Hi,
Our security team is aware of this issue and are currently investigating any potential impact to our products. As a per our security advisory publishing policy, if this issue has a critical severity impact with any of our products, we will send a security advisory alert.
Cheers,
Christian
Premier Support Engineer
Atlassian
Our security team has assessed this vulnerability and determined that Bitbucket Server is not vulnerable as it does not use the StringSubstitutor interpolator.
Products using an impacted versions of Apache Commons Text will be updated in accordance with our Data Center and Server Bug Fix Policy.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.