Security updates require license?

You recently (dec. 19th) sent a mail noting that you had found a security vulnerability in the JetBrains Hub (affected YouTrack instances starting from version 2018.2.10218 through version 2018.3.47965) allowing permission escalation.

However I have just been informed by your support that we cannot upgrade an affected instance, since our license is expired. Do you seriously mean this or was there some sort of misunderstanding? In other words: How do we get the security update you notified us about?

1 comment
Comment actions Permalink
Official comment

Hello,

I'm afraid there is no misunderstanding, the only way to get the security update is upgrading your instance. We do have plans to reconsider our position about this and, possibly, will provide patches for older versions in future. However, this is not possible for now. 

Please let me know if you need any assistance to check if your instance has been affected (please submit a support request for that: https://youtrack-support.jetbrains.com/hc/en-us/requests/new?ticket_form_id=66282, I'll send you the steps). 

Hope it helps. 

Please sign in to leave a comment.