惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

JetBrains News

What’s New in WebStorm 2026.1 What's New in DataSpell 2026.1 TeamCity: the Hassle-Free CI/CD Tool by JetBrains YouTrack: Project management for all your teams PhpStorm: The PHP IDE by JetBrains What's New in PhpStorm 2026.1 What’s New in PyCharm 2026.1 – Rethink How You Build and Scale What’s New in PyCharm 2026.1 – Rethink How You Build and Scale What's New in PhpStorm 2026.1 What's New in PhpStorm 2026.1 What's New in PhpStorm 2026.1 What's New in PhpStorm 2026.1 What's New in PhpStorm 2026.1 AppCode: Smart Swift/Objective-C IDE for iOS & macOS Development AppCode: Smart Swift/Objective-C IDE for iOS & macOS Development What's New in CLion 2026.1 CLion: A cross-platform IDE for C and C++ WebStorm: The JavaScript and TypeScript IDE, by JetBrains Rider: the cross-platform .NET and game development IDE from JetBrains Download ReSharper: Visual Studio Extension for .NET Devs dotMemory: a Memory Profiler & Unit-Testing Framework for .NET by JetBrains Hub: Identity management service for YouTrack and TeamCity Hub: Identity management service for YouTrack and TeamCity What's New in IntelliJ IDEA What's New in ReSharper What's New in DataGrip 2026.1 What's New in Rider What's New in GoLand 2026.1 What’s New in YouTrack 2026.1 JetBrains: Essential tools for software developers and teams What's New in RubyMine 2026.1 Free PyCharm For Students Free PyCharm For Students JetBrains: Essential tools for software developers and teams What's New in TeamCity 2026.1 | TeamCity On-Premises What's New in IntelliJ IDEA JetBrains: Essential tools for software developers and teams Monthly and yearly plans with JetBrains Toolbox Free PyCharm For Students What's New in dotMemory What's New in dotPeek What’s New in YouTrack 2026.1 What's New in RubyMine 2026.1 What's New in ReSharper
Security update for IntelliJ-based IDEs v2016.1 and older versions | The JetBrains Blog
Eugene Toporov · 2016-05-11 · via JetBrains News

FYI

We have just released an important update for all IntelliJ-based IDEs. This update addresses critical security vulnerabilities inside the underlying IntelliJ Platform. The vulnerabilities, in various forms, are also present in older versions of the IDEs; therefore, patches for those are also available.

While we have had no reports of any active attacks against these vulnerabilities, we strongly recommend for all users to install the update as soon as possible.

Please read more on the issues and ways to update below.

Built-in web server vulnerabilities

The cross-site request forgery (CSRF) flaw in the IDE’s built-in webserver allowed an attacker to access local file system from a malicious web page without user consent.

Internal RPC vulnerabilities

Over-permissive CORS settings allowed attackers to use a malicious website in order to access various internal API endpoints, gain access to data saved by the IDE, and gather various meta-information like IDE version or open a project.

Our huge thanks go to Jordan Milne for disclosing these issues and working closely with us and to Android Studio team from Google for perfect collaboration while working on the fixes.

What to do

To install the update simply select ‘Check for Updates’ from inside the IDE or visit www.jetbrains.com to download the most recent version. If you are using a version prior to 2016.1.x, read below for download links.

For more details about the security update and in case of additional questions, refer to the FAQ below.

FAQ

Q: What products / versions are updated?
A: All JetBrains products built on IntelliJ Platform are affected. The table below shows the minimum versions for which an update is released. If you are using the listed version or a higher one, then you need to update.

Product Updates Available as of Version (build number)
AppCode 2.1 (129.772)
CLion 1.0 (141.353)
DataGrip 1.0 (143.1410.7)
IntelliJ IDEA 12.1 (129.161)
MPS 3.0 (129.350)
PhpStorm 6.0 (129.291)
PyCharm 2.7 (125.57)
PyCharm Edu 1.0 (139.280)
Rider Private EAP builds prior to build 144.5342
RubyMine 5.4 (129.241)
WebStorm 6.0 (127.68)

Q: Are earlier versions affected?
A: We are not aware of similar vulnerabilities in older versions. Built-in web server was introduced in December 2012 (branch 129.x), and the above-mentioned and fixed internal RPC vulnerabilities did not exist in older versions. Still, a possibility of vulnerabilities in older versions exists, which is why we recommend upgrading your IDE if it was released more than 3 years ago.

Q: What products are NOT affected?
A: ReSharper, ReSharper C++, dotCover, dotMemory, dotTrace, dotPeek, TeamCity, YouTrack, Upsource and Hub are not affected and do not need this security update.

Q: I need a full download rather than a patch for an earlier version of the IDE. Where can I download it?
A: Check the previous versions page for your product below. All versions published there contain the security update or are not affected by these two specific vulnerabilities.

Q: I’m unable to update to the latest version. Where can I get help?
A: Please contact us about the problems that prevent you from updating.

Q: I’m building an IDE on IntelliJ Platform. What should I do?
A: Make sure to merge the latest changes from the corresponding branch of intellij-community: the “129”, “131”, .. “145” branches for the “129.“, “131.“, … “145.” builds correspondingly and “master” for the “146.” or “162.*” builds.) For details please contact security@jetbrains.com or the partner team at busdev@jetbrains.com for any questions or concerns.

Q: I’m using an IDE built on IntelliJ Platform but not from JetBrains. What should I do?
A: We have been in contact with our partners building on IntelliJ Platform. Updates for Android Studio 1.5.x and 2.x should be available already. Please contact the vendor of the IDE for an update. If you have other questions, please contact us.

Q: I’m developing a plugin for IDEs built on IntelliJ Platform. Does my plugin need update?
A: No, plugins are not affected.

Q: I’d like to be notified about security vulnerabilities in future.
A: You can subscribe to the security bulletin at www.jetbrains.com/security/subscribe.

UPDATE: If you’re running on OS X and the IDE doesn’t start after installing the update, please refer to https://intellij-support.jetbrains.com/hc/en-us/articles/208516145 for workarounds

JetBrains Team
The Drive to Develop

Subscribe to JetBrains Blog updates