Artifactory SaaS Releases

This section contains the Release Notes for Artifactory SaaS releases.

To view a SaaS release's release notes, select the version from the table of contents under this topic.

📘

Note

Release notes for previous releases that have passed their end-of-life date (18 months after the initial release) can be found in Artifactory End of Life.

Artifactory 7.144

This section includes all the Artifactory 7.144 releases.

Artifactory 7.144.2 SaaS

Released: 31 March, 2026

⚠️

Update to Metadata Cache Retrieval Period

On 1 May 2026, a minimum Metadata Retrieval Cache Period of 30 seconds will be enforced for remote repositories in Artifactory SaaS. This change will provide resource optimization and performance improvements.

To take proactive action ahead of this enforcement, update remote repositories with a Metadata Retrieval Cache Period below the minimum to a value of 30 or over. The 30 second minimum does not apply to smart remote repositories, and they can continue to have a value lower than 30.

For more information, see ​Cache Settings for Remote Repositories.

Feature Enhancements

• Build Content Displayed in Platform UI

  The platform UI now contains a Content tab that provides a list of all the packages and standalone artifacts (known collectively as releasables) included in the build. For more information, see View Build Number Information.

• Strict Tag Overwrite Enforcement Configuration

  Docker, OCI, and Helm OCI repositories now have a Enforce Strict Tag Overwrite configuration setting. When enabled, this configuration requires explicit Delete/Overwrite permissions when pushing images with an existing name and tag. This enforcement prevents multiple manifest types under the same tag, maintaining stricter registry integrity.

• Enhanced Hugging Face Compatibility for Xet 1.3.0+ Clients

  Added support for the /v1/ CAS API path prefix to ensure compatibility with hf_xet client version 1.3.0 and later. This update enables successful file reconstruction and xorb chunk retrieval by correctly processing versioned endpoint paths.

Resolved Issues

Artifactory 7.141

This section includes all the Artifactory 7.141 releases.

Artifactory 7.141.0 SaaS

Released: 10 March, 2026

New Features

• Add Platform Auditor Role in REST API
  The JFrog Platform now supports assigning users the Platform Auditor role via the user management REST API endpoints. For more information, see Create User, Update User, and Get User Details.

Feature Enhancements

• Platform UI searches support Release Bundles v2 The global search bar at the top of the platform UI now includes support for Release Bundles v2. A toggle switch makes it easy to choose between searching for Release Bundles v1 and Release Bundles v2 (v2 is the default). This enhancement makes it easy to find any Release Bundle quickly without first navigating to a specific window in the application. For more information, see Release Bundles Search.
• Improved performance of Release Bundles v2 page To improve the user experience, the platform UI page for Release Bundles v2 has been optimized, especially when displaying a long list of Release Bundles.
• AQL search results now respect repository include and exclude patterns AQL search results now respect repository include and exclude patterns for local, remote, and virtual repositories. Items that do not match a repository's patterns are filtered out for non-admin users, so AQL results align with repository access rules and other search methods. For more information, see Artifactory Query Language.

Resolved Issues

Artifactory 7.139

This section includes all the Artifactory 7.139 releases.

Artifactory 7.139.1 SaaS

Released: 24 February, 2026

New Features

• Support for Nix Package Type
  You can now use Nix repositories in Artifactory as a high-performance binary cache to ensure fast, reliable, and reproducible builds. This integration allows you to proxy and cache NixOS Search , while also providing a secure platform to host and publish custom internal channels.

  Artifactory enhances the Nix ecosystem by providing unified access through virtual repositories, and global distribution via federated repositories to synchronize artifacts across locations. Artifactory also provides native metadata calculation to logically group related artifacts, improving discoverability and artifact management without compromising Nix's core content-addressed reproducibility. For more information, see Nix Repositories.

• NuGet Enforce Layout

  This version of Artifactory introduces NuGet Enforce Layout. By enabling NuGet Enforce Layout, you will avoid package duplication and bring Artifactory closer in alignment with the nuget.org registry.

  NuGet Enforce Layout has three main uses:

  • It allows access to the PackageBaseAddress service, which speeds up NuGet restore operations.
  • It normalizes the names of the packages that you deploy based on SemVer, according to the NuGet Normalized Version Numbers convention, supported in NuGet versions 3.4 and above.
  • It prevents the upload of duplicate versions or several package versions that are identical according to the Normalized Version Numbers rules.

  For more information, see NuGet Enforce Layout.

📘

Note

NuGet Enforce Layout is available only if your Artifactory version has the NuGet Package Handler activated.

• API for returning all Release Bundle v2 cleanup policies

  A new REST API returns a list of all existing Release Bundle v2 cleanup policies for either a specific project or for the entire system. For more information, see Get All Release Bundle v2 Cleanup Policies API.

Feature Enhancements

• Xet Protocol in Remote Hugging Face Repositories

  Remote Hugging Face repositories now support Xet protocol, providing enhanced download performance and handling files larger than 50 GB. Xet is supported for repositories that use the new Machine Learning layout. Migrate legacy Hugging Face repositories to the new layout to use Xet. For more information, see Enable Xet Protocol for Hugging Face Repositories.

• Support for JSON Indexing with PyPI Simple JSON API

  Artifactory now supports the PyPI Simple JSON API to provide a modernized alternative to traditional HTML-based package metadata. This opt-in feature enables JSON indexing for PyPI repositories via the Accept header, allowing for faster and more efficient dependency resolution by modern Python package managers. For more information, see Enable JSON Indexing in PyPI Repositories.

• Added a Warning Message When Deleting a SCIM Token

  The JFrog Platform now displays a warning message when attempting to delete a SCIM token, as deletion might disconnect authentication provider integrations.

• Updated POM Validation Log Level

  Log entries for POM deployment path mismatches have been updated from Error to Warning to better reflect that these issues typically are not caused by system failure. This change reduces noise in monitoring tools while still reporting incorrect POM metadata.

• Cleanup policies available for Enterprise X subscriptions

  JFrog cleanup policies are now available to users with an Enterprise X subscription, in addition to those with Enterprise +. Cleanup removes unnecessary files, applications, and configurations to free up storage and improve system performance.

Resolved Issues

Artifactory 7.137

This section includes all the Artifactory 7.137 releases.

Artifactory 7.137.0 SaaS

Released: 12 February, 2026

❗️

Intended Change in Artifactory’s Response to Improper Configuration of a Smart Remote Repository

To properly configure a smart remote repository using the Create Repository API, the URL of an Artifactory instance must be used as the URL of the remote repository, and the attribute contentSynchronisation must have enabled = true in the Repository Configuration JSON.

Currently, if a user wants to create a smart remote repository and enables contentSynchronisation, but does not set the URL of an Artifactory instance as the URL of the remote repository, Artifactory responds by creating a regular (not smart) remote repository, sends a 200 success message, and disables contentSynchronisation. The user does not receive any indication that the smart remote repository that the user tried to create is actually a regular remote repository or that contentSynchronisation is disabled.

Starting from May 12, 2026, Artifactory will respond differently to this scenario. Instead of creating a regular remote repository, Artifactory will respond with a 400 error message, and no repository will be created.

❗️

Artifactory to Stop Allowing Importing a Backup of Repositories with the -cache Suffix

Artifactory does not allow creating a repository with the -cache suffix, because -cache is a reserved string that Artifactory uses internally to create a -cache repository for every remote repository. However, currently Artifactory allows importing a backup of repositories even if there are repositories in that backup with a -cache suffix. Starting from May 12, 2026, Artifactory will no longer allow a backup of repositories if there are repositories in that backup containing the -cache suffix. Ensure that by May 12, 2026, you do not have any repositories with the -cache suffix to be backed up for the backup to run successfully.

Note: Renaming existing repositories is not possible. Therefore, if you need to rename a repository because it has the -cache suffix, the most efficient way to do this is to create a new repository, copy the contents of the repository with the -cache suffix into it, then delete the old repository.

Feature Enhancements

• Additions to the Artifactory Request Log and Outbound Request Log
  The Artifactory Request Log (JSON only) and Outbound Request Log (JSON only) have been extended with two new fields that significantly simplify the analysis of traffic patterns:
  • repo: The name of the repository as it appears in the URL
  • repo_type: The type of the repository (one character). Will be one of the following:
    • v: virtual
    • l: local (also for federated)
    • r: remote
• Improved Maven Indexing Performance
  Artifactory performance has been improved by optimizing database indexes for Postgres DB. By reducing the database load during file upload and deletion operations, this change ensures better system stability and faster response times for Maven repositories.
• npm Metadata Protection
  To avoid potential metadata corruption, Artifactory now blocks writing to the .npm directory during copy or move operations to paths in that directory. This limitation prevents source metadata from overwriting the destination's system-generated files, ensuring your npm packages remain correctly indexed after the move.
• npm Attestation Support
  This version of Artifactory introduces support for native npm provenance and attestations in remote and virtual repositories. When running npm audit signatures, the output now includes signatures and attestations for supported packages. This enhancement allows you to retrieve build-source metadata directly from upstream registries and ensure package authenticity. For more information, see Use npm Audit.
• Support for Webhook Creation Role
  The JFrog Platform now supports a role that allows users who are not platform administrators to create and manage Webhooks. For more information, see Create and Edit Users.

Resolved Issues

Artifactory 7.136

This section includes all the Artifactory 7.136 releases.

Artifactory 7.136.0 SaaS

Released: 02 February, 2026

❗️

Hugging Face Repository Layout Deprecation

As of June 2026, the Hugging Face repository layout will be deprecated.

All new local and remote Hugging Face repositories use the new Machine Learning repository layout by default. Any older repositories must be migrated before June 2026 to preserve complete functionality.

For more information, see Migrate Legacy Hugging Face Repositories.

Feature Enhancements

• Improved Helm metadata processing
  Helm metadata processing has been improved by eliminating redundant version comparison during repository indexing. This optimization reduces CPU overhead during index.yaml generation and virtual repository rewrites, significantly improving performance and scalability for repositories with a large number of chart versions.

• Improved Pub error handling and status codes
  For Pub clients older than version 2.15.0, error handling and status codes have been changed to align with proper authorization behavior. When a user without write permissions tries to download a package from a remote, virtual, or smart remote repository, Artifactory will now return HTTP 403 (Forbidden) instead of 404.

• AQL Limit Applied to the Artifactory Server to Protect the Database Server from Overload
  An AQL limit has been applied to the Artifactory Server to protect the Database Server from overload caused by excessive AQL search requests issued by end-users. The AQL limit includes concurrency limits at both global and per-user levels. This ensures that the database server has enough remaining capacity to serve other critical activities, such as upload and download.

• Enhanced UI Support for DNF Client in RPM Packages
  This release adds the DNF client option to RPM Set Me Up instructions. While Artifactory has long supported both YUM and DNF clients, the Set Me Up instructions previously only displayed YUM option. Artifactory is prioritizing the DNF client to align with modern RPM-based distributions where DNF is the default package manager.

• Draft Release Bundle v2 versions

  You can now use the Create Release Bundle v2 Version REST API to create an unlocked, mutable draft. Use the new Update Draft Release Bundle v2 Content REST API to add sources—such as artifacts, packages, builds, or bundles—as needed. When the draft is final, use the new Finalize Draft Release Bundle v2 Version REST API to lock the bundle and make it immutable. Please note that Evidence cannot be added to a draft Release Bundle version until it is finalized. For more information about draft versions, including other limitations, see Create a Draft Release Bundle v2 Version.

• Performance improvements when exporting Release Bundle v2 versions

  We are excited to announce significant performance improvements to the ​export Release Bundle v2​​ feature. This enhancement provides a more efficient and streamlined experience for users in both self-hosted and SaaS environments. Key improvements include:

  • Faster processing times: Reduced export times for Release Bundles, allowing for quicker access to essential data.
  • Optimized resource usage: More efficient utilization of system resources during the export process, leading to enhanced overall performance.
  • Scalability enhancements: Improved handling of larger datasets, ensuring consistent performance with support for big bundles, allowing users to export extensive Release Bundles without performance degradation.

Resolved Issues

Artifactory 7.135

This section includes all the Artifactory 7.135 releases.

Artifactory 7.135.0 SaaS

Released: 27 January, 2026

Feature Enhancements

• Improved build module performance in platform UI
  To enhance the user experience, the time required to display build modules in the platform UI was significantly decreased. This improvement is most noticeable when loading large builds in the UI.

• Support for Setting Maximum Token Expiration Value

  The JFrog Platform now supports setting a maximum value for token expiration for Cloud users, enabling self-service management and increased platform security.

• Webhook Management Scoped Tokens The JFrog Platform now supports creating scoped tokens, allowing access to manage Webhooks endpoints. For more information, see Create Scoped Token.

Resolved Issues

Artifactory 7.134

This section includes all the Artifactory 7.134 releases.

Artifactory 7.134.0 SaaS

Released: 20 January, 2026

Feature Enhancements

• Added Support for Project Admin Permissions
  The JFrog Platform now supports more granular control over project admin permissions, allowing you to grant project admins Manage Resources permissions, but prevent them from creating or managing remote repositories.

Resolved Issues

Artifactory 7.133

This section includes all the Artifactory 7.133 releases.

Artifactory 7.133.2 SaaS

Released: 13 January, 2026

Feature Enhancements

• Added a Warning Message When Deleting a SCIM Token
  The JFrog Platform now displays a warning message when attempting to delete a SCIM token, as deletion might disconnect authentication provider integrations.
• Evidence system enhancements:
  • Cosign v3: The Evidence system now supports automatic evidence creation using the Sigstore bundle format. This includes compatibility with both the cosign sign and cosign attest commands with the new-bundle-format flag. Support remains in place for in-toto attestations (DSSE) created with the legacy Cosign v2 attest command.
  • PSS padding: To simply integration with different systems that produce attestations, the Evidence system now supports secure PSS (Probabilistic Signature Scheme) padding for signatures when creating evidence with the Create Evidence REST APIs . PKCS#1 v1.5 padding is still supported.
  • Base64 URL encoding: The Evidence system now supports Base64 URL encoding for the DSSE signature. Standard Base64 encoding is still supported.
• Support for .dsc Source Packages in Local Debian Repositories
  Local Debian repositories now support Debian source packages. After configuring your sources.list file for source packages, you can deploy the component source package files one by one to your local repository and resolve them as a single package using apt-get source. For more information, see Connect Debian to Artifactory.

Resolved Issues

Artifactory 7.132

This section includes all the Artifactory 7.132 releases.

Artifactory 7.132.1 SaaS

Released: 7 January, 2026

Feature Enhancements

• URL Auto-Correct Added to Procedure for Creating a Smart Remote Repository
  An auto-correct feature was added to the procedure for creating a smart remote repository for certain package types, to ensure that a correct URL is used. For more information, see Configure a Smart Remote Repository.
• Bridge URLs in Remote Repositories
  Bridge URLs can now be used in remote repositories without additional configuration.
• Updated Payload Code Sample for "Before Download Request Worker"
  The payload code sample for Before Download Request Worker has been updated for backward compatibility and to avoid compilation errors. The redundant repoPath object has been removed from the root of the event request, and the headers object is now identified as requestHeaders. For more information, see Before Download Request Worker Code Sample.

Resolved Issues

Artifactory 7.131

This section includes all the Artifactory 7.131 releases.

Artifactory 7.131.0 SaaS

Released: 30 December, 2025

Feature Enhancements

• Release Bundle v2 creation dry run
  You can now use the Create Release Bundle v2 REST API to perform a dry run, which simulates the creation of the Release Bundle and performs all the necessary validations, but without persistence. For more information, see Perform a Release Bundle v2 Creation Dry Run.

• Curation Support Added for PHP Composer Remote Repositories
  Artifactory now ensures security compliance for Composer repositories protected by JFrog Curation. If a package is blocked by security policy, Artifactory automatically prevents the Composer client from falling back to external source URLs to download.

  This feature requires Xray version 3.137.0 or above.

• Logging of Administration Configuration Changes
  The JFrog Platform now supports logging of any changes made to the access configuration, such as enabling anonymous access, in the Access audit trail log.

Resolved Issues

Artifactory 7.130

This section includes all the Artifactory 7.130 releases.

Artifactory 7.130.0 SaaS

Released: 23 December, 2025

Feature Enhancements

• Support for Regex in OIDC Integration Dynamic Mapping

  The JFrog Platform OIDC integration now supports dynamic mapping creation using more advanced patterns, which automate and streamline the process for various use cases. For more information, see Dynamic Mappings.

Resolved Issues

Artifactory 7.129

This section includes all the Artifactory 7.129 releases.

Artifactory 7.129.1 SaaS

Released: 16 December 2025

New Features

• New REST API for preparing evidence for deployment to Artifactory

  The new Prepare Evidence REST API simplifies the evidence creation process for users who do not use the JFrog CLI. The API request contains the predicate, which is a JSON containing claims about the defined evidence subject (for example, a build or artifact), and can include an optional markdown version. The API returns a payload that conforms to the in-toto attestation standard used by the JFrog platform. After signing the payload, you can deploy the evidence to the JFrog platform using the Deploy Evidence REST API . For more information, see Create Evidence using REST APIs.

Feature Enhancements

• Significantly Improved Package Details User Interface

  The Package Details user interface (UI) has been significantly improved, and now displays valuable information about package versions in a more user-friendly format, including:

  • When the Package Details view is initially displayed, details on the latest version or tag of the package appear.
  • Use of native terminology, based on the package context (for example, tags for Docker/OCI packages, versions for other package types).
  • Quick selection of a package version, allowing you to easily find the version you need.
  • An All Versions view, allowing quick impact analysis across all versions to see vulnerabilities and where versions are stored.
  • Multi-client install commands: Installation commands are provided for all officially supported clients in every package type.
  • More install commands for more package types: The new UI introduces 35 new install commands to help developers use the packages they are looking for.
  • Context-sensitive Information tabs, displaying important version information according to the package type.

  For more information, see The Package Details User Interface.

• Support for Kiro with AI Editor Extension repositories

  You can now set up AI Editor Extension Repositories in Artifactory to securely proxy and cache the Kiro extension marketplace, and configure your Kiro IDE to download extensions from the Artifactory cache. For more information, see Get Started with AI Editor Extensions.

• JFrog CLI commands for setting up IDEs with AI Editor Extension repositories

  The new jf ide setup command automates the process of connecting your IDE to an AI Editor Extensions repository in Artifactory. You can run the single command to configure any supported client, instead of manually granting permissions and editing configuration files. For more information, see Connect your IDE to Artifactory.

• Improved performance when creating Release Bundles from builds with dependencies

  To enhance the user experience, we have implemented significant performance enhancements when creating Release Bundle v2 versions from builds that contain dependencies.

• Include & exclude filters for patching Release Bundle v2 versions

  Users can now define include and exclude filters for patching a Release Bundle v2 version via the REST API. These new options provide great flexibility and fine-grained control over the contents of the Release Bundle. For example, you can now patch an existing Release Bundle by replacing a specific package. The new filters also enable you to create a new Release Bundle version that contains a subset of the previous version's content, for example to create a version for a specific architecture. For more information, see Create Release Bundle v2 Version API.

• New REST APIs for evidence queries

  Two new REST APIs are available for performing evidence queries. They are intended for users who prefer traditional REST APIs for integration with their existing automation tools instead of using GraphQL. For more information, see Search Evidence API and Get Evidence by ID API.

• Evidence GraphQL API for returning evidence by ID

  You can now use GraphQL to return the details of a specific evidence item using its ID instead of using its path. For more information, see Get Evidence by ID GraphQL API.

• Improved the Run reports generated by Retention Policies for packages (Cleanup and Smart Archiving)

  The reports now include Package Path, Created Date, Modified Date, and Last Downloaded Date columns under Run Detailed Summary to facilitate better validation and auditing of deleted or archived packages. For more information, see Smart Archiving Run Report Overview, Restore Run Report Overview and Cleanup Run Report Overview.

• ​​Granular Lifecycle Control - Retention Policies​​
  You can now combine Time-based and Property-based conditions using a logical ​​AND​​ in your Cleanup and Smart Archiving policies. This allows for sophisticated rules, such as archiving packages that are "older than 1 year AND tagged as PROD," giving you precise control over your packages in Local and Federated repositories.

Resolved Issues

Artifactory 7.128

This section includes all the Artifactory 7.128 releases.

Artifactory 7.128.0 SaaS

Released: 01 December, 2025

New Features

• Application metrics now available to SaaS users

  Users working in SaaS environments can now receive a wide variety of application-related metrics (based on the Open Metrics standard) using a new REST API. For more information, see Get Artifactory Application Metrics.

Feature Enhancements

• Significant Improvements in the Repositories User Interface

  The Repositories user interface has been significantly re-designed, making it much more user-friendly and efficient.  When initially opening the Repositories list, there are options to view the 20 most recently viewed repositories and to view inactive repositories. Filtering capability has been added, so that you can now filter the Repositories list according to Repository type, package type, URL (for remote repositories), Project association, stage, and repositories that have a replication (for local and remote repositories). For more information, see View Repositories.

• Support for pnpm client with npm repositories

  You can now configure the pnpm client to connect to npm repositories in Artifactory and use it to manage npm packages. For more information, see pnpm.

• Support for uv client with PyPI repositories

  You can now configure the uv client to connect to PyPI repositories in Artifactory and use it to manage Python packages. For more information, see uv Client.

• Support for Yarn Modern with npm repositories

  Artifactory now supports natively managing npm packages with Yarn V2+ (Modern). For more information, see Connect Yarn to Artifactory.

• Audit trail maintained when promoting duplicate Release Bundle artifacts

  Previously during Release Bundle v2 promotions, the system skipped artifacts that already existed in the target stage. This behavior prevented the target stage from being updated with evidence associated with those artifacts. This enhancement guarantees that all associated evidence is copied to the target stage, ensuring a complete and verifiable audit trail throughout your SDLC.

• Improved performance of Build Versions page in platform UI

  Pagination has been added to the Build Versions page in the platform UI, which makes it faster and more convenient to use when the selected build contains many existing versions.

• Date picker to improve Builds page performance

  To improve performance, the Builds page now features a date picker that displays only those builds within a defined timeframe. The default value is the last 7 days. Users can choose a different timeframe as needed.

• New Support for Password Control Via REST API

  The JFrog Platform Access service now enables you to expire and un-expire all passwords via REST API. For more information, see Expire Password for All Users API and Un-Expire Password for All Users API.

• Added Support for the Range Header in Download Requests for PyPI Repositories

  Artifactory now supports Range requests when downloading Python packages from local, remote, and virtual PyPI repositories. This improves compatibility with the UV package manager and prevents redundant full-package downloads, reduces unnecessary download counts, and improves performance.

• Added Support for Proxying the GitHub Enterprise Cloud Private Registry for Go Remote Repositories

  Support has been added for proxying the GitHub Enterprise Cloud private registry (<comanyName>ghe.com) for Go remote repositories.

• Optimized node event deletion performance in Artifactory when using an Oracle Database

  Optimized the performance of node event deletion in Artifactory when using an Oracle Database by adding an optional system property to utilize the primary key index. See Oracle for Artifactory

• User Management - Permissions

  Updated the tooltip for the Include All Builds checkbox to clarify that selecting this option includes all builds and preserves any defined exclude patterns.

• Optimized Artifactory Database Maintenance Performance with Bulk Insert Refactoring

  Optimized Artifactory's shift events operation by refactoring the internal database process to use bulk inserts, significantly reducing database round-trip and improving performance.

• Added Roles Support via REST API

  Added support for the Watch manager, Policy manager, reports manager, and resource manager roles in the user and group management REST API. For more information, see Security.

• Support for Webhook Target Validation

  The JFrog Platform now supports creating a whitelist to allow private domains or IP addresses to be used as Webhook targets without needing to disable Artifactory validation.

Resolved Issues

Artifactory 7.127

This section includes all the Artifactory 7.127 releases.

Artifactory 7.127.0 SaaS

Released: 17 November, 2025

Feature Enhancements

• New REST APIs for VCS Remote Repositories to Obtain Data from Subgroup Repositories

  New REST APIs have been added for VCS remote repositories to obtain data from subgroup repositories. Four new APIs have been added that allow you to:

  • Download a VCS Branch from a Subgroup Repository
  • Download a VCS Tag from a Subgroup Repository
  • Download a File in a VCS Branch in a Subgroup Repository
  • Download a File in a VCS Tag in a Subgroup Repository

  Also, the legacy APIs Get VCS Tags and Get VCS Branches can be used to obtain VCS tags and branches from subgroup repositories.

  Currently, branches and tags can be downloaded only in the tar.gz format.

  In this Artifactory version, these APIs can be used to obtain data from the Google Source Git Provider.

• Google Source Git Provider for VCS Remote Repositories

  Support has been added in the Artifactory user interface for the Google Source Git Provider for VCS remote repositories. For more information, see Use VCS To Proxy Git Providers.

• Improvements in VCS Remote Repositories APIs

  The user organization can now be used as the repository for downloading VCS tags, branches, files in a tag, and files in a branch. For more information, see Download a VCS Tag, Download a VCS Branch, Download File within a VCS Tag, and Download File within a VCS Branch.

• Support for New SCIM REST API Endpoints

  The JFrog Platform now supports getting more information about your SCIM configuration and schemas via REST API. For more information, see Get Resource Types, Get Service Provider Configuration, Get Schemas, and Get Schema by ID.

• Support Added for Decompressing .xz and tar.xz Files

  Artifactory now supports decompressing .xz and tar.xz files, similar to the already supported decompression for  .zip, .tar, and .gz files.

• RLM promotion rollback from platform UI

  To improve the user experience, you can now roll back a Release Bundle v2 version promotion from the platform UI. For more information, see Promotion Rollback. Please note that the UI icon for deleting a promotion has been removed, as rollback replaces this functionality.

• Improved the Builds page performance

  The pagination performance of the Builds page has been improved significantly to enhance the user experience.

• Retention Policies - Package Version Pattern Filtering

  Cleanup and Smart Archiving retention policies now support Include and Exclude Package Version Patterns. For more information, see Cleanup Policies and Smart Archiving.

Resolved Issues

Artifactory 7.126

This section includes all the Artifactory 7.126 releases.

Artifactory 7.126.0 SaaS

Released: 3 November, 2025

Feature Enhancements

• New REST API for deleting the tag from a Release Bundle v2 version

  To improve the user experience, you can use a new, dedicated REST API to delete a tag from a Release Bundle v2 version. For more information, see Delete Release Bundle v2 Version Tag.

• Query parameter for returning all errors during Release Bundle v2 creation

  To help debug issues you may encounter during Release Bundle v2 creation, a new fail_fast query parameter has been added to the REST API. When set to false, the API will return validation errors that occur during creation as a group instead of failing after the first error. For more information, see Release Bundle v2 Creation Errors Collected by System.

• Support for Filtering Tokens by Scope via REST API

  The JFrog Platform now supports filtering the results of the Get Tokens REST API using the scope parameter to get token results for a specific scope, such as group. For more information, see Get Tokens.

• Support for Easier Management of OIDC Identity Mappings

  The JFrog Platform now supports adding identity mapping claims to OIDC integrations as values in addition to the JSON file format for easier entry. For more information, see Configure Identity Mappings.

• Support for New SCIM REST API Endpoints

  The JFrog platform now supports getting more information about your SCIM configuration and schemas via REST API, such as your resource type, service provider configuration, and schema definitions.

Resolved Issues

Artifactory 7.125

This section includes all the Artifactory 7.125 releases.

Artifactory 7.125.3 SaaS

Released: 23 October, 2025

New Features

• Cleanup - Builds

  Artifactory now supports a build cleanup policy to delete unintended builds. For more information, see Cleanup Policies.

• New Remote Repository Types for IDE Plugins

  Two new remote repository types, AI Editor Extensions and JetBrains Plugins, are now available to proxy IDE plugin marketplaces. The AI Editor Extensions repository supports proxying extension marketplaces for VSCode, Cursor, and Windsurf. This repository type is integrated with JFrog Curation to enable policy-based blocking of unwanted plugins. The JetBrains Plugins repository supports proxying the JetBrains Marketplace for JetBrains IDEs such as IntelliJ IDEA and PyCharm.

  With both repository types, you can browse and install extensions and plugins natively within each IDE.

  The repositories are available to customers with an Ultimate bundle subscription.

• New Remote Repository Type for Bazel Modules

  The new Bazel Modules remote repository type supports caching and proxying the Bazel Central Registry (BCR) in Artifactory. This repository type is designed to support module dependency management in accordance with Bazel 9 requirements. Maintaining a secure cache and proxy of the BCR ensures that developers pull only approved and vetted dependencies, enhancing security and streamlining the development process. For more information, see Bazel Modules Repositories.

• Artifactory Now Natively Supports the Terraform Provider Registry Protocol

  Artifactory now natively supports the HashiCorp Terraform Provider Registry Protocol, acting as a fully compliant Provider Origin Registry for both Terraform and OpenTofu. This enhancement simplifies client configuration, enhances security with GPG verification, and provides smarter protocol-aware proxying. This new method applies to local, virtual, and federated repositories and adds to the network_mirror approach. For more information, see Terraform Documentation.

• Update Password Policy Via REST API

  The JFrog Platform now supports creating and updating your instance’s password policy via REST API, for easier access for SaaS instances. For more information, see Password Policy.

• system properties to enable/disable

  Introduced new configuration options via system properties to manage Federation Auto-Healing email notifications:

  artifactory.auto.healing.send.mail.notifications: Set to false to disable all Auto-Healing email notifications (default is true).

  artifactory.auto.healing.send.mail.interval.hour: Set the minimum interval in hours between notification emails for the same mirror recovery (default is 1).

Feature Enhancements

• Redesigned platform UI for Release Lifecycle Management

  The platform UI for Release Lifecycle Management has been redesigned to provide a clearer, more consolidated view of your Release Bundles. The new design centralizes all critical information for each Release Bundle version, including its timeline, contents, security scans, evidence, and properties, in an accessible and intuitive interface. For more information, see Release Lifecycle Management.

• Release Bundle v2 versions now associated with stages and lifecycles

  This version replaces environments with the concept of stages and lifecycles, to provide users with more flexibility and control over their SDLC. Administrators can create global and project stages as needed and assign them to different SDLC categories, such as Code and Promote. The administrator then adds selected stages to the lifecycle to represent the progression of release candidates through your SDLC. For more information, see Stages & Lifecycle.

• Support for webhooks for project-related Release Bundles

  Artifactory now supports the creation of webhooks for Release Bundle v2 versions associated with specific projects. This enables you to receive notifications whenever a Release Bundle in a particular project is uploaded, promoted, or deleted. To create a Release Bundle webhook for a specific project, you must be working within the scope of the project (as opposed to All Projects).

  For guidelines about creating a Release Bundle v2 webhook for a specific project, see Domain: Release Bundle v2.

• Created-by information provided for Sigstore evidence

  To improve understanding and traceability, the API response when creating and deploying Sigstore evidence now includes the username associated with the JFrog token instead of ‘internal’.

• More accurate error messages during Release Bundle promotion

  To improve user understanding, validation errors during the Release Bundle v2 promotion process will now return a BAD REQUEST error message (HTTP 400) rather than a generic HTTP 500 error.

• Release Bundle v2 auto-creation feature removed

  The Release Bundle v2 auto-creation feature, which was introduced to help customers transition from build promotion to the expanded feature set offered by Release Lifecycle Management, has been removed from the platform UI after having served its purpose.

• Support for Easy Copying of Administration Values

  The JFrog Platform WebUI now supports a Copy button, allowing you to copy values in the Administration module pages with a single click.

  The following values will now be easily copiable:

  • Token ID under Access Tokens
  • Name under Projects, Users, Groups, Permissions, Project Members, Webhooks, and Manage Integrations
  • Auth URL under OAuthSSO
  • URL under Webhooks
  • Group Name under Crowd/ Jira
  • Provider URL under Manage Integrations
  • Project Key under Projects

• Support for Updating the Access Bootstrap YAML File

  The JFrog Platform now supports making changes to the access.security.bootstrap.yml file without creating a new configuration or modifying the existing Artifactory YAML file. For more information, see Access Bootstrap YAML File.

• Improved Artifact Lifecycle Management

  Artifactory now updates the creation timestamp of an artifact when it is copied or moved to a new repository to the current date and time of the operation. Previously, the original creation timestamp was retained when moving or copying an artifact to another repository, which led to incorrect assumptions about the artifact's age and relevance in the new location. The "last modified" timestamp remains unchanged to preserve the integrity of the artifact's last update. This enhancement helps in the effective adoption of cleanup policies and aligns with industry standards. To ensure backward compatibility, this feature is implemented behind a feature flag and is disabled by default.

• Additional Configuration for GCP Internal Actions

  The ability to configure readTimeout was added to Google Cloud Platform (GCP) internal actions.

• New Setting Added to Complete a List Manifest Image Overwrite

  A new setting has been added under Package Settings called Complete list manifest image overwrite. When this setting is enabled, overwriting a list manifest image will asynchronously overwrite all of its sub-manifests.

• Improved Resolving of Subgroups When Accessing Subgroups in Gitlab with Go Remote Repositories

  When accessing subgroups in GitLab with Go remote repositories (by selecting the Resolve Subgroups checkbox, as explained here), Artifactory now resolves the correct dependency version even if the URL contents contain both subgroups and submodules.

• Optimized Nuget Version

  Tightened validation to require all NuGet packages to use strict Semantic Versioning (SemVer 2.0). See specification.

• Nuget Packages - Rate Limit

  Introduced a new rate-limiting mechanism for search APIs to prevent excessive calls and ensure service stability.

• Viewing Release Bundles distributed to Edge nodes

  To align the platform UI with the REST API, only admin users are permitted to view distributed Release Bundle versions (v1 and v2) in the Received tab on Edge nodes. For more information, see View Release Bundles on Edge Nodes.

Resolved Issues

Artifactory 7.124

This section includes all the Artifactory 7.124 releases.

Artifactory 7.124.1 SaaS

Released: 29 September, 2025

Feature Enhancements

• Expanded support for distributing and exporting Release Bundle v2 versions

  To make distributing and exporting Release Bundle v2 versions easier, you can now use JFrog Distribution with Release Bundle v2 versions signed with the default key in Artifactory. To support this change, the default key type has been changed from RSA to GPG, and the name of the default key has been changed to default-lifecycle-key. For more information, see Create Signing Keys for Release Bundles (v2).

• Improved visibility for nested Release Bundles

  The Release Bundle v2 content graph now provides a clear, visual representation of nested Release Bundles. Seeing the complete hierarchy enables you to understand how the Release Bundle is constructed, even when it contains other Release Bundles. For more information, see View Release Bundle v2 Evidence.

• Improved aggregated Release Bundle creation

  Artifactory has improved its handling of aggregated Release Bundles (meaning, a Release Bundle v2 version that is comprised of other Release Bundle versions). If the Release Bundle version you are trying to create contains multiple Release Bundles with the same artifact but different metadata (evidence or properties), Artifactory will create the version successfully using the newer version of the artifact.

• Change of status code when creating Release Bundle v2 from build with missing artifact

  To improve reporting accuracy, errors caused by missing artifacts during Release Bundle v2 creation will be returned as a 422 error (SC_UNPROCESSABLE_ENTITY) rather than a different status code that triggered unnecessary monitoring alerts. The 422 status code represents the event more accurately as it is the expected behavior when an artifact cannot be found.

• Evidence for artifacts in virtual repositories displayed in Artifacts tree

  You can now view evidence related to artifacts in a virtual repository in the Artifacts tree. This is particularly useful when attaching evidence to a Docker image created in a tool such as GitHub Actions. In such cases, users typically work with the Docker image as part of a virtual repository in Artifactory. The virtual repository must contain at least one local repository to house the evidence. For more information, see View the Artifact Evidence Table.

• Enhanced Support for npm Audit

  In addition to npm virtual repositories, npm Audit is now also enabled by default on npm remote repositories that support npm Audit directly. For more information, see Use npm Audit.

• Updated Artifactory Worker Events

  Updated the following Worker Events with repoType Input Parameter:

  • Before Property Replication
  • Before File Replication
  • Before Statistics Replication
  • Before Directory Replication
  • Before Delete Replication

• Run Cleanup policies and Garbage Collection (GC) Simultaneously

  Enabled cleanup policies to run more reliably by making them health-aware. Jobs will now run concurrently with other tasks only if the system is HEALTHY and will automatically stop if load increases, ensuring system stability.

  This can be toggled by the system property: artifactory.retention.system.health.aware.job.enabled. Reach out to the Customer Support to get this enabled.

Resolved Issues

Artifactory 7.123

This section includes all the Artifactory 7.123 releases.

Artifactory 7.123.0 SaaS

Released: 15 September, 2025

New Features

• Support for Sigstore bundle attestations

  Artifactory now supports the automatic conversion of OCI Sigstore bundle attestations into JFrog evidence.

Feature Enhancements

• Upgraded Gradle Set Me Up Wizard

  The Gradle Set Me Up wizard has been upgraded to support Gradle 9.

• Virtual Repositories for Hugging Face Packages

  Virtual repositories can now be created for Hugging Face packages.

  • Local and remote Hugging Face repositories that are associated with a virtual Hugging Face repository must have the Machine Learning Repository Structure.
  • Hugging Face datasets and models can be resolved from a virtual Hugging Face repository only with the snapshot_download API and not by using libraries.

  For more information, see Create a Hugging Face Repository and Resolve Hugging Face Packages.

• Performance Improvement in Release Bundle v2 Promotion Flow

  The performance of the promotion flow for Release Bundle v2 versions has been improved.

• Enhanced metadata propagation during RTFS Full Sync operations

  The Artifactory Federation Service (RTFS) now supports the propagation of artifact creation time metadata during a Full Sync operation. To enable this feature:

  1. Set the following Artifactory system property to true on the target members:

     artifactory.federated.mirror.events.upload.info.propagate.enabled

  2. Use a new REST API to enable the propagation of this specific metadata. For more information, see Propagate Creation Time Metadata during Full Sync.

• Improved visibility of OCI/Docker multi-arch images in the platform UI

  To reduce visual clutter and improve comprehension, Artifactory now makes it easier to manage OCI/Docker multi-arch images in the platform UI. For example, if you have a multi-arch image called my-image:1.0.0 that supports amd64 and arm64 architectures, Artifactory contains 3 distinct package versions, one for the manifest list and one for each architecture:

  • my-image:1.0.0
  • my-image:sha256__f2ca1bb6c7....
  • my-image:sha256__1a8a5828e8....

  Artifactory now displays the version for the manifest list only in the platform UI and suppresses the individual architecture versions (named according to their image tags). This enables you to focus on the multi-arch image as a single entity. Please note that all package versions will be returned when listing the content via the REST APIs.

• Updated Artifactory Worker Events

  Updated the following Worker Events:

  • Before Download Request: The following fields are added in the response:

    modifiedRepoPath, expired and headers.

  • Before Create: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

  • Before Copy: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

  • Before Property Create: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

  • Before Property Delete: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

  • After Property Delete: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

• Smart Archiving - Skips Restore of Artifacts with the Same Name and Path

  The restore process now skips any artifact that already exists in the target location, preventing accidental overwrites. The existing file will be preserved, and the skipped operation will be noted in the logs and the CSV report.

• Smart Archiving - Supported Archive Packages Search for Project Admins

  Project Admins will now see and be able to use the Archive Search feature. The search results are automatically scoped, ensuring they can only view archived packages that belong to the projects they manage.

Resolved Issues

Artifactory 7.122

This section includes all the Artifactory 7.122 releases.

Artifactory 7.122.2 SaaS

Released: 29 August, 2025

Feature Enhancements

• Support for webhooks for project-related builds

  Artifactory now supports the creation of webhooks for builds associated with specific projects. This enables you to receive notifications whenever a build in a particular project is uploaded, promoted, or deleted. To create a build webhook for a specific project, you must be working within the scope of the project (as opposed to All Projects).

  For specific guidelines about creating a build webhook for a specific project, see Domain: Build.

• Change in API response for Release Bundle v2 tags

  To correct inconsistent behavior, the following API endpoints have changed the response for Release Bundle v2 tags from bundle_tag and release_bundle_tag to a standard response of tag:

  • Create Release Bundle v2 Version
  • Assign Tag to Release Bundle v2 Version API
  • Get Release Bundle v2 Versions API

• Evidence propagation to Federation members

  This release enhances the Evidence service to enable evidence propagation to all Federation members, regardless of whether they contain the relevant public key for verification. Evidence verification, however, is performed only on those members that have the public key. For more information, see Verify Evidence.

• RPM Package Settings

  Added support for Administrators to enable/disable RPM package settings for the following:

  • Recommends Tags
  • SHA256

  For enabling/disabling these settings, see Enable/Disable RPM Package Settings.

• Curation Support for NuGet Virtual Repositories

  Extended JFrog Curation capabilities to support NuGet virtual repositories, providing a powerful, centralized way to secure your NuGet package consumption.

• UI Support for Debian Source Package Search

  Added support for Debian Source package search.

• Improvement in VCS Remote Repositories

  The GitHub Server option for Git providers was added for VCS remote repositories. For more information, see Additional Settings for VCS Remote Repositories.

• Improvement to the Vendor Folder for the Private Go Registry and the Go Proxy

  Checksums in the private Go registry and the Go proxy are now aligned for the Go version 1.24 vendor folder.

• Updated Artifactory Worker Events

  Updated the following Worker Events:

  • After Copy: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

  • After Delete The following field is removed from the Sample Payload:

    headers

  • After Property Create: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing, disableRedirect and headers.

  • After Move: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

  • Before Move: The following fields are removed from the Sample Payload:

    contentLength, trustServerChecksums, servletContextUrl, skipJarIndexing and disableRedirect.

Resolved Issues

Artifactory 7.120

This section includes all the Artifactory 7.120 releases.

Artifactory 7.120.3 SaaS

Released: 18 August, 2025

Resolved Issues

Artifactory 7.120.2 SaaS

Released: 15 August, 2025

Resolved Issues

Artifactory 7.120.1 SaaS

Released: 13 August, 2025

New Features

• Support for signed attestations in OCI images

  The Evidence Collection service can take signed, 3rd-party attestations uploaded to Artifactory as OCI images and convert them automatically into JFrog evidence. For example, this new feature can successfully convert attestations created using the cosign attest command. For the automatic conversion to work, the attestations must conform to both the DSSE and in-toto standards.

Feature Enhancements

• Filtering added to Get All Repository Configurations API

  You can now use query parameters to filter the results of the Get All Repository Configurations API. You can filter by package type (for example, docker, maven) and repository type (for example, local or remote).

• Context retention in Artifacts browser

  When you copy or move artifacts in the Artifacts browser, the UI no longer moves automatically to the destination path of the operation but remains in its original context. To move to the destination path after the copy or move operation is complete, click the Go to path link in the confirmation message.

  

• Added Enforcement of Custom Configurations for Certain Remote Docker Repositories

  When creating a remote Docker repository for an Azure Container Registry (*.azurecr.io) or a Microsoft Container Registry (https://mcr.microsoft.com/), Artifactory makes the following default configuration:

  • Disable URL Normalization = true

  When creating a remote Docker repository for a Chainguard Registry (http://cgr.dev/chainguard), Artifactory makes the following default configuration:

  • Block Mismatching Mime Types = true

  These default configurations are set upon remote repository creation and can be canceled afterwards. For more information, see Other Advanced Settings for Remote Repositories.

Resolved Issues

Artifactory 7.119

This section includes all the Artifactory 7.119 releases.

Artifactory 7.119.1 SaaS

Released: August 3, 2025

This is a maintenance release with no fixes to report and no effect on customers.

Artifactory 7.119.0 SaaS

Released: 30 July, 2025

New Features

• New Parent Manifests API

  A Parent Manifests API has been added, which allows you to discover all parent manifest lists associated with a specific Docker manifest. For more information, see Find Parent Manifest Lists API.

• New JFrog for GitHub App

  The JFrog Platform now supports the JFrog for GitHub App, which allows you to connect GitHub repositories to the JFrog platform. This integration enables a scalable setup, allowing you to create a centralized OIDC configuration and automate Frogbot deployment. For more information, see Integration With GitHub App.

Feature Enhancements

• Improved npm Search

  It is now possible to search for up to three search terms in npm local repositories when using the "npm search" command.

• Improved Change Artifacts count UI widget caching mechanism

  Improvements were made to the Change Artifacts count UI widget caching mechanism.

• Improved Configuration Descriptor Validation

  Configuration descriptor validation was improved to increase system stability.

• Redesigned presentation of Release Bundle v2 contents

  The Content tab for Release Bundle v2 versions has been redesigned to show each package and standalone artifact included in the version (known as "releasables") and their source (for example, a build or a different Release Bundle). For more information, see View the Contents of a Release Bundle v2 Version.

• Improvements to evidence graph

  The design of the Release Bundle evidence graph has been improved to make it easier to distinguish between the various elements (builds, packages, etc.) that comprise the Release Bundle. For more information, see View Release Bundle v2 Evidence.

• Platform UI support for displaying larger evidence files

  The platform UI can now display evidence files up to a maximum size of 3000 lines (compared to 1500 lines in previous versions). Larger evidence files can be downloaded with a single click. For more information, see View Evidence.

• Adding days/weeks selection for Time-based Policy Condition - Cleanup Release Bundle V2

  Enhanced RB V2 cleanup functionality with the addition of days/weeks selection for policy condition. You can now configure cleanup conditions, specifying days/weeks for the RB V2. For more information, see Create Cleanup Policy - Release Bundle V2.

Resolved Issues

Artifactory 7.118

This section includes all the Artifactory 7.118 release notes.

Artifactory 7.118.2 SaaS

Released: 24 July, 2025

Feature Enhancements

• New Metadata Properties Added to the manifest.json

  Metadata properties for the operating system and the operating system architecture will now be added to the manifest.json after pushing or caching a new image. These new properties are set in docker.os and docker.architecture, respectively.

• Prevent accidental removal of referenced sub-architectures in multi-arch images

  Starting from this Artifactory version, when deleting a multi-architecture image, any sub-architecture variant that is still referenced by another image will be preserved.

• Source environment included in Release Bundle v2 promotion GET API results

  The Get Release Bundle v2 Promotions API and Get Release Bundle v2 Version Promotions API REST APIs now include the source environment in their responses. This enables you to see at a glance the name of the environment from which the Release Bundle version was promoted.

• Improved Get Federation Sync State REST API performance

  The performance of the Get Federation Sync State REST AP that returns the synchronization state of all Federated repositories in the JPD has been improved.

📘

Note

This API endpoint is relevant for users operating the legacy Federation service, not the Artifactory Federation Service (RTFS).

• NuGet Package - Now Supports .NET CLI

  NuGet packages now include support for the .NET CLI.

• Retention Policies - Cleanup & Smart Archiving

  The Stop All Runs action is now restricted to Platform Admins only. Project Admins no longer have access to this action.

• Added Support for Terraform Remote Repositories

  Terraform remote repositories now support proxy GitLab and Terraform Cloud registries. For more information, see Create Terraform/OpenTofu and Terraform Backend Repository.

Resolved Issues

Artifactory 7.117

This section includes all the Artifactory 7.117 releases.

Artifactory 7.117.5 SaaS

Released: 18 July, 2025

Feature Enhancements

• Release Bundle v2 version supports plus sign character

  You can now include a plus sign (+) when defining the version of a Release Bundle v2. This change was made to achieve alignment with the SemVer 2.0.0 specification. For more information, see Create Release Bundle v2 Version.

Resolved Issues

Artifactory 7.117.3 SaaS

Released: 14 July, 2025

Resolved Issues

Artifactory 7.117.2 SaaS

Released: 04 July, 2025

Resolved Issues

Artifactory 7.117.1 SaaS

Released: 30 June, 2025

⚠️

Breaking Change for Access REST APIs

From this version, Access REST API responses will be returned as compact JSON and not as pretty-printed JSON. Note that some automatic parsers that rely on the formatting will require an update.

New Features

• New REST API: Get Projects List for a Global Role

  The JFrog Platform now supports getting a paginated list of projects where a specific global role is used. For more information, see Get Project List for a Global Role API.

Feature Enhancements

• API Run Summary Reports for Cleanup and Smart Archiving

  Added new API endpoints for cleanup and smart archiving that provide detailed run summary reports in JSON format. For more details, refer toView Package Cleanup Policy Run Summary Report API and View Smart Archiving Policy Run Summary Report API.

• Smart Archiving Packages: Evidence

  Added support for the archival of evidence associated with any packages. This enhancement ensures that relevant evidence is preserved as part of your archiving strategy, streamlining your package management process. For more information, refer to Smart Archiving.

• Property-based Policy Condition - Smart Archiving Packages

  Enhanced package-archivie functionality with the addition of a property-based policy condition. You can now include or exclude specific package versions from archive by applying a property-based policy condition. This allows for more granular control over which packages are retained or archived during archive actions. For more information, see Create Smart Archiving Policy.

• Filter Users and Groups by Role Within a Repository Via REST API The JFrog Platform now supports filtering users and groups by role within a specific repository via REST API. For example, you can easily retrieve a list of admins for a specific repository to streamline permissions management. For more information, see Get User List API and Get a List of Groups API.

• Allow Granting Manage Permissions in Permissions V2

  The JFrog Platform now supports allowing users with manage permissions to grant manage and other permissions to other users in Permissions V2, although it is not recommended. For more information, see Permissions.

• Support for Reading Permissions Scoped Tokens

  It is now possible for non-admin users to use the Get Repository Configuration API REST API endpoint using a scoped token. For more information, see Create Scoped Token API.

• Add Unlimited Groups to a Reference Token in SAML The JFrog Platform now supports adding an unlimited number of groups in SAML user-scoped reference tokens, as the number of groups does not affect the payload. For more information, see Create Token API.

• Removal and Backup of Mission Control Plugins

  The following Mission Control plugins, which were created during the initial days specifically for Mission Control, are no longer required by any JFrog products. As a result, these plugins will be removed in this version and backup files are created with a .backup extension.

  • internalUser.groovy
  • ldapSettingsConfig.groovy
  • ldapGroupsConfig.groovy
  • haClusterDump.groovy
  • repoLayoutsConfig.groovy
  • proxiesConfig.groovy
  • propertySetsConfig.groovy
  • requestRouting.groovy
  • httpSsoConfig.groovy
  • pluginsConfig.groovy

  For more information, see User Plugins documentation.

• Release Bundle v2 promotion rollback

  You can now use the Release Bundle v2 promotion rollback API to roll back the latest promotion of a Release Bundle v2 version. Rollback deletes the contents of the latest promotion (including its artifacts, properties, and evidence) and restores the version to its previous environment, including the properties and evidence it contained when the version was first created. For more information, see Promotion Rollback.

• Assigning a tag when creating a Release Bundle v2 version

  You can now assign a tag when creating a Release Bundle v2 version with the REST API. Use the tag to identify the version quickly. For example, you can create tags such as nightly-build, release-candidate, bugfix-2025-33124, and so on. The tag will appear on the card for the Release Bundle version on the Release Lifecycle stages board.

📘

Note

You can continue using the Assign Tag API REST API to tag existing Release Bundle versions.

• Version counter on Release Lifecycle kanban board

  The Release Lifecycle kanban board now includes a counter so that you can see at a glance how many versions of the selected Release Bundle currently exist.

• Improved error codes during Release Bundle v2 creation

  Artifactory will now return 404 when an artifact or package is missing from the defined artifact or package list during Release Bundle v2 creation. In addition, Artifactory will return 403 when an artifact or package is filtered out due to a user permissions issue.

• Evidence provider logo displayed on kanban board

  Each evidence item displayed on the Release Lifecycle kanban board now includes a logo to indicate the provider of that evidence, whether it is evidence provided by the JFrog platform or evidence originating from other providers, such as GitHub or Sonar. The logo is also displayed prominently when the contents of the evidence item are opened.

• Improvement in Promoting Docker Images

  Starting from this Artifactory version, when Docker image promotion overrides an existing image tag in the target repository, shared layers from other tags of the same image will not be deleted. In versions prior to 7.117.1, these shared layers may be deleted.

• CocoaPods Smart Repositories

  The CocoaPods Settings section has been removed from the smart repository creation page. Smart repositories automatically inherit configuration from their source repository, making manual settings unnecessary.

• Improved Robustness of Binary Uploads to Google Cloud Storage (GCS)

  The robustness of binary uploads to GCS has been improved by enhancing recovery mechanisms.

• Cocoapods CDN Smart Repository Support

  Added smart repositories support for CocoaPods CDN.

Resolved Issues

Artifactory 7.116

This section includes all the Artifactory 7.116 releases.

❗️

Removal and Backup of Mission Control Plugins

The following Mission Control plugins, which were created during the initial days specifically for Mission Control, are no longer required by any JFrog products. As a result, these plugins will be removed in the upcoming version 7.117 and backup files are created with a .backup extension.

• internalUser.groovy
• ldapSettingsConfig.groovy
• ldapGroupsConfig.groovy
• haClusterDump.groovy
• repoLayoutsConfig.groovy
• proxiesConfig.groovy
• propertySetsConfig.groovy
• requestRouting.groovy
• httpSsoConfig.groovy
• pluginsConfig.groovy

For more information, see User Plugins documentation.

Artifactory 7.116.3 SaaS

Released: 22 June, 2025

Feature Enhancements

• Release Bundle v2 creation using items in remote-cache repositories

  You can now create a Release Bundle v2 version that includes packages and artifacts located in remote-cache repositories. For more information about Release Bundle creation, see Create Release Bundle v2 Version.

• SBOMs containing remote-cache dependencies

  Release Bundle v2 versions created from build-info can now include build dependencies located in remote-cache repositories, provided you have used the option for including dependencies in the Release Bundle. If this option has not been used, the remote-cache dependencies will not be included in the Release Bundle, but the SBOM used by Xray will still contain metadata about those dependencies.

• Source environment of Release Bundle v2 promotions

  The source environment of a Release Bundle v2 promotion is now included in the API response, making it easier for users to identify the start and end points of the promotion. For more information about promotion, see Promote Release Bundle v2 Version.

• Additions to Artifactory Request Log (JSON version)

  The JSON version of the Artifactory request log has been enhanced to include additional metrics for improved tracking of request and response performance. These enhancements provide insights into response timing, data size, processing duration, and request specifications.

• Support for New Package Type in Cleanup Policies and Smart Archiving

  Cleanup Policies and Smart Archiving now support Composer package type.

• Daily Notification Emails for Token Expiration

  The JFrog Platform now supports setting intervals for email notifications about tokens that are about to expire, either once or daily during the notice period. For more information, see Token Expiration Notification.

• JFrog Platform WebUI Breadcrumbs

  From Artifactory version 7.116.3, breadcrumbs allowing you to orient yourself in the JFrog Platform WebUI will gradually be rolled out to all pages. For more information, see JFrog Platform Navigation.

Resolved Issues

Artifactory 7.115

This section includes all the Artifactory 7.115 releases.

Artifactory 7.115.5 SaaS

Released: 22 June 2025

Resolved Issues

Artifactory 7.115.4 SaaS

Released: 18 June, 2025

Resolved Issues

Artifactory 7.115.3 SaaS

Released: 12 June, 2025

Feature Enhancements

• Support for N versions in Retention Policies

  Cleanup Policies and Smart Archiving now support N versions for Docker, OCI and Helm OCI. For more information, see Cleanup Supported Packages and Smart Archiving Supported Packages.

• Creating a Release Bundle v2 version from packages

  You can now create a Release Bundle v2 version by defining one or more packages to include in the Release Bundle. The Release Bundle can include packages of every type supported by Artifactory. For more information, see Create Release Bundle v2 Version API.

• Expanded support for scoped tokens in Deploy Evidence API

  The Deploy Evidence REST API now supports scoped tokens based on specified artifacts in addition to its previous support for scoped tokens based on a specified repository. In both cases, the scoped token must include the Annotate action. For more information, see Create Scoped Token API.

• Get Worker Code Samples with Worker Code Gallery

  The JFrog Platform now supports populating new Workers with GitHub code samples, directly from the JFrog Platform WebUI. For more information, see Configure Workers in the UI.

• Rerun Worker Runs

  The JFrog Platform now supports a Rerun feature to troubleshoot Worker runs. For more information, see Workers Troubleshooting.

Resolved Issues

Artifactory 7.114

This section includes all the Artifactory 7.114 releases.

Artifactory 7.114.3 SaaS

Released: 2 June 2025

Resolved Issues

Artifactory 7.114.2 SaaS

Released: 26 May, 2025

Feature Enhancements

• Support for Reading Permissions Scoped Tokens

  It is now possible for non-admin users to use the HA License Information API and Get Storage Summary Info API endpoints using a scoped token. For more information, see Create Scoped Token API.

• Default Socket Timeout for Federated Repositories

  The default socket timeout for Federated repositories has been changed to 300000 milliseconds (5 minutes). This value can be adjusted, if required, using an Artifactory system property. For more information, see Increase the Predefined Socket Timeout for Larger Repositories.

Resolved Issues

Artifactory 7.113

Artifactory 7.113.4 SaaS

Released: 20 May 2025

Feature Enhancements

Several improvements to the user experience.

Artifactory 7.113.0 SaaS

Released: 6 May, 2025

⚠️

Breaking Change

As part of security hardening, the scope of permissions around existing repositories using access tokens has been updated. As a result, builds across some package types may result in "forbidden" or "unauthorized" errors. To resolve this, update the token scope by assigning the required permissions to the specific group or users that requires them.

Feature Enhancements

• Improved Builds table

  The Builds table features two important enhancements:

  • The maximum of 100 builds displayed in the table has been removed. The table can now display all the builds that exist in your Artifactory instance.
  • A search window has been added to make it easier to focus on the builds of greatest importance to you. (This new search window works in coordination with the platform search window at the top of the UI.)

• Create Release Bundle v2 version from multiple sources

  You can now create a Release Bundle v2 version from multiple sources, for example, a combination of artifacts, builds, and existing Release Bundles. For more information, see Create Release Bundle v2 Version API.

• Release Bundle v2 – support for SBOMs with remote dependencies

  Previously, Release Bundle v2 did not include information about dependencies from remote repositories, which prevented the generation of a complete SBOM (software bill of materials) by Xray. This limitation has now been removed, which means that information about these dependencies will be included in the SBOM, and Xray (version 3.121.7 and above) can scan them. Having a complete SBOM increases transparency and security by providing insight into all components involved in the Release Bundle, and helps with auditing and compliance.

📘

Note

Although information about remote dependencies is included in the SBOM, the dependencies themselves are not included in the Release Bundle in the current version.

• Updated Type Definitions for Event-Driven Workers' Response

  Refined TypeScript type definitions for event-driven workers' response to improve the developer experience.

Resolved Issues

Artifactory 7.112

This section includes all the Artifactory 7.112 releases.

Artifactory 7.112.0 SaaS

Released: 23 April, 2025

Feature Enhancements

• Adding properties to Release Bundle v2 versions

  You can now add properties and property sets to Release Bundle v2 versions. Properties are user-defined, key-value pairs that are added to the Release Bundle v2 version's manifest file. For more information, see Add Properties to a Release Bundle v2 Version.

• New search and filtering options for Release Lifecycle Management kanban board

  The Release Lifecycle Management kanban board now features options for searching through and filtering the displayed Release Bundle versions. These options make it easier for you to focus on the versions of greatest interest.

• Support for New Package Types in Cleanup Policies

  Cleanup Policies now support Chef and Puppet package types.

Resolved Issues

Artifactory 7.111

This section includes all the Artifactory 7.111 releases.

Artifactory 7.111.2 SaaS

Released: 11 April 2025

Resolved Issues

Artifactory 7.111.1 SaaS

Released: 09 April, 2025

New Features

• Retention Policies: Smart Archiving

  The Smart Archiving Retention Policies feature is designed to streamline the management of stale artifacts in Artifactory. This new functionality facilitates the seamless movement of inactive or less frequently accessed packages from an active Artifactory instance to an archive instance connected to a low-cost, cost-effective storage solution. For more information, see Archive.

Feature Enhancements

• New Machine Learning Layout for Hugging Face Repositories

  All new Hugging Face repositories are now created with the new unified Machine Learning layout. Users can also migrate legacy Hugging Face repositories to the new Machine Learning layout on a manual basis. The Hugging Face repositories legacy layout will be deprecated in September 2025 when all repositories with the legacy layout will be automatically upgraded to the Machine Learning layout. For more information, click here.

• Docker Repository Key Length Limitation on SaaS Platforms

  Artifactory SaaS customers using the Docker Subdomain method will now receive a warning when creating a repository if their repository key is too long for DNS record creation. This could lead to accessibility issues if DNS is not managed internally. However, exceeding the character count does not prevent creating the repository. For more information, click here.

• Release Bundle v2 auto-creation enhancements

  The following enhancements are now available for the Release Bundle v2 auto-creation feature introduced in Artifactory 7.107.1:

  • Creating project-specific environments during build promotion

    When promoting a build, if the target repository (targetRepo) is part of a project, a project-specific environment is created for the auto-created Release Bundle v2. The environment is named after the status value of the build.

  • Giving build status priority over an existing target environment during build promotion

    If the status is defined for a build, the environment represented by that status is always given priority during promotion. For example, if an environment assigned to the targetRepo matches the status, the auto-created Release Bundle v2 is promoted to that environment. (That is, it is given priority over other environments that might also be assigned to the targetRepo.) If no environment exists for the status, a new environment is created for the promoted Release Bundle v2 with the name of the status, even when other environments are available.

• Increased limits for Release Bundle v2 names and versions

  The maximum length of the name (release_bundle_name), version (release_bundle_version), and creator (created_by) of a Release Bundle v2 has been increased to 255 characters when working with the REST API.

• Get Release Bundle v2 Versions API returns tag information

  The Get Release Bundle v2 Versions API now returns the descriptive tag assigned to a Release Bundle version. For more information about tagging, see Assign Tag to Release Bundle v2 Version API.

• Support for SemVer sorting in Release Bundle v2 APIs

  SemVer sorting support has been added to the Get Release Bundle v2 Versions API and Get Release Bundle v2 Versions in a Specific Environment API. This support is limited to the 1000 latest records and does not support pagination. This option pulls the latest 1000 records only and does not support pagination. Versions that do not conform to SemVer rules are sorted afterward lexicographically.

• New Worker Event: Before Token Expiry

  JFrog now supports creating event-driven workers to trigger before a token expires. Learn more

• Up to 30 environments supported

  The number of environments the JFrog Platform supports has been increased from 10 to 30 global and project environments.

• Properties Tab for RPM Remote Packages

  Added functionality to calculate and display the properties of an RPM package after it is downloaded from a remote RPM repository. The package properties are now shown in the Properties tab on the UI. For more information, see Search by Property

• Policy Conditions - Cleanup Packages

  • Adding Property-based Policy Condition

    Enhanced package-cleanup functionality with the addition of a property-based policy condition. You can now include or exclude specific package versions from cleanup by applying a property-based policy condition. This allows for more granular control over which packages are retained or removed during cleanup actions. For more information, see Create Cleanup Policy - Package.

  • Adding days/weeks selection for Time-based Policy Condition

    Enhanced package-cleanup functionality with the addition of days/weeks selection for Time-based policy condition. You can now configure by specifying Time-based cleanup conditions based on days/weeks for the packages. For more information, see Create Cleanup Policy - Package.

• Improved Performance of the Repository Selection Field in Set-Me-Up

  The performance of the repository selection field in Set-Me-Up has been improved by promoting a search-first approach.

• Improved Access for Go Remote Repositories

  Go remote repositories now support the ability to access subgroups in GitLab. For more information, click here.

• Added Support for Chocolatey and PowerShell Clients in Nuget Repositories

  • Added support for PowerShell (minimum version 1.0.5) to interact with NuGet repositories.
  • Added support for Chocolatey (minimum version 1.2.0) to interact with Nuget repositories.

  For more information, see NuGet Repositories.

• Added Support for Listing Folder Items in Conan Smart Remote Repositories

  • A new setting, List Folder Items, is now available for Conan Smart Remote Repositories.
  • Enabling the List Remote Artifacts checkbox during repository creation allows folder items to be listed.

• Hex Repositories

  Artifactory now supports Hex Virtual Repository. A Hex virtual repository aggregates Hex local and remote repositories, enabling more efficient package management. To learn more, see Hex Repositories.

• Easier Configuration of the NimModel Redirect Download Form

  The NimModel redirect download form can now be configured through the User Interface.

Resolved Issues

Artifactory 7.119

This section includes all the Artifactory 7.119 releases.

Artifactory 7.119.1 SaaS

Released: August 3, 2025

This is a maintenance release with no fixes to report and no effect on customers.

Artifactory 7.119.0 SaaS

Released: 30 July, 2025

New Features

• New Parent Manifests API

  A Parent Manifests API has been added, which allows you to discover all parent manifest lists associated with a specific Docker manifest. For more information, see Find Parent Manifest Lists API.

• New JFrog for GitHub App

  The JFrog Platform now supports the JFrog for GitHub App, which allows you to connect GitHub repositories to the JFrog platform. This integration enables a scalable setup, allowing you to create a centralized OIDC configuration and automate Frogbot deployment. For more information, see Integration With GitHub App.

Feature Enhancements

• Improved npm Search

  It is now possible to search for up to three search terms in npm local repositories when using the "npm search" command.

• Improved Change Artifacts count UI widget caching mechanism

  Improvements were made to the Change Artifacts count UI widget caching mechanism.

• Improved Configuration Descriptor Validation

  Configuration descriptor validation was improved to increase system stability.

• Redesigned presentation of Release Bundle v2 contents

  The Content tab for Release Bundle v2 versions has been redesigned to show each package and standalone artifact included in the version (known as "releasables") and their source (for example, a build or a different Release Bundle). For more information, see View the Contents of a Release Bundle v2 Version.

• Improvements to evidence graph

  The design of the Release Bundle evidence graph has been improved to make it easier to distinguish between the various elements (builds, packages, etc.) that comprise the Release Bundle. For more information, see View Release Bundle v2 Evidence.

• Platform UI support for displaying larger evidence files

  The platform UI can now display evidence files up to a maximum size of 3000 lines (compared to 1500 lines in previous versions). Larger evidence files can be downloaded with a single click. For more information, see View Evidence.

• Adding days/weeks selection for Time-based Policy Condition - Cleanup Release Bundle V2

  Enhanced RB V2 cleanup functionality with the addition of days/weeks selection for policy condition. You can now configure cleanup conditions, specifying days/weeks for the RB V2. For more information, see Create Cleanup Policy - Release Bundle V2.

Resolved Issues

Artifactory 7.118

This section includes all the Artifactory 7.118 release notes.

Artifactory 7.118.2 SaaS

Released: 24 July, 2025

Feature Enhancements

• New Metadata Properties Added to the manifest.json

  Metadata properties for the operating system and the operating system architecture will now be added to the manifest.json after pushing or caching a new image. These new properties are set in docker.os and docker.architecture, respectively.

• Prevent accidental removal of referenced sub-architectures in multi-arch images

  Starting from this Artifactory version, when deleting a multi-architecture image, any sub-architecture variant that is still referenced by another image will be preserved.

• Source environment included in Release Bundle v2 promotion GET API results

  The Get Release Bundle v2 Promotions API and Get Release Bundle v2 Version Promotions API REST APIs now include the source environment in their responses. This enables you to see at a glance the name of the environment from which the Release Bundle version was promoted.

• Improved Get Federation Sync State REST API performance

  The performance of the Get Federation Sync State REST API that returns the synchronization state of all Federated repositories in the JPD has been improved.

📘

Note

This API endpoint is relevant for users operating the legacy Federation service, not the Artifactory Federation Service (RTFS).

• NuGet Package - Now Supports .NET CLI

  NuGet packages now include support for the .NET CLI.

• Retention Policies - Cleanup & Smart Archiving

  The Stop All Runs action is now restricted to Platform Admins only. Project Admins no longer have access to this action.

• Added Support for Terraform Remote Repositories

  Terraform remote repositories now support proxy GitLab and Terraform Cloud registries. For more information, see Create Terraform/OpenTofu and Terraform Backend Repository.

Resolved Issues

Artifactory 7.117

This section includes all the Artifactory 7.117 releases.

Artifactory 7.117.5 SaaS

Released: 18 July, 2025

Feature Enhancements

• Release Bundle v2 version supports plus sign character

  You can now include a plus sign (+) when defining the version of a Release Bundle v2. This change was made to achieve alignment with the SemVer 2.0.0 specification.

Resolved Issues

Artifactory 7.117.3 SaaS

Released: 14 July, 2025

Resolved Issues

Artifactory 7.117.2 SaaS

Released: 04 July, 2025

Resolved Issues

Artifactory 7.117.1 SaaS

Released: 30 June, 2025

⚠️

Breaking Change for Access REST APIs

From this version, Access REST API responses will be returned as compact JSON and not as pretty-printed JSON. Note that some automatic parsers that rely on the formatting will require an update.

New Features

• New REST API: Get Projects List for a Global Role

  The JFrog Platform now supports getting a paginated list of projects where a specific global role is used. For more information, see Get Project List for a Global Role API.

Feature Enhancements

• API Run Summary Reports for Cleanup and Smart Archiving

  Added new API endpoints for cleanup and smart archiving that provide detailed run summary reports in JSON format. For more details, refer toView Package Cleanup Policy Run Summary Report API and View Smart Archiving Policy Run Summary Report API.

• Smart Archiving Packages: Evidence

  Added support for the archival of evidence associated with any packages. This enhancement ensures that relevant evidence is preserved as part of your archiving strategy, streamlining your package management process. For more information, refer to Smart Archiving.

• Property-based Policy Condition - Smart Archiving Packages

  Enhanced package-archivie functionality with the addition of a property-based policy condition. You can now include or exclude specific package versions from archive by applying a property-based policy condition. This allows for more granular control over which packages are retained or archived during archive actions. For more information, see Create Smart Archiving Policy.

• Filter Users and Groups by Role Within a Repository Via REST API The JFrog Platform now supports filtering users and groups by role within a specific repository via REST API. For example, you can easily retrieve a list of admins for a specific repository to streamline permissions management. For more information, see Get User List API and Get a List of Groups API.

• Allow Granting Manage Permissions in Permissions V2

  The JFrog Platform now supports allowing users with manage permissions to grant manage and other permissions to other users in Permissions V2, although it is not recommended. For more information, see Permissions.

• Support for Reading Permissions Scoped Tokens

  It is now possible for non-admin users to use the Get Repository Configuration API endpoint using a scoped token. For more information, see Create Scoped Token API.

• Add Unlimited Groups to a Reference Token in SAML The JFrog Platform now supports adding an unlimited number of groups in SAML user-scoped reference tokens, as the number of groups does not affect the payload. For more information, see Create Token API.

• Removal and Backup of Mission Control Plugins

  The following Mission Control plugins, which were created during the initial days specifically for Mission Control, are no longer required by any JFrog products. As a result, these plugins will be removed in this version and backup files are created with a .backup extension.

  • internalUser.groovy
  • ldapSettingsConfig.groovy
  • ldapGroupsConfig.groovy
  • haClusterDump.groovy
  • repoLayoutsConfig.groovy
  • proxiesConfig.groovy
  • propertySetsConfig.groovy
  • requestRouting.groovy
  • httpSsoConfig.groovy
  • pluginsConfig.groovy

  For more information, see User Plugins documentation.

• Release Bundle v2 promotion rollback

  You can now use the Promotion Rollback REST API to roll back the latest promotion of a Release Bundle v2 version. Rollback deletes the contents of the latest promotion (including its artifacts, properties, and evidence) and restores the version to its previous environment, including the properties and evidence it contained when the version was first created. For more information, see Promotion Rollback.

• Assigning a tag when creating a Release Bundle v2 version

  You can now assign a tag when creating a Release Bundle v2 version with the Create Release Bundle v2 Version API. Use the tag to identify the version quickly. For example, you can create tags such as nightly-build, release-candidate, bugfix-2025-33124, and so on. The tag will appear on the card for the Release Bundle version on the Release Lifecycle stages board.

📘

Note

You can continue using the Assign Tag API to tag existing Release Bundle versions.

• Version counter on Release Lifecycle kanban board

  The Release Lifecycle kanban board now includes a counter so that you can see at a glance how many versions of the selected Release Bundle currently exist.

• Improved error codes during Release Bundle v2 creation

  Artifactory will now return 404 when an artifact or package is missing from the defined artifact or package list during Release Bundle v2 creation. In addition, Artifactory will return 403 when an artifact or package is filtered out due to a user permissions issue.

• Evidence provider logo displayed on kanban board

  Each evidence item displayed on the Release Lifecycle kanban board now includes a logo to indicate the provider of that evidence, whether it is evidence provided by the JFrog platform or evidence originating from other providers, such as GitHub or Sonar. The logo is also displayed prominently when the contents of the evidence item are opened.

• Improvement in Promoting Docker Images

  Starting from this Artifactory version, when Docker image promotion overrides an existing image tag in the target repository, shared layers from other tags of the same image will not be deleted. In versions prior to 7.117.1, these shared layers may be deleted.

• CocoaPods Smart Repositories

  The CocoaPods Settings section has been removed from the smart repository creation page. Smart repositories automatically inherit configuration from their source repository, making manual settings unnecessary.

• Improved Robustness of Binary Uploads to Google Cloud Storage (GCS)

  The robustness of binary uploads to GCS has been improved by enhancing recovery mechanisms.

• Cocoapods CDN Smart Repository Support

  Added smart repositories support for CocoaPods CDN.

Resolved Issues

Artifactory 7.116

This section includes all the Artifactory 7.116 releases.

❗️

Removal and Backup of Mission Control Plugins

The following Mission Control plugins, which were created during the initial days specifically for Mission Control, are no longer required by any JFrog products. As a result, these plugins will be removed in the upcoming version 7.117 and backup files are created with a .backup extension.

• internalUser.groovy
• ldapSettingsConfig.groovy
• ldapGroupsConfig.groovy
• haClusterDump.groovy
• repoLayoutsConfig.groovy
• proxiesConfig.groovy
• propertySetsConfig.groovy
• requestRouting.groovy
• httpSsoConfig.groovy
• pluginsConfig.groovy

For more information, see User Plugins documentation.

Artifactory 7.116.3 SaaS

Released: 22 June, 2025

Feature Enhancements

• Release Bundle v2 creation using items in remote-cache repositories

  You can now create a Release Bundle v2 version that includes packages and artifacts located in remote-cache repositories. For more information about Release Bundle creation, see Create Release Bundle v2.

• SBOMs containing remote-cache dependencies

  Release Bundle v2 versions created from build-info can now include build dependencies located in remote-cache repositories, provided you have used the option for including dependencies in the Release Bundle. If this option has not been used, the remote-cache dependencies will not be included in the Release Bundle, but the SBOM used by Xray will still contain metadata about those dependencies.

• Source environment of Release Bundle v2 promotions

  The source environment of a Release Bundle v2 promotion is now included in the API response, making it easier for users to identify the start and end points of the promotion. For more information about promotion, see Promote Release Bundle v2 Version API.

• Additions to Artifactory Request Log (JSON version)

  The JSON version of the Artifactory request log has been enhanced to include additional metrics for improved tracking of request and response performance. These enhancements provide insights into response timing, data size, processing duration, and request specifications.

• Support for New Package Type in Cleanup Policies and Smart Archiving

  Cleanup Policies and Smart Archiving now support Composer package type.

• Daily Notification Emails for Token Expiration

  The JFrog Platform now supports setting intervals for email notifications about tokens that are about to expire, either once or daily during the notice period. For more information, see Token Expiration Notification.

• JFrog Platform WebUI Breadcrumbs

  From Artifactory version 7.116.3, breadcrumbs allowing you to orient yourself in the JFrog Platform WebUI will gradually be rolled out to all pages. For more information, see JFrog Platform Navigation.

Resolved Issues

Artifactory 7.115

This section includes all the Artifactory 7.115 releases.

Artifactory 7.115.5 SaaS

Released: 22 June 2025

Resolved Issues

Artifactory 7.115.4 SaaS

Released: 18 June, 2025

Resolved Issues

Artifactory 7.115.3 SaaS

Released: 12 June, 2025

Feature Enhancements

• Support for N versions in Retention Policies

  Cleanup Policies and Smart Archiving now support N versions for Docker, OCI and Helm OCI. For more information, see Cleanup Supported Packages and Smart Archiving Supported Packages.

• Creating a Release Bundle v2 version from packages

  You can now create a Release Bundle v2 version by defining one or more packages to include in the Release Bundle. The Release Bundle can include packages of every type supported by Artifactory. For more information, see Create Release Bundle v2 Version.

• Expanded support for scoped tokens in Deploy Evidence API

  The Deploy Evidence REST API now supports scoped tokens based on specified artifacts in addition to its previous support for scoped tokens based on a specified repository. In both cases, the scoped token must include the Annotate action. For more information, see Create Scoped Token API.

• Get Worker Code Samples with Worker Code Gallery

  The JFrog Platform now supports populating new Workers with GitHub code samples, directly from the JFrog Platform WebUI. For more information, see Configure Workers in the UI.

• Rerun Worker Runs

  The JFrog Platform now supports a Rerun feature to troubleshoot Worker runs. For more information, see Workers Troubleshooting.

Resolved Issues

Artifactory 7.114

This section includes all the Artifactory 7.114 releases.

Artifactory 7.114.3 SaaS

Released: 2 June 2025

Resolved Issues

Artifactory 7.114.2 SaaS

Released: 26 May, 2025

Feature Enhancements

• Support for Reading Permissions Scoped Tokens

  It is now possible for non-admin users to use the HA License Information API and Get Storage Summary Info API endpoints using a scoped token. For more information, see Create Scoped Token API.

• Default Socket Timeout for Federated Repositories

  The default socket timeout for Federated repositories has been changed to 300000 milliseconds (5 minutes). This value can be adjusted, if required, using an Artifactory system property. For more information, see Increase the Predefined Socket Timeout for Larger Repositories.

Resolved Issues

Artifactory 7.113

Artifactory 7.113.4 SaaS

Released: 20 May 2025

Feature Enhancements

Several improvements to the user experience.

Artifactory 7.113.0 SaaS

Released: 6 May, 2025

⚠️

Breaking Change

As part of security hardening, the scope of permissions around existing repositories using access tokens has been updated. As a result, builds across some package types may result in "forbidden" or "unauthorized" errors. To resolve this, update the token scope by assigning the required permissions to the specific group or users that requires them.

Feature Enhancements

• Improved Builds table

  The Builds table features two important enhancements:

  • The maximum of 100 builds displayed in the table has been removed. The table can now display all the builds that exist in your Artifactory instance.
  • A search window has been added to make it easier to focus on the builds of greatest importance to you. (This new search window works in coordination with the platform search window at the top of the UI.)

• Create Release Bundle v2 version from multiple sources

  You can now create a Release Bundle v2 version from multiple sources, for example, a combination of artifacts, builds, and existing Release Bundles. For more information, see Create Release Bundle v2 Version API.

• Release Bundle v2 – support for SBOMs with remote dependencies

  Previously, Release Bundle v2 did not include information about dependencies from remote repositories, which prevented the generation of a complete SBOM (software bill of materials) by Xray. This limitation has now been removed, which means that information about these dependencies will be included in the SBOM, and Xray (version 3.121.7 and above) can scan them. Having a complete SBOM increases transparency and security by providing insight into all components involved in the Release Bundle, and helps with auditing and compliance.

📘

Note

Although information about remote dependencies is included in the SBOM, the dependencies themselves are not included in the Release Bundle in the current version.

• Updated Type Definitions for Event-Driven Workers' Response

  Refined TypeScript type definitions for event-driven workers' response to improve the developer experience.

Resolved Issues

Artifactory 7.112

This section includes all the Artifactory 7.112 releases.

Artifactory 7.112.0 SaaS

Released: 23 April, 2025

Feature Enhancements

• Adding properties to Release Bundle v2 versions

  You can now add properties and property sets to Release Bundle v2 versions. Properties are user-defined, key-value pairs that are added to the Release Bundle v2 version's manifest file. For more information, see Add Properties to a Release Bundle v2 Version .

• New search and filtering options for Release Lifecycle Management kanban board

  The Release Lifecycle Management kanban board now features options for searching through and filtering the displayed Release Bundle versions. These options make it easier for you to focus on the versions of greatest interest.

• Support for New Package Types in Cleanup Policies

  Cleanup Policies now support Chef and Puppet package types.

Resolved Issues

Artifactory 7.111

This section includes all the Artifactory 7.111 releases.

Artifactory 7.111.2 SaaS

Released: 11 April 2025

Resolved Issues

Artifactory 7.111.1 SaaS

Released: 09 April, 2025

New Features

• Retention Policies: Smart Archiving

  The Smart Archiving Retention Policies feature is designed to streamline the management of stale artifacts in Artifactory. This new functionality facilitates the seamless movement of inactive or less frequently accessed packages from an active Artifactory instance to an archive instance connected to a low-cost, cost-effective storage solution. For more information, see Archive.

Feature Enhancements

• New Machine Learning Layout for Hugging Face Repositories

  All new Hugging Face repositories are now created with the new unified Machine Learning layout. Users can also migrate legacy Hugging Face repositories to the new Machine Learning layout on a manual basis. The Hugging Face repositories legacy layout will be deprecated in September 2025 when all repositories with the legacy layout will be automatically upgraded to the Machine Learning layout. For more information, Machine Learning Repository Structure.

• Docker Repository Key Length Limitation on SaaS Platforms

  Artifactory SaaS customers using the Docker Subdomain method will now receive a warning when creating a repository if their repository key is too long for DNS record creation. This could lead to accessibility issues if DNS is not managed internally. However, exceeding the character count does not prevent creating the repository. For more information, click Docker Limitations in Artifactory.

• Release Bundle v2 auto-creation enhancements

  The following enhancements are now available for the Release Bundle v2 auto-creation feature introduced in Artifactory 7.107.1:

  • Creating project-specific environments during build promotion

    When promoting a build, if the target repository (targetRepo) is part of a project, a project-specific environment is created for the auto-created Release Bundle v2. The environment is named after the status value of the build.

  • Giving build status priority over an existing target environment during build promotion

    If the status is defined for a build, the environment represented by that status is always given priority during promotion. For example, if an environment assigned to the targetRepo matches the status, the auto-created Release Bundle v2 is promoted to that environment. (That is, it is given priority over other environments that might also be assigned to the targetRepo.) If no environment exists for the status, a new environment is created for the promoted Release Bundle v2 with the name of the status, even when other environments are available.

• Increased limits for Release Bundle v2 names and versions

  The maximum length of the name (release_bundle_name), version (release_bundle_version), and creator (created_by) of a Release Bundle v2 has been increased to 255 characters when working with the REST API.

• Get Release Bundle v2 Versions API returns tag information

  The Get Release Bundle v2 Versions API now returns the descriptive tag assigned to a Release Bundle version. For more information about tagging, see Assign Tag to Release Bundle v2 Version API.

• Support for SemVer sorting in Release Bundle v2 APIs

  SemVer sorting support has been added to the Get Release Bundle v2 Versions API and Get Release Bundle v2 Versions in a Specific Environment API. This support is limited to the 1000 latest records and does not support pagination. This option pulls the latest 1000 records only and does not support pagination. Versions that do not conform to SemVer rules are sorted afterward lexicographically.

• New Worker Event: Before Token Expiry

  JFrog now supports creating event-driven workers to trigger before a token expires. For more information, see Before Token Expiry Worker Code Sample.

• Up to 30 environments supported

  The number of environments the JFrog Platform supports has been increased from 10 to 30 global and project environments.

• Properties Tab for RPM Remote Packages

  Added functionality to calculate and display the properties of an RPM package after it is downloaded from a remote RPM repository. The package properties are now shown in the Properties tab on the UI. For more information, see Search by Property

• Policy Conditions - Cleanup Packages

  • Adding Property-based Policy Condition

    Enhanced package-cleanup functionality with the addition of a property-based policy condition. You can now include or exclude specific package versions from cleanup by applying a property-based policy condition. This allows for more granular control over which packages are retained or removed during cleanup actions. For more information, see Create Cleanup Policy - Package.

  • Adding days/weeks selection for Time-based Policy Condition

    Enhanced package-cleanup functionality with the addition of days/weeks selection for Time-based policy condition. You can now configure by specifying Time-based cleanup conditions based on days/weeks for the packages. For more information, see Create Cleanup Policy - Package.

• Improved Performance of the Repository Selection Field in Set-Me-Up

  The performance of the repository selection field in Set-Me-Up has been improved by promoting a search-first approach.

• Improved Access for Go Remote Repositories

  Go remote repositories now support the ability to access subgroups in GitLab. For more information, see Proxy GitLab with Go.

• Added Support for Chocolatey and PowerShell Clients in Nuget Repositories

  • Added support for PowerShell (minimum version 1.0.5) to interact with NuGet repositories.
  • Added support for Chocolatey (minimum version 1.2.0) to interact with Nuget repositories.

  For more information, see NuGet Repositories.

• Added Support for Listing Folder Items in Conan Smart Remote Repositories

  • A new setting, List Folder Items, is now available for Conan Smart Remote Repositories.
  • Enabling the List Remote Artifacts checkbox during repository creation allows folder items to be listed.

• Hex Repositories

  Artifactory now supports Hex Virtual Repository. A Hex virtual repository aggregates Hex local and remote repositories, enabling more efficient package management. To learn more, see Hex Repositories.

• Easier Configuration of the NimModel Redirect Download Form

  The NimModel redirect download form can now be configured through the User Interface.

Resolved Issues

Artifactory 7.110

This section includes all the Artifactory 7.110 releases.

Artifactory 7.110.5 SaaS

Released: 10 April 2025

Resolved Issues

Artifactory 7.110.1 SaaS

Released: 25 March, 2025

Feature Enhancements

• New API for adding tags to Release Bundle v2 versions

  You can now add a descriptive tag to a Release Bundle v2 version via REST API to help identify Release Bundle versions quickly. The tag will appear on the stages board in the platform UI to enhance visibility and organization. For example, you can create tags such as nightly-build, release-candidate, bugfix-2025-33124, and so on. For more information, see Assign Tag to Release Bundle v2 Version API.

• New promotion icons on RLM Kanban board and timeline

  New icons have been introduced to the Release Lifecycle Management stages board and timeline. These icons indicate at a glance what type of Release Bundle promotion was performed (copy artifacts or move artifacts). Hovering over the icon provides a tooltip reminder. For more information, see Promote a Release Bundle v2 Version in the Platform UI.

• Organization Enforcement for OIDC GitHub Configuration

  Artifactory now supports increased security for the OIDC GitHub integration by limiting authentication to a specified organization. You can avoid using this feature by selecting the Enable Permissive Configuration checkbox when configuring a new OIDC integration. For more information, see Configure an OIDC Integration.

• SCIM Token Expiry Configuration

  The JFrog Platform now supports the creation of SCIM tokens with configurable expiry times. To learn more, see Generate a Scoped Token for SCIM.

• Additional Support for the PyPI JSON API

  Artifactory now supports PyPI’s JSON API in virtual repositories.

• Remote Repositories

  Added Bearer Authentication support for remote repositories.

Resolved Issues

Artifactory 7.109

This section includes all the Artifactory 7.109 releases.

Artifactory 7.109.2 SaaS

Released: 19 March, 2025

Feature Enhancements

• Improved Project Navigation

  The Projects navigation menu now includes UI usability enhancements: it is now located in the sidebar and highlights Projects filtering to clarify context switching between Project and All Projects scope.

• SCIM Token Expiry Configuration

  The JFrog Platform now supports the creation of SCIM tokens with configurable expiry times. To learn more, see Generate a Scoped Token for SCIM.

• Blocking Blob Uploads If a Digest Does Not Match the Blob’s SHA-256 Checksum

  Added a flag to block blob uploads if a provided digest does not match the blob’s SHA-256 checksum. This flag is disabled by default but can be enabled as needed.

• Permissions Added for Using Zapping Cache on Remote Repositories

  The Zapping Cache action on remote repositories now requires Manage or Delete permissions, either via the UI or API. This change is backward-compatible. For more information on UI changes, see Zapping Cahces, and for API changes, see Zap Cache API.

• RPM Repositories - SHA-256 checksums have been integrated into Local and Virtual repositories

  Added SHA-256 checksums to the repomd.xml files of local and virtual repositories. This improvement ensures package integrity verification aligns with remote repositories' security standards.

  Local repositories previously do not have SHA-256 checksums in their repomd.xml files, increasing the risk of undetected package tampering or corruption.

• Support for Vagrant and Hex in Cleanup and Archive

  • Vagrant packages are now supported in Cleanup and Archive.
  • Hex packages are now supported in Cleanup and Archive.

• Maximum placed on bad checksum search responses

  Responses to the Bad Checksum Search Bad Checksum Search Response API are now limited to a maximum of 10,000 results.

• Changes to Evidence GraphQL APIs

  The repositoryKey and path fields have been deprecated from the Get Evidence and Search Evidence (GraphQL) API GraphQL APIs, and subject (which contains repositoryKey, path, name, and sha256) has been added.

• New API for removing Federation members

  A new REST API enables you to remove a member from all repository Federations to which it belongs. This can be used, for example, when a site is taken out of commission. This API removes the member on this site from all the Federations in which it was a part. For more information, see Remove Federation Member API.

• Searching for distributed Release Bundle versions containing a specific artifact

  The Get Release Bundle v2 Version Promotions with a Specific Artifact API (introduced in (7.107.1) has a new query parameter has a new query parameter that can return distributed Release Bundle versions (origin=target) containing the artifact in addition to created Release Bundle versions (origin=source). This new query parameter makes it possible to run the API on Edge nodes in addition to standard Artifactory instances.

• Access Token Expiry Email Now Points to the CNAME Domain

  The JFrog platform will send users Access token expiry reminder emails which include the CNAME URL instead of the JFrog instance URL

Resolved Issues

Artifactory 7.108

This section includes all the Artifactory 7.108 releases.

Artifactory 7.108.3 SaaS

Released: March 3, 2025

Feature Enhancements

• Support for Alpine and SBT in Cleanup and Archive

  • Alpine packages are now supported in Cleanup and Archive.
  • SBT packages are now supported in Cleanup and Archive.

• Improved Release Lifecycle Management kanban board

  The Release Lifecycle Management kanban board has been redesigned to provide more information at a glance, including clear indications of failed promotions. For more information, see Promote a Release Bundle v2 Version in the Platform UI.

• Compile list of inconsistent Federated repositories

  A new API enables you to return a list of all Federated repositories in your local Artifactory instance that have a configuration mismatch with one or more remote members. After getting the list of mismatches, you can use the Synchronize Federated Member Configuration API on each mismatch to synchronize the members. For more information, see Get List of Inconsistent Federated Repositories API.

• Support Added for PyPI JSON API

  Artifactory now supports the PyPI JSON API in local repositories with most attributes. The following attributes (JSON keys) are not supported:

  • Deprecated keys (releases, downloads, has_sig, bugtrack_url) as described in PyPI JSON API
  • The following info sub keys: description_content_type, dynamic, license_expression, license_files, maintainer, maintainer_email, project_urls, provides_extra, requires_dist
  • Vulnerabilities key

• Get Token Last Used Information

  The JFrog Platform now supports getting a token’s ‘last used’ timestamp when using Get Tokens API and Get Token By ID API.

Resolved Issues

Artifactory 7.107

This section includes all the Artifactory 7.107 releases.

Artifactory 7.107.1 SaaS

Released: 12 February, 2025

New Features

• Packages: Hex Repositories

  Hex repositories in Artifactory allow you to deploy and resolve Hex packages. For more information, refer to Hex Repositories. (GA for all customers)

• Packages: NVIDIA NIM Models

  JFrog Artifactory now integrates with NVIDIA NIM, allowing you to cache NVIDIA NIM models in Artifactory via a remote repository. NVIDIA NIM is a set of microservices designed to accelerate the deployment of foundation models across any cloud or data center, ensuring data security. It provides production-grade runtimes with ongoing security updates and stable APIs, backed by enterprise-grade support. For more information, refer to NVIDIA NIM Repositories.

• API Key Deprecation Control

  As part of the deprecation process, API Key has reached End of Life in Q4.24. This version includes a checkbox in the JFrog platform UI allowing you to control the API Key usage deprecation. This checkbox will be deselected by default: to block API key usage in your environment, select the Disable API Key Usage checkbox under Administration > Security > General. For more information, see JFrog API Key Deprecation Process.

Feature Enhancements

• Auto-creation of Release Bundle v2 versions after build promotion

  By default, Artifactory now creates a Release Bundle v2 version automatically when you promote a build using the JFrog CLI or Promote Build API. It also promotes the Release Bundle to the environment associated with the build's target repository, if defined. Both copy promotions and move promotions are supported. Having a Release Bundle provides better visibility and control over your release candidate as it progresses through your SDLC.

• Attach external evidence to artifacts in the local part of a virtual repository

  You can now attach external evidence to artifacts located in a local repository that is aggregated inside a virtual repository. For more information about attaching external evidence, see Evidence Service.

• Viewing Evidence in the Packages Screen

  You can now view a list of the evidence files associated with a specific package version in a selected repository. For more information, see View the Package Evidence Table.

• New API for returning all Release Bundle v2 versions containing a specified artifact

  A new REST API endpoint is available that returns a list of Release Bundle v2 versions containing the specified artifact. For more information, see Get Release Bundle v2 Versions by Artifact API.

• New API for returning all Release Bundle v2 versions in a specified environment

  A new REST API endpoint is available that returns all Release Bundle v2 versions associated with a specified environment, for example, DEV or PROD. For more information, see Get Release Bundle v2 Versions in a Specific Environment API.

• Move artifacts during Release Bundle v2 promotion in Platform UI

  When promoting a Release Bundle v2 version using the platform UI, you can optionally move the contents of the Release Bundle from the source to the destination instead of copying them (the behavior until now). For example, if you promote a Release Bundle v2 version from the DEV environment to the QA environment and select Move Artifacts, the artifacts are removed from the repositories associated with DEV and moved to the repositories associated with QA. For more information, see Promote a Release Bundle v2 Version in the Platform UI.

• Complete Docker and OCI List Manifest Image Overwrite

  When overwriting a list.manifest file with a new one, all previous sub-manifests will be removed, enhancing storage efficiency and reducing the need for manual cleanup. For more information, See Tag Retention Logic.

• Repositories can now be assigned to more than one environment

  For more information, see Assign Environments to Repositories.

• Improved Cleanup Release Bundle V2 Report

  The Cleanup Release Bundle V2 report has been improved. For more information, refer to Cleanup Run Report Overview.

• Support for Reading Permissions Scoped Tokens

  It is now possible for non-admin users to use the Get User List API, Get a List of Groups API, and Get All Permissions API endpoints using a scoped token. For more information, see Create Scoped Token API.

Resolved Issues

Artifactory 7.106

This section includes all the Artifactory 7.106 releases.

Artifactory 7.106.4 SaaS

Released: 5 February 2025

Resolved Issues

Artifactory 7.106.3 SaaS

Released: 1 February 2025

Resolved Issues

Artifactory 7.106.2 SaaS

Released: 30 January, 2025

Feature Enhancements

• Release Bundle v2 version creation using artifacts in virtual repositories

  You can now create a Release Bundle v2 version using artifacts located in a virtual repository, provided the source path of the artifacts points to a local repository (not a remote repository) aggregated by the virtual repository. This feature is relevant when creating a Release Bundle version from a list of artifacts.

• Move artifacts during Release Bundle v2 promotion

  When promoting a Release Bundle v2 version using the REST API, you can optionally move the contents of the Release Bundle from the source to the destination instead of copying them (the behavior until now). For example, if you promote a Release Bundle v2 version from the DEV environment to the QA environment and set the operation to Move, the artifacts are removed from the repositories associated with DEV and moved to the repositories associated with QA. For more information, see Promote Release Bundle v2 Version API.

• New API for finding Release Bundle v2 promotions with a specified artifact

  A new REST API endpoint is available that returns promoted Release Bundle v2 versions containing a specified artifact. For more information, see Get Release Bundle v2 Version Promotions with a Specific Artifact API.

• Added Support for the PyPI JSON API in Remote Repositories

  Artifactory now supports PyPI’s JSON API in remote repositories. For more information, click here.

• Added Tags for RPM local repositories

  Added support for the Recommends and Suggests dependency tags in the primary.xml metadata of RPM local repositories enhancing package management for clients like dnf and yum by recognizing optional dependencies.

  To learn more, refer to Install RPM Packages Using Yum.

Resolved Issues

Artifactory 7.105

This section includes all the Artifactory 7.105 releases.

Artifactory 7.105.2 SaaS

Released: 21 January 2025

New Features

• Packages: Hex Repositories

  Hex repositories in Artifactory allow you to deploy and resolve Hex packages. For more information, refer to Hex Repositories. (open to selected customers)

Feature Enhancements

• Support for Triggering Partial Reindexing of Helm Charts

  Added support for triggering partial reindexing of Helm charts, enabling more efficient and targeted index.yaml updates. This improvement reduces processing time and resource usage. For more information, see Helm Charts Partial Re-Indexing,

• Improvement to Maven Set-Me-Up Placeholders

  Maven set-me-up placeholders will now automatically populate.

• Support for Conda in Cleanup and Archive

  Conda packages are now supported in Cleanup and Archive.

• Supported Worker Features

  • Alt Response event is now supported.
  • Alt All Responses event is now supported.
  • Alt Remote Content event is now supported.
  • After Download Error event is now supported.
  • Before Download Request event is now supported.
  • Before Build Info Save event is now supported.

Resolved Issues

Artifactory 7.104

This section includes all the Artifactory 7.104 releases.

Artifactory 7.104.2 SaaS

Released: 15 January, 2025

New Features

• Evidence Service

  JFrog's new Evidence service generates an audit trail that documents all the security, quality, and operational steps taken to produce a production-ready software release. It enriches artifacts, packages, builds, and Release Bundles with signed attestation metadata (based on the in-toto Attestation Framework) that can be tracked and verified easily for governance and compliance. The Evidence service enables you to seamlessly consolidate information from all the tools and platforms used in software development into a trusted single source of truth. It also integrates seamlessly with Release Lifecycle Management, providing a graphical interface for viewing the evidence generated at each stage of your SDLC.

  Artifactory creates signed evidence automatically when Release Bundles are promoted and distributed. When used in conjunction with JFrog Xray, additional evidence is created in the form of SBOMs and vulnerability reports.

  In addition, Enterprise+ users can attach externally-produced evidence to artifacts, packages, builds, and Release Bundles using the JFrog CLI.

  For more information, see Evidence Management.

• Artifactory Federation Service

  To meet the growing needs of customers, JFrog has moved the Federated repositories feature into a standalone, multi-tenant service to ensure the timely synchronization of huge volumes of artifact metadata between customer sites. The new standalone service offers the following benefits:

  • Scalability: The Federation service is designed from the ground up to grow as the needs of our customers grow.

  • Automatic Federation recovery: The Federation service features an improved auto-healing mechanism that can identify synchronization problems between members due to an exhausted queue (a queue that has exceeded the maximum number of attempts to send metadata events to other members), reset the failed events, and retry synchronization. This capability is particularly useful in the event a Full Sync operation is interrupted by a restart of one of the Artifactory instances that host a Federation member. For more information, see Federation Recovery and Auto-Healing.

  • Improved monitoring using the Federation dashboard: The new Federation dashboard enables you to:

    • Understand the health status of all your repository Federations at a glance. The dashboard makes it particularly easy to see how many repositories are in error or delayed. For more information, see View the Status of All Repository Federations.
    • Drill down into a selected Federation to see the state of each member at a glance. For more information, see View the Status of a Selected Repository Federation.
    • Give selected repositories priority to system resources to help ensure all their metadata events are synchronized with other Federation members. For more information, see Prioritize Federated Repository.

• Using the Federation Comparison Tool on Federated Repositories

  Users who have the Artifactory Federation Service installed can use the Federation Comparison Tool to compare the state of a Federated repository with one or more remote members to detect missing artifacts in those remote members. This enables you to simulate the results of a Full Sync operation before you perform it. The Federation Comparison tool is invoked using a new query parameter in the Federated Repository Full Sync API. For more information, see Use the Federation Comparison Tool.

• Cleanup Policies: Release Bundle v2

  JFrog Cleanup Policies for Release Bundle v2 enable Platform and Project Administrators to define and customize policies based on specific criteria for removing unused Release Bundles across their JFrog platform. This provides optimal system performance. Administrators can customize a repeatable cleanup process that aligns with their organization's requirements by setting specific criteria and rules. For more information, refer to Cleanup Policies.

• Helm Enforce Layout

  Helm Enforce Layout is designed to maintain the integrity and organization of Helm charts within your repositories. It consists of two key functionalities that promote structure and reduce errors during deployments:

  • Preventing duplicate chart paths: Prevents the deployment of charts with the same name and version to different paths within the same repository, by ensuring that only a single instance of a chart is indexed. This maintains the integrity and accessibility of Helm charts, ensuring that users can easily identify and deploy the desired version without confusion.
  • Enforcing chart names and versions: Ensures that the chart name and version specified in the packaged file name match the values in Chart.yaml and adhere to Semantic Versioning (SemVer) standards adopted by the Helm official specification. Enforcing these rules promotes uniformity, allowing teams to adopt clear naming conventions that foster better collaboration and understanding of changes across different versions.

  For more information, see Helm Enforce Layout.

📘

Note

Helm Enforce Layout is forward-compatible only, it will not work on repositories created prior to Artifactory 7.104.2. This means that even if you upgrade to Artifactory 7.104.2, any repositories created prior to the upgrade are not compatible with this feature. Enforcement is set only upon repository creation.

Feature Enhancements

• Updating multiple repositories using a batch request

  It is now possible to update the configuration of multiple repositories using a single batch request. The request can contain a mixture of package types (for example, Docker and Maven) and repository types (for example, local and remote). For more information, see Update Multiple Repositories.

• Viewing contents of Release Bundle v2 versions by package type

  The window for viewing the contents of a Release Bundle v2 version has been redesigned to organize the contents according to package type. You can drill down from a package type to individual packages and from there, click a link to see the individual artifacts. For more information, see View the Contents of a Release Bundle v2 Version.

• Promoting Release Bundle v2 versions to virtual repositories

  You can now promote a Release Bundle v2 version to a virtual repository, provided it contains at least one local repository assigned to the same environment as the virtual repository (or no environment at all). For more information about promotion, see Promote a Release Bundle v2 Version in the Platform UI.

• Virtual repositories can include repositories not assigned or shared to the same project

  You can now edit a virtual repository configuration that contains local and remote repositories which are not assigned to, or shared with, the same project as the virtual repository. If such repositories are aggregated, a message appears in the UI. Click the button next to the message to display a list of these repositories. You can export this list to a CSV file. For more information, see Virtual Repositories and Projects.

📘

Note

Users who can perform actions on the virtual repository (based on their assigned roles in the relevant project) are not automatically granted permissions to aggregated repositories not assigned or shared with the same project.

• Improved Performance for the Fetching Process

  Performance of the fetching process has been improved, based on the count of manifests relative to the Max Unique Tags configuration.

• Improvements in Obtaining AQL Results

  The Search AQL API was improved such that AQL results are complete and not missing properties. A notification is now provided informing the client when the AQL limit has been reached. For information, see Artifactory Query Language (AQL) API.

• Support for Ansible Packages in Cleanup and Archive

  • Frog ML models are now supported in Cleanup and Archive.
  • Ansible packages are now supported in Cleanup and Archive.

• Supported Worker Features

  • Support for Scheduled Workers

    JFrog now supports creating scheduled workers to trigger at predefined times or intervals, which you can define using Cron expressions. For more information, see Configure a Scheduled Worker

  • Before Build Info Save event is now supported.

  • Before Download Request event is now supported.

• OIDC Multiple Token Scopes

  The Jfrog Platform now supports adding multiple scopes to OIDC identity mapping tokens, enabling you to use both user and group scopes for the same token.

• Enabling SSO Disables Basic Authentication By Default

  Enabling single sign-on authentication now disables internal password authentication by default. For more information, see Disable Basic Authentication Method.

Resolved Issues

Artifactory 7.103

This section includes all the Artifactory 7.103 releases.

Artifactory 103.1 SaaS

Released: 20 December, 2024

Resolved Issue

Artifactory 7.103.0 SaaS

Released: 16 December, 2024

New Features

• New REST API for Checking Repository Existence

  A new REST API has been added to check whether a repository exists based on the project key and repository type. For more information, see Check if Repository Exists in a Project API.

Feature Enhancements

• Converting Federated repositories back to local

  You can now convert a Federated repository back to a local repository using a REST API, provided it is not part of a Federation containing additional members. For more information, see Convert Federated Repository to a Local Repository API.

• Supported Worker Events

  • Storage: After Copy event is now supported.
  • Storage: After Property Delete event is now supported.
  • Replication: Before Directory Replication event is now supported.
  • Storage: After Property Create event is now supported.

• Added Clients for PyPI Repositories

  PyPI repositories now support Poetry and Twine clients. For more information, See Connect Your PyPI Client to Artifactory..

• Support for Terraform BE Packages in Cleanup and Archive

  Terraform BE packages are now supported in Cleanup and Archive.

Resolved Issues

⚠️

Known Issue with Pull Replications

There is a known issue whereby properties generated locally by Artifactory are deleted during pull replications when the properties are unchanged from the previous replication execution. The current workaround is to add a custom property to the package. This is sufficient to prevent the locally-generated properties from being deleted.

Artifactory 7.102

This section includes all the Artifactory 7.102 releases.

Artifactory 7.102.0 SaaS

Released: 2 December, 2024

New Features

• Machine Learning Repositories

  Machine Learning Repositories with the FrogML SDK is a local management framework tailored for machine learning projects, serving as a central storage for models and artifacts, featuring a robust version control system. It offers local repositories and an SDK for effortless model deployment and resolution.

  Machine Learning Repositories offer the following benefits to your system:

  • Secure Storage: Protect your proprietary information by deploying models and additional resources to Artifactory local repositories, giving you fine-grain control of the access to your models.
  • Easy Collaboration: Share and manage your machine learning projects with your team efficiently.
  • Easy Version Control: The Machine Learning Repositories SDK (FrogML) provides a user-friendly system to track changes to your projects. You can name, categorize (using namespaces), and keep track of different versions of your work.

  For information on Machine Learning Repositories, click Machine Learning Repositories.

Feature Enhancements

• Improvements to Conan Reindexing Speed on Large Repositories

  The process for reindexing large Conan repositories has been optimized and is now half the time from what it was previously. Added Conan packages are available for indexing immediately even during the reindexing process.

• Enhanced Webhook Event Support for OCI and Docker Images

  In this release, the Webhook events functionality for Docker images has been expanded to include support for OCI repositories and images. These enhancements made include:

  • Support for OCI Repositories: Webhook events can now be triggered for OCI repositories, broadening the integration capabilities.
  • Support for OCI Images: Events related to OCI images are now fully supported, ensuring that actions on these images are captured.
  • New image_type Key: A new image_type key has been added to the event action payload, indicating whether the action was performed on an OCI or Docker image.

  For more information, click Webhooks Domain: Docker.

• Additional Keys Added to the Webhook Promoted Event in the Docker Domain

  The Image Promotion Webhook in the Docker domain has been expanded with two additional keys:

  • targetRepo: The repository where the image is promoted to.
  • targetTag: The new tag of the promoted image.

  For more information, click Domain: Docker.

• Support for OCI and Cargo Packages in Cleanup and Archive

  • OCI: Helm OCI and OCI packages are now supported in Cleanup and Archive.
  • Cargo: Cargo packages are now supported in Cleanup and Archive.

• Supported Worker Events

  • Storage:beforeCreate: beforeCreate event is now supported.
  • Storage:beforeCopy: beforeCopy event is now supported.

Resolved Issues

Artifactory 7.101

This section includes all the Artifactory 7.101 releases.

Artifactory 7.101.2 SaaS

Released: 25 November 2024

Feature Enhancements

• Support for a default key when creating Release Bundles v2 in the platform UI

  It is no longer mandatory to select a signing key when creating a Release Bundle v2 with the platform UI. If you do not select a key, Artifactory uses a default GPG key that it creates automatically. The default key is then used for future Release Bundles unless a different key is selected during Release Bundle creation. The default key created by Artifactory is displayed in the Keys Management table.

📘

Note

Support for the default key will be added to the JFrog CLI in an upcoming release.

• New Content tab in Release Lifecycle Management timeline

  The Release Lifecycle Management timeline contains a new Content tab that lists the artifacts in the selected Release Bundle v2 version. For more information, see View the Contents of a Release Bundle v2 Version.

• Enhanced Docker List Tags REST API Compatibility

  The Docker List Tags REST API has been enhanced to support both the full and shorthand conventions for referencing official Docker images. Users can now retrieve tags using either the complete path (including /library/) or the shorter version without it. For more information about the API see List Docker Tags API.

• Promotion Plugin Upgraded to Groovy 4

  Artifactory 7.101 is bundled with Groovy 4. The Promotion Plugin has been updated for Groovy 4 and must be redeployed after upgrading to 7.101 or above.

📘

Note

Other JFrog Supported Plugins (Groovy 3 or older versions) work without redeploying after 7.101 or above upgrade.

If you have custom plugins developed before Groovy 4, you must update them to ensure compatibility with Groovy 4, as Artifactory version 7.101 (and above) will come bundled with Groovy 4. Plugins written for earlier versions of Groovy (Groovy 3 or older) may no longer work and will require changes to work correctly from Artifactory version 7.101 (and above).

To learn more, refer to User Plugins README.

Resolved Issues

Artifactory 7.100

This section includes all the Artifactory 7.100 releases.

Artifactory 7.100.2 SaaS

Released: 5 November, 2024

New Features

• Upgrade to Apache Tomcat 10.1

  The Apache Tomcat version bundled with Artifactory has been upgraded to version 10.1.

Feature Enhancements

• Significant Changes to the Packages User Interface

  Significant changes have been made to the Packages User Interface (UI). From the Packages home page, you can now view a list of the most recently viewed packages, and an upgraded filter option has been added that allows you to create refined filters on the packages list to easily see the packages that interest you. After creating the filter, you can save it as a customized view for later use and reference. For more information, click here.

• Default key creation for Release Bundles v2

  It is now possible to create with the Release Bundle v2 API without specifying an existing signing key. In such cases, Artifactory creates a default GPG key that is used to sign the Release Bundle. This default key is then used for future Release Bundles unless a different key is selected during Release Bundle creation. The default key created by Artifactory is displayed in the Keys Management table.

📘

Note

In the current release, a default key is created only when creating the Release Bundle v2 using the REST API. It is still mandatory to select an existing signing key when using the JFrog CLI or platform UI.

• Maximum Default Value Added to Limit the Search/AQL API Call Response

  A fixed value of 500000 was set as the default maximal result set size to limit the search/AQL API call response.

• Support for Hugging Face Packages in Cleanup

  Hugging Face packages are now supported in Cleanup.

• Improved Recovery from S3 SlowDown Error

  Recovery from an "S3 SlowDown error" that occurrs when uploading files to an S3 bucket was improved.

Resolved Issues

Artifactory 7.99

This section includes all the Artifactory 7.99 releases.

Artifactory 7.99.1 SaaS

Released: 21 October 2024

Feature Enhancements

• Support for Terraform and CocoaPods Packages in Cleanup

  • Terraform: Terraform packages are now supported in Cleanup.
  • CocoaPods: CocoaPod packages are now supported in Cleanup.

Resolved Issues

Artifactory 7.98

Artifactory 7.98.18 SaaS

Released: 27 March 2025

Resolved Issues

Artifactory 7.98.15 SaaS

Released: 1 February 2025

Resolved Issues

Artifactory 7.98.10 SaaS

Released: 9 December 2024

Resolved Issues

Artifactory 7.98.9 SaaS

Released: 25 November 2024

Resolved Issues

Artifactory 7.98.2 SaaS

Released: 13 October, 2024

New Features

• Cleanup Policies

  JFrog Cleanup Policies enable Platform and Project Administrators to define and customize policies based on specific criteria for removing unused binaries from across their JFrog platform. This provides control over storage utilization and ensures optimal system performance. By setting specific criteria and rules, administrators can customize a repeatable cleanup process that aligns with their organization's requirements. For more information, see Cleanup Policies.

• Support for Multi-Architecture Tag Deletion

  Artifactory now supports deleting multi-architecture Docker and OCI image tags with one action. For more information, see Delete Multi-Architecture Docker Tags.

Feature Enhancements

• Cannot modify or delete files that belong to a promoted Release Bundle v2

  To protect the immutability of Release Bundles v2, users are now blocked from modifying or deleting a file that belongs to a promoted Release Bundle. Users must first delete the promotion or delete the Release Bundle version altogether before the files can be modified or deleted.

• Release Bundles v2 protected from expired GPG keys

  When a user attempts to create, promote, or distribute a Release Bundle v2 version, the action is now blocked if the GPG key has expired.

• Cargo index/config.json API Aligned with the Cargo Specs

  The Cargo index/config.json API has been aligned to the Cargo specs so that it now returns a response even if a user has no permissions on a repository and invokes an auth-challenge.

• New worker services

  New dedicated workers now support the BeforePropertyDelete and BeforeDelete events.

• Support for OIDC Forward Proxy Configuration

  The JFrog Platform OIDC integration now supports the configuration of a forward proxy. For more information, see Manage Proxy Servers.

Resolved Issues

Artifactory 7.96

This section includes all the Artifactory 7.96 releases.

Artifactory 7.96.3 SaaS

Released: 30 September, 2024

⚠️

Breaking Change when Using Get User Details API for Details of Non-Logged-In Users

When retrieving user details for non-logged-in users via the Rest API, a random date in the distant past was returned, now a null value will be returned. Previously, if a user never logged, in the response to the Get User Details API, the value of last_logged_in was 1970-01-01T00:00:00.000Z. Now, if a user never logged in, the value of last_logged_in will be null.

Feature Enhancements

• Improved Cargo Status Code Responses

  Cargo status code responses are now aligned with the cargo registry according to the Cargo specification.

• The Hugging Face readme.md file is now accessible

  The Hugging Face readme.md file can now be viewed with an MD viewer for Hugging Face packages.

• Significant Improvements in Deploying Artifacts from Archives

  The Deploy Artifacts from Archive REST API now supports deploying artifacts in parallel threads as well as sequentially, significantly reducing the time it takes to deploy. For more information, see Deploy Artifacts from Archive API.

• Adding pagination to Release Bundle v2 Version Details REST API

  The Get Received Release Bundles API for getting Release Bundle v2 version details now includes the ability to paginate the results using the offset and limit query parameters. In addition, the response now includes the total_artifacts_count.

• Improved Failure Retry Mechanism when working with Google Cloud Storage

  The google-storage-v2 provider now supports an improved retry mechanism when Google Cloud Storage returns 50x errors. Two new parameters have been added to the provider (maxRetries and retryIntervalMillis) to allow configuring this. For more information, click here.

Resolved Issues

Artifactory 7.95

This section includes all the Artifactory 7.95 releases.

Artifactory 7.95.0 SaaS

Released: 12 September, 2024

Feature Enhancements

• Improved UI for deleting Release Bundle v2 versions and promotions

  The UI offers improved options for deleting Release Bundle v2 versions and promotions, including versions distributed to Edge nodes. For more information, see Manage Release Bundle v2 Versions.

• Improved Federated Repository validation

  There is an improved validation check when creating Federated repositories that provides a clear error message if a Federated repository with the same name already exists on a different Federation member.

• List Docker Images REST API Performance Improvements

  The REST API List Docker Images now delivers faster results and uses less resources. For more information, see List Docker Images API.

• Dynamic Mapping Supported for OpenID Connect Configurations

  Dynamic mapping is now supported for OpenID Connect Configurations. Identity mappings can contain dynamic mappings that are used to modify token information. Dynamic mapping supports verification or modification for a username or group name in the token subject based on a pattern. For more information, see Dynamic Mapping.

Resolved Issues

Artifactory 7.94

This section includes all the Artifactory 7.94 releases.

Artifactory 7.94.1 SaaS

Released: 26 August, 2024

Feature Enhancements

• Federation recovery and auto-healing of binary tasks

  The auto-healing mechanism used by Artifactory to recover synchronization of metadata events among repository Federation members now includes support for binary tasks as well. The mechanism will check periodically for any binary tasks that are in a retry or error state and use the checksum to identify whether the file was deleted from its source. If the binary was deleted, the task is deleted.

• Project Support for OpenID Connect Integrations

  Project Admins can now create identity mappings associated with specific projects. An OpenID Connect integration can have multiple identity mappings, and can have both global and project level identity mappings. A project identity mapping takes precedence over a global identity mapping. For more information see OpenID Connect Integration.

• Multiple Values Support for OpenID Connect Integrations

  Multiple values are now supported for JSON Claims in identity mappings associated with OpenID Connect Integrations. An OpenID Connect integration contains identity mappings, which use JSON Claims to define the scope of generated access tokens. You can now define the scope of an access token for multiple values, for example for multiple repositories and environments. For more information see OpenID Connect Integration ..

• Wildcard Pattern Support for OpenID Connect Integrations

  Wildcard values in patterns are now supported for JSON Claims in identity mappings for OIDC integrations. You can now define the scope of an access token using wildcard values, and can use both explicit and implied patterns. For more information see OpenID Connect Integration .

• Performance Improvements

  The following performance improvements were made in the artifacts tree/native browser:

  • For users with limited permissions, loading the list of repositories at the root level of the tree browser is now much faster
  • Expanding a folder with a long list of artifacts is now much faster. The displayed list of artifacts is now limited to a maximum of 20K. Artifacts that are not displayed are accessible through the Search
  • Display of repository and artifact details is now faster

Resolved Issues

Artifactory 7.93

Artifactory 7.93.3 SaaS

Released: 14 August, 2024

Resolved Issues

Artifactory 7.93.1 SaaS

Released: 12 August, 2024

Feature Enhancements

• Improvements to Tree Browser Performance

  Improvements were made to tree browser performance such that the time it takes to list artifacts from remote repositories was significantly reduced. For more information, click here.

• Improvements to Metadata Retrieval Performance

  Performance of metadata retrieval was improved following recent changes made to the npm client.

• Projects Support for Webhooks

  Artifactory now supports creating and viewing webhooks associated with a specific project.

Resolved Issues

Artifactory 7.92

This section includes all the Artifactory 7.92 releases.

Artifactory 7.92.3 SaaS

Released: 9 August, 2024

Change to Existing Feature

The system property for synchronizing metadata in Federated repositories (introduced in v7.90.5) has been renamed:

• Old name (7.90.5): artifactory.federated.mirror.events.metadata.enabled
• New name (7.92.3 and above): artifactory.federated.mirror.events.upload.info.propagate.enabled

Resolved Issues

Artifactory 7.92.0 SaaS

Released: 29 July, 2024

Feature Enhancements

• Support for PyPI Etag Headers

  Artifactory now supports Etag headers for Pypi Package Indexes, minimizing the bandwidth used for installation flows.

• Support for Hugging Face Modifying Deployment Expiration

  Artifactory now supports using a system property to modify the expiration time for models and datasets deployment, so that you can upload larger models without encountering errors.

• Table of public keys now includes the key type

  The table of public keys available to administrators in the Public Keys tab of the Keys Management window now includes the key type. For more information, see Manage Public Keys.

Resolved Issues

Artifactory 7.91

This section includes all the Artifactory 7.91 releases.

Artifactory 7.91.1 SaaS

Released: 18 July, 2024

Classic Navigation Sunset

The classic navigation has reached its end of life, therefore users will no longer be able to switch back and forth to the classic navigation. For more information, see JFrog Platform Navigation.

New Features

• Support for Multi-Architecture Docker Tag Deletion

  Artifactory now supports deleting multi-architecture tags, to optimize storage and avoid clutter. For more information, see Delete Multi-Architecture Docker Tags.

Feature Enhancement

• Improvements to authenticated requests on Cargo repositories

  Authenticated requests on Cargo repositories are now allowed with anonymous access.

Resolved Issues

Artifactory 7.90

Artifactory 7.90.5 SaaS

Released: 25 July, 2024

Highlights

⚠️

Known Issue in this Version

Upgrading self-hosted deployments from version 7.71 directly to 7.90 or higher fails due to a problematic Artifactory revision number in 7.71 causing converters not to run. To avoid this issue, upgrade to Artifactory version 7.90.7 or above.

• New Platform Navigation

  JFrog is launching the new platform UI navigation for Self-Hosted instances.

  This will be the default experience when using version number 7.90.x.

  To find out more about this change, see JFrog Platform Navigation.

⚠️

Classic UI Navigation Sunset

Classic UI navigation is planned to be deprecated with the Self-Hosted release of October 2024.

For more information, see JFrog Platform Deprecations.

• Individual JVM for Access Service

  The Access service will now run on a dedicated Java Virtual Machine (JVM), separated from the main Artifactory JVM. While the Access JVM will utilize additional resources, this change is anticipated to decrease the memory usage of the Artifactory JVM. Additional configuration steps might be required for customers using the Derby database. For more information, see Individual JVM for Access Service

• Security Hardening for Artifactory Container Images

  As part of JFrog's commitment to maintain the security and reliability of our products, JFrog Artifactory container images are now enforced with read-only permission to webapps and conf folders located in the app/artifactory/tomcat and app/access/tomcat directories.

• OpenID Connect Integration

  OIDC integration in the JFrog Platform allows you to use services including GitHub Actions and Azure with OpenID Connect to work on the JFrog Platform. OpenID Connect Integration now supports Azure.

• Major Performance Improvements for Alpine

  This version includes up to an 87% improvement in the response time in Alpine-related use cases, such as downloading from a virtual repository.

New Features

• Project Admin Scoped Access Token

  Now in addition to an API that was released in Artifactory version 7.84, you can also generate project admin access tokens using the JFrog Platform UI. For more information, see Create a Project Admin Scoped Token.

• Project Storage Quotas

  You can now view and manage project storage quotas. A table view with project details is now the default All Project View, and a new Storage Quota column with a usage bar has been added. You can now perform actions such as Edit Storage to manage and change the storage quota from the table view. For more information, see Manage Storage Quotas.

Feature Enhancements

• Improved Performance with Storage Summary Queries

  A flag was added to the Artifactory System Properties (artifactory.db.operations.totalSize.mysql.noIndex = true) that changes the storage summary queries (file count and repository table) to not use indexes in MySQL DB and hence improves query performance.

• Additional Package Types Now Support Package Archiving

  Additional package types have been added to support package archiving. The full list of all package types that now support package archiving is: Docker, Maven, npm, Gradle, YUM, generic, NuGet, Conan, and Helm. For more information on package archiving, see Working with Cold Storage.

• Temporary Login Suspension Configuration Moved to Access Service

  As part of enhancements to the JFrog Access Service to make it the primary service for Authentication and Authorization, from Artifactory version 7.90, the configuration management for Temporary Login Suspension has moved to the Access Service. For more information, see User Lock and Login Suspension.

• Improved User Experience for Helm Installations

  Artifactory now supports the following Helm improvements:

  • The nginx.artifactoryConf and nginx.mainConf fields have been reallocated to the 'files' directory.
  • The artifactory.openMetrics field has been renamed as artifactory.metrics.
  • Added nginx.hosts field to use as server_name directive on the embedded Nginx instead of ingress.hosts field.
  • Changed migration.enabled flag to false by default. For Artifactory 6.x to 7.x migration, this flag needs to be set to true.

• Additional synchronized metadata in Federated repositories

  It is now possible to synchronize the following artifact metadata with all Federation members:

  • createdBy: The name of the user who uploaded the artifact to Artifactory (including the suffix 'federated'.) The name is mirrored to other members even if the user does not exist on those members.
  • deploymentDate: Defines when the artifact was deployed. Synchronizing this metadata is important for features such as the Max Unique Snapshot policy in Maven.
  • modifiedDate: Defines when the artifact was last modified.

  A new Artifactory system property controls the inclusion of this metadata:

  artifactory.federated.mirror.events.metadata.enabled

  By default, this flag is set to false. To mirror this metadata to other Federation members, change the flag setting to true on each relevant member. The metadata is mirrored only if the flag is activated on both the source and target JPD.

• Cleanup Job for Removing Orphaned Cursors

  A new job cleans up orphaned cursors from the Federated repository database. This was done to optimize the auto-healing process.

Resolved Issues

Artifactory 7.90.1 SaaS

Released: 1 July, 2024

New Features

• Support for Ansible Repositories

  You can now use Artifactory to manage and store your Ansible collections (including Roles, Playbooks, Plugins, Modules, etc.), providing full flexibility and usability. You can store and distribute your own collections through secure local repositories, and cache remote resources from the Ansible Galaxy registry for reliable access. For more information, see Ansible Repositories.

• Support for Hugging Face Datasets

  Artifactory now supports storing and caching of Hugging Face ML datasets, allowing you to manage all stages of the ML development lifecycle. For more information, see Hugging Face Repositories.

• Support for OCI Referrers API

  You can view the connection between images and their related information, such as signatures and attestations, for better visibility and management. For more information, see Use Referrers to Discover OCI References.

• Get Status of Repository Project API

  A new API allows users to obtain the status of a repository and whether it was assigned and/or shared to a project, to multiple projects, or to all projects. For more information, see Get Status of Project Repository API.

Resolved Issues

Artifactory 7.89

This section includes all the Artifactory 7.89 releases.

Artifactory 7.89.2 SaaS

Released: 20 June, 2024

⚠️

Classic Navigation Sunset

From Artifactory version 7.91 Classic Navigation will no longer be available in JFrog SaaS. For more information, see JFrog Platform Navigation.

Feature Enhancements

• Project Admin Scoped Access Token

  Now in addition to an API that was released in Artifactory version 7.84, you can also generate project admin access tokens using the JFrog Platform UI. For more information, see Create a Project Admin Scoped Token.

• Project Storage Quotas

  You can now view and manage project storage quotas. A table view with project details is now the default All Project View, and a new Storage Quota column with a usage bar has been added. You can now perform actions such as Edit Storage to manage and change the storage quota from the table view. For more information, see Manage Storage Quotas.

• Workers Troubleshooting

  From Artifactory version 7.89 you can now view workers' troubleshooting data in the JFrog Platform UI. You can see both failed worker execution events and events for successful worker executions. For more information, see Workers Troubleshooting.

Resolved Issues

Artifactory 7.88

This section includes all the Artifactory 7.88 releases.

Artifactory 7.88.0 SaaS

Released: 4 June, 2024

Feature Enhancements

• OpenID Connect Integration

  OIDC integration in the JFrog Platform allows you to use services including GitHub Actions and Azure with OpenID Connect to work on the JFrog Platform.

  OpenID Connect Integration now supports Azure.

Resolved Issues

Artifactory 7.87

This section includes all the Artifactory 7.87 releases.

Artifactory 7.87.3 SaaS

Released: 26 May, 2024

Feature Enhancements

• Enhanced Performance for Get Storage Summary Info REST API

  The time needed to return the storage summary information via API has been significantly reduced for virtual repositories.

Resolved Issues

Artifactory 7.86

This section includes all the Artifactory 7.86 releases.

Artifactory 7.86.0 SaaS

Released: 7 May, 2024

Feature Enhancements

• Support for new CocoaPods CLI Commands

  Artifactory now supports using the pod search and pod list commands for virtual CDN repositories.

• Reduced Load When Reading Global Exclude Properties

  An improvement was introduced in this version to reduce the load when reading global exclude properties. Any properties added to the artifactory.repo.includeExclude.globalExcludes parameter are now controlled by the flag artifactory.repo.default.includeExclude.globalExcludes.empty.list, which is set to true by default. When this flag is true, the list is treated as empty, meaning that the global exclude patterns are not considered. Therefore, it is necessary to set artifactory.repo.default.includeExclude.globalExcludes.empty.list = false for the global exclude patterns to be taken into account.

Resolved Issues

Artifactory 7.84

Artifactory 7.84.10 SaaS

Released: 12 May, 2024

⚠️

Replicator Sunset

The Replicator service for Release Bundles v1 has been deprecated. For more information, see Artifactory Deprecations.

⚠️

Known Issue in this Version

Starting from Artifactory version 7.84, AQL searches will undergo throttling, potentially resulting in 429 errors. The default setting for the parameter below will be TRUE. You can opt to set it to FALSE to disable the throttling:

artifactory.aql.queries.limit.enabled

More information may be found here.

Highlights

• PostgreSQL is the Recommended Database for Artifactory Installation

  After a comprehensive evaluation of leading database providers' capabilities, scalability, and support, JFrog selected PostgreSQL as the preferred database solution for all its product offerings.

  Organizations can still choose to use any database in the list of Artifactory-supported databases, however, there is a minor new configuration step that will need to be performed for new installations. When installing a new Artifactory instance with any database other than PostgreSQL, you are required to specify the configuration in the system.yaml file.

  For more information, see Choose the right database.

• Major Performance Improvements for PyPI, NuGet, and npm

  This version includes significant reductions in response time, as well as simplified and reduced database calls from the previous Self-Hosted version (7.77). These improvements apply to several important use cases, including virtual package resolution and external dependency resolution, among others. We have measured:

  • Up to 24% response time reduction in PyPI-related use cases
  • Up to 23% response time reduction in NuGet-related use cases
  • Up to 84% response time reduction in npm-related use cases

Feature Enhancements

• Improved Artifact Tree View

  The Artifact Tree view has been significantly improved such that when opening a node on a repository, a specific (configurable) number of artifacts will be displayed instead of the entire contents of the repository. This significantly reduces loading time for repositories containing a large number of artifacts. The default display number is 500, but this number can be changed in the Artifactory UI (click here for instructions). If there are more artifacts to display beyond the current list, a Load more option appears at the end of the list and when clicked displays more items.

  The enhanced Artifact Tree View is available both in a Tree Browser and a Native Browser.

• Automatically pair OAuth SSO users with JFrog Platform users

  You can now automatically pair OAuth SSO users when they log in to the JFrog Platform with their JFrog Platform user based on their email address. No configuration change is required to enable the feature. For more information on OAuth SSO, see OAuth SSO.

• Open Metric for Federated Repository status

  A new Open Metric records the number of Federated repositories that have the indicated status. For more information, see Federated Repository Metrics.

• Lifecycle System YAML

  There is a new section in the Artifactory YAML file for configuring parameters related to Release Lifecycle Management. This replaces the Configuration APIs that were used previously and have now been deprecated. For more information, see Lifecycle System YAML.

• Helm Installation Updates

  • The setSecurityContext field in Helm installation has been renamed as podSecurityContext.
  • Added a dedicated image section for initContainers instead of initContainerImage
  • Added unifiedSecretInstallation flag, which enables single unified secret holding all chart secrets to true by default.

• Availability Zone Affinity

  You can configure a preferred availability zone in the router section of the Artifactory System YAML file. If a service is available in the local zone, traffic is sent to this local service. However, if a service is not available locally, traffic is sent to a service in another zone using a round robin strategy.

  For more information, see JFrog Router Service.

• Access Token Creation by Project Admins

  Project admins can create access tokens that are tied to the projects in which they hold administrative privileges. For more information, see Access Token Creation by Project Admins.

• Changes to Anonymous Access

  Starting from Artifactory 7.84.3, the anonymous user is removed from the Anything and Any Remote permissions by default. To grant permissions to anonymous users, the best practice is to create a new permission target containing the anonymous user, and to assign it with read-only access to the relevant repositories.

Resolved Issues

Artifactory 7.84.6 SaaS

Released: 1 May, 2024

Resolved Issues

Artifactory 7.84.3 SaaS

Released: 18 April, 2024

New Features

• Support for CocoaPods Virtual Repositories

  Artifactory now supports using CocoaPods virtual repositories, only for repositories using CDN- allowing you to access both local and remote CocoaPods resources through a single URL.

  For more information, see Set Up Virtual CocoaPods Repositories and Use CocoaPods CDN for Virtual Repositories.

• Support for OpenTofu Terraform Client

  Artifactory now supports the OpenTofu registry and client, which provides an alternative to Hashicorp’s Terraform Provider Registry.

  For more information, see Configure OpenTofu to Work With Artifactory.

• APIs for Creating & Retrieving Batches of Repositories

  A new API enables you to create multiple repositories using a batch request. The batch request can contain a mix of different package types and repository types. For more information, see Create Multiple Repositories API . Another new API enables you to retrieve the configurations for a batch of repositories based on the repository names. For more information, see Get Batch of Repositories by Name API.

Feature Enhancements

• Support for Release Lifecycle Management in Federated Environments

  It is now possible to work with Release Bundles v2 in a Federated environment as part of managing your release lifecycle. This is particularly useful when Federations are employed in a DR (disaster recovery) or Active/Active multi-site framework, as it ensures that your releases (as contained in an immutable Release Bundle) are replicated across all sites. For more information, see Release Lifecycle Management in Federated Environments.

• Project Key Validator for Federated Release Bundle Repositories

  A validator has been added to ensure that Release Bundle repositories related to a specific project can be Federated only if the same project key exists on the other JPDs in the Federation.

• Local Deletion of Distributed Release Bundles v2 from Edge Nodes Reported in Source Timeline

  When a distributed Release Bundle v2 version is deleted locally from the target (typically an Edge node), as opposed to being deleted remotely from the source Artifactory, a new service provided by JFrog Distribution informs the source Artifactory of the operation. An event that describes the deletion is then added to the Release Bundle timeline for maximum visibility.

  The behavior of this functionality is configurable in both Distribution (requires 2.24.x and higher) and Artifactory. For more information, see Configure Deleted-at-Target Scraping Service.

• Updates to Release Lifecycle Management APIs

  Several changes have been made to the Release Lifecycle Management APIs. Among the changes:

  • For all relevant APIs, the status value of PROCESSING has been changed to STARTED.
  • For all relevant APIs, the messages[].source and messages[].created properties have been deprecated.
  • The X-JFrog-Signing-Key-Name request header has been made optional instead of mandatory when promoting a Release Bundle v2 version using the API.

• Support for .zip Package Format in CocoaPods Remote CDN Repositories

  Artifactory now supports resolving and caching .zip format packages in CocoaPods remote CDN-enabled repositories, in addition to .tgz format.

• Access Token Creation by Project Admins

  Project admins can create access tokens that are tied to the projects in which they hold administrative privileges. For more information, see Access Token Creation by Project Admins.

• Changes to Anonymous Access

  Starting from Artifactory 7.84.3, the anonymous user is removed from the Anything and Any Remote permissions by default. To grant permissions to anonymous users, the best practice is to create a new permission target containing the anonymous user, and to assign it with read-only access to the relevant repositories.

Resolved Issues

Artifactory 7.83

Artifactory 7.83.1 SaaS

Released: 4 April, 2024

Feature Enhancements

• Improved Artifact Tree View

  The Artifact Tree view has been significantly improved such that when opening a node on a repository, a specific (configurable) number of artifacts will be displayed instead of the entire contents of the repository. This significantly reduces loading time for repositories containing a large number of artifacts. The default display number is 500, but this number can be changed in the Artifactory UI (click here for instructions). If there are more artifacts to display beyond the current list, a Load more option appears at the end of the list and when clicked displays more items.

  The enhanced Artifact Tree View is available both in a Tree Browser and a Native Browser.

• Improved Tracking of Distribution Task Progress

  JFrog Distribution now uses an improved method for tracking distribution tasks, which enables more accurate updates about the progress of each task.

• PyPI Repository Improvements

  Reduced the database strain of fetching pip index using a simple index for packages from a remote repository nested under a virtual repository.

• Multiple SAML SSO Provider Configurations

  From Artifactory version 7.83.1, the ability to create multiple SAML SSO provider configurations will gradually be rolled out. For more information, see SAML SSO.

  Now, additional SAML SSO provider configurations can be created, enabled, disabled, edited, and deleted.

📘

Note

Before creating multiple SAML configurations, JFrog recommends deleting the old configuration and reconfiguring it with a different setting name other than Default. If you reconfigure your SAML configuration, you must also update the relevant information in the Identity Provider server.

Resolved Issues

Artifactory 7.82

This section includes all the Artifactory 7.82 releases.

Artifactory 7.82.2 AaaS

Released: 18 March, 2024

Feature Enhancements

• Go Virtual Repositories Performance Improvement

  Added Go Remote VCS repositories requests caching using local cache to reduce remote API calls and avoid rate limits.

• Get Federated Repository Status V2 API

  This enhanced version of the existing Get Federated Repository Status V2 API supports a wider range of statuses. For more information, see Get Federated Repository Status (v2) API.

• Perform recovery on repository Federation

  It is now possible to perform a recovery operation on an entire Federation at once by leaving off the {repo-key} parameter when invoking the REST API. For more information, see Federation Recovery .

Resolved Issues

Artifactory 7.81

This section includes all the Artifactory 7.81 releases.

Artifactory 7.81.1 SaaS

Released: 27 February, 2024

⚠️

Cargo Git Indexing Deprecation

Starting at the end of Q2, 2024, Cargo indexing will only be enabled using Sparse indexing, and the use of Git indexing will be discontinued. For more information, see Deprecations in Process.

Feature Enhancements

• Display List Manifest Content on the Artifacts Page

  Artifactory now displays the manifests under a list.manifest file directly in the Artifacts page in the JFrog Platform WebUI. For more information, see List Manifest Content.

• Storage Improvements

  This release contains the following storage improvements:

  • When using Azure Blob storage with a SAS token, the SAS token is now encrypted at rest in the the binarystore.xml file.
  • When using the state-aware-s3 binary provider, sensitive properties are now encrypted in the same manner as they are for the s3-storage-v3 binary provider.

• Full Sync improvements for Federated repositories

  This release contains an option for generating the file list for a Full Sync operation using multiple SQL queries (paging) instead of a single AQL query. Dividing the database query into pages helps prevent the operation from crashing when retrieving a large file list (by default, more than 400000 artifacts). In addition, several new system properties have been introduced for managing this paging feature. For more information, see System Properties for Full Sync File List Queries. For more information about Full Sync, see Perform Full Sync on Federated Repositories.

Resolved Issues

Artifactory 7.80

This section includes all the Artifactory 7.80 releases.

Artifactory 7.80.0 SaaS

Released: 14 February, 2024

Feature Enhancements

• Support for new CocoaPods CLI Commands

  Artifactory now supports using the pod search and pod list commands for local and remote CDN repositories.

• Auto Healing of Federated repositories enabled by default

  The auto-healing mechanism introduced in version 7.71.1 is now permanently enabled for all customers who work with Federated repositories. This mechanism checks Federated repositories at regular intervals for exhausted queues (queues that have exceeded the maximum number of attempts to send events to other Federation members), resets the failed events automatically, and tries again to sync with the target mirror. For more information, see Federation Recovery and Auto-Healing.

• Solutions for resolving 'stuck' Full Sync operations on Federated repositories

  Two new options have been introduced for resolving Full Sync operations that have become 'stuck', meaning the operation persists in the database but is not active in memory. For example, this situation can arise if a user restarts an Artifactory instance while a Full Sync operation is in progress.

  1. A new async task defined in the system.properties file (artifactory.reset.stale.full.sync.job.interval.min) can reset the status of a Full Sync operation that has become 'stuck', enabling the operation to restart.
  2. A new Force Full Sync API API enables you to force a Full Sync operation between the Federated repository members, interrupting another Full Sync operation that is already in progress.

• New menu options for creating Release Bundle v2 versions

  The Actions menu in the Release Lifecycle Management kanban board now includes options for creating a new version of the selected Release Bundle v2 from builds or other Release Bundles. For more information, see Create a New Version of an Existing Release Bundle.

• Helm Virtual index.yaml Resolution Improvements

  We have improved our index calculation mechanism for virtual repositories to minimize potential OOM issues. We recommend setting the Metadata Retrieval Cache Period (Sec) in the repository page in the JFrog Platform WebUI to 60 seconds or more. For more information, see Helm Virtual Repository Index Improvements.

• Automatically pair OAuth SSO users with JFrog Platform users

  You can now automatically pair OAuth SSO users when they log in to the JFrog Platform with their JFrog Platform user based on their email address. No configuration change is required to enable the feature. For more information on OAuth SSO, see OAuth SSO.

Resolved Issues

Previous Artifactory SaaS Releases

Release Notes for Artifactory SaaS Releases earlier than 7.80 have been archived and can be downloaded as a PDF. You can download them from the Legacy PDF Archive.