JFrog Security Known Issues
Detected Version
To check whether a released version has a known issue detected in it, look for the version number.
3.118.11 - 3.118.28 & 3.124.11 - 3.124.19
Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
XRAY-125112 | A common issue has been identified with upgrading existing Xray HA installations. The upgrade process might fail because the Router service fails to start, displaying the following error: Could not update configuration for key | 3.118.29 3.124.20 | Suggested workaround: To resolve this issue, delete the content of the Router Traefik folder located |
3.107.18 - 3.107.21
Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
XRAY-89945 | On-Demand Scan results are not displayed in the Artifactory UI ( | Cloud: 3.108.0 Self-Hosted: 3.111.9 | N/A |
3.123.4
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-121010 | The grace period setting in the "fail build" policy is not applied during jf docker scan (on-demand Docker image scanning), resulting in the build failing immediately despite the configured grace period. | N/A | N/A |
3.107.7 - 3.107.21
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-98492 | Sub-optimal performance can be observed in Artifactory and Xray when Xray Block Download Policy is enabled. | 3.107.23 | N/A |
3.86.10 - 3.94.4
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-45799 | Some valid Xray licenses are detected as if the license has expired and all Xray functionality is disabled. | 3.94.5 |
3.59.x - 3.62.x
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-13755 | The indexer is stuck because the http response is not closed after isValidDocker returns an error. | 3.62.4, 3.63.0 |
3.59.4 & 3.60.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-13311 | Xray has stopped supporting Access Tokens generated with /api/security/token. | 3.59.8, 3.61.5 |
3.56.1
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-12360 | UI does not send repo name for builds | 3.57.6 |
3.55.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| JFUI-10893 / XRAY-12279 | When using Artifactory 7.41.4 & 7.41.6, when the Xray version is upgraded to 3.55.2, the Xray tabs in the UI will disappear. However, Xray functionality continues to work as expected. | 7.41.7 | This issue affects Artifactory 7.41.2 and 7.41.6 (inclusive) when using Xray 3.55.0 and above. This issue was resolved in Artifactory 7.41.7. |
| XRAY-12207 | Xray Ignore Rule creation fails because the component name is the same as the artifact name. | 3.57.2 |
3.52.4
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-11685 | When there are two violations are on the same vulnerability - only one should be highlighted when the right-pane is open. |
3.51.3
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-11687 | The Xray tab is not accessible for artifacts. |
3.51.0
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-11600 | The Xray data tab crashes on Go artifacts. |
3.49
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-11701 | In the Violations tab, sometimes when a policy is deleted, an error occurs and the violations related to the policy remain. | 3.59.4 |
3.45.0 & 3.48.2
| Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
| XRAY-11565 | The API /api/v1/summary/component [post] is broken when Operational Risk is enabled. | 3.55.2 |
3.44.3
Issue ID | Description | Fix Version | Additional Information |
|---|---|---|---|
The CLI build scan command often does not match the severity of the UI Xray data. Related to Artifactory 7.35.2 |
3.44.2 and Below
Description | Fix Version | Additional Information |
|---|---|---|
Due to a breaking change in the npm registry, for all Xray versions from 3.44.2 and below, Xray fails to perform an npm audit. | 3.43.4 | Workaround: Disable the feature by setting the following Artifactory system property (
|
3.42.3
| Description | Fix Version | Additional Information |
|---|---|---|
| In Xray HA, under certain situations, block download might not work as expected | 3.43.1 |
3.41.6, 3.42.3
Description | Fix Version | Additional Information |
|---|---|---|
After upgrading from 3.26.2 to 3.41.7, Xray goes down periodically. | Workaround: The issue appears to be caused by a cleanup job. Disabling the cleanup job should stop this issue. |
3.41.0
| Description | Fix Version | Additional Information |
|---|---|---|
| The JCLI indexing is failing for GO binaries. | 3.41.3 |
3.38.5, 3.40.2
| Description | Fix Version | Additional Information |
|---|---|---|
| An internal AQL from Xray to Artifactory can cause significant load on the Artifactory database. The AQL is triggered when Xray scans a build. | 3.41.1, 3.38.6, 3.40.4 |
3.34.0
| Description | Fix Version | Additional Information |
|---|---|---|
| JIRA integration - oauth1 integration does not working if there is not forward slash at the end of the jira server url | ||
| in the integration page the name field gets cleared if we change the auth type | ||
| JIRA integration - editing a profile sometimes crashes the xray | 3.35.0 |
3.33.1
| Description | Fix Version | Additional Information |
|---|---|---|
| Updating a profile gives the wrong status code. | 3.33.3 | |
| JIRA integration - for the basic auth integration, when mandatory keys are missing in the payload,the response should mention which exact keys are missing. | 3.33.3 | |
| JIRA integration - for the oauth1 auth integration, when mandatory keys are missing in the payload,the response should mention which exact keys are missing. | 3.33.3 | |
| JIRA integration - for the oauth2 auth integration, when mandatory keys are missing in the payload,the response should mention which exact keys are missing. | 3.33.3 | |
| Some oauth2 fields are missing when clicking edit for the first time after creation. | ||
| JIRA integration - the API allows the creation of an integration with empty values. | 3.33.3 | |
| JIRA integration - the validation of the auth type during creation and update is missing, which means that the user can create an integration with any authType. | 3.33.3 | |
| JIRA integration - the status code when trying to delete a non-existent integration is shown as 200 instead of 404. | 3.33.3 | |
| JIRA integration - the status code when using an invalid integration name is 200 instead of 404. | 3.33.3 | |
| JIRA integration - the status code when trying to get the issue types with an invalid integration name and ticketing project is 500 instead of 404 (when specifying which parameter is wrong). | 3.33.3 | |
| JIRA integration - the status code when trying to get all Jira projects with an invalid integration name is 500 instead of 404. | 3.33.3 | |
| JIRA integration - the status code when trying to get all labels with an invalid integration name is 500 instead of 404. | ||
| While generating a public key, clicking the eye icon and then clicking copy creates different spacing in the public key compared to the key spacing without clicking the icon. |
3.27.0
| Description | Fix Version | Additional Information |
|---|---|---|
| The scan build times out when the build name contains '/'. | 3.30.2 |
Updated 3 months ago