Monitor third-party dependencies for vulnerabilities

In addition to addressing security vulnerabilities in its own software, Perforce monitors third-party dependencies for security vulnerabilities to help address issues on a timely basis. Perforce also monitors end-of-life schedules for third-party dependencies to help ensure currency. For a list of third-party software used in JRebel, see the 3rd-party-licenses-jrebel.txt file in the JRebel package.

Perforce publishes a common vulnerabilities and exposures (CVE) list for vulnerabilities found in Perforce-maintained code and components. These CVEs apply only to Perforce products and do not include vulnerabilities in third-party software that is not maintained by Perforce.

To help avoid security issues, ensure that your Perforce software is current. For information about current releases, see JRebel End of Life (EOL) Schedule.