Monitor third-party dependencies for vulnerabilities

In addition to addressing security vulnerabilities in its own software, Perforce monitors third-party dependencies for security vulnerabilities to help address issues on a timely basis. Perforce also monitors end-of-life schedules for third-party dependencies to help ensure currency.

Perforce provides a common vulnerabilities and exposures (CVE) list. The Perforce CVE list includes only zero-day CVEs. These are CVEs that directly impact the Perforce products for which CVE data is published.

PE consists of a range of proprietary and third-party server and agent components. Each component is tested for compatibility and CVEs as part of release engineering. For list of server and agent components, see Component versions in recent PE releases.

To help avoid security issues, ensure that your PE software is current. For information about the latest PE releases, see the PE release notes.

Patch management

To help maintain the currency and security of your infrastructure, install the latest patches. Follow the instructions in Configuring patch management .

If you have a Puppet Enterprise Advanced license, you can enable Advanced Patching as described in Advanced Patching.