The latest updates on all JetBrains products and topics
It’s so important to secure your codebase against both seemingly simple and more sophisticated and malicious activity. Find out more with JetBrains Qodana.
Our customers’ safety is our utmost priority. In order to protect our customers from any potential security threats, we’ve rolled out major bug-fix releases for several older versions of TeamCity (versions 2022.04 through 2023.11).
Introduction If you suspect your TeamCity On-Premises server has been compromised through a security vulnerability (such as CVE-2024-27198), and you were unable to patch or upgrade your server prior to the suspected incident, this blog post recommends some of the steps you should take to investig…
Introduction This blog post follows up on the recent TeamCity On-Premises security vulnerabilities notification and the subsequent post that described our timeline for addressing those vulnerabilities. At JetBrains, we adhere to a carefully balanced approach to vulnerability disclosure. We fol…
This is a follow-up to the vulnerability announcement we published on March 4, 2024. It’s important that we properly communicate the timeline for fixing the CVE-2024-27198 and CVE-2024-27199 vulnerabilities from JetBrains’ side. All times below are expressed in CET. February 19 6:54 pm –…
March 5, 2024 update: Please also see this follow-up blog post that describes our insights and timeline for addressing these vulnerabilities. Summary Two additional critical security vulnerabilities have been identified in TeamCity On-Premises. The vulnerabilities were discovered in Februa…
Summary A critical security vulnerability was identified in TeamCity On-Premises (initially discovered and reported by an external security researcher on January 19, 2024). This critical security vulnerability has been assigned the CVE identifier CVE-2024-23917 and presents the weakness CWE-2…
The Qodana team has delivered taint analysis for PHP in the EAP. Now developers can add taint checking to their static analysis to prevent malicious inputs.
The pace of software development is accelerating and the cost of weak code security (vulnerabilities) can be really high. That's why mitigating vulnerability risks is a must for everyday development. For a while now, JetBrains IntelliJ IDEA has featured the Dependency Checker plugin powered by Ch…
In the fourth quarter of 2021, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)…
In the third quarter of 2021, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)…
Recently we published a blog post about a potential security issue caused by ua-parser-js, a dependent package that is used in the popular testing framework Karma, which in turn is the default choice for Kotlin/JS and Kotlin Multiplatform applications targeting JS. In the post, we recommended tha…
