Monitor third-party dependencies for vulnerabilities

In addition to addressing security vulnerabilities in its own software, Perforce monitors third-party dependencies for security vulnerabilities to help address issues on a timely basis. Perforce also monitors end-of-life schedules for third-party dependencies to help ensure currency.

Perforce publishes a common vulnerabilities and exposures (CVE) list for vulnerabilities found in Perforce-maintained code and components. These CVEs apply only to Perforce products and do not include vulnerabilities in third-party software that is not maintained by Perforce.

You can filter the common list to view CVEs specific to P4 Code Review: Security CVEs P4 Code Review. For details about CVE fixes, see the product release notes.

If a Software Bill of Materials (SBOM) containing more information about the third-party software is required, contact the Perforce Security team at security@perforce.com.

To help avoid security issues, ensure that your Perforce software is current. You can find information about the latest releases in What’s new in P4 Code Review.