The following is a list of CVEs that impact JFrog Distribution.
CVE | Severity | Distribution Fix Version | Fix Description |
---|---|---|---|
Medium | 2.26.1 | Upgraded Bouncy Castle to a fixed version because of an issue discovered in Java Cryptography APIs. | |
Medium | 2.26.1 | Upgraded Bouncy Castle to a fixed version because of an issue discovered in Java TLS API and JSSE Provider. | |
Medium | 2.26.1 | Upgraded Bouncy. Castle to a fixed version because of an issue discovered in ECCurve.java and ECCurve.cs. | |
High | 2.24.0 | Upgraded Spring Framework to a fixed version. | |
Critical | 2.23.0 | Upgraded pgjdbc to a fixed version. | |
High | 2.23.0 | Upgraded Spring Framework to a fixed version. | |
High | 2.23.0 | Upgraded UriComponentsBuilder to a fixed version. | |
Medium | 2.23.0 | Upgraded Apache Commons Compress to a fixed version. | |
Medium | 2.23.0 | Upgraded IPAddress to a fixed version. | |
High | 2.22.1 | Upgraded Traefik to a fixed version. | |
High | 2.22.1 | Upgraded Apache Tomcat to a fixed version. | |
High | 2.22.1 | Upgraded logback to a fixed version. | |
High | 2.21.3 | Upgraded the Hot Rod client to a fixed version. | |
Medium | 2.21.3 | Upgraded jackson-databind to a fixed version. | |
Medium | 2.21.3 | Upgraded Apache Tomcat to a fixed version. | |
Medium | 2.21.3 | Upgraded Spring Framework to a fixed version. | |
Medium | 2.19.1 | Upgraded sanitize-url to a fixed version. |