Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
EPEL9 is affected: https://github.com/jfrog/jfrog-cli/blob/v2.78.3/go.mod#L81 has go-jose/v4 4.0.5 This is fixed in github.com/go-jose/go-jose/v4 4.1.4 go-jose dependency is gone in jfrog-cli 2.91.0 and later.
FEDORA-EPEL-2026-b5304cc714 (jfrog-cli-2.98.0-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b5304cc714
FEDORA-EPEL-2026-b5304cc714 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b5304cc714 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2026-b5304cc714 (jfrog-cli-2.98.0-1.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.