The following is a list of CVEs that impact JFrog Distribution.
CVE | Severity | Distribution Fix Version | Fix Description |
|---|---|---|---|
High | 2.29.1 | Upgraded Apache Tomcat to a fixed version. | |
High | 2.29.1 | Upgraded Golang to a fixed version. | |
Medium | 2.29.1 | Upgraded Spring Security to a fixed version. | |
Medium | 2.29.1 | Upgraded logback-core to a fixed version. | |
High | 2.28.1 | Upgraded ag-grid-community and ag-grid-enterprise due to a prototype pollution via the _.mergeDeep function. | |
High | 2.27.2 | Upgraded java_commons to a fixed version. | |
High | 2.27.2 | Upgraded Traefik to a fixed version due to a vulnerability that allows the bypassing of IP allow-lists. | |
Medium | 2.26.1 | Upgraded Bouncy Castle to a fixed version because of an issue discovered in Java Cryptography APIs. | |
Medium | 2.26.1 | Upgraded Bouncy Castle to a fixed version because of an issue discovered in Java TLS API and JSSE Provider. | |
Medium | 2.26.1 | Upgraded Bouncy Castle to a fixed version because of an issue discovered in ECCurve.java and ECCurve.cs. | |
High | 2.24.0 | Upgraded Spring Framework to a fixed version. | |
Critical | 2.23.0 | Upgraded pgjdbc to a fixed version. | |
High | 2.23.0 | Upgraded Spring Framework to a fixed version. | |
High | 2.23.0 | Upgraded UriComponentsBuilder to a fixed version. | |
Medium | 2.23.0 | Upgraded Apache Commons Compress to a fixed version. | |
Medium | 2.23.0 | Upgraded IPAddress to a fixed version. | |
High | 2.22.1 | Upgraded Traefik to a fixed version. | |
High | 2.22.1 | Upgraded Apache Tomcat to a fixed version. | |
High | 2.22.1 | Upgraded logback to a fixed version. | |
High | 2.21.3 | Upgraded the Hot Rod client to a fixed version. | |
Medium | 2.21.3 | Upgraded jackson-databind to a fixed version. | |
Medium | 2.21.3 | Upgraded Apache Tomcat to a fixed version. | |
Medium | 2.21.3 | Upgraded Spring Framework to a fixed version. | |
Medium | 2.19.1 | Upgraded sanitize-url to a fixed version. |