JFrog Curation 3.92.7

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

Released: April 1, 2024

Highlights

Support NuGet Packages in JFrog Curation

Added NuGet Gallery public repository for .NET packages support in Curation.

To enable JFrog Curation for the newly supported public repository, configure the URL NuGet Gallery in the Artifactory remote repository of type NuGet and connect it to your Curation service. For more information, see Curation Support Matrix.Curation Support Matrix

New condition template: Package is vulnerable to CVE with CVSS in range {range}

Introduced a new JFrog Curation template for custom conditions regarding packages vulnerable to CVEs within configured CVSS score ranges.

For example: Block packages if vulnerable to a CVE with a CVSS score in the range of 7-8. The template supports an option to block the package only when a newer version of the vulnerable package exists without the CVE (aka fix available).

We recommend you use this option to avoid cases where no newer version with a fix to the CVE exists. This new template is in addition to the existing out-of-the-box JFrog Curation conditions with predefined CVSS score ranges.

New condition template: Package version is immature (with an option to skip if it solves critical CVEs)

Introduced a new JFrog Curation template for custom conditions regarding immature packages, with the ability to skip blocking if the immature package fixes a CVE with a custom CVSS score configured by the user.

For example: Block immature packages if the release date is less than 7 days unless it fixes a Critical CVE (CVSS score above 9).

This new template provides an automated method to skip blocking when a clear high-priority security fix is included.