couldn't parse JFrog Xray server response: unexpected end of JSON input

[jonesbusy]

Describe the bug

Hi,

For some reason when upgrading from CLI 2.71.5 to 2.72.1, all my audit (mvn, node) started to fail with

scanning maven dependencies failed with error: couldn't parse JFrog Xray server response: unexpected end of JSON input

Not sure if related to the cli-security or xray server.

But the version 3.999.999 look suspicious to me

For what I see on

Prod (3.107.11 and CLI 2.71.5). Work well

/xray/api/v1/system/version

{"xray_version":"3.107.11","xray_revision":"a3c7a4f"}

/xray/api/v1/xsc/system/version

{"xsc_version":"3.999.999","xray_version":"3.999.999"}

PP (3.107.16 and CLI 2.72.2). Currently broken, but works if using CLI 2.71.5

/xray/api/v1/system/version

{"xray_version":"3.107.16","xray_revision":"b91b7a4"}

/xray/api/v1/xsc/system/version

{"xsc_version":"3.999.999","xray_version":"3.999.999"}

Thanks

Current behavior

CF description

Reproduction steps

CF description

Expected behavior

No ussue

JFrog CLI-Security version

1.13.4

JFrog CLI version (if applicable)

2.72.2

Operating system type and version

all

JFrog Xray version

3.107.16

[hadarshjfrog]

Hi @jonesbusy - thanks for reporting this issue.
We will investigate it immediately - as it seems a misconfiguration in the default versions in the latest upgrades (both CLI and Xray).
We'll update ASAP...

[jonesbusy]

Hi,

Any news here ?

I don't see any releases notes on https://jfrog.com/help/r/xray-release-information/xray-release-notes (only 3.107.15)

But the docker-compose link https://jfrog.com/download-jfrog-platform/#xray is pointing to 3.107.16

Thanks!

[hadarshjfrog]

HI @jonesbusy - please see if the usage in your new Xray version is now 3.108 - which should be resolved by now. Let me know if we can close accordingly.

[jonesbusy]

Sure I will test as soon as 3.108 is published on https://jfrog.com/download-jfrog-platform/#xray on the docker-compose installation

[hadarshjfrog]

Hi @jonesbusy - for Self-Hosted we have LTS versions - so we have released a patch (3.107.18) - that addresses this issue.
Please let us know if it's resolved after you upgrade your environment.

[jonesbusy]

Hi,

I confirm after upgrade that audit commands are working again

{"xray_version":"3.107.18","xray_revision":"8329112"}

using Xray: xsc is not available for this server

Which is normal because I don't have advanced security (which contains xsc I guess)

Closing this issue then

Regards,