Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Java Vulnerability "/App/atlassian/bitbucket/jre/bin/java 1.8.0_172-b11 Enhanced#"

Nitesh Kumar
Nitesh Kumar July 9, 2021

Hi All,

We are using Bitbucket in private cloud - 

  • Atlassian Bitbucket v5.11.1

And recently received following vulnerability.

"/App/atlassian/bitbucket/jre/bin/java 1.8.0_172-b11 Enhanced#"

CVE ID - CVE-2021-2161, CVE-2021-2163

May you please advise how we can fix this? I will really appreciate any quick response on it.

 

Warm Regards,

Nitesh

Answer
Watch
Like Be the first to like this
946 views

1 answer

1 accepted

1 vote
Answer accepted
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Champion
July 9, 2021

Hi @Nitesh Kumar ,

 

If you want to fix only java vuln, you update the version of JRE. 

via replacement in /App/atlassian/bitbucket/jre/ . (Please, don't forget to make a backup and use the java 8. )

Also, please, be aware you're using quite old version of Bitbucket, I do recommend you to upgrade. 

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-5-11-release-notes-950274914.html

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 9, 2021

Be aware that changing the version of Java under your Bitbucket is not recommended, as Atlassian only supports you running on the Java that was distributed with the version of Bitbucket you're on.

An upgrade will change the java version if the new Bitbucket version uses a later releases, so it's a good idea to go this way, and I completely agree with Gonchik's recommendation to upgrade Bitbucket

Like
Nitesh Kumar
Nitesh Kumar July 12, 2021

@Nic Brough -Adaptavist- @Gonchik Tsymzhitov  thank you both for your quick response and advise.

Like
Nitesh Kumar
Nitesh Kumar July 12, 2021

@Nic Brough -Adaptavist- @Gonchik Tsymzhitov  can you also please suggest if Bitbucket v5.11.1 supports OpenJDK also so that I can use that instead of Oracle Java, and OpenJDK will be updated itself during server patching itself whenever there a patch of that.

Current version in use is::

~]$ /App/atlassian/bitbucket/jre/bin/java -version
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)
Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 12, 2021

See https://confluence.atlassian.com/bitbucketserver0511/install-or-upgrade-bitbucket-server/supported-platforms - it covers that (and a load of other follow up questions you may have)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security