Distribution Release Notes

Here's where you'll find the latest release notes for JFrog Distribution, including the main fixes and enhancements made to each version as it is released.

The release notes are displayed in chronological order, with the latest ones always displayed at the top.

About Distribution Releases

Fixed Vulnerabilities and Reported Known Issues

📘
Distribution Fixed Security Vulnerabilities and Distribution Known Issues are marked in the relevant releases. Refer to each release to see if there are relevant fixes and reported issues.

Click to download the latest Distribution version.

📘
Installer Name Change!
From Distribution 2.0, the installer naming convention has been changed to include the installer type.
The following table lists the official installer names.
Installer Type Installer Syntax
Linux archive jfrog-distribution-<version>-linux.tar.gz
Compose jfrog-distribution-<version>-compose.tar.gz
RPM/Debian jfrog-distribution-<version>.<rpm|deb>

Installer Type	Installer Syntax
Linux archive	`jfrog-distribution-<version>-linux.tar.gz`
Compose	`jfrog-distribution-<version>-compose.tar.gz`
RPM/Debian	`jfrog-distribution-<version>.<rpm\|deb>`

For installation instructions, refer to Installing Distribution.

To upgrade to this release from your current installation, refer to Upgrading Distribution.

If you need release notes for the legacy version of Distribution, you can download the Distribution 1.0 release notes.

Before upgrading to any version of Distribution 2.x, read the JFrog Distribution 2.0 release notes to learn about the new features and functionality Introduced in the JFrog Platform.

Distribution 2.36

This section describes all of the JFrog Distribution 2.36 releases.

Distribution 2.36.2

Released January 13, 2026

Feature Enhancements

Improved error handling for malformed input

We improved error handling for malformed input in distribution calls to ensure that requests with invalid headers correctly return a 400 error.
Redis replacement

In this release, we have moved task management from Redis to an internal in-memory system for managing distribution jobs. This change is aimed at improving performance and reducing complexity.

📘
Note
Redis is still included in the deployment package for this release, even though it is no longer in active use. We plan to remove Redis completely in the next release.

OpenMetrics timestamp compliance

Timestamps generated by the GET /distribution/api/v1/metrics endpoint now use seconds since the Unix epoch (instead of milliseconds) to conform to the OpenMetrics specification.

Distribution 2.35

This section describes all of the JFrog Distribution 2.35 releases.

Distribution 2.35.0

Released December 1, 2025

Feature Enhancements

Performance optimization of Release Bundles v1 page

We have implemented significant performance enhancements to the Release Bundles v1 page in the platform UI. Users can expect faster loading times and improved responsiveness, contributing to a more seamless experience.
Upgraded 3rd party software components

Several underlying third-party software components have been upgraded to their latest versions, ensuring better security, stability, and compatibility.

Resolved Issues

Jira Issue	Severity	Description
JR-10221	Critical	Fixed an issue that cause a null pointer exception when parsing the manifest of a multi-architecture Docker image with missing platform fields. This fix enhances the reliability of our Docker image processing.
JR-10193	Medium	Fixed an issue whereby a malformed payload during distribution triggered a 500 Internal Server Error instead of the expected 400 Bad Request. This improvement ensures more accurate error handling and provides clearer feedback for users when encountering issues with payload submissions.

Distribution 2.34

This section describes all of the JFrog Distribution 2.34 releases.

Distribution 2.34.2

Released October 26, 2025

Feature Enhancements

Viewing Release Bundles distributed to Edge nodes

To align the platform UI with the REST API, only admin users are permitted to view distributed Release Bundle versions (v1 and v2) in the Received tab on Edge nodes. For more information, see View Release Bundles on Edge Nodes.

This release also contains security fixes and 3rd-party upgrades.

Resolved Issues

Jira Issue	Severity	Description
JR-10158	High	Fixed an issue that prevented users from upgrading from Distribution 2.19.1 to the current version.

Distribution 2.33

This section describes all of the JFrog Distribution 2.33 releases.

Distribution 2.33.2

Released August 25, 2025

Description

This patch release contains security fixes and 3rd-party upgrades.

Distribution 2.33.0

Released August 19, 2025

New Features

New REST API for redistributing Release Bundles from the previous X days

A new maintenance REST API called Distribute by Date enables you to redistribute all Release Bundles (v1 and v2) that you attempted to distribute to a specified Edge node during a defined timeframe. For example, if an Edge node was offline for 3 days, you can use this new API to redistribute all the Release Bundles that you weren't able to send to that Edge node while it was offline. For more information, see Distribute by Last Days.

Feature Enhancements

Support for Release Bundle v2 versions with '+' in the version

JFrog Distribution now supports the distribution of Release Bundle v2 versions that include a plus sign (+) in the version. This change was made to align with the SemVer 2.0.0 specification.

Resolved Issues

Jira Issue	Severity	Description
JR-10097	Medium	Fixed an issue that prevented users from creating a Distribution support bundle when `ignoredHosts` is defined in the system YAML.

Distribution 2.32

This section describes all of the JFrog Distribution 2.32 releases.

Distribution 2.32.0

Released July 08, 2025

New Features

Auto-recovery mechanism for stuck distributions

We are excited to introduce an auto-recovery mechanism designed to enhance the reliability of distribution tasks. This feature automatically detects when certain tasks are not progressing and initiates recovery procedures to ensure smooth operation. To enable the auto-recovery mechanism, simply activate the designated flag in the Distribution application config YAML file. For more information about configuring and utilizing this feature, refer to Distribution Task Maintenance.

Feature Enhancements

Improved ability to identify stuck distributions

Improvements have been made to the Unlock Stuck Tasks REST API to enhance its ability to identify stuck distributions.
Improved UI stability

Enhancements were made to improve the end-to-end stability of the Distribution UI.
3rd party upgrades

Several 3rd party software components were upgraded.

Resolved Issues

Jira Issue	Severity	Description
JR-10049	Medium	Fixed an issue that caused a 500 error when retrieving the contents of a Release Bundle v2 distribution.

Distribution 2.31

This section describes all of the JFrog Distribution 2.31 releases.

Distribution 2.31.2

Released June 24, 2025

Resolved Issues

Jira Issue	Severity	Description
JR-10049	Medium	Fixed an issue whereby retrieving Distribution data for a Release Bundle v2 version resulted in a 500 error.

Resolved Vulnerabilities

This release contains a resolved CVE (security vulnerability issue) that impacts JFrog Distribution.

Distribution 2.31.1

Released June 22, 2025

Feature Enhancements

Enhanced support for displaying distributed & released Release Bundles

The Distributable and Received tables in the platform UI (under Platform > Distribution > Release Bundles) can now display up to 200 Release Bundles compared with 100 in previous versions. For additional results, use the search bar in the platform UI or the REST APIs.
Observability upgraded

The Observability service used by Distribution has been upgraded to version 2.8.0.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues) that impact JFrog Distribution.

Distribution 2.30

This section describes all of the JFrog Distribution 2.30 releases.

Distribution 2.30.1

Released May 25, 2025

Resolved Issues

Jira Issue	Severity	Description
JR-10002	Critical	Upgraded Apache Tomcat to version 10.1.40, which resolves CVE-2025-31651.
JR-9978	High	Upgraded Apache HttpClient to version 5.4.3, which resolves CVE-2025-27820.

📘
Note
For a complete history of resolved CVEs (security vulnerability issues), see:

Resolved CVEs that impact JFrog Distribution

Resolved CVEs that do not impact JFrog Distribution

Distribution 2.30.0

Released May 04, 2025

Feature Enhancements

Stopping a distribution operation in progress

The enhanced distribution engine (introduced in release 2.28.1) now enables you to stop the distribution of a Release Bundle v2 version from the platform UI. For more information, see Stop a Distribution Operation in Progress.
Federation support by enhanced distribution engine

The enhanced distribution engine (introduced in release 2.28.1) now supports distribution in Federated environments. For additional details, see Release Lifecycle Management in Federated Environments.
Package view of distributed Release Bundle contents

When viewing the contents of a distributed Release Bundle v2 version, users can now choose between viewing a table of artifacts and a new package view that groups artifacts by package type. For more information, see View Release Bundle v2 Version Details.
Support for longer Release Bundle names and versions

JFrog Distribution now supports Release Bundle v1 and v2 names (bundle_name) and versions (bundle_version) up to 255 characters in length.
Upgraded versions of Artifactory microservices

JFrog Distribution has upgraded to the latest versions of Artifactory microservices, including Observability, Router, and Access.

Resolved Issues

Jira Issue	Severity	Description
JR-9862	Low	Fixed an issue that caused scraping jobs to appear in the debug logs as Delete at Target events instead of remote delete events.
JR-9807	Medium	Fixed an issue whereby searching the Distributed table in the platform UI returned results only when using the exact name of the Release Bundle v1.
JR-9918	Medium	Fixed an issue that caused distributions to fail because the artifacts were uploaded to a repository of the wrong package type.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues). For more information:

Resolved CVEs that impact JFrog Distribution
Resolved CVEs that do not impact JFrog Distribution

Distribution 2.29

This section describes all of the JFrog Distribution 2.29 releases.

Distribution 2.29.1

Released March 11, 2025

Feature Enhancements

Java 21

JFrog Distribution has been upgraded and now requires Java 21.
Upgrade to Redis 7.4.1 and other third-party applications

JFrog Distribution has been upgraded to Redis 7.4.1. Other third-party applications have also been upgraded.
Support for aborting distribution operations via REST API

The enhanced distribution engine, which became available in release 2.28.1, now supports the cancellation of distribution operations using the REST API.
Improved performance

Database query performance has been improved by reducing memory consumption.

Resolved Issues

Jira Issue	Severity	Description
JR-9562	Critical	Fixed an issue that caused errors when creating a Release Bundle v1 using AQL.
JR-9638	High	Fixed an issue that allowed Distribution to run even after a failed DB migration.
JR-9514	Medium	Fixed an issue that sent incorrect audit messages to the Release Lifecycle dashboard.
JR-9635	Medium	Fixed an issue that caused the distribution of a Release Bundle v2 version to fail when processing a manifest file with a large payload.
JR-9723	Medium	Fixed an issue that caused errors due to a lack of active Distribution nodes caused by a stale heartbeat.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues). For more information:

Resolved CVEs that impact JFrog Distribution
Resolved CVEs that do not impact JFrog Distribution

Distribution 2.28

This section describes all of the JFrog Distribution 2.28 releases.

Distribution 2.28.1

Released January 14, 2025

Feature Enhancements

Enhanced distribution engine

JFrog Distribution introduces a new, enhanced distribution engine that simplifies the handling of Release Bundles v2, improves visibility, and ensures support for advanced use cases. Key features include:
- Custom path mappings: You can now define multiple path mappings per Release Bundle version, enabling customized content delivery. These path mappings can vary between distributions. Therefore, you should use separate distributions to distribute a Release Bundle with various path mappings to different targets. For more details about defining path mappings, see Path Mapping Guidelines for Release Bundles v2.
- Visibility on targets: Distributed Release Bundle v2 versions can now be viewed on the Received Bundles tab of the target Artifactory. For more information, see View Release Bundles on Edge Nodes.
- Source project visibility: You can now see the source project to which a distributed Release Bundle v2 version belongs. This enables Edge nodes to support Release Bundles from different projects that share the same name and version. For more information, see View Release Bundles on Edge Nodes.
- Enhanced encryption support: Any encryption key compatible with Release Bundles v2 can now be used for distribution. For more information, see Create Signing Keys for Release Bundles (v2).
This new functionality introduces a feature flag in the Distribution YAML file, which is disabled by default in the current version. This flag has been added to incorporate the enhanced Distribution engine on the target while maintaining compatibility with existing APIs. To enable it, set the enable-all-the-way property to true. For more information, see Distribution Application Config YAML File.

📘
Note
This feature should not be enabled if you are working in an air gap environment or use Release Bundles in a repository Federation.

❗️
Important
To take advantage of the new functionality offered by the enhanced distribution engine, both the source Artifactory and all Edge nodes must be upgraded to Artifactory 7.103 or later.

New APIs for Release Bundle v2 versions distributed to Edge nodes

A new set of APIs enables you to return information about Release Bundle v2 versions distributed to targets, such as Edge nodes. A new endpoint is also available for deleting distributed Release Bundle v2 versions from a selected target. For more information, see RELEASE BUNDLES V2.
Providing distribution permissions to a specific project role

Platform and project administrators can now define distribution permissions for project-level roles. This new permission granularity provides greater control when managing user permissions to distribute Release Bundle v2 versions. For more information, see Manage Project Roles.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues). For more information:

Resolved CVEs that impact JFrog Distribution
Resolved CVEs that do not impact JFrog Distribution

Distribution 2.27

This section describes all of the JFrog Distribution 2.27 releases.

Distribution 2.27.3

Released December 29, 2024

Feature Enhancements

DB migration fix

A fix has been made to the DB migration process used by Distribution.

Distribution 2.27.2

Released October 27, 2024

Feature Enhancements

Distribution Service Monitoring enhancements

Several improvements have been made to the Distribution Service Monitoring feature introduced in release 2.26.1:
- Click a row in either the Active or History tabs to display complete details about the distribution operation.
- A concise error message is displayed to the user in the event of a distribution failure.
- Distribution searches in both tabs are now case-insensitive.
- The message displayed in empty tables (no distributions) has been redesigned.
Open Metrics support for queued distribution operations

The Open Metrics property jfds_stuck_distributions_by_status now includes the status of queued for operations stuck in the queue.
Validation added for start_pos query parameter

Validation has been added to the start_pos query parameter used by Release Bundle v1 REST APIs to ensure that only valid, positive values are accepted.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues). For more information:

Resolved CVEs that impact JFrog Distribution
Resolved CVEs that do not impact JFrog Distribution

Distribution 2.26

This section describes all of the JFrog Distribution 2.26 releases.

Distribution 2.26.1

Released July 28, 2024

New Features

Distribution Service Monitoring

Administrators can now monitor the status of all active and previous distribution operations, including the size and duration of the operation. This capability lets you see, for example, which distributions are currently in progress, which are pending an Xray scan, and which have been completed. For more information, see Monitor the Distribution Service.

Feature Enhancements

Default path mapping from the last promotion

An enhancement has been implemented to the default path mapping method when distributing and exporting Release Bundles v2. When this feature is enabled, the default destination repositories from the last successful promotion, if one exists, will be displayed in the UI. You can change this mapping if desired. If no such promotion has been performed, the path mapping fields in the UI are left blank, and the default destination repositories will match those at the source, as before.

You can modify or remove this suggested default before executing the distribution or export operation. For more information, see Distribute a Release Bundle v2 Version using the Platform UI.

A new configuration parameter, default-path-mapping-by-last-promotion (default=false) has been introduced to support this feature. Additionally, this parameter can be included as a request parameter in the Distribute Release Bundle Version v2 API to enable the feature for specific requests, facilitating a gradual rollout of this feature. For more information, see Distribution Application Config YAML File.

📘
Note
If the request parameter is configured in the API, this setting overrides the configuration parameter in the YAML file.

Distribute Release Bundle v2 Version UI enhancements

The Distribute Release Bundle v2 dialog box features the following enhancements:
- A new checkmark icon next to the distribution target indicates that the selected Release Bundle version has already been distributed to that target. It is still possible to distribute the same version again to that target.
- A change to the buttons in the dialog box now requires you to review the path mappings before executing the distribution action.
New metrics for tracking distribution failures

New metrics that keep a running count of distribution failures due to user-related and application-related errors have been added. These metrics make it possible to track what types of issues are preventing the successful completion of distribution operations. For more information, see Distribution Open Metrics Support.
Sanitizing Markdown release notes

When adding release notes in Markdown to a Release Bundle v1, users are restricted from inserting HTML tags to prevent security risks. This behavior is controlled by a new configuration property (enable-sanitize-release-notes), which is set to true by default.
Support for PostgreSQL v16

JFrog Distribution has been certified for use with PostgreSQL v16.

Bug Fixes

Jira Ticket	Severity	Description
JR-9102	Medium	Fixed an issue whereby the response from Artifactory to an AQL query fetching artifacts sometimes included properties with null values, which led to errors.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues). For more information:

Resolved CVEs that impact JFrog Distribution
Resolved CVEs that do not impact JFrog Distribution

Distribution 2.25

This section describes all of the JFrog Distribution 2.25 releases.

Distribution 2.25.1

Released May 26, 2024

❗️
Upgrade Notice
During the upgrade to Distribution 2.25.1, data migration will be handled by the first server that is upgraded. When working in a high availability (HA) environment, start by upgrading one node only and wait until it becomes healthy before upgrading the remaining nodes.

Feature Enhancements

Federation support in Distribution kanban board

The Distribution kanban board (part of the Release Lifecycle Management dashboard) now includes information about Release Bundles that were distributed to, or deleted from, distribution targets shared by other members of the same Release Bundle Federation. This means that after a successful distribution to the source JPD, the Release Bundle version will also appear in the Distribution kanban board of the remote Federated JPD. For more information, see Release Bundle V2 Distribution APIs.

Bug Fixes

Jira Ticket	Description
JR-8553	Fixed an issue whereby saving Release Bundles with very large signatures would sometimes fail.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues) that do not impact JFrog Distribution.

Distribution 2.24

This section describes all of the JFrog Distribution 2.24 releases.

Distribution 2.24.0

Released April 30, 2024

Feature Enhancements

Improved Distribution dashboard

The Release Lifecycle Management timeline now includes events for distributed Release Bundle v2 versions that were deleted locally from the target (typically an Edge node). This improved functionality is due to a new service that periodically collects metadata about these deletions and sends the information to the source Artifactory.

Parameters related to the new Distribution service can be found in the Distribution Config YAML file. This includes a cleanup service in Artifactory that removes the deletion metadata that was used by the scraping service. For more information, see Configure Deleted-at-Target Scraping Service.

📘
Note
This service requires both Distribution 2.24.0 and Artifactory 7.84.3.

Direct link to Xray violation page

When the distribution of a Release Bundle v2 version is blocked by JFrog Xray due to a policy violation, a link is provided in the timeline event that takes you directly to the violations list in Xray.
This version contains several security fixes (see below) and other minor bug fixes.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues). For more information:

Resolved CVEs that impact JFrog Distribution
Resolved CVEs that do not impact JFrog Distribution

Distribution 2.23

This section describes all of the JFrog Distribution 2.23 releases.

Distribution 2.23.2

Released March 21, 2024

Bug Fixes

This release contains bug fixes.

Distribution 2.23.0

Released March 18, 2024

New Features

Added ARM support for Distribution deployments

JFrog Distribution can now be installed on a server with ARM CPU architecture.
Added support for PostgreSQL 15

JFrog Distribution now officially supports PostgreSQL 15.
API for unlocking stuck distribution tasks

It is now possible to unlock stuck distribution tasks using a REST API. For more information, see Unlock Stuck Tasks. The API requires a token generated using a different API. For more information, see Generate Unlock Stuck Tasks Token.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues) that impact JFrog Distribution.

Distribution 2.22

This section describes all of the JFrog Distribution 2.22 releases.

Distribution 2.22.2

Released February 21, 2024

Bug Fixes

Jira Issues	Description
JR-8420	Fixed an issue where in rare cases the distribution process did not start and the action remained in the status of "not distributed".

Distribution 2.22.1

Released January 14, 2024

Feature Enhancements

New dashboard UI

The new Release Bundle v2 dashboard includes an intuitive interface for distributing Release Bundle v2 versions to your distribution targets. The dashboard also enables you to export Release Bundles when working in an air gap environment.
Distribution events tracked per target

The new dashboard enables you to track the results of a Release Bundle v2 distribution per distribution target. For example, if you distribute a Release Bundle to 3 Edge nodes, 3 separate events will be recorded in the Release Bundle version timeline.
Distribution event details

Clicking a distribution event in the Release Bundle version timeline opens a window containing details about the event, including a list of the artifacts that were distributed.
Upgraded router version

The Router version used by JFrog Distribution has been upgraded to 7.87.0.
Additional UI improvements

This release contains several minor UI improvements to enhance user experience, including better presentation of available Edge nodes, distribution statuses, and error messages.

Bug Fixes

Jira Issues	Description
JR-7973	Fixed an issue whereby distribution of a Release Bundle version would hang in certain cases if the Xray scan failed to trigger. Starting this version, a failure to trigger a scan causes the distribution of that Release Bundle version to fail.
JR-8161	Fixed an issue whereby remote delete operations would sometimes generate unnecessary error messages in the log.

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues) that impact JFrog Distribution.

Distribution 2.21

This section describes all of the Distribution 2.21 releases.

Distribution 2.21.3

Released December 18, 2023

Feature Enhancements

Release Bundle v2 distribution within projects

It is now possible to distribute Release Bundles v2 that were created in the context of a specific project. Before this release, it was possible to create and promote a Release Bundle v2 within a specific project but not distribute it.
Detailed Release Bundle distribution statuses

The platform UI now features additional statuses for tracking the distribution of Release Bundles (v1 & v2), as described below.

Status	Description
Storing Release Bundle	Displayed when a Release Bundle v1 is in the process of being stored in the release-bundle repository on the source Artifactory.
Pending Xray scan results	Displayed when the Release Bundle is being scanned and processed by JFrog Xray.
Finalizing distribution	Displayed after all artifacts are distributed to the target (destination) node and are currently in the process of being moved to the designated repositories.

Canceling a distribution operation in progress

It is now possible to cancel a distribution operation that is in progress by clicking the Cancel button.
More flexible log rotation

It is now possible to rotate logs based on a preconfigured period of time and not just when the log file reaches a predefined size.
Starvation prevention in HA installations

Before this release, there were rare cases in HA mode where competition between two nodes to handle jobs led to the starvation of one node, which slowed down distributions. In this release, a random amount of time has been introduced between jobs to prevent this from happening.
Support for token regeneration when connecting to Xray

If a problem arises when connecting with Xray, JFrog Distribution now features a better mechanism for re-establishing the connection.
UI improvements

This release includes several minor UI improvements to enhance user experience.

Bug Fixes

Jira Issues	Description
JR-7794	Fixed an issue that enabled some Distribution flows to continue working even after the access token was revoked (or otherwise inaccessible) instead of renewing the token.
JR-7610	Fixed an issue that caused logs to rotate according to size only and not according to date.
JR-7730	Fixed an issue that caused the name pattern used by Distribution in `logback.xml` to be different than the pattern stored in Artifactory. The name patterns are now aligned between the two applications.
JR-3281	Improved the error message that is displayed when no distribution targets are available (possibly due to a lack of permission to access them).

Resolved Vulnerabilities

This release contains resolved CVEs (security vulnerability issues), some of which impact JFrog Distribution and some of which do not.

Distribution 2.20

This section describes all of the Distribution 2.20 releases.

Distribution 2.20.3

Released: October 8, 2023

Bug Fixes

Jira Issues	Description
JR-7648	Fixed an issue that caused some Xray integration configurations to not update properly when using Artifactory versions prior to 7.67.x with Distribution 2.20.x.

Distribution 2.20.2

Released: September 21, 2023

Bug Fixes

Jira Issues	Description
JR-7657	Revised the messages that are displayed when JFrog Xray blocks a Release Bundle v2 from being distributed or exported.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.20.1

Released September 10, 2023

New Features

Xray integration when distributing/exporting Release Bundles v2

Scan results performed by JFrog Xray on Release Bundles v2 can now be used to block a Release Bundle from being distributed or exported. If the scan reveals vulnerabilities in the Release Bundle that violate a Policy rule, the distribution/export operation will be blocked if this action has been configured in the Policy.

Feature Enhancements

UI improvements

This release features several minor UI improvements that enhance the user experience when distributing and exporting Release Bundles.
Improved logic when distribution to an Edge node is stuck

If Release Bundle distribution to a particular Edge node gets stuck, the system will move this distribution operation to the end of the list and continue distributing to other Edge nodes. This improved logic prevents the other Edge nodes from experiencing starvation.
Error message displayed when Air Gap export fails

Any attempt to export a Release Bundle v2 in an Air Gap environment will fail if the public key has not been propagated. If the export fails, the platform UI now displays a clear error message to the user about the issue.
Improved error message displayed when Release Bundle v2 has the same name & version as Release Bundle v1

If you attempt to distribute a Release Bundle v2 that has the same name and version as an existing Release Bundle v1, the distribution fails and an error message is displayed to the user that clearly describes the issue.

Bug Fixes

Jira Issues	Description
JR-7293	Fixed an issue to prevent the system `.jfrog` directory from being included in a Release Bundle v2.
JR-7397	Fixed an issue that prevented the Distribution Tracking popup window for a Release Bundle v2 version from refreshing automatically.
JR-7481	Fixed an issue that caused an invalid Router `internalPort` configuration in the `system.yaml` file. Following the fix the following config paths are now both considered valid: `router.entrypoints.internalPort` `router/entrypoints.internal.port`

Jira Issues

Description

JR-7293

Fixed an issue to prevent the system .jfrog directory from being included in a Release Bundle v2.

JR-7397

Fixed an issue that prevented the Distribution Tracking popup window for a Release Bundle v2 version from refreshing automatically.

JR-7481

Fixed an issue that caused an invalid Router internalPort configuration in the system.yaml file. Following the fix the following config paths are now both considered valid:

router.entrypoints.internalPort
router/entrypoints.internal.port

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.19

This section describes all of the Distribution 2.19 releases.

Distribution 2.19.1

Released June 28, 2023

New Features

Release Bundle v2 Support

JFrog Distribution 2.19.1 supports the distribution of Release Bundles v2 created in Artifactory 7.63.2 and higher, as part of Release Lifecycle Management. For more information, see Distribute Release Bundles (v2).

Docker Fat Manifest Image Support

Distribution 2.19.1 now supports fat manifests for distributing Docker images. A fat manifest is the Docker term for the file that pushes multi-architecture Docker images, meaning it references other manifests for platform-specific versions of an image.

📘
Note
Docker fast manifest support in Release Bundles v2 requires Artifactory 7.63.2 and above. Support for Release Bundles v1 is planned for an upcoming Artifactory release.

Feature Enhancements

Auto Create Missing Repositories

In Distribution versions prior to 2.19.1, the option to create missing repositories automatically could not work together with path mappings unless a special configuration parameter (distribute.auto-create-target-repo-advance) was changed from its default setting to true.

Starting with 2.19.1, the default setting of this parameter has changed to true, which removes this limitation.

If you want to prevent missing repositories from being created automatically when path mappings are defined, change the setting of distribute.auto-create-target-repo-advance back to false.

Service Logs

Improvements have been made to the Distribution service logs.

Spring Boot 3

Distribution 2.19.1 now runs Spring Boot 3.

Bug Fixes

Jira Issues	Description
JR-7081	Fixed an issue that limited the number of Release Bundle v1 artifacts displayed in the platform UI to a maximum of 3000.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.18

This section describes all of the Distribution 2.18 releases.

Distribution 2.18.1

Released May 22 , 2023

Bug Fixes

Jira Issues	Description
JR-6360	Fixed an issue that prevented users from viewing the complete list of release bundle contents.
JR-6751	Fixed security violation CVE-2022-1471.
JR-6804	Fixed security violation CVE-2023-1370.
JR-6954	Fixed an issue that affected the ability to search for release bundles from the platform search window.

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.17

This section describes all of the Distribution 2.17 releases.

Distribution 2.17.0

Released March 13 , 2023

Feature Enhancements

WebUI Improvements

Implemented improvements to the WebUI, including improvements to the UI of the Release Bundle version table. In addition, fixed an issue that prevented viewing all of the release bundle versions.

Bug Fixes

Jira Issues	Description
JR-4949	Fixed an issue whereby, Distribution failed when using scoped tokens of non-existent users.
JR-6273	Fixed an issue in the Distribution audit whereby, when trying to save the audit information in the database, if the amount of data was too large, the save failed and generated errors in the log (no impact on user operation).

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.16

This section describes all of the Distribution 2.16 releases.

Distribution 2.16.6

Released February 26 , 2023

Feature Enhancements

Updated the Access client version to provide better utilization of the permissions cache mechanism.
Improved performance of the Release Bundles view page.

Bug Fixes

Jira Issues	Description
JR-6592	Fixed an issue whereby, when distributing a Release Bundle, the distribution fails because of an authentication issue.

Distribution 2.16.2

Released January 18, 2023

Bug Fixes

Jira Issues	Description
INST-5501	Fixed an issue whereby the initContainer image is missing a grep command, which causes a problem to the copy-custom-certificate file.

Distribution 2.16.1

Released January 15, 2022

New Features

Updated the Design and Functionality of the Received Bundles Table

The Received Bundles table design and functionality have been updated and provide a better experience.

Updated the Installer

The bundled Redis was upgraded to 7.0.6 and Postgres to 13.9.

Bug Fixes

Jira Issues	Description
JR-5886	Fixed an issue related to communication with Redis.
JR-6208	Fixed an issue in the Distribution UI whereby the Release Bundle versions were not being displayed.
JR-6269	Fixed an issue to allow to read the `shared.logging.enableJsonConsoleLogAppenders` from the system.yaml to allow logging STDOUT in a json format.
JR-6340	Updated the name of the `access-client-socket-timeout` in the Distribution cluster configuration to `client-socket-timeout` and set the default to 60_000 milliseconds.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.15

This section describes all of the Distribution 2.15 releases.

Distribution 2.15.0

Released September 28, 2022

New Features

Updated the Design and Functionality of the Received Bundles Table

The Received Bundles table in the JFrog Platform has been updated to support easier search and filtering for Release Bundles. These updates include:

Improved search that enables you to find any Release Bundle by name or by using a wildcard together with other Release Bundle details
All Release Bundles are pulled using the REST API, ensuring that you can search for any Release Bundle regardless of when it was released
Release Bundles can now be sorted according to name, latest version or creation date

See Distribute Release Bundles (v1).

Feature Enhancements

Improved Distribution and Xray integration

The improved integration allows Distribution to retry triggering XRay scans for Release Bundles in cases where XRay is not available (previously this required manually triggering via API).

Bug Fixes

Jira Issues	Description
JR-5825	Added support for a Reference token to the Distribution APIs.
JR-5678	Changed the `distributor-foreman.log` format to begin with a date in the following pattern:`{yyyy-MM-dd'T'HH:mm:ss.SSSZ}`
JR-3783	Improved Distribution and XRay integration, allowing Distribution to retry triggering XRay scans for Release Bundles in cases where XRay is not available (previously this required manually triggering via API). See Distribution Application Config YAML File. Fixed an issue related to the behavior of Distribution when Xray is started: Added a grace period time to reconnect Xray upon connectivity issues. Updated two cluster configuration flags: `allow-distribution-when-xray-is-unavailable`: true # allow distribution when xray is unavailable `grace-period-for-xray-triggering-in-millis`: 600000 # the time in milliseconds for retry xray vulnerability scanning triggering
JR-5938	Fixed an issue related to using GPG signing keys by non-admins.
JR-5894	Updated the PostgreSQL driver version to resolve a security issue.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.14

This section describes all of the Distribution 2.14 releases.

Distribution 2.14.1

Released August 1, 2022

Highlights

Select a Specific GPG Key to Sign a Release Bundle Version

When signing a Release Bundle version, you can now choose the signing key to use to sign the version through the Distribution UI.

If you are using multiple GPG signing keys in Distribution, with this release, the user can now select which signing key to use in the Platform UI (previously available only from the REST API). If no key is selected, the default/primary key will be used to sign the Release Bundle. See Distribute Release Bundles (v1).

Release Bundles UI Enhancements

The following UI changes have been implemented in the Release Bundles UI:

Added a new filter search and the total count for both Distributable and Received Release Bundles.
From this release, the checkbox Auto create missing repositories is displayed for all Release Bundle distributions (not only PDN), replacing the Target Repository Auto-Creation checkbox (the functionality remains the same).
The UI of the Distribute Release Bundles window has also been updated and streamlined.

For more information, see Distribute Release Bundles (v1).

Resolved Issues

Jira Issues	Description
JR-5128	Improved the performance of the release bundle page query.
JR-5440	Fixed an issue whereby, signing a Release Bundle with a passphrase only worked with the default GPG.
JR-5561	Improved Distribution and XRay integration, allowing Distribution to retry triggering XRay scans for Release Bundles in cases where XRay is not available (previously this required manually triggering via API). See Distribution Application Config YAML File. Improved the performance when searching a Release Bundle from the UI.
JR-5575	Improved the performance of the Release Bundle table.
JR-5608	Fixed an issue whereby, importing a Release Bundle through the UI upload failed.
JR-5449	New configuration option was added to better handle situations where the authentication and token verification process is very slow. This was fixed by adding a new configuration to the Distribution configuration file (see Distribution Application Config YAML File).
JR-5665	Fixed an issue relating to the creation of multiple Release Bundles.
JR-5382	General UI performance improvements and optimizations.
JR-5435	Improved the performance of the Get Release Bundles REST API.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.13

This section describes all of the Distribution 2.13 releases.

Distribution 2.13.4

Released June 26, 2022

Resolved Issues

Jira Issue	Summary
JR-5590	Fixed an issue whereby signing a release bundle that includes artifacts from the build with the name or number larger than 64 chars was failing.

Distribution 2.13.3

Released June 20, 2022

Resolved Issues

Jira Issue	Summary
JR-5440	Fixed an API key authentication issue.

Distribution 2.13.2

Released June 16, 2022

Highlights

Support for a New User Scoped Token for Distribution to the Source Artifactory

From Distribution 2.13.x, user permissions will be enforced when distributing to the source JPD. The permissions are as follows:

To distribute Release Bundles: Only users with read and deploy permissions on the target repositories can successfully complete a distribution process to the source Artifactory (in this case the JPD acts as the target JPD). If this type of user (non-admin) tries to distribute to a target repository that does not exist, they will receive an error message.
To delete Release Bundles: Only users with delete permissions for the target repository can delete these bundles.

Update to the API to Propagate the GPG Key Pair to a Newly Added Distribution Edge

In this release, the API to propagate the GPG key pair to a newly added Distribution Edge has been updated, and keys are propagated as follows:

When no parameters are provided - the default key will be propagated.
When api/v1/keys/pgp/propagate?all=true - propagates all available keys.
When api/v1/keys/pgp/propagate?alias =<alias name> - Propagates the key with the alias name. For example, api/v1/keys/pgp/propagate?alias = 'my_key' propagates the key with the alias name my_key.

📘
Note
Propagation is possible by either alias key or all keys but not both.

Java 17 Support

JFrog Distribution has been upgraded and now requires Java 17.

Resolved Issues

Jira Issue	Summary
JR-4764	Fixed an issue related to the error displayed when setting the GPG.
JR-4901	Fixed a bug whereby the `AutoCreateTargetRepoAdvance` cluster configuration could not be activated/enabled.
JR-4952 JR-5136	Implemented several UI improvements to the Distribution UI.
JR-5174	Update to improve release stability and performance.
JR-5019	Distribution now supports an Outbound Request Log, which improves debugging and runtime user tracking of the system behavior.
HR-5381	Fixed an issue whereby the Rangelimit-Total header count was incorrect.

Distribution 2.12

This section describes all of the Distribution 2.12 releases.

Distribution 2.12.3

Released May 10, 2022

Resolved Issues

Jira Issue	Description
	Fixed a UI issue whereby, in some cases, the user was not able to type text in the Release Bundle creation tab.
	Fixed an issue that generated distribution errors related to upgrading to v.2.11.1.
	Fixed an issue related to security issues in common dependencies.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.12.2

Released April 24, 2022

Highlights

Updated the versions of the following third-party software:

PostgreSQL 42.2.25
Node.js16.13.2

Resolved Issues

Jira Issue	Description
	This release includes a number of fixes to the Distribution UI in the JFrog Platform.

Detected Known Issues

This release contains one or more known issues.

Distribution 2.12.1

Released March 7, 2022

Resolved Issue

Fixed an issue, whereby loading release bundles to the JFrog Platform UI resulted in infinite loading.

Distribution 2.12.0

Released February 28, 2022

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby, the path was omitted from the AQL query in the UI.
	Fixed an issue whereby, the path was omitted from the AQL query in the UI.
	Fixed an issue whereby, some Distribution logs were being logged in an incorrect folder.
	Fixed an issue whereby, an error was displayed for missing logs (that were not missing).
	Fixed an issue whereby, in the release bundle view, the versions were not sorted correctly.
	Fixed an issue in the GPG key propagation.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.11

This section describes all of the Distribution 2.11 releases.

Distribution 2.11.1

Released: February 9, 2022

Resolved Issues

Jira Issue	Description
	Fixed a critical issue causing a distribution process to fail when using older Artifactory versions.

Distribution 2.11.0

Released February 7, 2022

❗️
Known Issue
Distribution 2.11.0 includes a critical issue causing a distribution process to fail when using older Artifactory versions. We recommend upgrading directly to 2.11.1.

Resolved Issues

Jira Issue	Description
	The Maintenance API has been changed to be more secure.
	Improved the Release Bundle cleanup process.
	Fixed an issue, whereby Webhooks were not triggered correctly.
	Improved Distribution service logs for better root cause analysis.
	Resolved a permission-related issue.
	Fixed an issue, whereby the Distribution status API was returning the wrong number of artifacts and bytes transferred.

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.10

This section describes all of the Distribution 2.10 releases.

Distribution 2.10.5

Released: December 7, 2021

📘
Note
Distribution 2.10.5 is available as a Self-hosted version.

Resolved Issues

Jira Issue	Description
	Fixed an issue where the deletion of a release bundle fails in cases when the target is using the new paring token configuration.
	Reduced the number of tokens used in the distribution flow.
	Updated the bundled Redis version to 6.2.6.
	Added additional logs to make it easier to troubleshoot.
	General fix: fixed some security issues that were detected.

Distribution 2.10.3

Released November 1, 2021

Highlights

New Hybrid Solution Provided through the Distribution Edges

Self-hosted customers who have an existing JFrog Distribution in place may sometimes require the option of adding additional JFrog Artifactory instances in the cloud. This hybrid setup is now supported through the JFrog Distribution Edges Add-on, a commercial offering for Self-hosted customers to leverage JFrog SaaS for software distribution. This add-on enables Self-hosted customers toadd cloud-based Edge nodes managed by JFrog (software-as-a-service) and fully utilize them for content distribution. See Hybrid Distribution from JFrog Platform Self-Hosted.

New Pairing Token UI and API

Added new UI in the JFrog Platform for a pairing token, which establishes trust between different JFrog microservices. The pairing token is an access token that is used for the initial pairing flow. Because the token is a limited access token, it is dedicated to a specific task and is short-lived. Once trust is established, the services can continue using the standard token-based authentication for communication. Pairing tokens replace the join key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not within a JPD). See Generate Scoped Tokens.

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby the Get all Versions of all Release Bundles API returned an empty array of artifacts for every release bundle. Both this API and the Get Release Bundle Versions API failed to paginate properly because they always returned the full list.
	Fixed an issue whereby usernames longer than 64 (and up to 255) chars were not supported.
	Fixed an issue whereby Edge nodes were not visible if a user was referred to in multiple permission targets.
	Fixed an issue whereby a Mission Control connected to the remote JFrog Platform environment, was resolving the Artifactory URL improperly.
	Fixed a slowness issue in the release bundles list page.
	Fixed the naming for Edge Webhook: the Artifactory Release Bundle domain has been renamed Destination to consolidate all under the same Release Bundle domain.

Distribution 2.9

This section describes all of the Distribution 2.9 releases.

Distribution 2.9.3

Released: September 30, 2021

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby, a Distribution instance connected to the remote Mission Control while using a Circle of Trust for Token validation failed.
	Fixed an issue whereby, a token generated using the UI, had fewer permissions in the Distribution process.

Distribution 2.9.2

Released: August 22, 2021

Resolved Vulnerabilities

This release contains resolved CVEs - security vulnerability issues.

Distribution 2.9.1

Released: August 8, 2021

📘
Note
Distribution 2.9.1 is Available as a Cloud Version

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby, in some cases, conflicts in target paths for Docker layers were present upon Release Bundle creation.
	Fixed issue whereby, the Distribution service was shutting down the Release Bundle distribution transaction in a non-optimal manner.

Distribution 2.9.0

Released: August 4, 2021

Feature Enhancements

Maven Shared Library Upgrade

Upgraded the Maven shared utils library to version 3.3.4 to fix some vulnerabilities issues related to the following:

Distribution 2.8

This section describes all of the Distribution 2.8 releases.

Distribution 2.8.2

Released: July 12, 2021

Resolved Issues

Jira Issue	Description
	Fixed an issue regarding the Distribution Support Bundle creation in Distribution version 2.8.1.

Distribution 2.8.1

Released: June 30, 2021

Highlights

Dynamic Release Bundle

Introduced the capability to create, sign and distribute an ad-hoc Release Bundle dynamically through a single REST API request. For more information, see Create a Dynamic Release Bundle.

Multiple GPG keys for Signing Release Bundles

Distribution now supports signing Release Bundles using multiple GPG keys and not one key pair for all Release Bundles. This enables you to use different keys according to your organizational requirements, such as keys used in different departments. For more information, see Multiple GPG Signing Keys.

Target Repository Auto-Creation

Automatically create repositories on the target edges if no repositories exist when distributing Release Bundles. For more information, see Distribute Release Bundles (v1).

Feature Enhancements

Distribution Service

To introduce efficiencies within the JFrog Platform, the services that were previously under the Distributor service has been moved under the Distribution service. This does not affect the Distribution's functionality.

Live Logs Enhancement

Added a new distribution-service log to the System Logs Viewer.

Distribution 2.7

This section describes all of the Distribution 2.7 releases.

Distribution 2.7.1

Released: March 31, 2021

Highlights

HashiCorp Vault Integration with the JFrog Platform

The Jfrog Platform integration with HashiCorp Vault enables you to configure an external vault connection to use as a centralized secret management tool. Using vault allows you to store signing keys as secrets and provides you with the capability to generate and manage keys in a centralized tool for security and compliance. To learn more, see Vault.

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby, in some cases, Release Bundles were stuck and blocking distribution.

Distribution 2.6

This section describes all of the Distribution 2.6 releases.

Distribution 2.6.1

Released: February 25, 2021

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby, when creating a Release Bundle, the Docker manifest resolver, in some cases, duplicated artifacts causing a conflict.

Distribution 2.6.0

Released: January 13, 2021

Highlights

Webhooks for Distribution

You can now use event-driven Webhooks to send important events occurring in Distribution. You have a number of events that you can choose from, such as Release Bundle status changes, Release Bundle distribution status changes, and Release Bundle deletion from Edge nodes.

These events are sent to other applications by setting a URL. To learn more, see Webhooks.

Distribution 2.5

This section describes all of the Distribution 2.0 releases.

Distribution 2.5.4

Released: 29 December, 2020

Resolved Issues

Jira Issue	Description
	Fixed an issue, whereby a proxy configuration from Artifactory cannot be used in distribution due to an expired token.
	Fixed an issue, whereby a Release Bundle version added properties that might override existing artifact properties.
	Fixed an issue, whereby using multiple AQL queries in a single Release Bundle version may cause the Release Bundle creation to fail due to token expiration.
	Fixed an issue whereby, in some cases, Distribution may remain in an in-progress state due to a failed close transaction flow.

Distribution 2.5.3

Released: 8 December, 2020

Resolved Issues

Jira Issue	Description
	Fixed an issue, whereby a proxy configuration from Artifactory cannot be used in distribution due to an expired token.

Distribution 2.5.2

Released: 11 November, 2020

Highlights

Release Bundle Release Notes

You can now add and distribute Release Notes with a Release Bundle.

PostgreSQL Version Support

Distribution now supports PostgreSQL version 12.3.

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby, the timezone differed between the `request.log` and `distribution-service.log`..

Distribution 2.5.1

Released: 5 October, 2020

Resolved Issues

Jira Issue	Description
	JFrog Distribution now externalizes the configuration parameter allowing users to set the required time interval for Xray to complete the Release Bundle scanning process.

Distribution 2.5.0

Released: 29 September, 2020

Highlights

Distributing Release Bundles in an Air Gap Environment

JFrog Distribution supports distributing your Release Bundles to remote Artifactory nodes within an Air Gap self-hosted environment. This use case is mainly intended for organizations such as financial institutions and military installations that have two or more Artifactory instances that have no network connection between them. To distribute the Release Bundles in an Air Gap environment, you need to export the Release Bundle on the Source Artifactory either directly from the WebUI or using REST API. For more information, see Distributing Release Bundles in an Air Gap Environment.

Distribution 2.4

This section describes all of the Distribution 2.4 releases.

Distribution 2.4.1

Released: 26 July 2020

Feature Enhancements

Distribution to Artifactory Edge nodes behind a proxy is now supported.

Distribution 2.4.0

Released: July 5, 2020

Highlights

Hybrid Distribution

JFrog SaaS supports Hybrid Distribution allowing you to distribute your Release Bundles from Artifactory Cloud to multiple Cloud and Self-hosted Edge nodes within the same organisation. Hybrid Cloud promotes scalability and flexibility allowing you to distribute sensitive and highly regulated and mission critical Release Bundles to Artifactory Self-hosted edges while using the Artifactory Cloud for mainstream public distributions and thereby gaining significant cost savings. For more information, see Hybrid Distribution.

Added Manual Linux Archive Installation

You can now install JFrog Distribution using a Linux Archive installer in addition to the existing options giving more control over how to set up your environment. For more information, see Distribution Single Node Linux Archive Installation.

Feature Enhancements

Automated GPG Public Key Propagation to Edge Nodes

The automatic propagation of signed public GPG Keys to the Artifactory source and edge nodes is now an integral part of the upload process of the GPG keys to Distribution. To support this, the Upload and Propagate GPG Signing Keys for Distribution REST API has been introduced and replaces the Upload GPG Signing Key for Distribution REST API command that is now deprecated from version Distribution version 2.4. For more information, see GPG Signing.

Export/Import Release Bundle Metadata to Support One To One Pairing

To support the Artifactory to Distribution One to One paring ratio in the JFrog Platform, you can now migrate Release Bundle metadata of the relevant Artifactory Instance to the correlating Distribution Service. For more information, see One-to-One pairing.

Distribution to the source Artifactory without Proxy

The requirement to Distribute to the source Artifactory via a proxy has been removed.

Distribution Load Balancing Mechanism Improvements

Improved the load balancing mechanism in High Availability environments.

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby you could not distribute Release Bundles from Artifactory version 7.x to Artifactory Edge 6.x edge nodes.
	When creating a Release Bundle, exclude Release Bundle repositories from the source.

Distribution 2.3

This section describes all of the Distribution 2.3 releases.

Distribution 2.3.0

Released: May 27, 2020

Feature Enhancements

Retrieve the Latest Version of a Release Bundle REST API

You can now retrieve the Latest Release Bundle Version through the Rest API which enables you to distribute the latest version of the Release Bundle to your dedicated Edge nodes.

Improved Release Bundle Distribution Auditiblity and Tracking

A new set of parameters have been added to the Release Bundle APIs providing you with more audibility into the Distribution process:

The created_by and distributed_by parameters provide information on who created and distributed the Release Bundles.
The start_time, finish_time and duration parameters provide information on the Distribution timeline of the Release Bundle.

Get Public GPG Key REST API

The Artifactory Edge Node verifies the Release Bundle signature with a public GPG key. You can now view the assigned public GPG Key by running the Get Public Key REST API command.

Distributing Release Bundle UI Improvements

Improved the Release Bundle Distribution management experience in the UI while providing you with the option to delete Release Bundles either from the JFrog Distribution server or from the JFrog Edge nodes.

Resolved Issues

Jira Issue	Description
	Fixed an issue whereby multiple Distribution nodes for one Edge Node were not performing well by introducing an algorithm for improving distribution scalability.
	Fixed an issue whereby Distribution was not supporting distributing Release Bundles containing artifacts using Unicode characters in the artifact name.
	Fixed an issue whereby the Release Bundle “In-Progress” status was generated for all distribution issues. This general state has been replaced with specific states to accommodate different distribution issues.

Distribution 2.2

This section describes all of the Distribution 2.2 releases.

Distribution 2.2.0

Released: February 23, 2020

Resolved Issues

JIRA Issue	Description
	Fixed an issue where Distribution did not recover when the Mission Control token was not valid or if the Mission Control service was not running when Distribution started.
	Fixed an issue which caused confusion in the use of the Create Release Bundle Version REST API. From this release, the default of the `dry_run` parameter is now FALSE, so that by default, executing the REST API creates the release bundle object. 📘 Action Required! Previously triggering this API with the default `value=True` resulted in running a dry run only. Note that this new default will execute the action.

JIRA Issue

Description

Fixed an issue where Distribution did not recover when the Mission Control token was not valid or if the Mission Control service was not running when Distribution started.

Fixed an issue which caused confusion in the use of the Create Release Bundle Version REST API. From this release, the default of the dry_run parameter is now FALSE, so that by default, executing the REST API creates the release bundle object.

📘
Action Required!
Previously triggering this API with the default value=True resulted in running a dry run only. Note that this new default will execute the action.

Distribution 2.0

This section describes all of the Distribution 2.0 releases.

📘
Notes
Distribution 2.0 introduces several deprecated features.
Important: The JFrog Platform web UI is now accessed through port 8082 (For example, http://SERVER_HOSTNAME:8082/ui/). Accessing Xray directly for REST API and downloads is still possible through port 8081.

JFrog Distribution 2.0.0

Released: January 12, 2020

Highlights

JFrog Platform

Announcing the new JFrog Platform, designed to provide developers and administrators with a seamless DevOps experience across all JFrog products, supporting the following main features:

Universal package management with all major packaging formats, build tools, and CI servers.
Security and Compliance that's fully integrated into the JFrog Platform, providing full trust of your pipeline from code to production.
Radically simplified administration with all configurations in one place.
Complete trust in your pipeline all the way from code to production.
Seamless DevOps experience from self-hosted, cloud, hybrid or multi-cloud of your choice.

📘
Note
Get Started with the JFrog Platform >>

JFrog Platform New Functionalities

System Architecture

The new Distribution architecture has been updated to align with all JFrog products in the Platform. Learn More >

Distribution System YAML

This release introduces a new system configuration file, allowing system configurations to be handled externally to the application, before/after the installation process. Learn More >

Installation and Upgrade

Distribution 2.0 comes with a new installer, which affects the installation and upgrade procedures. The file structure has been improved and is now aligned across all JFrog products.

Distribution must be connected only to a single Artifactory instance. If you have a single Distribution instance connected to multiple Artifactory instances, the upgrade to the JFrog Platform requires mapping a source Artifactory to a single Distribution service. If you are creating and distributing release bundles from multiple source Artifactory instances, you now need to deploy a Distribution service in every JPD that contains these source Artifactory instances. You would then register multiple Distribution services to one Mission Control.

Unified User Interface

This version introduces a new UI that is unified for the entire JFrog Platform, including all JFrog products. If you are using Artifactory and other JFrog products such as JFrog Xray, JFrog Distribution, JFrog Mission Control and JFrog Insights, you will now be able to access them all from within a single UI with one URL address.

Unified Permission Model

This version unifies all JFrog product permissions, allowing easier permission management across all products from one unified UI. The Unified Permission Model enables you to create a single permission target that applies to all products installed in the JFrog Platform. Since the products are unified within the Platform, you can now use a single permission target to control the permissions of all products. Learn More >

Logging

All JFrog products now follow a standardized logging format and naming convention.

Feature Enhancements

Xray Integration

Release Bundles can now be scanned for security and compliance issues with JFrog Xray. This means you can now define security and compliance policies for your organization, on the release bundles, to ensure your distributable content is protected and meets your standards.

Package View Including Distribution Data

This version includes a Package Viewer, providing a 360 view of your packages from all your available JFrog services, including JFrog Distribution. With this, you can understand which packages are included in release bundles and have been distributed to various Artifactory Edge devices.