Atlassian Bamboo version 5.9.10 build 5921 RE: security alert - how do I fix?

Darren Trusler July 21, 2016

We (well management did and passed it on to me) have received an email (pasted below) stating that there is a security issue that is critical but the security advisory does not appear to deal with the version we are running (above).  So it looks like we have a downloaded install given that it doesn't seem to have upgraded automatically but I don't see how to upgrade or implement Whitelist as advised as our version doesn't appear to have that option.

I have never overseen an install or upgrade for Bamboo and have only had the Admin role for a couple of weeks so please treat any help as being directed at novice level as I am still finding my feet in some areas.  I need to be aware of any downtime, affect on users etc for any upgrade also so that I can plan it is with minimum disruption

Thank you in advance,

Darren

 

 

Security   advisory for Bamboo

Hello Stephen,

We are writing to inform   you of a critical security vulnerability that exists in Bamboo from version 2.3.1 before   5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the   fixed version for 5.12.x).

Customers who have   upgraded Bamboo to version 5.11.4.1 or version 5.12.3.1 are not affected.

How do you fix it?

Atlassian Cloud   instances have already been upgraded to a fixed version of Bamboo.

Customers who have   downloaded and installed Bamboo, follow the instructions   provided in the detailed security advisory:

If you have questions or   concerns, please raise a support request.   One of our support engineers will be happy to help you.

Kind regards,
  Atlassian

1 answer

0 votes
Mark de Bont
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 21, 2016

Hi Darren, you would need to upgrade your install/upgrade by downloading a complete new version.

As mentioned on the webpage : "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-07-20-831660461.html" Binary patches are no longer released.

So you would need to download the latest and upgrade (which is , normally wink , a quick and easy process)

Darren Trusler July 21, 2016

Thanks Mark,

Do you know if there is any cost attached to an upgrade or is it free? 

Mark de Bont
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 21, 2016

If you have an active license it's free.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events