Welcome to the JFrog Blog

Latest:

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

December 18, 2024 Ben Gross, Security Researcher Yair Mizrahi, JFrog Security Research Team Leader

12 min read

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability - CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will…

Read More

All Blogs

JFrog Cloud: Architected for Performance at Scale

JFrog Cloud: Architected for Performance at Scale

December 10, 2024 Eldad Assis, Principal DevOps Architect, JFrog | 7 min read

Petabytes of monthly data transfer. Thousands of concurrent requests per customer. Hundreds of thousands of requests per minute per customer. The JFrog Platform is a mission critical piece of software development and delivery infrastructure for companies that require performance at scale. When you’re supporting thousands of developers, even a minute of downtime or delay can…
Read More
Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats

Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats

December 4, 2024 Shachar Menashe, JFrog VP Security Research Or Peles, JFrog Vulnerability Research Team Leader Ori Hollander, JFrog Security Researcher Uriya Yavnieli, JFrog Security Researcher | 15 min read

In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive…
Read More
Breaking Silos: Unifying DevOps and MLOps into a Cohesive Software Supply Chain – Part 2

Breaking Silos: Unifying DevOps and MLOps into a Cohesive Software Supply Chain – Part 2

December 19, 2024 Yuval Fernbach, JFrog VP and CTO MLOps | 12 min read

In this blog series, we will explore the importance of merging DevOps best practices with MLOps to bridge this gap, enhance an enterprise's competitive edge, and improve decision-making through data-driven insights. Part one discussed the challenges of separate DevOps and MLOps pipelines and outlined a case for integration. In this second of three blogs, we’ll…
Read More
Breaking Silos: Unifying DevOps and MLOps into a Cohesive Software Supply Chain – Part 1

Breaking Silos: Unifying DevOps and MLOps into a Cohesive Software Supply Chain – Part 1

December 4, 2024 Yuval Fernbach, JFrog VP and CTO MLOps | 10 min read

As businesses realized the potential of artificial intelligence (AI), the race began to incorporate machine learning operations (MLOps) into their commercial strategies. But the integration of machine learning (ML) into the real world proved challenging, and the vast gap between development and deployment was made clear. In fact, research from Gartner tells us 85% of…
Read More
Gain Clarity on Cloud Usage with Enhanced Monitoring from MyJFrog

Gain Clarity on Cloud Usage with Enhanced Monitoring from MyJFrog

November 20, 2024 The JFrog Team | 5 min read

We can all agree that visibility into resource usage is crucial for optimizing performance and managing costs to drive your business — especially in today’s cloud-driven world. MyJFrog is a comprehensive management portal for overseeing JFrog cloud platform instances and subscriptions. It provides a centralized control tower to manage and monitor subscriptions, resources, and usage.…
Read More
CVE-2024-10524 Wget Zero Day Vulnerability

CVE-2024-10524 Wget Zero Day Vulnerability

November 18, 2024 Goni Golan, Junior Security Researcher, JFrog Security | 8 min read

While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks - including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it…
Read More
Machine Learning Bug Bonanza – Exploiting ML Services

Machine Learning Bug Bonanza – Exploiting ML Services

November 4, 2024 Shachar Menashe, JFrog VP Security Research Or Peles, JFrog Vulnerability Research Team Leader Natan Nehorai, JFrog Application Security Researcher Ori Hollander, JFrog Security Researcher Uriya Yavnieli, JFrog Security Researcher | 18 min read

JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered…
Read More
New and Improved: The JFrog Packages User Experience

New and Improved: The JFrog Packages User Experience

October 31, 2024 Brian Chang, Product Marketing Manager, JFrog Adam Browning, Sr. Product Manager, JFrog | 4 min read

I think we can all agree that, in general, different users have different needs. For instance, we’ve found that developers generally use Artifactory to find, select, and then install packages into their development environment, while administrators tend to use Artifactory for troubleshooting, confirming package operations, and other related analyses. That’s why currently, developers and administrators…
Read More
Elevating DevSecOps: JFrog and GitHub’s Unified Platform Experience Deepens

Elevating DevSecOps: JFrog and GitHub’s Unified Platform Experience Deepens

October 29, 2024 Kristian Taernhed, Senior Technical Alliance Manager | 6 min read

GitHub Copilot Autofix + JFrog: Seamless Security for Developers Developers are expected to write new and more complex code to create leading-edge features in new software releases at a relenting pace. To do this they are looking for help from AI assistants like GitHub Copilot to help write better code, faster. They want to write,…
Read More
swampUP Recap: “EveryOps” is Trending as a Software Development Requirement

swampUP Recap: “EveryOps” is Trending as a Software Development Requirement

October 23, 2024 The JFrog Team | 6 min read

swampUP 2024, the annual JFrog DevOps Conference, was unique in it’s addressing not only more familiar DevOps and DevSecOps issues, but adding specific operational challenges, stemming from the explosive growth of GenAI and the resulting need for specialized capabilities for handling AI models and datasets, while supporting new personae such as AI/ML engineers, data scientists…
Read More

Popular Tags