Skip to content Burger menu icon
Platform logo

The JetBrains Platform Blog

Plugin and extension development for JetBrains products.

Go to Marketplace
Marketplace News

Log4j Vulnerability and Third-party Plugins on JetBrains Marketplace

Jakub Chrzanowski
Jakub Chrzanowski

In the wake of the Remote Code Execution CVE-2021-44228 vulnerability in the popular Java logging library log4j, we have been checking third-party plugins distributed via JetBrains Marketplace.

Because of how many IntelliJ-based plugins there are, we initially used API Watcher to check what plugins and which of their exact versions used anything from log4j. We have temporarily hidden all plugin versions in which we detected any use of log4j. 

We understand that such a check can produce some false positives. But we’d rather play it extra safe and draw the attention of many plugin authors to the potential risks, rather than miss some plugins that have repackaged log4j. 

We performed an additional audit of flagged plugins and have re-listed every plugin version. If you have any issues, please contact us at marketplace@jetbrains.com.

We will continue to scan plugins, both JetBrains and third-party ones, and take all the necessary actions to mitigate log4j vulnerabilities. 

security
Prev post Tips for writing a guest postPlugin Developers Appreciation Day Next post
image description

Discover more

Plugin Spotlight on JetBrains Marketplace

JetBrains Marketplace is a thriving ecosystem where developers can discover plugins that enhance their coding experience and implement and share their plugins with others. While many users find plugins through targeted searches, some may not be aware of tools and integrations that extend beyond prog…

Anna Maltceva
Anna Maltceva

Busy Plugin Developers Newsletter – Q1 2024

⭐️ Marketplace updates Revamped Downloads Trend chart We've updated the Downloads Trend chart to assist plugin authors in tracking their plugin's downloads more granularly. With this new feature, you can filter downloads by product to check the plugin’s popularity for each IDE. New Cont…

Anna Maltceva
Anna Maltceva
JetBrains Marketplace updates DSA

JetBrains Marketplace Updates in Light of the Digital Services Act (DSA)

In response to the Digital Services Act (DSA), we've introduced a new policy for reporting inappropriate content and updated our agreements. Learn more about these changes and how they affect users and vendors on our platform.

Elena Kerpeleva
Elena Kerpeleva

Plugin Developers Day 2024: Your Opportunity to Be Featured in Staff Picks

The end of January marks a significant celebration for us – Plugin Developers Day!Inspired by WordPress declaring January 28 as Thank a Plugin Developer Day, we initiated our own celebration to express gratitude to all those who develop plugins for JetBrains products. Thank you for enhancing the fun…

Anna Maltceva
Anna Maltceva