Monitor third-party dependencies for vulnerabilities

In addition to addressing security vulnerabilities in its own software, Perforce monitors third-party dependencies for security vulnerabilities to help address issues on a timely basis. Perforce also monitors end-of-life schedules for third-party dependencies to help ensure currency. You can retrieve a list of the third-party software licenses that P4 Server uses by running the p4 help legal command.

Information about Common Vulnerabilities and Exposures (CVE) can be found on the Helix Core CVEs dashboard, and details about CVE fixes are announced in the product Release notes. The Perforce CVE list includes only zero-day CVEs. These are CVEs that directly impact the Perforce products for which CVE data is published.

If a Software Bill of Materials (SBOM) containing more information about the third-party software is required, contact the Perforce Security team at security@perforce.com.

To help avoid security issues, ensure that your Perforce software is current. For a list of currently supported releases, see P4 End of Life (EOL) Schedule.