Skip to content Burger menu icon
Hub logo

The Hub Blog

Integration Across Team Collaboration Tools
Get Hub for free
News

Hub update regarding Log4j2 vulnerability

Elena Pishkova
Elena Pishkova

Update from December 21, 2021, 23:00 (GMT +0). To the best of our knowledge, the newly discovered CVE-2021-45105 does not affect YouTrack or Hub.
To address another vulnerability, CVE-2021-45046, we released YouTrack 2021.4.36179 and Hub 2021.1.14108 on December 16, 2021. Please download and install these YouTrack and Hub versions. Follow the issue for more details.
__


This announcement is about a security vulnerability that was found in a third-party library used in JetBrains Hub. 

Administrators of some Hub installations must take further action to secure their instances.

Please read this announcement for a full update on the current situation and immediate action that you must take if you run a Hub installation.


What happened

On December 9, 2021, a security vulnerability was found in a third-party library used in JetBrains Hub. This security vulnerability affects Hub version 2018.1 to version 2021.1.14063 in standalone Hub instances and in Hub bundled with Upsource. 

To secure your Hub installation, please proceed with the steps below.

Actions for Hub administrators

If you use Hub 2017.4 or earlier, you do not need to take any further action.

If you use Hub 2018.1 or later, please take the additional steps below to secure your Hub and follow the instructions further down to subscribe to updates.

What actions you should take

  • If you use Hub 2017.4 or earlier or 2021.1.14080 or later, your installation is already safe and no additional actions are required from your side.
  • If you use Hub from 2018.1 to 2021.1.13389, please secure your installation immediately by: 
  • If you use Hub from 2021.1.13402 to 2021.1.14063, please secure your installation immediately by: 

Alternatively, you can:

  • restart your Hub with the parameter `-Dlog4j2.formatMsgNoLookups=true`. A guide on how to apply a parameter to Hub can be found here (an example for Docker can be found here).

What actions we’ve taken

  • We released a security update for Hub (version 2021.1.14080) on December 13, 2021. Download it here and install it.   

If you need any further assistance, please contact our support or simply comment on this blog post.

Your JetBrains YouTrack & Hub team

Hub News newsletter Release
Prev post Hub Now With Customizable User Profiles
image description

Discover more

Hub Now With Customizable User Profiles

Hub 2021.1 is starting this year off with a new customization feature, which allows users to add custom fields to user profiles. It also adds a set of authentication enhancements, like the ability to specify multiple domains that you can use to log in with Google authentication and PKCE (proof key f…

Anastasia Bartasheva
Anastasia Bartasheva

Hub Adds Organizations

You can read this blog post in other languages:    Hub 2020.1 introduces Organizations, an ability to suggest community translations in-context – right from the user interface, and Swagger support. Please read ahead to learn more. (more…)…

Elena Pishkova
Elena Pishkova

Important Security Notice – Vulnerability allowing permission escalation

Please note that if you are a YouTrack InCloud customer, or a commercial customer of YouTrack Standalone or Upsource, you should have already received an email from us in the middle of December. No further action is required if have already seen this email. (more…)…

Natasha Katson
Natasha Katson

Hub 2018.3 is Released!

Hub 2018.3 introduces a visual redesign, two-factor authentication, global password change requests, and other improvements. (more…)…

Natasha Katson
Natasha Katson