Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bamboo Data center v9.6.0 does not have option to 'Upload App'

Gouri
Gouri
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 28, 2024

We have set up Bamboo 9.6.0 in our environment and when we navigate to Manage Apps, 'Upload App' Option is not present.

The problem is we need this option to test our plugins compatibility with new bamboo server version which we can not install through 'find new apps'

upload-app-option-not-present.png

 

I read for confluence this option neebamboo-server-version.png

Answer
Watch
Like Be the first to like this
348 views

2 answers

1 vote
Shashank Kumar
Shashank Kumar
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 28, 2024

Hello Gouri,

 

Welcome to Atlassian community. 

 

Starting from Bamboo 9.5, the option to install new apps using the Upload app button on the Manage apps page or with the REST API is disabled by default. This change was made to prevent the inadvertent upload of potentially harmful files to your Bamboo instance.

To enable app installation with the Upload app button, you will have to set a specific system property as detailed in the release page in Bamboo 9.5 release notes - Installing apps with the Universal Plugin Manager, i.e, add the property to JVM_SUPPORT_RECOMMENDED_ARGS;

-Dupm.plugin.upload.enabled=true

The file to add the property is located in "<Bamboo-install>/bin/setenv.sh". You can find more information on configuring system properties in this link, you can refer the attached link to get details if you are using Windows environment.

 

Regards,

Shashank kumar

**please don't forget to Accept the answer if your query was answered**

Reply
0 votes
Matt Simmons
Matt Simmons
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 1, 2024

For the record, this is a totally ridiculous solution. If there's a security problem in the feature that people use, the answer should not be to disable the otherwise necessary feature until someone needs it, then require them to re-enable the still-broken feature. 

Fix the problem instead. Is there a ticket tracking the remediation of the underlying security problem in the upload tool? 

View More Comments
Shashank Kumar
Shashank Kumar
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 2, 2024

Hello Matt,

The idea was to prevent unwanted uploads of potentially malicious files to your Bamboo instance, with the Upload apps option anyone can upload any files on your Bamboo Instance.

Currently there is no ticket raised for any further work on this, customers are requested to follow the workaround.

Regards,

Shashank Kumar

Like
Matt Simmons
Matt Simmons
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 2, 2024

So with the Upload Apps option enabled, any user, admin or otherwise, can upload malicious files to the instance?

Like
Shashank Kumar
Shashank Kumar
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 2, 2024

Hello Matt,

The Upload Apps option is visible only for Bamboo Admins and not for others this reduces the risks for anyone accessing this functionality.

This Functionality allows you to upload files of type .jar or .obr, while uploading Bamboo does not check what is inside the jar as it is custom applications developed outside of Bamboo.

image.png

Regards,

Shashank Kumar

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events