Enhanced Security Available in Helix Core: Details on Recent Security Findings

At Perforce, we are committed to maintaining the highest standards of security for our products and our customers. Recently, we had the opportunity to further strengthen the security of Helix Core, thanks to valuable input from an independent security researcher.  

This experience has not only reinforced our robust security protocols but also provided insights that we are using to improve our testing and release practices. 

Potential Impact 

An independent security researcher identified Denial-of service (DoS) vulnerabilities that could cause the version control system to become inoperative until an administrator manually restarts the service. As a result, this issue has been rated High, with a CVSS score of 8.7.

There is no legal or ransomware exposure, as the vulnerability does not facilitate ransomware attacks on customers or Perforce's internal infrastructure.   

Solution  

Our product development and security teams have addressed the vulnerability and implemented necessary safeguards in Helix Core 2024.2, along with the latest patches available for:

• Helix Core 2024.1
• Helix Core 2023.2  
• Helix Core 2023.1
• Helix Core 2022.2 

If you are a Helix Core user, you can resolve this issue by installing the latest version or patched version (see ‘Earlier Versions’ in the sidebar) available on our download page.

If you are a Helix Core Cloud user, no action is required as the issue has been addressed.