Skip to content Burger menu icon
Security logo

Security
Updates for security issue: IntelliJ-based IDEs 2023.1+ and GitHub Plugin Promo image
newsletter security

Updates for security issue affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin

A new security issue was discovered that affects the JetBrains GitHub plugin on the IntelliJ platform, which could lead to disclosure of access tokens to third-party sites. The issue affects all IntelliJ-based IDEs as of 2023.1 onwards that have the JetBrains GitHub plugin enabled and configured/in-use. 

Read article

Preventing Exploits: JetBrains’ Ethical Approach to Vulnerability Disclosure

Introduction This blog post follows up on the recent TeamCity On-Premises security vulnerabilities notification and the subsequent post that described our timeline for addressing those vulnerabilities. At JetBrains, we adhere to a carefully balanced approach to vulnerability disclosure. We fol…

Daniel Gallo
Daniel Gallo

Insights and Timeline: Our Approach to Addressing the Recently Discovered Vulnerabilities in TeamCity On-Premises

This is a follow-up to the vulnerability announcement we published on March 4, 2024. It’s important that we properly communicate the timeline for fixing the CVE-2024-27198 and CVE-2024-27199 vulnerabilities from JetBrains’ side. All times below are expressed in CET. February 19 6:54 pm –…

Daniel Gallo
Daniel Gallo

JetBrains Has Received Its SOC2 Audit Report

SOC 2 (Service Organization Control II) is a comprehensive audit framework developed by the American Institute of CPAs (AICPA). This framework assesses the controls a service organization has in place in terms of security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type II report evaluates the design and suitability of these controls. This means an external auditor has looked at our systems and processes and confirmed that they are designed in accordance with the SOC2 requirements.

Ilya Pleskunin
Ilya Pleskunin

Security Bulletin Changes

For the last several years, we have published the JetBrains Security Bulletin on our blog and sent emails to Bulletin subscribers quarterly. However, this approach created an unwanted delay between the release of new versions and the publication of information about vulnerabilities. We also receive a lot of questions about vulnerable product versions from our customers.

Ilya Pleskunin
Ilya Pleskunin

SpringShell Vulnerability in JetBrains Products and Services

On March 29, 2022, we became aware of the Remote Code Execution vulnerabilities CVE-2022-22963 and CVE-2022-22965 in several libraries of the Spring Framework, which is commonly used in web applications.

Ilya Pleskunin
Ilya Pleskunin
JetBrains Security Bulletin

JetBrains Security Bulletin Q4 2021

In the fourth quarter of 2021, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)…

Robert Demmer
Robert Demmer

Important Security Update for JetBrains Gateway

On December 27, 2021, we became aware of a security issue that exposes certain JetBrains Remote Development backend IDEs to the networks the server is connected to. This was a result of misconfiguration on our side. The following IDEs were affected: IntelliJ IDEA 2021.3.1 Preview (213.6461.21)…

Hadi Hariri
Hadi Hariri

Log4j vulnerability and JetBrains Products and Services

What happened Similar to the rest of the industry, we became aware on the 10th of December 2021 of the Remote Code Execution vulnerability CVE-2021-44228 in the popular Java logging library log4j (all versions between 2.0 and 2.14.1 are vulnerable). We immediately took action to mitigate any pote…

Hadi Hariri
Hadi Hariri
JetBrains Security Bulletin

JetBrains Security Bulletin Q3 2021

In the third quarter of 2021, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)…

Robert Demmer
Robert Demmer
JetBrains Security Bulletin

JetBrains Security Bulletin Q2 2021

In the second quarter of 2021, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)…

Robert Demmer
Robert Demmer
JetBrains Security Bulletin

JetBrains Security Bulletin Q1 2021

In the fourth quarter of 2020, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved.

Robert Demmer
Robert Demmer
JetBrains Security Bulletin

JetBrains Security Bulletin Q4 2020

In the fourth quarter of 2020, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)…

Robert Demmer
Robert Demmer
Load more