Platform logo

The JetBrains Platform Blog

Plugin and extension development for JetBrains products.

Go to Marketplace
Go to Marketplace

security

Log4j Vulnerability and Third-party Plugins on JetBrains Marketplace

In the wake of the Remote Code Execution CVE-2021-44228 vulnerability in the popular Java logging library log4j, we have been checking third-party plugins distributed via JetBrains Marketplace. Because of how many IntelliJ-based plugins there are, we initially used API Watcher to check what plugins and which of their exact versions used anything from log4j. We have temporarily hidden all plugin versions in which we detected any use of log4j.  We understand that such a check can produce some false positives. But we’d rather play it extra safe and draw the attention of many plugin aut

Jakub Chrzanowski Jakub Chrzanowski

Deprecation Notice: Login/Password Authentication in the plugins.jetbrains.com API Replaced with Token-based Authentication

We would like you to be informed that the login/password authentication method previously available in the https://plugins.jetbrains.com API has been replaced with token-based authentication. This will help improve the security of your plugins. We ask that you switch to the new auth method as soon as possible. The JetBrains Hub authentication policies have changed as we’ve introduced mandatory two-factor authentication. For this reason, the login/password option for publishing your plugins to https://plugins.jetbrains.com via the API will stop working on August 26, 2019. If you are usin

Mikhail Vink Mikhail Vink