It is important to remember that the security of your Frank! application is the result of the overall security of the hosting stack (Java, Application Server), Frank!Framework itself, all Java dependencies and your code. As such, it is your responsibility to follow a few important best practices:
-
Keep your application up-to-date with the latest Frank!Framework release. By updating your Frank! to the latest version, you ensure that critical vulnerabilities are already patched and cannot be exploited in your application.
-
Evaluate your dependencies. While Maven provides millions of reusable packages, it is your responsibility to choose trusted 3rd-party libraries. If you use outdated libraries affected by known vulnerabilities or rely on poorly maintained code, your application security could be in jeopardy.
-
Adopt secure coding practices. The first line of defense for your application is your own code. It is highly recommended to adopt secure software development best practices and perform security testing before releasing your application.
| Version | Supported | Security Fixes* | Minimal JRE | Released |
|---|---|---|---|---|
| latest | ✅ | ✅ | Java SE 17 | |
| 8.1.x | ✅ | ✅ | Java SE 17 | Apr 5, 2024 |
| 8.0.x | ✅ | ✅ | Java SE 11 | Dec 23, 2023 |
| 7.9.x | ✴️ | ✅ | Java SE 8 | Dec 14, 2023 |
| 7.8.x | ❌ | ❌ | Java SE 8 | Apr 5, 2023 |
| 7.7.x | ❌ | ❌ | Java SE 8 | Mar 29, 2022 |
| 7.6.x | ❌ | ❌ | Java SE 8 | Aug 3, 2021 |
| 7.5.x | ❌ | ❌ | Java SE 7 | Nov 16, 2020 |
| 7.4.x | ❌ | ❌ | Java SE 7 | Aug 9, 2019 |
| 7.3.x | ❌ | ❌ | Java SE 7 | Jul 11, 2019 |
| 7.2.x | ❌ | ❌ | Java SE 6 | Nov 14, 2018 |
| 7.1.x | ❌ | ❌ | Java SE 6 | Nov 06, 2018 |
| 7.0.x | ❌ | ❌ | Java SE 6 | Jun 1, 2018 |
| < 6.1 | ❌ | ❌ | Java SE 5 | Dec 13, 2016 |
*Please always update to the latest available release. CVE's are solved on a best-effort basis, on versions not older then 1 year after the initial release date (specified in the table above). For more information see our Security monitoring procedure.
The Frank! team and our community take security bugs in the Frank!Framework seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
If you would like to report a vulnerability in one of our products, or have security concerns regarding Frank! software, please email security@frankframework.org and include the word "SECURITY" in the subject line.
In order for us to best respond to your report, please include any of the following:
- Steps to reproduce or proof-of-concept
- Any relevant tools, including versions used
- Tool output