Skip to content

Log4j impacts JetBrains Youtrack | Mitigation

JetBrains Youtrack application has been impacted by Log4J vulnerability. And Youtrack incloud has been already patched so no exploitations can occur whereas Youtrack standalone version needs to be patched immediately to prevent the log4j vulnerability being exploited. if you are using YouTrack Standalone 2017.4 or earlier, then you are not affected whereas if you are using YouTrack Standalone 2018.1 or later then you might be affected by this vulnerability.

Versions affected: 2018.1 to 2021.4.35732 

Steps to be taken for Mitigation:

Youtrack versionStatusMitigation
2018.1 to 2021.2AffectedUpgrade to 2021.4.35372. 
2021.3 to 2021.4.35732AffectedUpgrade to 2021.4.35970
2018.1 to 2021.2 with External HubAffectedUpgrade to 2021.4.35970,


Though the above blog posts says this can be mitigated by setting up Dlog4j2.formatMsgNoLookups to true. It seems this is not true as the vulnerability can be still exploited even if it’s not set to true. There might be further updates as log4j 2.16.0 has been already released.