Security Vulnerability Patch in YouTrack 6.5.17031
Please welcome a fresh YouTrack 6.5.17031 update. This minor release is very important, because it contains a fix for the recently discovered vulnerability to XML External Entity (XXE) attack. It affects XML-based REST API, such as user import or command intellisense API. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the YouTrack host machine. This OWASP article explains the vulnerability in details.
We strongly recommend all our stand-alone customers to upgrade to the latest YouTrack 6.5.17031 build. If you’re using the older YouTrack version, please consider settings the following java start parameters to mitigate the attack:
Please note, that parameter values are intentionally left blank. Please refer to the documentation if unsure how to set them.
All the InCloud servers are already upgraded to the latest build.
For more details about the changes made in this build, please check the Release Notes.
The Drive to Develop
– YouTrack JetBrains Team
Subscribe to Blog updates
Thanks, we've got you!
YouTrack Now With Improved Knowledge Base Collaboration
The YouTrack 2023.2 release brings powerful updates to article collaboration in the Knowledge Base, improves the experience of both support teams and customers within helpdesk projects, adds Turkish language support, and supercharges YouTrack’s performance for everyone working with tasks.
Helpdesk Projects Arrive in YouTrack
YouTrack 2023.1 introduces YouTrack Helpdesk, which enables you to streamline your customer support services for both external and internal clients.
YouTrack Now With More Powerful Time Tracking
YouTrack 2022.2 comes with an incredible set of enhancements for your time tracking routines.