We are running Bamboo 5.9.9 on Linux, with remote agents running on both Linux and Windows. The recent security advisory CVE-2018-5224 says the vulnerability only affects those "using Bamboo Server on Windows" for the affected versions. This sounds like the remote agent on Windows should be un-affected, since Bamboo Server proper is running on Linux. Can anyone confirm? Thanks
My understanding is that this indeed only affects the server side of Bamboo, however the point is also kind of moot because remote agents will update automatically to match the version of the Bamboo server upon startup.
Premier Support Engineer