Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,293,928
Community Members
 
Community Events
165
Community Groups

Java Vulnerability "/App/atlassian/bitbucket/jre/bin/java 1.8.0_172-b11 Enhanced#"

Hi All,

We are using Bitbucket in private cloud - 

  • Atlassian Bitbucket v5.11.1

And recently received following vulnerability.

"/App/atlassian/bitbucket/jre/bin/java 1.8.0_172-b11 Enhanced#"

CVE ID - CVE-2021-2161, CVE-2021-2163

May you please advise how we can fix this? I will really appreciate any quick response on it.

 

Warm Regards,

Nitesh

1 answer

1 accepted

1 vote
Answer accepted

Hi @Nitesh Kumar ,

 

If you want to fix only java vuln, you update the version of JRE. 

via replacement in /App/atlassian/bitbucket/jre/ . (Please, don't forget to make a backup and use the java 8. )

Also, please, be aware you're using quite old version of Bitbucket, I do recommend you to upgrade. 

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-5-11-release-notes-950274914.html

Be aware that changing the version of Java under your Bitbucket is not recommended, as Atlassian only supports you running on the Java that was distributed with the version of Bitbucket you're on.

An upgrade will change the java version if the new Bitbucket version uses a later releases, so it's a good idea to go this way, and I completely agree with Gonchik's recommendation to upgrade Bitbucket

@Nic Brough _Adaptavist_ @Gonchik Tsymzhitov  thank you both for your quick response and advise.

@Nic Brough _Adaptavist_ @Gonchik Tsymzhitov  can you also please suggest if Bitbucket v5.11.1 supports OpenJDK also so that I can use that instead of Oracle Java, and OpenJDK will be updated itself during server patching itself whenever there a patch of that.

Current version in use is::

~]$ /App/atlassian/bitbucket/jre/bin/java -version
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)

See https://confluence.atlassian.com/bitbucketserver0511/install-or-upgrade-bitbucket-server/supported-platforms - it covers that (and a load of other follow up questions you may have)

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,130 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you