Artifactory Known Issues

RTDEV-62985

When deploying a .pom file for Maven or Gradle repo types that that starts with an empty line or used UTF-8 non-breaking spaces in XML structure, a 409 error is encountered.

7.124.1

Suggested workarounds:

• Enable the “Suppress POM Consistency Checks” checkbox in repository configuration
• Edit the POM file, removing the empty line from the opening

RPG-1841

A common issue has been identified with upgrading existing Artifactory HA installations. The upgrade process might fail because the Router service fails to start, displaying the following error: Could not update configuration for key.

7.117.14

Suggested workaround:

To resolve this issue, delete the content of the Router Traefik folder located at:

/opt/jfrog/artifactory/var/data/router/traefik

and then restart Artifactory.

Here is an example command to accomplish this:

rm -rf /opt/jfrog/artifactory/var/data/router/traefik

JFUI-18806

During startup and regular operation, the Artifactory Frontend service attempts to download resources from the public internet endpoint https://grpc.qwak.ai . In disconnected environments where access to this endpoint is blocked, the service may retry multiple times, possibly causing performance degradation of the Frontend service.

7.117.10

JFrog recommends avoiding the upgrade to this version if your organization's environment restricts access to this endpoint.

A fix that removes this request to the external resource will be released soon.

RPG-1831

A common issue has been identified with upgrading existing Artifactory installations that have Router TLS enabled ( router.tlsEnabled: true ) in the system.yaml file. The upgrade process might fail because the Router service fails to start, displaying the following error: Error during the build of the default TLS configuration: unknown TLS options: default.

7.117.7

Suggested workaround:

To resolve this issue, delete the content of the Router Traefik folder located at:

/opt/jfrog/artifactory/var/data/router/traefik

and then restart Artifactory.

Here is an example command to accomplish this:

rm -rf /opt/jfrog/artifactory/var/data/router/traefik

RTFS-968

Federation: Rapid delete followed by recreate of the same artifact path (within the same RTFS batch) could cause errors on the target member.

7.117.7

Cloud: Rolled out.

Self-Hosted: TBD

Suggested workaround:

Workaround (until patched): Temporarily reduce the RTFS workers’ batch size (e.g., to 1) to prevent delete+create from landing in the same batch.

Operational tip: Avoid back-to-back delete→recreate on the exact same path where possible.

RTDEV-58097

Note: This issue does not affect Enterprise plus customers.

When downloading a file through a signed URL, the domain name of the link may have inadvertently changed. Example:

• Before: https://<bucket_name>.s3.amazonaws.com
• After: https://<bucket_name>.s3.<region>.amazonaws.com

If the network requesting a binary uses some form of URL hardening (e.g. Firewall, allowlisting), the binary may not be able to be download as the URL is being blocked by the clients’ network firewall.

7.115.3

Suggested workaround:

Allowlist the new URL or contact JFrog support for further assistance.

INST-10964

Upgrading existing Artifactory installations only for Linux Archive, Debian, and RPM in service mode, where console.log is disabled (shared.logging.consoleLog.enabled: false) in system.yaml may fail because the newly added One Model registry service does not start and results in a "connection refused" error.

7.111.7

Suggested workaround:

Before upgrading, enable console.log in system.yaml.

RTFE-2648

When trying to use the Set me up functionality from inside the JFrog Platform Deployment with  Pub, Swift, and Terraform package types, configuration options are not displayed.

7.107.1

Suggested workaround:

See the instructions in the Artifactory User Guide: Pub | Swift | Terraform

RTFE-2641

When trying to create a repository in the Create a Repository window, Pub, Swift and Terraform repositories are not available.

7.107.1

Suggested workaround:

use the Create Repository API: https://jfrog.com/help/r/jfrog-rest-apis/create-repository

RTFS-2128

Failures occur when migrating to the Artifactory Federation Service (rtfs) due to NGINX routing requests to the Artifactory service instead of rtfs.

TBD

Can affect users in Self-Hosted environments who have a custom NGINX configuration or who use the NGINX configuration created by the JFrog platform UI.

Suggested workaround:

Explicitly add port 8082 to the URL in the /artifactory section of the NGINX configuration file:

if ($request_uri ~ ^/artifactory/service/rtfs/(.*) $ ) {
            proxy_pass       http://localhost:8082/artifactory/service/rtfs/$1;
            break;
}

Where localhost is whatever has been defined for your installation.

INST-10964

Upgrading existing Artifactory installations only for Linux Archive, Debian, and RPM in service mode, where console.log is disabled (shared.logging.consoleLog.enabled: false) in system.yaml may fail because the newly added One Model registry service does not start and results in a "connection refused" error.

7.111.7

Suggested workaround:

Before upgrading, enable console.log in system.yaml.

RTDEV-55119

In certain cases, Artifactory initialization can fail due to delays while waiting for Access to check if the customer has migrated to the Artifactory Federation Service (rtfs).

7.104.15

This issue is relevant for Self-Hosted customers who have not yet migrated to the Artifactory Federation Service.

A solution to this issue will be made available in an upcoming patch release.

Suggested workaround:

Run the following commands before starting Artifactory to bypass the check:

sql
INSERT INTO public.configs (config_name, last_modified, data)
VALUES ('rtfs.enabled', EXTRACT(EPOCH FROM NOW())::bigint, 'true'::bytea);

RTFE-2718

In release 7.104.9, an infinite loop occurs when searching for a package by name in the top search bar on the Packages page.

7.104.10

Customers are asked to avoid installing release 7.104.9 and upgrade directly to 7.104.10.

MDL-483

Under certain circumstances, when running an Artifactory instance with the $JFROG_HOME/artifactory/var/data and $JFROG_HOME/artifactory/var/work folders located on different partitions (using mounted volumes), the OneModel Registry service is unable to publish the supergraph. This results in a failure during the Artifactory startup.

7.104.7

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.104.6

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages.

RTDEV-53914

Release Bundle v2 promotion to a virtual repository fails if the local repository aggregated inside it has been removed manually from the promotion.

7.107.1 (Cloud only)

Promotion to the local repository inside a virtual repository works only when the local repository is included in the promotion.

RTDEV-51106

From 7.98.7, when performing pull replication, properties generated locally by Artifactory are deleted from the target when the properties are unchanged from the previous replication execution.

This behavior occurs only when you have selected the options to synchronize artifact properties and synchronize artifact deletions. See Configure Pull Replication.

7.98.10

Suggested workaround:

Add a custom property to the package. This will prevent the locally-generated properties from being deleted during pull replication.

RTDEV-53176

Artifactory cannot retrieve an artifact from a remote repository if there are square brackets "[]" in the artifact name.

7.104.5

JA-17217

The mTLS authentication will not work with an Edge license in Artifactory version 7.98, even though it is a supported license.

7.104.5

When Debian packages are uploaded directly to the root directory:

• all packages may be cleaned during cleanup actions

• all packages may be archived during archive actions

Impact: Only the Version-based condition is affected by this issue. The Time-based condition remains unaffected.

Cloud: 7.109.3

Self-hosted: 7.104.13

Suggested workaround:

To avoid unintended cleanup/archive, always upload Debian packages to a subdirectory rather than the root.

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.98.15

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages.

JFCON-776

When applying a new Artifactory license key to replace an old one that is about to expire, the expiration date for the new license may not change in the Artifactory UI.

This is because Artifactory relies on the JPD Entitlements to define the expiration date. In cases where Artifactory cannot fetch new Entitlements from the JFrog Entitlements server, it will continue to use the Entitlements stored in your JPD, along with the expiration date of the old license.

This is a known issue since Artifactory version 7.98. However, this issue also impacts Artifactory versions prior to the Artifactory 7.98 release.

7.117.5

Suggested next actions:

1. Allow connection to the Entitlements Server by whitelisting jes.jfrog.io
2. Load Entitlements on Airgapped mode

For more information, see JFConnect Microservice.

RTDEV-46375

The remote repository setting to Block Mismatching Mime Types can be overridden by the settings of the upstream server. For example, if the upstream server allows all MIME types (Accept: */*), this will override the Artifactory setting to block certain MIME types as defined in system properties.

N/A

RTDEV-51106

When performing pull replication, properties generated locally by Artifactory are deleted from the target when the properties are unchanged from the previous replication execution.

This behavior occurs only when you have selected the options to synchronize artifact properties and synchronize artifact deletions. See Configure Pull Replication.

TBD

Suggested workaround:

Add a custom property to the package. This will prevent the locally-generated properties from being deleted during pull replication.

INST-9289

After upgrading to Apache Tomcat 10.1.x, the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH was replaced with the Connector attribute encodedSolidusHandling.

Note that the Connector attribute encodedSolidusHandling is added by default to the Artifactory server.xml template. However, it disappears when Mission Control is enabled in your Artifactory instance.

As a result, incoming requests to Artifactory could fail with 400 Status Codes, particularly for NPM Scope packages or when trying to download Support Bundle from Artifactory UI.

7.98.9

Note: The suggested workaround is applicable only for versions 7.98.7 and 7.98.8. For versions 7.98.9 and above, this workaround is no longer supported. In these later versions, the configuration is incorporated by default in the server.xml file, and you should remove it from the system.yaml file.

Suggested workaround:

If Mission Control is enabled or if you have manually added the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH in the past, configure the following settings in the system.yaml file under $JFrog_HOME/var/etc/system.yaml and restart Artifactory:

artifactory:
    tomcat:
        connector:
            extraConfig: "encodedSolidusHandling='DECODE'"
access:
    tomcat:
        connector:
            extraConfig: "encodedSolidusHandling='DECODE'"

INST-8592

Initially, Xms and Xmx were the standard parameters used by Java to set the JVM memory. Later, two new settings called InitialRAMPercentage and MaxRAMPercentage were introduced. These new settings have now become the recommended way to set memory for the Java Virtual Machine (JVM), replacing Xms and Xmx.

In the Artifactory JVM, the -Xms and -Xmx values are set by default in the artifactory.default file, which overrides the InitialRAMPercentage and MaxRAMPercentage values.

This means that only the -Xms and -Xmx values can be tuned for the Artifactory JVM.

7.104.5

.This is a known issue since Artifactory version 7.98. However, this issue also impacts Artifactory versions prior to the Artifactory 7.98 release.

Note

For Access JVM, the InitialRAMPercentage and MaxRAMPercentage values are already set by default in the access.default file and can be tuned for the Access JVM if needed, without any issues.

RTDEV-46661

A change made to v7.93.1 introduced an issue where the upload range header adds to the byte size. This causes failures when attempting to pull an image uploaded as part of 7.93 with specific runtime clients like containerd.

7.93.3

Suggested workaround:

Push the image again.

RTDEV-50656

NPM metadata request to a virtual repository is causing a DB query that will outcome with high database CPU.

7.98.17

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.90.19

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages.

RTDEV-47671

Build Info Publish failed when the same artifact was used in the build more than once, even though previously it succeeded.

Self-Hosted: 7.90.15

Cloud: 7.98.5

A new Artifactory System Property was added named artifactory.build.block.duplicate.entries and is set to true by default. When set to true, Build Info Publish operations that have duplicate entries fail and and results in an error.

Note: This means that previous jobs that would pass in the Build Info Publish stage may now fail. This property can be changed to false to turn off validation and allow duplicate entries with Build Info Publish.

INST-8700

Under certain circumstances, when running an Artifactory non-containerized installation with a container engine available on the same virtual machine, the isRunningInsideAContainer function falsely identifies the installation as in a container, which results in Artifactory startup failure.

TBD

The startup script uses the method isRunningInsideAContainer, which has a condition called grep -sq 'containers' /proc/self/mountinfo which returns true in cases where a container engine (e.g. Docker) is installed and running some container with a volume mount.

RTDEV-46858

Redirect signed URLs are not working when using the cluster-sharding provider with a cloud provider in the binarystore chain and templates such as: cluster-s3-storage-v3, cluster-google-storage-v2 and cluster-azure-blob-storage-v2.

7.90.9

Suggested workaround:

To mitigate this issue, switch to use a direct chain such as: s3-storage-v3-direct.

RTDEV-46671

S3 Cold storage fails to put binaries in the Glacier Tier.

7.90.8

RTDEV-46659

When redirecting to S3, the downloads are served directly from Artifactory instead of the S3 bucket. Also, when using CloudFront, the redirect fails and the download will not work.

7.90.8

Suggested workaround:

To resolve this issue, add a header in the reverse proxy to set X-JFrog-Download-Redirect-To: S3 as described in Control your Signed URL Downloads

RTDEV-44707

A Tomcat upgrade that was implemented due to a security fix disrupts the Pub client upload flow.

7.90.7

Artifactory 7.90.6 has been removed. Customers should upgrade to Artifactory 7.90.7.

RTDEV-44298

Upgrades of existing Artifactory installations using a Derby database to Artifactory 7.90.5 might fail due to the JFMD service mistakenly forcing the value of  allowNonPostgresql system configuration to be set as  true.

7.90.6

Expected error to be presented in the logs:

Could not set db properties to application configuration - type: 'sqlite' is not allowed

Suggested workaround:

Add the following configuration settings:

shared:
  database:
    allowNonPostgresql: true

to the file $JFrog_HOME/var/etc/system.yaml and restart Artifactory.

JFrog highly recommends using PostgreSQL. For more information, see Choose the right database.

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.84.23

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages.

RTDEV-46858

Redirect Signed URLs will not work when using the cluster-sharding provider with a cloud provider in the binarystore chain and templates such as: cluster-s3-storage-v3, cluster-google-storage-v2 and cluster-azure-blob-storage-v2.

7.90.9

Suggested workaround:

To mitigate this issue, switch to use a direct chain such as: s3-storage-v3-direct.

RTDEV-44298

The artifactory.aql.queries.limit.enabled feature flag was set to true in Self-Hosted environments, causing users to receive a "too many requests" response with the status code 429.

There is a feature in Artifactory that limits the number of search/AQL requests that can run in parallel. The relevant flags include:

• artifactory.aql.queries.limit.enabled: This is the boolean flag for enabling the feature. It is currently set to true by default, which can cause the 429 response described above. In upcoming versions, this flag will be set to false by default.
• artifactory.aql.queries.unlimited.agents: The list of user agents that are not limited by the API. The default values are pipeline, artifactory, xray, distribution.
• artifactory.aql.queries.limit: The limit on API calls that can run in parallel. If the limit is reached and the number of calls does not drop below the limit before the timeout occurs (see the next flag), a "too many requests" response is sent with the status code 429. The default is 3.
• artifactory.aql.queries.pending.timeout.millis: When the query limit is reached, this is the amount of time a current call is locked while it tries to acquire the AQL search. If the number of calls is still at the limit when the timeout is reached, a "too many requests" response is sent with the status code 429. The default is 10000 ms.

7.84.16

Suggested workaround:

Add the line:

artifactory.aql.queries.limit.enabled=false

to the $JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties file.

In multisite environments where Mission Control is in use, any JPD with a configured Federated Base URL (federatedRepoUrlBase) will not appear as an option in the Deployments tab. This prevents you from adding a Federated repository in that JPD as a member of the Federation. Note: This known issue is a general limitation that applies to all versions.

TBD

As a workaround, you can add members by entering the full address in the URL tab.

RTDEV-42377

When running the npm audit signatures command against a virtual repository that includes repositories that do not have ECDSA signing enabled, Artifactory will now respond to the npm client as expected with a list of packages that are missing signatures.

Since this feature was not supported on the server side until now, the npm client integrations would previously skip the audit stage and automatically failover due to the 404 status response and continue to execute the next commands. Today, this will stop the client from continuing its usual actions, since not all content in your virtual repository is signed.

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.77.17

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages

INST-7510

As a result of changing the Nginx Internal Ports to 8080/8443, the value of X-JFrog-Override-Base-Url was changed. This can lead to redirect issues while access JFrog Artifactory and prevent users from being able to run “Docker Login”.

7.77.6

This issue impacts only Helm Installations with nginx.enabled=trueANDnginx.service.ssloffload=false. For more information, see production incident: Nginx new port setup is broken Issue #1860

RTDEV-45538

Related to Federated repositories:

Binary tasks for binaries that no longer exist on remote members can get stuck in the binaries_tasks table after reaching their maximum retries (10 by default). The binaries referenced by the metadata might be missing for a number of reasons; for example, they might have been deleted before the asynchronous pull task reached the remote members.

The situation described above results in many Failed to import binary with sha1 errors. The auto-healing mechanism (Artifactory 7.71.1 and above) resets the retries counter, which perpetuates the issue.

7.94.1

Workaround (before release 7.94.1): Manually delete the orphaned task.

Starting with 7.94.1, if the task reaches its maximum retries without finding the binary on any of the remote members, the task is deleted from the table.

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.71.25

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages.

RTDEV-45842

Upgrading from version 7.71 directly to 7.90.x or higher fails due to a problematic artifactory revision number in 7.71 causing converters not to run.

7.90.7

Upgrade directly to 7.90.7 or above.

Pulling Go submodules of packages when the repository is pointed to github.com will fail

7.71.3

This does not affect other remote repositories, like proxy.golang.org or others.

RTDEV-40269

When assigning repositories to a project and filtering, then clicking select all, all the repositories in the repository were selected instead of the search results that were displayed.

This might cause additional repositories to be assigned to the project not as expected, which in turn will cause repositories that were already assigned to a certain project to be removed from their original project.

7.77.13

RTDEV-36696

When enabling the setting Bypass HEAD Requests for one or more remote repositories, a connection leak might occur.

This might make resolving packages from remote resources not work as expected.

7.71.4

To avoid this issue, please verify that none of your remote repositories have the setting Bypass HEAD Requests enabled.

An unannounced change was introduced by Conda Forge upstream which impacts Artifactory's ability to resolve package metadata and dependencies with virtual Conda repositories. For more information see this article.

7.68.23

Suggested workaround:

Use the Conda Remote Repository Directly: Instead of relying on the Virtual Conda repository, users can directly use the Conda remote repository (repo.anaconda.com/conda-forge) to download packages.

RTDEV-38832

Customers in versions 7.59.x-7.63.5 who created authentication SSH keys under User Profile and then upgraded to a newer version will lose the saved authentication SSH keys.

7.71.16

Check if your SSH keys have been lost, and if so, upgrade Artifactory to version 7.71.16 and recreate the SSH keys.

When upgrading Artifactory to version 7.68.7 or 7.68.11, Artifactory failed to complete the upgrade due to a failure in validating the Access database schema.

7.68.13

When upgrading Artifactory to version 7.68.7 or 7.68.11, Artifactory failed to complete the upgrade due to a failure in validating the Access database schema.

7.64.0, 7.65.0

An issue occurs whereby OAuth with Azure does not work when the PKCE option is enabled.

When publishing an npm package with a size exceeding 5 MB, Artifactory returned an error.

7.63.4

RTDEV-33942

When assigning a virtual repository to a project, no validation is performed. Validation is performed only when the assigned virtual repository is changed. This means that an invalid repository can be assigned to a project, and no configuration changes can be made to the virtual repository.

7.104.2

This validation was removed in 7.104.x (January 2025).

For prior versions, there are two possible workarounds:

1. If you want to make configuration changes to the virtual repository, you should unassign the virtual repository from the project, remove all repositories underneath the virtual repository, and then reassign the virtual repository back to the project. You can then add back any valid repositories to the virtual repository.
2. You can share the virtual repository instead of assigning it to a project.

RTDEV-34369

When updating Artifactory to version 7.63, under some circumstances, users who attempt to modify their binarystore.xml configuration file might experience files being deleted.

7.63.11

Users with Sharding Cluster configured with Eventual Cluster are at risk of experiencing this issue.

RTDEV-32243

When restoring an archived package, the summary displays invalid data about the number of items restored (referring to artifacts) and the success percentage.

TBD

The total displayed is correct with respect to packages, but it does not correspond with the number of artifacts restored.

The success percentage is meant to be calculated based on:

[total number of packages]/[completed number of packages]

RTDEV- 34236

When using Artifactory versions newer than 7.56, under certain circumstances some large accounts might experience a high query load to the PostGreSQL database, causing it to crash.

Customers with the one of following account specifications should use the workaround specified:

• A database Nodes table containing over 200 million rows
• Over 5% of the database Nodes table contents refer to Docker images or Maven packages

TBD

Workaround: To avoid this issue, set the following system property: artifactory.file.service.cache.enabled=false

📘

Note

If your virtual repositories point to less than 10 local repositories each, it is recommended to disable this feature using the system property above.

RTDEV-33312

When creating a retention policy for archiving packages and the number of packages is more than 10,000, if you preview the policy status the number of artifacts shown in the preview corresponds to the first 10,000 packages only.

TBD

All artifacts for all packages are actually archived, however, the preview can only display the number of artifacts for the first 10,000 packages.

RTDEV-38832

Customers in versions 7.59.x-7.63.5 who created authentication SSH keys under User Profile and then upgraded to a newer version will lose the saved authentication SSH keys.

7.71.16

Check if your SSH keys have been lost, and if so, upgrade Artifactory to version 7.71.16 and recreate the SSH keys.

JA-6616

When using Artifactory version 7.55 and above, under certain circumstances, when performing a Crowd group search, accounts with a large number of Crowd groups (above 10,000) might experience slower performance on the Crowd/JIRA page in the JFrog Platform WebUI.

TBD

JA-5890

JA-5890

When selecting to Manage Resources as part of Project settings, because Projects are not federated resource management is not federated to other JPDs.

TBD

If you used the Join Key to register a remote JPD, the Mission Control microservice in the home JPD fails to connect to the remote JPD and the remote JPD appears as offline in the topology after a certain period.

The remote JPD's Access microservice fails to recognize the home JPD's Mission Control microservice and marks it as a stale service. The Access cleanup process revokes the join key.

As a result, you cannot distribute release bundles to the remote JPD, access federation with the remote JPD fails, and license buckets are affected.

Solution: Re-register the remote JPDs that you registered using join keys with Pairing Tokens before you upgrade.

RTFACT-29709

The Docker Tag Retention setting does not perform as expected for multi-architecture images. Images under manifest.list are currently excluded from the retention logic and therefore are not deleted once the Docker Tag Retention limit is exceeded.

RTDEV-38832

Customers in versions 7.59.x-7.63.5 who created authentication SSH keys under User Profile and then upgraded to a newer version will lose the saved authentication SSH keys.

7.71.16

Check if your SSH keys have been lost, and if so, upgrade Artifactory to version 7.71.16 and recreate the SSH keys.

If you used the Join Key to register a remote JPD, the Mission Control microservice in the home JPD fails to connect to the remote JPD and the remote JPD appears as offline in the topology after a certain period.

The remote JPD's Access microservice fails to recognize the home JPD's Mission Control microservice and marks it as a stale service. The Access cleanup process revokes the join key.

As a result, you cannot distribute release bundles to the remote JPD, access federation with the remote JPD fails, and license buckets are affected.

Solution: Re-register the remote JPDs that you registered using join keys with Pairing Tokens before you upgrade.

RTDEV-33212

When using an Access Token with a scope of applied-permissions/groups Artifactory may return a 400 Username cannot be null error on some endpoints in the repositories' resource.

7.59.12

RTDEV-34369

When updating Artifactory to version 7.59, under some circumstances, users who attempt to modify their binary-store.xml configuration file might experience files being deleted.

7.59.16

Users with Sharding Cluster configured with Eventual Cluster are at risk of experiencing this issue.

RTDEV-34236

When using Artifactory versions newer than 7.56, under certain circumstances some large accounts might experience a high query load to the database, causing it to crash.

Customers with the one of following account specifications should use the workaround specified:

• A database Nodes table containing over 50 million rows
• Over 5% of the database Nodes table contents refer to Docker images or Maven packages

7.68.x

Workaround: To avoid this issue, set the following system property: artifactory.file.service.cache.enabled=false

📘

Note

If your virtual repositories point to less than 10 local repositories each, it is recommended to disable this feature using the system property above.

It is also possible to manually create the index before upgrading to reduce the risk of performance degradation.

For more information, see Internal Database Indexing Enhancements for Nodes Table.

RTDEV-38832

Customers in versions 7.59.x-7.63.5 who created authentication SSH keys under User Profile and then upgraded to a newer version will lose the saved authentication SSH keys.

7.71.16

Check if your SSH keys have been lost, and if so, upgrade Artifactory to version 7.71.16 and recreate the SSH keys.

If you used the Join Key to register a remote JPD, the Mission Control microservice in the home JPD fails to connect to the remote JPD and the remote JPD appears as offline in the topology after a certain period.

The remote JPD's Access microservice fails to recognize the home JPD's Mission Control microservice and marks it as a stale service. The Access cleanup process revokes the join key.

As a result, you cannot distribute release bundles to the remote JPD, access federation with the remote JPD fails, and license buckets are affected.

Solution: Re-register the remote JPDs that you registered using join keys with Pairing Tokens before you upgrade.

JFUI-13401

Under certain circumstances, when navigating to certain screens in the JFrog Platform UI, customers would be redirected to the Application > Artifactory > Artifacts or Packages screen.

TBD

Workaround:

To resolve this issue, try clearing your browser’s cache and restarting the JFrog Platform.

RTDEV-41232

Database conversion errors occur when creating new indexes with Artifactory running with an Oracle database.

7.90.6

RTDEV-33083

The following configurations (keys) cannot be defined as part of the Artifactory YAML Configuration:

From Artifactory 7.55.x: httpSsoSettings.

From Artifactory 7.57.x: ldapSettings, LdapGroupSettings, crowdSettings.

When setting these configurations as part of the PATCH YAML, the following error will appear: Key "XYZ" is not part of the configuration.

7.63.5

Workaround:

There are dedicated new REST APIs to configure these parameters. For more information, see Authentication Providers Configuration REST APIs.

RTFACT-29512

Upgrading Artifactory from 7.49.x to 7.55.x will disable most Federated Repositories.

7.59.9

RTFACT-29483

Deploying Artifacts from the Archive REST API no longer works against a virtual repository unless you are an Admin user.

7.59.5

RTDEV-30623

Under certain circumstances, while performing multipart download, the following error was generated: Sending HTTP error code 404:

reached end of stream after skipping x bytes; y bytes expected

7.55.8, 7.56.5

Full Garbage Collection is broken when using MSSQL.

7.55.8

Artifactory could not install modules and providers from https://registry.terraform.io/ since Terraform Registry changed the CDN Providers on Jan 18th, 2023. This update changes the responses to the HEAD requests sent by the Artifactory remote repository to the Terraform Registry from 200 (Success) to 405 (Method not allowed) error.

7.55.x

Suggested Fix:

Enable "Bypass HEAD Requests" in the Terraform Remote repository configurations.

RTDEV-30171

New Content-Disposition Header can cause failures in some instances.

7.59.9

RTDEV-29791

NuGet authentication with Access Token stopped working when NugetResourceSelector was introduced.

7.53.4

RTDEV-29837

Artifactory stopped responding following threads blocked on getAllBuildInfoRepos.

7.49.6

RTDEV-28985

An issue related to the new Federated repository Multi-Version feature disables Federated repositories after upgrading a JPD from 7.49.3 or 7.49.5 to any later version.

❗️

Important

Customers using Federated repositories are recommended to skip the Artifactory 7.49.3 and 7.49.5 upgrades and upgrade all JPDs directly to 7.49.6.

7.49.6

Workaround:

Customers with Federated repositories who previously had Artifactory 7.49.3 or 7.49.5 installed must run the API described below after upgrading any JPDs to a later version.

Disabled repositories for each JPD can be re-enabled manually using the following API:

curl -X POST -uadmin:password "https://<your_URL>/artifactory/api/federation/repos/enable" -H "Content-Type: application/json" -T enable.json

To enable repositories of specific types, add the following to enable.json:

["Alpine", "generic", "conan", "docker", "maven", "npm", "yum"]

To enable all repositories:

["*"]

When configuring repository replication, if the enableEventReplication and syncDeletes parameters were both enabled and then syncDeletes is disabled via REST API, both parameters are disabled.

7.49.6

Suggested Fix:

To overcome this issue, send a POST call with explicit values for both properties. For example:

{         

     "enableEventReplication": true,         
       "syncDeletes":true      
 }

JFUI-11925

Artifactory unable to restart due to Frontend python3 dependency on Centos7/RHEL7.

7.49.10

Artifactory could not install modules and providers from https://registry.terraform.io/ since Terraform Registry changed the CDN Providers on Jan 18th, 2023. This update changes the responses to the HEAD requests sent by the Artifactory remote repository to the Terraform Registry from 200 (Success) to 405 (Method not allowed) error.

7.55.x

Suggested Fix:

Enable "Bypass HEAD Requests" in the Terraform Remote repository configurations.

JFUI-11951

Selecting the "Attach License" screen does not display the JPD names.

7.49.6

An empty error message is displayed when trying to attach a license where in the expected license count is zero.

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49 has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

7.49.6

The creation of new indexes might fail during the Artifactory upgrade for customers with Microsoft SQL Server (MSSQL) running with non-enterprise edition, since ‘online index’ operations are not available in every SQL Server edition.

JA-4703

Any changes made to the security configurations UI will override the custom configurations defined in the Access YAML Configuration.

7.49.5,

7.50.3

Customers with an Enterprise+ subscription that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations WebUI.

Due to MSSQL limit of number of parameters that a parameterized query can have (2100), an Artifactory with more than 300 repositories will not start after upgrading to version 7.49.5.

7.49.5

Workaround:

After the upgrade, place the parameter artifactory.repo.config.db.query.batch.size = 100 in artifactory.system.properties and start Artifactory.

RTDEV-29281

The maxUniqueSnapshots are not saved when the value is changed in remote repositories.

7.49.5

JFUI-11773

In some cases, users are unable to login to the JFrog Platform when using Google Multi-Factor Authentication.

7.49.5

Workaround:

Clear the browser cache and refresh the JFrog UI before attempting to login. If that does not work, disable Google Multi-Factor Authentication by removing the parameter - "google" from the access.config.latest.yml file.

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49 has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

7.49.6

JA-4703

Any changes made to the security configurations Web will override the custom configurations defined in the Access YAML Configuration.

7.47.15

Customers with an Enterprise+ subscription that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations WebUI.

Any external user (SAML, LDAP, OAuth, etc.) and users who previously had admin privileges are no longer able to be added via the UI to any Permission Target.

7.47.12

Workaround:

You can add the user to the permission target with the Create or Replace Permission Target REST API.

When trying to initialize a new remote CocoaPods repository with GitHub, if the default branch on GitHub is not ‘master’, Artifactory will return a 404 error.

7.55.1

Workaround:

Create a branch with the name ‘master’ and make it default. The initialize should work after that.

JA-4324

Enabling anonymous access can cause Artifactory operate in unhealthy mode, meaning that the WebUI continuously displays the message "JFrog Platform will be available shortly".

7.47.12

RTDEV-31139

In some cases, Following the appearance of “Exception message: Failed to release lock (inconsistent state) for: '{}'. Current thread is not the owner of the lock.LockInfo{category='hqc_total_artifact_count', key='hqc_total_artifact_count'," Error in artifactory-service.log, Artifactory might stop responding for a short time.

7.59.x

It is recommended to upgrade to Artifactory version 7.59 or higher.

RTDEV-28314

Build info links containing artifactory/webapp in the URL are redirected to the packages page in the JFrog Platform UI:

https://ART_HOST/ui/packages#/builds/<BUILD_NAME>/<BUILD_NUMBER>

instead of the information page for the selected build number.

Workaround:Edit the URL manually by removing the packages# prefix. This fix will redirect the link to the build number information page:

https://ART_HOST/ui/builds/<BUILD_NAME>/<BUILD_NUMBER>

OpenJdk17.0.3, which is bundled with Artifactory 7.46/7.47/7.49 has a bug in the newrelic java agent, which causes Artifactory to fail to start up.

7.49.6

When modifying the userLockPolicy settings through the YAML configuration file, the changes were not applied accordingly.

7.70.2

JA-4703

Any changes made to the security configurations UI will override the custom configurations defined in the Access YAML Configuration .

7.46.21

Customers with an Enterprise+ subscription that have Access Federation enabled will lose the Access Federation setup as a result of editing the security configurations UI.

The default expiration of Access Tokens created by the deprecated Artifactory Create Token REST API (/api/security/token) was increased from 1 hour to 1 year. As a result, newly created Access tokens become revocable tokens and do not support cross-instance authentication through a "Circle of Trust".

Suggested Workarounds:

1. Reduce the expiration period of new tokens created by Artifactory REST API by defining "expires_in" as less than 21600 seconds (the default value of revocable-expiry-threshold).

2. Restore Artifactory properties to be as before 7.46.x by adding the following properties to the artifactory.system.properties file and restarting Artifactory:

   artifactory.access.token.expiresIn.default=3600
   artifactory.access.token.non.admin.max.expires.in=3600

NPM installation fails if a bundledDependencies is present in the package.json.

7.47.10

The List Docker Tags API does not work as expected - when executing this API, Artifactory queries the remote resource only once and caches the response. As a result, it will always use the cached response and will not query the remote again.

7.49.5

RTDEV-28501

Users are unable to log into Artifactory when there is an IP address in the X-Forwarded-For Header in the format <ip:port> in the schema name.

7.49.6

Suggested workaround:

Add a header rewrite for X-Forwarded-For header in the application gateway. The header value should be:{var_add_x_forwarded_for_proxy}

RTDEV-28125

Users performing Google authentication to the JFrog Platform will receive an error.

7.46.6

JA-4295/JA-4233

When there are more than five outbound servers configured in Access Federation, Artifactory fails to start.

7.46.17

Access tokens timeout with a Terraform backend causing a permission error.

7.46.3

Project Admin unable to create Repositories if a binding token exists.

7.46.3

If a binding token has been created (for Cold Storage or Federated Repositories), project admins are unable to create repositories for their projects.

RTDEV-26051

The Proxy field in the remote/federated repositories settings that was actively set by users as empty with the intention that the proxy be disabled, is now automatically populated with the default proxy.

The following workaround is:

1. Add the "disableProxy": true parameter to the remote and federated repository JSON.
2. Run the Update Repository Configuration REST API

Note that in an upcoming Artifactory version you will have an option to configure this option in

JFUI-10893 / XRAY-12279

When using Artifactory 7.41.4 & 7.41.6, when the Xray version is upgraded to 3.55.2, the Xray tabs in the UI will disappear. However, Xray functionality continues to work as expected.

7.41.7

This issue affects Artifactory 7.41.2 and 7.41.6 (inclusive) when using Xray 3.55.0 and above. This issue was resolved in Artifactory 7.41.7.

META-1405

Artifactory fails to start due to a failed MDS migration on MSSQL.

RTDEV-26051

The Proxy field in the remote/federated repositories settings that was actively set by users as empty with the intention that the proxy be disabled, is now automatically populated with the default proxy.

7.41.7

The following workaround is:

1. Add the "disableProxy": true parameter to the remote and federated repository JSON.
2. Run the Update Repository Configuration REST API

Note that in an upcoming Artifactory version you will have an option to configure this option in the WebUI.

JFUI-10893 / XRAY-12279

When using Artifactory 7.41.4 & 7.41.6, when the Xray version is upgraded to 3.55.2, the Xray tabs in the UI will disappear. However, Xray functionality continues to work as expected.

7.41.7

This issue affects Artifactory 7.41.2 and 7.41.6 (inclusive) when using Xray 3.55.0 and above. This issue was resolved in Artifactory 7.41.7.

NPM virtual repositories cannot find specific URLs.

7.49.5

RTDEV-27263

Helm | Aritfactory adds unnecessary quotes to the index.yaml file.

7.42.1

Artifactory license file takes very long time to decrypt and load and fails starting up new nodes.

7.49.5

RTDEV-27591

NPM audit does not detect any vulnerabilities.

7.42.1

In 'LDAP Setting', the 'Test connection button might fail with an error "Error connecting to the LDAP server" even in case the LDAP connection is working as expected. This is a result of an issue where the 'Manager DN Password' stored in the UI is corrupted.

7.58.0

Possible workaround:

Enter the 'Manager DN Password' again and then click 'Test connection.

Artifactory upgrade to version 7.49.5 which is integrated with MSSQL and has multiple repositories (~200 and above), might fail due to MSSQL hard-coded limitation of 2100 parameters per query.

7.49.5

Possible Workaround:

Add the following property to the artifactory.system.properties file and restart Artifactory:artifactory.repo.config.db.query.batch.size = 100.

JA-3299

Reference token expires earlier than expected.

7.41.4

Workaround:

Use either Access Tokens or API Keys as a workaround.

The Get LDAP groups API returns a forceAttributeSearch = false even when it is set to true in the config.xml.

7.41.4

Artifactory Returns 404 Instead of 403 for blocked artifacts from NPM Virtual Repositories.

7.41.4, 7.41.6

JFUI-9594

Bullseye view does not show issue details

when the applicability scanner feature is enabled (Xray)

7.38.0

The CLI build scan command often does not match the severity of the UI Xray data.

Related to Xray 3.44.3

The Native browser returns a 404 message for artifacts that are not cached in remote repositories.

Artifactory Cold Storage does not handle Docker images properly.

Unable to create a release bundle from artifacts in a Project-assigned repository.

Related to Distribution 2.12.0

7.37.12

For Self-Hosted Enterprise + users running an on-prem installation: When restarting Artifactory while using MySQL, Oracle, or MSSQL, if the Mission Control microservice is enabled, an SQL error occurs and Artifactory fails to restart.

7.35.2

When customer tries to access the simple index of a smart remote pypi repo, they get a 404 response instead of getting the simple index of the upstream repository.

Using a DevExpress NuGet feed as a remote repository in Artifactory can result in a memory leak. The installation of NuGet packages from this remote repository may fail due to timeouts.

7.38

Workaround:

Add the system property below to $JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties file and restart Artifactory for changes to take effect:

 artifactory.nuget.v2.search.page.size=1000

Artifactory will fail to start up after upgrade if the system property allowExternalConversionScripts is set to true and there is no External Conversion script provided.

artifactory.sql.converter.allowExternalConversionScripts=true

7.31.11

Workaround:

Remove the system property allowExternalConversionScripts or set it to false :

artifactory.sql.converter.allowExternalConversionScripts=false

When clicking edit profile user gets a

"You are not authorized to view this page" error.

7.28.8

The 'Sync Delete' feature does not process the path prefix of the replication configuration.

7.27.9, 7.28.1

Triggering Replication will delete all the other artifacts in the repository and replicate the artifacts only mentioned in the path prefix.

Workaround:

Disable 'Sync Delete'.

A case-insensitive download for a NuGet local repository did not work after restart.

7.31.10

Federation does not work in a simple setup where Artifactory is configured without any reverse proxy or LB.

7.27.9, 7.28.1, 7.29.3

Vagrant returns a 401 message when trying to add boxes from a restricted repository.

Access Tokens work to authorize Vagrant access, so instead of grabbing the token from the endpoint /api/vagrant/auth, create it in the UI and use it.

Edge nodes are not visible if a user has multiple permission targets associated with them.

Workaround:

For non-admin users that have references in multiple permission targets, make sure to have only one permission target where the user is referred.

The distribution process fails with "Not found 400" errors when release bundles are being distributed after the Incomplete Release Bundles Cleanup Period time period and if the release bundle clean up job is triggered at that corresponding time.

Related toMission Control 4.7.11 &Distribution 2.9.2

Suggested Workaround:

Increase the Incomplete Release Bundles Cleanup Period

Upgrading from Artifactory 6.x to 7.x creates a startup issue "Unknown HK2 failure detected".

7.27.3

Suggested Workaround:

Download version 7.19 and take the relevant .jars from that version to the upgraded Artifactory. Replace the files in the following location:

/opt/jfrog/artifactory/app/artifactory/tomcat/lib

JFUI-9886

It is impossible to navigate in the Native UI if the directory in the path contains special characters.

This is a limitation of the Native browser.

The "Native Browser Redirect" feature prevents Windows PowerShell (Invoke-WebRequest command) from downloading a file.

Workaround:

PowerShell users are advised to disable this feature until it addressed. To disable it, update artifactory.system.properties or the JVM parameter with:

artifactory.redirect.native.browser.requests.to.ui=false

Updating users via REST API affects user tokens for Conan requests.

7.35.x

In Federated Repository, if the URL ends with a "/" when configuring Federated Repositories, this results in a GetVersion warning and pauses the queue.

Workaround:

Input the URL without the ending "/" while adding repository as a member

RTFACT-21032

Long Docker repository name fails with creation of DNS in SaaS.

Setting the default system proxy also changes the existing remote repositories definition.

7.27.0

Re-indexing a path on the metadata server will cause a connection leak and eventually a starvation of connections of the database connection pool, due to a query with a lazy AQL query with an unclosed result set.

7.2.0

Artifact search performance issue due to case-insensitivity.

From Artifactory 7.0.0, the "artifact search" via UI/API is case-insensitive by default.

Workaround:

The case-insensitive search can be disabled by applying the following property:

artifactory.ui.search.artifacts.caseInsensitive=false