Welcome to the JFrog Blog

Latest:

A Vulnerable Future: MITRE’s Close Call in CVE Management

April 23, 2025 Ofri Ouzan, JFrog Security Researcher Jonathan Sar Shalom, JFrog Director of Threat Research

16 min read

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced:  “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE…

Read More

All Blogs

JFrog’s Journey with AWS Graviton

JFrog’s Journey with AWS Graviton

April 25, 2025 Shiran Melamed, DevOps Group Leader | 6 min read

Every business strives to optimize operational costs and efficiency. In the DevOps world, where cloud-scale operations are the norm, this becomes even more critical. At JFrog, while delivering a robust and highly scalable SaaS solution to our customers, we are equally focused on optimizing operational costs and maximizing infrastructure efficiency. Our recent transition to AWS…
Read More
Now Available: Smart Archiving with the JFrog Platform

Now Available: Smart Archiving with the JFrog Platform

April 23, 2025 Sean Pratt, Senior Manager, Product Marketing, JFrog | 5 min read

Every day development teams around the world release new software. But what happens to prior releases that are no longer in production? Most organizations save them, typically due to internal policies, external regulations, or simply the fear of losing data. Organizations typically take varied approaches to retaining their prior releases. Some use a dedicated repository…
Read More
Introducing Support for Chocolatey and PowerShell Packages

Introducing Support for Chocolatey and PowerShell Packages

April 22, 2025 Brian Chang, Product Marketing Manager Adam Browning, Senior Product Manager | 3 min read

In February, we announced our support for Hex packages, which further solidified the JFrog Platform as the most universal package management solution. We’re excited to announce we’re continuing to build on our universality with our new official support of Chocolatey and PowerShell, which allows both technologies to be used with our NuGet repositories in JFrog…
Read More
Malicious PyPI Package Hijacks MEXC Orders, Steals Crypto Tokens

Malicious PyPI Package Hijacks MEXC Orders, Steals Crypto Tokens

April 15, 2025 Guy Korolevski, JFrog Security Researcher | 10 min read

The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential supply chain security threats, our research team reports any malicious packages that were discovered to the repository’s maintainers in order to have them removed. This blog provides an analysis of…
Read More
Building a Software Data Retention Strategy and Why You Need One

Building a Software Data Retention Strategy and Why You Need One

April 3, 2025 Sean Pratt, Senior Manager, Product Marketing, JFrog | 7 min read

Every day, your developers are pushing software. Some of that software will make it to production, but many of those incremental builds will not. While you shouldn’t remove those incremental builds and old release versions haphazardly, if left unchecked, they can clog up your software repositories as well as the workflows and systems they serve.…
Read More
Live Panel Recap: Women in DevOps 2025

Live Panel Recap: Women in DevOps 2025

March 26, 2025 The JFrog Team | 4 min read

In a LinkedIn Live panel discussion hosted by Melissa McKay, Head of Developer Relations at JFrog, thought leaders from NVIDIA, GitHub, and JFrog came together to discuss the transformative power of AI in modern software development. This session delved into three key topics: the integration of AI in the software development lifecycle (SDLC), strategies for…
Read More
CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know

CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know

March 24, 2025 Yoav Saporta, JFrog Security Researcher Yair Mizrahi, JFrog Security Research Team Leader | 10 min read

On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability - CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases - exploitation of the vulnerability can also lead to cache poisoning and denial of service. Which versions of Next.js are affected? Next.js 15.x - from version 15.0.0…
Read More
Conan Launches C/C++ Audit Functionality

Conan Launches C/C++ Audit Functionality

March 19, 2025 Diego Rodriguez-Losada Gonzalez, JFrog Lead Architect | 6 min read

Overview Conan is a leading software package manager for C/C++ development environments. As an open source multi-platform package manager, it is used to create, manage and share native binaries and their dependencies based on C/C++ code. C/C++ is often the preferred language for developing embedded systems, mobile platforms, and real-time applications due to its low-level…
Read More

Popular Tags