security bulletin

For the last several years, we have published the JetBrains Security Bulletin on our blog and sent emails to Bulletin subscribers quarterly. However, this approach created an unwanted delay between the release of new versions and the publication of information about vulnerabilities. We also receive a lot of questions about vulnerable product versions from our customers.

In the first quarter of 2020, we resolved a number of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)

In the fourth quarter of 2019, we resolved a series of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)

In the third quarter of 2019, we resolved a series of security issues in our products. Here's a summary report that contains a description of each issue and the version in which it was resolved. (more…)

This bulletin summarizes the security vulnerabilities detected in JetBrains products and remediated in the second quarter of 2019. Here's a summary report that comprises the affected product, the description of each issue, its severity, and the product version containing the fix. (more…)

This bulletin summarizes the security vulnerabilities detected in JetBrains products and remediated in the first quarter of 2019. These include issues reported by Jonathan Leitschuh potentially exposing a product user or a project’s infrastructure to man-in-the-middle attacks, namely resolving Gradle, Maven, and sbt project artifacts over an unencrypted connection in various projects; and generating project templates in an IDE causing the above-mentioned issue in a user’s project. We’ve also run extended verification of the secret storage mechanism in our IDEs' settings, and identified