Important Security Notice – Vulnerability allowing permission escalation
Please note that if you a commercial customer of Upsource, you should have already received an email from us in the middle of December. No further action is required if have already seen this email.
During a regular security audit on December 7th, 2018, we discovered a security vulnerability in JetBrains Hub, which provides authorization and authentication services to some of our other products including Upsource and YouTrack. This security vulnerability affected Upsource instances starting from version 2018.2.1013 through version 2018.2.1141 where the issue was fixed.
What information was compromised
This security issue affected all Hub instances and other products that rely on Hub, making it possible for users to elevate the permissions that were available to their own accounts in Upsource and YouTrack.
We don’t have any information to confirm whether access to your Upsource or YouTrack installation was compromised.
What actions we’ve taken
We fixed the issue on December 10th, 2018 and released updated versions of Upsource on December 18th, 2018. We’ve also added automated tests to check for this vulnerability whenever changes are deployed to the code base.
What actions you should take
Please upgrade to the latest build from our website.
While it is possible for you to determine whether your data was compromised, due to the nature of the vulnerability, disclosing how this would be done could affect other Upsource installations.
If you need any further assistance, please contact our Support Engineers.
As of February 1, 2022, we will no longer sell new licenses or renewals for Upsource or Upsource user packs. We will continue to provide technical support and critical security updates until January 31, 2023. After this, no further updates or technical support will be provided. Why we are dis…
What’s New in Upsource 2020.1
This release introduces a variety of improvements related to GitHub and GitLab synchronization as well as some other features. Please read the release highlights for details. (more…)…
Upsource 2019.1.1460 is available!
Upsource 2019.1.1460 is out! Upsource 2019.1 was failing to start on some Linux systems. In this update, we have fixed this critical issue and made some other improvements. We recommend everyone to update to this latest build. Check out the release notes and download the new build. If you hav…
What’s New in Upsource 2019.1
Great news everyone – Upsource 2019.1 is out! We have added a number of features and improved the performance to smooth out your code review process. It also comes bundled with IntelliJ IDEA 2019.1 and Hub 2018.4, and supports servers running Mercurial 4.9 and newer. For more details, read the re…