ReSharper Ultimate 2018.1.3 and Rider 2018.1.3 are out!
ReSharper Ultimate 2018.1.3 and Rider 2018.1.3 are out!
At JetBrains, we take security vulnerabilities seriously. This is why we’ve just published a new bugfix update for ReSharper Ultimate 2018.1.3 and Rider 2018.1.3.
These updates are here to deliver the hotfix for the Zip Slip vulnerability, which was found in several third-party tools used both by ReSharper Ultimate and Rider. Here is a summary of the changes we’ve made in our codebase to prevent such issues:
- Rider has been updated: added checks for path traversal.
- DotNetZip has been updated to version 1.11.0, which already has the fix.
- SharpZipLib has been updated to include checks for path traversal.
In addition, ReSharper 2018.1.3 fixes TLS web exception, which could be thrown while looking for updates via ReSharper | Help | Check for updates in case of invalid custom IE proxy settings on a machine.
We suggest you grab this bugfix update soon:
ReSharper Ultimate 2018.1.3: download the installer from our site or run ReSharper | Help | Check for updates.
Rider 2018.1.3: download the installer from our site or via JetBrains Toolbox app, or run Help | Check for updates.
ST says:
July 8, 2018Oh, I didn’t notice that Name will be displayed.
Please delete my previous post, please.
And please update the what’s new page.
Regards,
Alexander Kurakin says:
July 9, 2018@ST What exactly do you want to see on Whats New page? What’s New page shows new features we implemented in a release, so right now it contains all of them.
ahdung says:
July 9, 2018do you have a changelog page?
Alexander Kurakin says:
July 9, 2018Do you need it for this bugfix update?
Steinar Herland says:
July 9, 2018Are you saying that you don’t have a page listing changes in all your release?
Alexander Kurakin says:
July 9, 2018@Steinar we do not have a single page for all releases where we place lists of changes. Instead, we always prepare a blog post for every release, like for R# Ultimate 2018.1 https://blog.jetbrains.com/dotnet/2018/04/16/resharper-ultimate-2018-1-available-download/, which contains all noticeable changes we’ve made in the release. Additionally, it has a link to our public bug-tracker which will show you a list of requests, in the example above, you may find the link in “based on more than 260 requests” sentence.
Scott Ferguson says:
July 12, 2018This seems like a pretty dismissive reply.
I am also curious to read the change log. I’m battling with some crippling R# bugs and I was curious to read the release notes to see if they were likely resolved in this release.
I’m already burned because I am experiencing bugs in 2018.1.2 that my colleagues aren’t seeing in older versions.
Alexander Kurakin says:
July 12, 2018@Scott, I am sorry to hear you considered my reply as dismissive. I just wanted to say that every release blog post has a link with the YouTrack search query, which shows all issues we’ve fixed in the release. Is it not enough to see what has been done there?
csrowell says:
July 13, 2018I’ll second the “I’m already burned because I am experiencing bugs in 2018.1.2 that my colleagues aren’t seeing in older versions.” comment. I don’t see the YouTrack search query link in this post, but I may be overlooking it.
Alexander Kurakin says:
July 13, 2018@csrowell This post does not have a link to YouTrack since only two issues have been fixed and all of them are mentioned in the blog post. If a number of fixed issues is more than are listed in the post, we create a YouTrack search query and post it.