Skip to main content

2025 Release Notes

This page contains a list of 2025 IQ Server releases, links to each release's release notes, and a brief list of major changes per release.

Summary of Major Changes in 2025

The following table lists major changes in 2025 that should be considered when upgrading to a new version. Select a release for more information. Also be sure to see our release-specific upgrade instructions.

Release

Release Date

Major Changes

190

April 8, 2025

  • Release 190 fixes multiple bugs impacting the 189 release.

  • Data Insights is now Enterprise Reporting with a newly redesigned landing page.

189

April 1, 2025

  • Improved browser tab identification across solutions

  • Policy conditions for derivative AI models

  • Support for scanning LFS files for AI/ML

  • Coordinate constraint supports all formats; this release adds the following formats:

    • Conda

    • Cran

    • Gem

    • Golang

    • NuGet

    • Pub

    • RPM

    • SWID

    • Swift

  • Re-evaluation now uses latest HDS data

  • Display CLI/Plugin version in latest evaluations

  • When merging multiple SBOMs, SBOM manager now merges associated licenses and vulnerabilities for duplicate components

  • New License Override REST API for Advanced Legal Pack customers

  • New Malware Defense Evaluation REST API

  • New Firewall REST API to protect against Namespace Confusion attacks.

  • Swagger now uses malware-defense instead of firewall; this does not impact functionality and 'firewall' will still work

  • UI URL for Firewall uses malware-defense; 'firewall' will not work in the UI URL

  • New Firewall for Artifactory Plugin supporting latest Artifactory versions

  • Firewall Classic sunsetting April 9

188

March 4, 2025

  • API documentation available in the user interface for all IQ-powered solutions (i.e., Lifecycle, Developer, SBOM Manager, Firewall, and Advanced Legal Pack).

  • Update existing waivers with the Policy Waivers REST API.

  • Policy Violations REST API now returns waived, legacy, and auto-waived violations.

  • Report REST API policy violations now returns openTime.

  • Success Metrics Enterprise Dashboard displays remediation status chart.

  • Enhanced Security Risk Analysis Dashboard.

Breaking Changes with JFrog Artifactory 7.104

JFrog Artifactory 7.104 is the latest and is incompatible with the Repository Firewall plugin. JFrog Artifactory has introduced a newer version of groovy-core that is not backward compatible with the version the Repository Firewall plugin is compiled against.

We recommend not upgrading to Artifactory 7.104 as doing so causes an interruption with the Repository Firewall service and exposes you to malware entering the environment.

187

February 4, 2025

Upgrade Impact

After upgrading a Lifecycle instance using a PostgreSQL database from IQ 182 or earlier to IQ 183 or later, you may temporarily see an internal error when accessing the violations dashboard and find a NullPointerException (NPE) in the logs. This is due to an internal job running in the background; the dashboard will load as expected after the job completes. We will improve this experience in a future release.

  • Hugging Face declared and observed license detection

  • View Latest Evaluations option in Lifecycle

  • Improvements to Security Risk Analysis dashboard

  • Specify SBOM application version during import

  • Easily view SBOM release status

  • Support for Python pipfile.lock

  • Branch name displays in Priorities view

  • Sonatype Developer: Auto-waivers for policy violations on components with no path forward

186

January 8, 2025

Upgrade Impact

After upgrading a Lifecycle instance using a PostgreSQL database from IQ 182 or earlier to IQ 183 or later, you may temporarily see an internal error when accessing the violations dashboard and find a NullPointerException (NPE) in the logs. This is due to an internal job running in the background; the dashboard will load as expected after the job completes. We will improve this experience in a future release.

  • Lifecycle Changes

    • Lifecycle dashboard performance improvements (includes UI changes)

      • Total count no longer displays on each tab

      • Removed sorting by component name

      • Applications filter displays up to 500 apps with type-ahead filter to refine list

      • Pagination change to only include back/forward buttons within page numbers to select

    • Easier onboarding with automatic role assignment

    • Waiver reasons in API responses for the Applicable Waivers, Similar Waivers, Component Waivers, and Stale Waivers REST APIs as well as the UI

    • Dependency tree visualization for Cargo

    • Improved matching process for SBOM scans (impacts Lifecycle and SBOM Manager)

    • New AI Model Usage Data Insight

  • Sonatype Developer Changes

    • All integrations now listed on homepage tabs

    • Avoid recommending milestone versions

  • SBOM Manager Changes

    • Sort components by name on BOM page

    • Leverage Sonatype Container Security for SBOM Manager container scans

    • Policy violations visible in UI

    • Skip validation support for CycloneDX and SPDX

    • Search by license

    • Original binary filename visible in BOM page

    • Improved matching process for SBOM scans (impacts Lifecycle and SBOM Manager)

  • Repository Firewall Changes

    • Access Firewall via Solution Switcher

  • Notable Integrations Changes

    • IQ CLI is now a standalone solution (i.e., IQ CLI 2.0), which means it is a separate download and is no longer included in the bundled IQ download

    • IQ CLI 2.0 supports Python pipfile.lock

    • IQ CLI 2.0 dependency tree visualization for Cargo

  • This release fixes an issue in release 185 that could cause deadlocking to occur under heavy usage causing the application to become unresponsive.