Atlassian Bamboo version 5.9.10 build 5921 RE: security alert - how do I fix?

We (well management did and passed it on to me) have received an email (pasted below) stating that there is a security issue that is critical but the security advisory does not appear to deal with the version we are running (above).  So it looks like we have a downloaded install given that it doesn't seem to have upgraded automatically but I don't see how to upgrade or implement Whitelist as advised as our version doesn't appear to have that option.

I have never overseen an install or upgrade for Bamboo and have only had the Admin role for a couple of weeks so please treat any help as being directed at novice level as I am still finding my feet in some areas.  I need to be aware of any downtime, affect on users etc for any upgrade also so that I can plan it is with minimum disruption

Thank you in advance,

Darren

 

 

Security   advisory for Bamboo

Hello Stephen,

We are writing to inform   you of a critical security vulnerability that exists in Bamboo from version 2.3.1 before   5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the   fixed version for 5.12.x).

Customers who have   upgraded Bamboo to version 5.11.4.1 or version 5.12.3.1 are not affected.

How do you fix it?

Atlassian Cloud   instances have already been upgraded to a fixed version of Bamboo.

Customers who have   downloaded and installed Bamboo, follow the instructions   provided in the detailed security advisory:

If you have questions or   concerns, please raise a support request.   One of our support engineers will be happy to help you.

Kind regards,
  Atlassian

1 answer

Hi Darren, you would need to upgrade your install/upgrade by downloading a complete new version.

As mentioned on the webpage : "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-07-20-831660461.html" Binary patches are no longer released.

So you would need to download the latest and upgrade (which is , normally wink , a quick and easy process)

Thanks Mark,

Do you know if there is any cost attached to an upgrade or is it free? 

If you have an active license it's free.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Monday in Jira Ops

Jira Ops Early Access Program Update #1: Announcing our next feature and a new integration

Thanks for signing up for Jira Ops! I’m Matt Ryall, leader for the Jira Ops product team at Atlassian. Since this is a brand new product, we’ll be delivering improvements quickly and sharing updates...

501 views 0 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you