Dear All,
We have bitbucket (self managed) version 5.5.1
Is this version impacted with the latest security vulnerability announced?
Hi,
all versions of Bitbucket Server (and Stash) before 5.16.10 are also affected by this problem. You can check the advisory at https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2019-09-18-976762635.html for full details.
Cheers,
Christian
Premier Support Engineer
Atlassian
Hello,
5.5.1 is affected by the vulnerability.
As there have been many releases of Bitbucket Server over the years, it wasn't going to make for a very readable page to list every version explicitly. In the interest of brevity the advisory's intention:
version < 5.16.10
was for all versions (including 5.5.1) with smaller version numbers than 5.16.10.
Luckily, the mitigation described in the advisory is easy to apply right now while you evaluate upgrading:
To install the hotfix:
This hotfix is a zero down time installation - No restart is required after installing the hotfix.
Login to Bitbucket with your administrator account
Go to Administration (cog wheel) and navigate to “Addons” → “Manage apps“
Select “Upload App” and provide the URL:
https://jira.atlassian.com/secure/attachment/376655/bitbucket-bserv-11896-hotfix-1.0.0.jar
Click “Upload” and wait for the hotfix to install.
If you are unable to upload the hotfix with the URL provided or Bitbucket is behind a firewall, you can download the hotfix plugin Jar from https://jira.atlassian.com/browse/BSERV-11947. You are then able to upload the Jar file using the same steps above.
After upgrading to a fixed version there’s no need to remove the hotfix manually; it will be uninstalled automatically as part of the upgrade process.
Cheers,
Daniel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.