returns more results than it should
[RTFACT-5728] - Searches via NuGet appear to now be case sensitive
[RTFACT-5736] - Failure in test replication settings should display the error message instead of internal error
[RTFACT-5741] - Property value limitation
[RTFACT-5774] - afterCreate getProperties method gets wrong properties
[RTFACT-5795] - Build diff tables sort doesn't work
[RTFACT-5798] - Cross version maven-metadata calculation may override version specific maven-metadata
[RTFACT-5806] - Exception during Saml login
[RTFACT-5810] - artifactory.bat fails to start when Artifactory is unzipped to path with spaces
[RTFACT-5825] - Concurrent read during deletion can deadlock delete operation on statistics table
[RTFACT-5826] - Artifactory may write incorrect last modified date
[RTFACT-5828] - Wrong metadata on deploy
[RTFACT-5835] - Insert binary failure marks PostgreSQL transaction as aborted
[RTFACT-5845] - Disabling SSO integration still keeps the user logged in
[RTFACT-5846] - SSO integration breaks if user name is not in lowercase
[RTFACT-5852] - Exception upon removing "Automatically Join new Users to this group"
[RTFACT-5854] - Replication between remote to remote fails on properties sync
[RTFACT-5855] - Unable to install from remote NuGet repository
[RTFACT-5858] - Properties "Pull replication" from virtual is not supported in 3.0.x
[RTFACT-5869] - NuGet Gallery (nuget.org) is broken
[RTFACT-5870] - binary.provider.filesystem.dir doesn't seem to work properly
[RTFACT-5887] - Support Nuget Package Explorer
[RTFACT-5897] - Replication fails : "Unable to determine the version of the remote server."
[RTFACT-5898] - Replication fails if remote server uses gzip content encoding
[RTFACT-5912] - NuGet push should support relative path
Documentation:
[RTFACT-5857] - Tooltips on Permission Target patterns don't mention patterns separator
Improvement:
[RTFACT-5494] - Support filtering local NuGet packages by the PreRelease status
[RTFACT-5711] - Add stop() function to artifactory.sh script as in the 'artifactory' service script
[RTFACT-5737] - NuGet FindPackagesById() should support the "link" tag
[RTFACT-5840] - Expose a user object in realms callback
[RTFACT-5896] - Virtual P2 repository can only access internal archive files (content.jar in repo.zip)
New Feature:
[RTFACT-5160] - Support RubyGems
Task:
[RTFACT-5503] - Artifactory local NuGet repository should be able to serve as a gallery to a front Artifactory instance
[RTFACT-5832] - Upgrade PrettyTime dependency
[RTFACT-5839] - Support virtual repositories for RubyGems