TeamCity Plugins and log4j vulnerability (TW-74298)

Answered

Created December 14, 2021 18:31

Regarding Remote Code Execution vulnerability CVE-2021-44228 and https://youtrack.jetbrains.com/issue/TW-74298:

https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ indicates that TeamCity and Kotlin are not affected.

Does this include all JetBrains bundled TeamCity Plugins? And does this include all Plugins that were developed using Kotlin, for example: https://github.com/jonnyzzz/TeamCity.Node

2 comments

Jdietrich

Created December 15, 2021 21:37

Is the latest Team City / Octopus plugin (6.1.8) compatible with TeamCity server version 2018.2.4? We have an older version of the plugin (4.15.10) installed on our TeamCity server and would like to just update to the latest if possible. Appreciate the help

Anatoly Cherenkov

Created December 16, 2021 15:28

Hi! None of the TeamCity plugins developed by JetBrains, including the non-bundled ones, are affected. As mentioned in TW-74298, some plugins have log4j 2 dependencies, but they are not affected either because of the circumstances described in the linked issue.

Please sign in to leave a comment.