Microsoft rolled out a hotfix for Visual Studio Code 1.67. The 1.67.1 update fixes a remote execution vulnerability.

Details on the vulnerability are scarce. The threat was labelled as CVE-2022-30129 and allowed hackers to exploit Visual Studio Code 1.67 for remote code execution. There’s no evidence of the vulnerability being exploited by cybercriminals. The threat was resolved with Visual Studio Code 1.67.1, which is available on GitHub.

Visual Studio Code 1.67

1.67 was released in April 2022 and added a set of improvements to the Test Explorer, Git Productivity tool, Profiler tool, Quick Actions, JavaScript and Debugger. This version of Visual Studio Code has become a highly wanted IDE globally. A recent survey by StackOverflow estimated that 71 percent of respondents use this editor, doubling the second-placed Visual Studio version’s usage.

1.67 has become an enormous project. Some of the minor changes make a huge impact, which is the case with bracket pair colourization. This feature was initially an extension, becoming a part of Visual Studio Code 1.67 and greatly improving performance.

Code in curly brace language — including Java, JavaScript C#, and C — can be quite complex to correct or navigate. Moreover, unintentionally deleting a curly brace can result in the editor resolving several errors. Bracket pair colourization is an excellent solution and highly effective for untangling lengthy code lines with brackets.

Additionally, the release brings significant improvements through Markdown editing. Authors can easily create and design links to files by dragging and dropping from web browsers. Another new feature finds all references applicable for links, headers, URLs, and files. This feature allows users to rename link destinations such as headers, files, and references links while automatically updating and editing any linked files. It has become much easier to edit large documents without breaking links.

Profiles, Java and Python

One of the more strategic improvements is the ability to import and export setting profiles. Profiles include installed extensions and UI customizations. While this feature doesn’t include every setting, it’s extensive enough to provide students and colleagues with a pre-configured setup.

Furthermore, Java developers can greatly benefit from this version through a debugger feature that accedes value recovery. The team also updated Python support with the Black Python code formatter, which the authors refer to as “uncompromising” because “you agree to cede control over the minutia of hand-formatting.”

Tip: Microsoft issues major update to the PowerShell extension for VS code