This bulletin summarizes the security vulnerabilities detected in JetBrains products and remediated in the first quarter of 2019.
These include issues reported by Jonathan Leitschuh potentially exposing a product user or a project’s infrastructure to man-in-the-middle attacks, namely
resolving Gradle, Maven, and sbt project artifacts over an unencrypted connection in various projects; and
generating project templates in an IDE causing the above-mentioned issue in a user’s project.
We’ve also run extended verification of the secret storage mechanism in our IDEs' settings, and identified