You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
A vulnerability has been published today in regards to Sourcetree for Windows. The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a starting point for asking further questions on Community if you need.
Summary of affected versions:
Atlassian recommends all Sourcetree Windows clients using versions:
0.5a <= version <= 3.1.2
upgrade immediately to 3.1.3 which you can download from https://www.sourcetreeapp.com.
Note: Sourcetree for Mac versions are NOT affected by this vulnerability.
Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT environment.
There was a remote code execution vulnerability in SourceTree for Windows via the URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, the attacker gained remote code execution on the target system.
All versions of Sourcetree for Windows up to and including 3.1.2 are affected by this vulnerability. More details on this can be found in the KB Sourcetree Security Advisory 2019-06-05 and in the bug ticket SRCTREEWIN-11942.
Upgrade Sourcetree for Windows to version 3.1.3 or higher.
To make sure we can organize and reply to questions about this security advisory, this post is locked. We ask that you please create a new question using this link which will help us ensure that your question is not lost among other replies.
Community moderators have prevented the ability to post new comments.