ReSharper Ultimate 2018.1.3 and Rider 2018.1.3 are out!
These updates are here to deliver the hotfix for the Zip Slip vulnerability, which was found in several third-party tools used both by ReSharper Ultimate and Rider. Here is a summary of the changes we’ve made in our codebase to prevent such issues:
- Rider has been updated: added checks for path traversal.
- DotNetZip has been updated to version 1.11.0, which already has the fix.
- SharpZipLib has been updated to include checks for path traversal.
In addition, ReSharper 2018.1.3 fixes TLS web exception, which could be thrown while looking for updates via ReSharper | Help | Check for updates in case of invalid custom IE proxy settings on a machine.
We suggest you grab this bugfix update soon:
ReSharper Ultimate 2018.1.3: download the installer from our site or run ReSharper | Help | Check for updates.
Rider 2018.1.3: download the installer from our site or via JetBrains Toolbox app, or run Help | Check for updates.