Log4j Vulnerability and Third-party Plugins on JetBrains Marketplace
In the wake of the Remote Code Execution CVE-2021-44228 vulnerability in the popular Java logging library log4j, we have been checking third-party plugins distributed via JetBrains Marketplace.
Because of how many IntelliJ-based plugins there are, we initially used API Watcher to check what plugins and which of their exact versions used anything from log4j. We have temporarily hidden all plugin versions in which we detected any use of log4j.
We understand that such a check can produce some false positives. But we’d rather play it extra safe and draw the attention of many plugin authors to the potential risks, rather than miss some plugins that have repackaged log4j.
We performed an additional audit of flagged plugins and have re-listed every plugin version. If you have any issues, please contact us at firstname.lastname@example.org.
We will continue to scan plugins, both JetBrains and third-party ones, and take all the necessary actions to mitigate log4j vulnerabilities.
Subscribe to Blog updates
Plugin Developers Day 2024: Your Opportunity to Be Featured in Staff Picks
The end of January marks a significant celebration for us – Plugin Developers Day!Inspired by WordPress declaring January 28 as Thank a Plugin Developer Day, we initiated our own celebration to express gratitude to all those who develop plugins for JetBrains products. Thank you for enhancing the fun…
JetBrains Marketplace Highlights of 2023: Major Updates & Community News
Discover a brief overview of JetBrains Marketplace major updates throughout the past year in this blogpost.
Busy Plugin Developers Newsletter – Fall 2023
Read this blog post to discover what has come to JetBrains Marketplace this Fall!
Webinar Recording: Uploading a Plugin to JetBrains Marketplace
The recording of the latest episode of the Busy Plugin Developers webinar is now available on JetBrains TV. In this webinar, Natalia Melnikova from the JetBrains Marketplace team provided valuable insights into the plugin upload process. As a seasoned member of the team, she shed some light on th…