TeamCity Plugins and log4j vulnerability (TW-74298)


Regarding Remote Code Execution vulnerability CVE-2021-44228 and indicates that TeamCity and Kotlin are not affected.

Does this include all JetBrains bundled TeamCity Plugins? And does this include all Plugins that were developed using Kotlin, for example:


Is the latest Team City / Octopus plugin (6.1.8) compatible with TeamCity server version 2018.2.4? We have an older version of the plugin (4.15.10) installed on our TeamCity server and would like to just update to the latest if possible. Appreciate the help


Hi! None of the TeamCity plugins developed by JetBrains, including the non-bundled ones, are affected. As mentioned in TW-74298, some plugins have log4j 2 dependencies, but they are not affected either because of the circumstances described in the linked issue.


Please sign in to leave a comment.