Monitor third-party dependencies for vulnerabilities

In addition to addressing security vulnerabilities in its own software, Perforce monitors third-party dependencies for security vulnerabilities to help address issues on a timely basis. Perforce also monitors end-of-life schedules for third-party dependencies to help ensure currency. For a list of third-party software used in JRebel, see the 3rd-party-licenses-jrebel.txt file in the JRebel package.

Perforce provides a common vulnerabilities and exposures (CVE) list. The Perforce CVE list includes only zero-day CVEs. These are CVEs that directly impact the Perforce products for which CVE data is published.

To help avoid security issues, ensure that your Perforce software is current. For information about current releases, see JRebel End of Life (EOL) Schedule.