惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
The GitHub Blog
The GitHub Blog
美团技术团队
Know Your Adversary
Know Your Adversary
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Register - Security
The Register - Security
Stack Overflow Blog
Stack Overflow Blog
Attack and Defense Labs
Attack and Defense Labs
G
Google Developers Blog
I
InfoQ
博客园 - 司徒正美
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
J
Java Code Geeks
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
S
Security Affairs
M
MIT News - Artificial intelligence
Simon Willison's Weblog
Simon Willison's Weblog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Tailwind CSS Blog
量子位
Vercel News
Vercel News
月光博客
月光博客
V
Vulnerabilities – Threatpost
N
News and Events Feed by Topic
Hugging Face - Blog
Hugging Face - Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LangChain Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
F
Full Disclosure
The Hacker News
The Hacker News
Hacker News: Ask HN
Hacker News: Ask HN
T
Tor Project blog
A
Arctic Wolf
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Forbes - Security
Forbes - Security
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
B
Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Y
Y Combinator Blog
GbyAI
GbyAI
B
Blog RSS Feed
V
Visual Studio Blog
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs

The JetBrains Blog

Kotlin Turns 15: Celebrate the Kotlin Effect - The JetBrains Blog PhpStorm 2026.2 is Now Out - The JetBrains Blog Key Takeaways From PHPverse 2026 - The JetBrains Blog What's New in IntelliJ IDEA 2026.2 - The JetBrains Blog What’s fixed in IntelliJ IDEA 2026.2 - The JetBrains Blog CLion 2026.2 Is Here - The JetBrains Blog DataGrip 2026.2: AI Agent Skills, MCP Tools and CLI Commands for Data Source Management, Bundled JDBC Drivers, and Improved Session Control - The JetBrains Blog Download WebStorm 2026.2: TypeScript 7 Support, AI, and more GoLand 2026.2 Is Now Available! - The JetBrains Blog Code in Space: Redefining Tech Creation with AI and XR - The JetBrains Blog Rider 2026.2 Release Candidate Is Out! - The JetBrains Blog ReSharper 2026.2 Release Candidate Released! - The JetBrains Blog JetBrains GameDev Days 2026 – Call for Speakers - The JetBrains Blog MPS 2026.1 Has Been Released! - The JetBrains Blog IntelliJ Scala Plugin 2026.2 Is Out! - The JetBrains Blog What's New in ReSharper 2026.2 for VS Code-compatible editors  - The JetBrains Blog Debugging for .NET in VS Code and Cursor: The #1 Requested Feature Is Here - The JetBrains Blog dotInsights | July 2026 - The JetBrains Blog The History of Kodee, Kotlin’s Mascot - The JetBrains Blog JetBrains Academy – June Digest - The JetBrains Blog Introducing the Kotlin Benchmark for AI Coding Agents - The JetBrains Blog Best Object Detection Models for Machine Learning in 2026 - The JetBrains Blog What's Next for TeamCity – CI/CD by JetBrains - The JetBrains Blog The Benchmark Meaning Gap - The JetBrains Blog JetBrains AI for Teams and Organizations: From Fragmented AI Usage to Coordinated Software Development - The JetBrains Blog Java Annotated Monthly – July 2026  - The JetBrains Blog Shift-Left with JetBrains Qodana Natvis Comes to Linux and macOS: Visualize Your C++ Types Without Writing a Single Data Formatter - The JetBrains Blog Speaking to AI Agents like Cavemen Saves 65% of Tokens. We Test. In Conversation With the Golden Kodee Winners - The JetBrains Blog Toolbox App 3.6: Smarter Storage Cleanup, Windows installation diagnostics, and More - The JetBrains Blog IntelliJ IDEA 2026.1.4 Is Out! - The JetBrains Blog TeamCity 2026.1.2 and 2025.11.6 Are Now Available - The JetBrains Blog JetBrains Engineering Hiring Process Guide Kotlin Comes to BlueJ - The JetBrains Blog Improving Embedded Software Quality With Parasoft C/C++test, CLion, and AI - The JetBrains Blog Kodee’s Kotlin Roundup: Kotlin Turns 15, Kotlin 2.4.0, and the Kotlin Toolchain - The JetBrains Blog GitHub Copilot now an Integrated Agent in JetBrains IDEs - The JetBrains Blog JetBrains Air lands on Windows - The JetBrains Blog The Role of Static Code Analysis in Fintech Compliance Kotlin Notebook Sunset - The JetBrains Blog Open-Sourcing the LSP Client API in IntelliJ IDEA 2026.2 - The JetBrains Blog The Dev Containers Story: Introducing EelApi for Plugin Authors - The JetBrains Blog Cursor's $60B Acquisition - Qodana Codex is now the recommended agent in JetBrains IDEs - The JetBrains Blog SSH Connections Are Moving to JetBrains Daemon in the Toolbox App 3.6 EAP - The JetBrains Blog Your AI Agent Keeps Missing The Real Bottleneck. JetBrains Rider Can Fix It Now. - The JetBrains Blog Rust Web Development 2026: The Problems Nobody Talks About Our Research on Membership Inference Attacks and Preventing Privacy Leaks - The JetBrains Blog Explicit Lazy Imports Are Coming to Python 3.15 - The JetBrains Blog Kotlin Toolchain 0.11: The Next Step for Amper - The JetBrains Blog YouTrack Helpdesk Now Includes Customer Groups - The JetBrains Blog How to Win a Hackathon: Notes From the Judging Table - The JetBrains Blog How We Measure the ROI of JetBrains IDEs - The JetBrains Blog AWS Image Builder Plugin for TeamCity - The JetBrains Blog PHP Version Migration | Jetbrains Qodana Bamboo End of Life: How to Prepare and Choose the Right CI/CD Replacement - The JetBrains Blog Structuring IntelliJ Plugins with Optional Content Modules - The JetBrains Blog Qodana Is a Finalist in the 2026 CODiE Awards for Best DevOps Tool - The JetBrains Blog JetBrains Marketplace Ecosystem Security Update: Addressing Malicious Third-Party AI Plugins - The JetBrains Blog Your JetBrains IDE Expertise, Now on LinkedIn - The JetBrains Blog The JetBrains AI Coding Agent moves to general availability Step Rejection Fine-Tuning: Squeezing More Signal from Noisy Agent Trajectories - The JetBrains Blog The Anthropic Debate - The Qodana Blog dotInsights | June 2026 | The .NET Tools Blog Inside JetPride: How JetBrains Employees Built an LGBTQIA+ Community | The Life at JetBrains Blog MPS 2026.1 Release Candidate Arrives | The MPS Blog Best Python AI Frameworks in 2026 | The PyCharm Blog Contribute to the State of PHP Survey | The PhpStorm Blog The Rules of Zero, Three and Five - The Qodana Blog Modern C++ Support in CLion: What’s New | The CLion Blog Agentic AI Governance: Designing for Accountability and Control | The JetBrains AI Blog JetBrains Plugin Developer Conf 2026 – Call for Speakers | The JetBrains Platform Blog Fewer False Positives in RustRover 2026.2|The RustRover Blog Rider 2026.2 EAP 5: Code Quality Checks for Your AI Agents, and More. | The .NET Tools Blog Why Zig Isn’t 1.0 (Yet) | The JetBrains Blog Java Annotated Monthly – June 2026  | The IntelliJ IDEA Blog IntelliJ IDEA 2026.1.3 Is Out! | The IntelliJ IDEA Blog RustRover at RustWeek 2026 | The RustRover Blog WPF Hot Reload Is Here: Edit Your XAML and Watch It Update Live in Rider | The .NET Tools Blog Kotlin 2.4.0 Released | The Kotlin Blog IntelliJ IDEA 2025.3.6 Is Out! | The IntelliJ IDEA Blog Async VFS Content Writes - What Plugin Authors Need to Know | The JetBrains Platform Blog Top Agentic Frameworks for Building Applications 2026 | The PyCharm Blog Toolbox App 3.5: Better Remote Development Observability, More Reliable Enterprise Configuration, and Smoother Everyday Interactions | The Toolbox App Blog Stop Pasting Tokens: OAuth2 Login for JetBrains IDE Plugins | The JetBrains Platform Blog Fix Common TypeScript Issues | The Qodana Blog Mellum2 Goes Open Source: A Fast Model for AI Workflows | The JetBrains AI Blog What Does It Actually Take for an IDE to Understand Rust? Hibernate 7.4 New Features | The IntelliJ IDEA Blog How We Use AlphaEvolve to Make Complex IDE Algorithms Faster | The JetBrains AI Blog JetBrains Academy – May Digest | The JetBrains Academy Blog TeamCity 2026.1.1 Is Now Available | The TeamCity Blog The Upcoming Sunset of DataSpell | The DataSpell Blog Deprecating dotMemory Unit | The .NET Tools Blog Koog 1.0 Is Out: Stable Core, Better Interop, and Multiplatform Observability | The JetBrains AI Blog Introducing the Cloud9 JetStream Theme for JetBrains IDEs | The JetBrains Blog Build a Live Object Detection App for the Reachy Mini With TensorFlow and PyCharm | The PyCharm Blog IntelliJ IDEA 2026.2 EAP Is Open | The IntelliJ IDEA Blog How AI Agents Can Work with TeamCity | The TeamCity Blog
YouTrack Security Update: Upgrade Required for YouTrack Server - The JetBrains Blog
Elena Pishkova · 2026-06-19 · via The JetBrains Blog

Security YouTrack

YouTrack Security Update: Upgrade Required for YouTrack Server

We’re sharing this update to inform YouTrack administrators about several security vulnerabilities that were recently identified and fixed in YouTrack.

For YouTrack Cloud users, this post is purely informational – YouTrack Cloud has already been patched and no action is required. 

For YouTrack Server administrators, we recommend upgrading to one of the fixed versions listed below. Fixed builds are available for supported YouTrack Server versions starting from 2024.2. If your installation is running an earlier version, we recommend upgrading to YouTrack Server 2024.2 or newer. 

We have found no evidence that any of these vulnerabilities were exploited outside of testing environments.

Please read on for the recommended actions.

Recommended action for YouTrack Server administrators

If you are running YouTrack Server, we strongly recommend upgrading to one of the following versions or newer:

2026.1.13757 for 2026.1 installations
2025.3.148033 for 2025.3 installations
2025.2.148048 for 2025.2 installations
2025.1.148120 for 2025.1 installations
2024.3.148430 for 2024.3 installations
2024.2.148429 for 2024.2 installations

If your installation is running a version earlier than 2024.2, we recommend upgrading to YouTrack Server 2024.2 or newer.

You can check your current version under Administration → Server Settings → Global Settings. To see which versions are available with your upgrade and support subscription, visit your JetBrains Account.

To upgrade your YouTrack version 2026.1, download the latest available version from the YouTrack download page, or choose a specific version on the previous versions page. For upgrade instructions, refer to the Installation and Upgrade documentation.

The vulnerabilities

In May 2026, independent researchers and the JetBrains team together identified several critical vulnerabilities via the Coordinated Disclosure Policy and internal security research activities.

As security research evolves through advances in automation and AI-assisted techniques, JetBrains continues to invest in vulnerability discovery, coordinated disclosure initiatives, and collaboration with the security community to help identify and address emerging risks.

Based on our internal investigation, the reports appear to have originated from advanced security research that leveraged AI-assisted testing techniques. The combination of extensive preparation, systematic analysis, and AI-assisted workflows likely enabled researchers to identify vulnerabilities in older areas of the codebase that had not been uncovered through previous security assessments.

The vulnerabilities affect YouTrack versions prior to the fixed releases listed above.

Two of the issues were relevant for YouTrack Cloud:

  • An admin account takeover was possible through authentication token forgery (CVE-2026-56141).
  • It was possible to bypass the email verification flow entirely (CVE-2026-56142).

YouTrack Server was affected by both issues listed above. In addition, an admin account takeover was possible via direct database access (CVE-2026-50242).

Mitigation

After receiving the reports, we patched YouTrack Cloud and prepared fixed builds for supported YouTrack Server versions starting from 2024.2.

We have found no evidence that any of the vulnerabilities were exploited outside of testing environments.

Security bulletin

A complete list of recently fixed security issues is available on the Fixed security issues page on the JetBrains website. You can also subscribe to receive email notifications about fixes in all JetBrains products.

Frequently asked questions

Which versions are affected?

The vulnerabilities affected YouTrack versions prior to the fixed releases listed in this post. Fixed Server builds are available for supported versions starting from 2024.2.

What should I do if my YouTrack Server version is older than 2024.2?

We recommend upgrading to YouTrack Server 2024.2 or newer.

Is YouTrack Cloud affected?

YouTrack Cloud was affected, but all Cloud instances have already been patched. We have found no evidence that any of the vulnerabilities were exploited outside of testing environments. No action is required from Cloud users.

Is YouTrack Server affected?

Yes. YouTrack Server is affected by all three vulnerabilities described in this post. Although we have found no evidence that any of the vulnerabilities were exploited outside of testing environments, we strongly recommend upgrading to a fixed version.

Was my data compromised?

We have found no evidence that any of the vulnerabilities were exploited outside of testing environments.

Support

If you have any questions regarding this issue, please get in touch with the YouTrack Support team.

Your YouTrack team

Subscribe to YouTrack Blog updates