Hub
Integration Across Team Collaboration Tools
Hub update regarding Log4j2 vulnerability
Update from December 21, 2021, 23:00 (GMT +0). To the best of our knowledge, the newly discovered CVE-2021-45105 does not affect YouTrack or Hub.
To address another vulnerability, CVE-2021-45046, we released YouTrack 2021.4.36179 and Hub 2021.1.14108 on December 16, 2021. Please download and install these YouTrack and Hub versions. Follow the issue for more details.
__
This announcement is about a security vulnerability that was found in a third-party library used in JetBrains Hub.
Administrators of some Hub installations must take further action to secure their instances.
Please read this announcement for a full update on the current situation and immediate action that you must take if you run a Hub installation.
What happened
On December 9, 2021, a security vulnerability was found in a third-party library used in JetBrains Hub. This security vulnerability affects Hub version 2018.1 to version 2021.1.14063 in standalone Hub instances and in Hub bundled with Upsource.
To secure your Hub installation, please proceed with the steps below.
Actions for Hub administrators
If you use Hub 2017.4 or earlier, you do not need to take any further action.
If you use Hub 2018.1 or later, please take the additional steps below to secure your Hub and follow the instructions further down to subscribe to updates.
What actions you should take
- If you use Hub 2017.4 or earlier or 2021.1.14080 or later, your installation is already safe and no additional actions are required from your side.
- If you use Hub from 2018.1 to 2021.1.13389, please secure your installation immediately by:
- upgrading Hub to version 2021.1.14080.
- upgrading Hub to version 2021.1.14080.
- If you use Hub from 2021.1.13402 to 2021.1.14063, please secure your installation immediately by:
- upgrading Hub to version 2021.1.14080.
Alternatively, you can:
- restart your Hub with the parameter `-Dlog4j2.formatMsgNoLookups=true`. A guide on how to apply a parameter to Hub can be found here (an example for Docker can be found here).
What actions we’ve taken
- We released a security update for Hub (version 2021.1.14080) on December 13, 2021. Download it here and install it.
If you need any further assistance, please contact our support or simply comment on this blog post.
Your JetBrains YouTrack & Hub team