ReSharper Ultimate 2018.1.3 and Rider 2018.1.3 are out!
At JetBrains, we take security vulnerabilities seriously. This is why we’ve just published a new bugfix update for ReSharper Ultimate 2018.1.3 and Rider 2018.1.3.
These updates are here to deliver the hotfix for the Zip Slip vulnerability, which was found in several third-party tools used both by ReSharper Ultimate and Rider. Here is a summary of the changes we’ve made in our codebase to prevent such issues:
- Rider has been updated: added checks for path traversal.
- DotNetZip has been updated to version 1.11.0, which already has the fix.
- SharpZipLib has been updated to include checks for path traversal.
In addition, ReSharper 2018.1.3 fixes TLS web exception, which could be thrown while looking for updates via ReSharper | Help | Check for updates in case of invalid custom IE proxy settings on a machine.
We suggest you grab this bugfix update soon:
ReSharper Ultimate 2018.1.3: download the installer from our site or run ReSharper | Help | Check for updates.
Rider 2018.1.3: download the installer from our site or via JetBrains Toolbox app, or run Help | Check for updates.
Pingback: The Morning Brew - Chris Alcock » The Morning Brew #2621
Pingback: Dew Drop - July 6, 2018 (#2760) - Morning Dew
Oh, I didn’t notice that Name will be displayed.
Please delete my previous post, please.
And please update the what’s new page.
Regards,
@ST What exactly do you want to see on Whats New page? What’s New page shows new features we implemented in a release, so right now it contains all of them.
do you have a changelog page?
Do you need it for this bugfix update?
Are you saying that you don’t have a page listing changes in all your release?
@Steinar we do not have a single page for all releases where we place lists of changes. Instead, we always prepare a blog post for every release, like for R# Ultimate 2018.1 https://blog.jetbrains.com/dotnet/2018/04/16/resharper-ultimate-2018-1-available-download/, which contains all noticeable changes we’ve made in the release. Additionally, it has a link to our public bug-tracker which will show you a list of requests, in the example above, you may find the link in “based on more than 260 requests” sentence.
This seems like a pretty dismissive reply.
I am also curious to read the change log. I’m battling with some crippling R# bugs and I was curious to read the release notes to see if they were likely resolved in this release.
I’m already burned because I am experiencing bugs in 2018.1.2 that my colleagues aren’t seeing in older versions.
@Scott, I am sorry to hear you considered my reply as dismissive. I just wanted to say that every release blog post has a link with the YouTrack search query, which shows all issues we’ve fixed in the release. Is it not enough to see what has been done there?
I’ll second the “I’m already burned because I am experiencing bugs in 2018.1.2 that my colleagues aren’t seeing in older versions.” comment. I don’t see the YouTrack search query link in this post, but I may be overlooking it.
@csrowell This post does not have a link to YouTrack since only two issues have been fixed and all of them are mentioned in the blog post. If a number of fixed issues is more than are listed in the post, we create a YouTrack search query and post it.