security

In the wake of the Remote Code Execution CVE-2021-44228 vulnerability in the popular Java logging library log4j, we have been checking third-party plugins distributed via JetBrains Marketplace. Because of how many IntelliJ-based plugins there are, we initially used API Watcher to check what plugins and which of their exact versions used anything from log4j. We have temporarily hidden all plugin versions in which we detected any use of log4j.  We understand that such a check can produce some false positives. But we’d rather play it extra safe and draw the attention of many plugin aut

We would like you to be informed that the login/password authentication method previously available in the https://plugins.jetbrains.com API has been replaced with token-based authentication. This will help improve the security of your plugins. We ask that you switch to the new auth method as soon as possible. The JetBrains Hub authentication policies have changed as we’ve introduced mandatory two-factor authentication. For this reason, the login/password option for publishing your plugins to https://plugins.jetbrains.com via the API will stop working on August 26, 2019. If you are usin