JetBrains Hub application has been impacted by Log4J vulnerability. Hub standalone version needs to be patched immediately to prevent the log4j vulnerability being exploited. If you are using HubStandalone 2017.4 or earlier, then you are not affected whereas if you are using Hub Standalone 2018.1 or later then you might be affected by this vulnerability. Hub administrators may need to upgrade their Hub to latest version to prevent this vulnerability from being exploited
Versions affected: 2018.1 to 2021.4.35732
| Hub Version | Status | Mitigation |
| 2018.1 to 2021.1.13389 | Affected | Upgrade to 2021.1.14080. |
| 2021.1.13402 to 2021.1.14063 | Affected | Upgrade to 2021.1.14080. |
Rest of the Hub versions are not affected according to JetBrains
Though the blog post says by setting up MsgLookup parameter to true, that’s not absolutely true as Log4j has already another version 2.16.0 which disables JNDI altogether. If you are using Hub along with