IntelliJ IDEA 2016.1.2b released
Released: May 16, 2016
Updates in this release
Updates in 2016.1.2b
- An important update for all IntelliJ-based IDEs - This update addresses critical security vulnerabilities inside the underlying IntelliJ Platform. The vulnerabilities, in various forms, are also present in older versions of the IDEs; therefore, patches for those are also available.
- Built-in web server vulnerabilities - The cross-site request forgery (CSRF) flaw in the IDE’s built-in webserver allowed an attacker to access local file system from a malicious web page without user consent.
- Internal RPC vulnerabilities - Over-permissive CORS settings allowed attackers to use a malicious website in order to access various internal API endpoints, gain access to data saved by the IDE, and gather various meta-information like IDE version or open a project.