Illuminated Cloud 2 and the log4j security vulnerability
Last week, a quite worrisome security vulnerability was reported in a widely used open source Java logging library, log4j. Given that both Illuminated Cloud 2 and its supported host JetBrains IDEs are executed in a Java Runtime Environment, I wanted to provide information about Illuminated Cloud 2 with regard to this specific vulnerability.
Illuminated Cloud 2 uses its host JetBrains IDE for all logging, and JetBrains has already released their own statement about their products. The short version is that as long as you're using a 2021.1 or higher version of the host JetBrains IDE—and the latest published versions of Illuminated Cloud 2 only support those versions anyway—this vulnerability is not present. If you are not on 2021.1 or higher, please update immediately to the latest versions of both the host JetBrains IDE and the Illuminated Cloud 2 plugin.
Illuminated Cloud 2 also provides a small set of external services, e.g., self-service license key activation management, offline license (de)activation, etc., and those services have also been verified not to be susceptible to this vulnerability.
If you have other concerns or specific questions, don't hesitate to reach out and I'll be happy to address them.