all versions of Bitbucket Server (and Stash) before 5.16.10 are also affected by this problem. You can check the advisory at https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2019-09-18-976762635.html for full details.
Premier Support Engineer
5.5.1 is affected by the vulnerability.
As there have been many releases of Bitbucket Server over the years, it wasn't going to make for a very readable page to list every version explicitly. In the interest of brevity the advisory's intention:
version < 5.16.10
was for all versions (including 5.5.1) with smaller version numbers than 5.16.10.
Luckily, the mitigation described in the advisory is easy to apply right now while you evaluate upgrading:
To install the hotfix:
This hotfix is a zero down time installation - No restart is required after installing the hotfix.
Login to Bitbucket with your administrator account
Go to Administration (cog wheel) and navigate to “Addons” → “Manage apps“
Select “Upload App” and provide the URL:
Click “Upload” and wait for the hotfix to install.
If you are unable to upload the hotfix with the URL provided or Bitbucket is behind a firewall, you can download the hotfix plugin Jar from https://jira.atlassian.com/browse/BSERV-11947. You are then able to upload the Jar file using the same steps above.
After upgrading to a fixed version there’s no need to remove the hotfix manually; it will be uninstalled automatically as part of the upgrade process.
Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster ! While we’re all excited about the new improvements to Bitbucket ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events