Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

critical security vulnerability that exists in Bitbucket Server

Dear All,

We have bitbucket (self managed)  version 5.5.1

Is this version impacted with the latest security vulnerability announced?

1 answer

1 accepted

0 votes
Answer accepted

Hi,

all versions of Bitbucket Server (and Stash) before 5.16.10 are also affected by this problem. You can check the advisory at https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2019-09-18-976762635.html for full details.

 

Cheers,

Christian

Premier Support Engineer

Atlassian

Hi Christian,

Our version is 5.5.1.

I can't find in the advisory list. does this mean it is not affected?

Daniel Eads Atlassian Team Sep 19, 2019

Hello,

5.5.1 is affected by the vulnerability.

As there have been many releases of Bitbucket Server over the years, it wasn't going to make for a very readable page to list every version explicitly. In the interest of brevity the advisory's intention:

version < 5.16.10

was for all versions (including 5.5.1) with smaller version numbers than 5.16.10.

Luckily, the mitigation described in the advisory is easy to apply right now while you evaluate upgrading:

To install the hotfix:

This hotfix is a zero down time installation - No restart is required after installing the hotfix.

  1. Login to Bitbucket with your administrator account

  2. Go to Administration (cog wheel) and navigate to “Addons” → “Manage apps“

  3. Select “Upload App” and provide the URL

    https://jira.atlassian.com/secure/attachment/376655/bitbucket-bserv-11896-hotfix-1.0.0.jar

  4. Click “Upload” and wait for the hotfix to install.

If you are unable to upload the hotfix with the URL provided or Bitbucket is behind a firewall, you can download the hotfix plugin Jar from https://jira.atlassian.com/browse/BSERV-11947. You are then able to upload the Jar file using the same steps above.

After upgrading to a fixed version there’s no need to remove the hotfix manually; it will be uninstalled automatically as part of the upgrade process.

Cheers,
Daniel

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,922 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you