We are using Bitbucket in private cloud -
And recently received following vulnerability.
"/App/atlassian/bitbucket/jre/bin/java 1.8.0_172-b11 Enhanced#"
CVE ID - CVE-2021-2161, CVE-2021-2163
May you please advise how we can fix this? I will really appreciate any quick response on it.
Hi @Nitesh Kumar ,
If you want to fix only java vuln, you update the version of JRE.
via replacement in /App/atlassian/bitbucket/jre/ . (Please, don't forget to make a backup and use the java 8. )
Also, please, be aware you're using quite old version of Bitbucket, I do recommend you to upgrade.
Be aware that changing the version of Java under your Bitbucket is not recommended, as Atlassian only supports you running on the Java that was distributed with the version of Bitbucket you're on.
An upgrade will change the java version if the new Bitbucket version uses a later releases, so it's a good idea to go this way, and I completely agree with Gonchik's recommendation to upgrade Bitbucket
@Nic Brough _Adaptavist_ @Gonchik Tsymzhitov can you also please suggest if Bitbucket v5.11.1 supports OpenJDK also so that I can use that instead of Oracle Java, and OpenJDK will be updated itself during server patching itself whenever there a patch of that.
Current version in use is::
~]$ /App/atlassian/bitbucket/jre/bin/java -version
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)
Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events