Hey there,
We published a security advisory just a few minutes ago which applies to your current Bitbucket Server version (6.7.1). As these vulnerabilities are listed as critical, the related issues on jira.atlasian.com were set to private until we publicly announced the advisory. Sorry for the confusion briefly while these issues made it into the release notes but you weren't able to access the details.
The public advisory is available here: https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2020-01-15-985498238.html
Emails have been sent to technical contacts for accounts with Bitbucket licenses. If you didn't get an email yet but feel like you should have, you can check your communication preferences at my.atlassian.com/email, then look at the "Tech Alerts" section to see which products you're subscribed to alerts for.
Given that only 1 of the 3 vulnerabilities in the advisory has a workaround, I would suggest upgrading to 6.7.3 anyway.
Cheers,
Daniel | Atlassian Support
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.