Fix SourceTree security vulnerability for Mac OS X Mavericks

In response to a security alert for SourceTree: I cannot upgrade SourceTree to 2.5.1 because I am using Mac OS X Mavericks.  Is there a patch I can use to fix this security issue?

6 answers

I agree with Dan.  Updating to 10.11 is a lot for Atlassian to ask of users for a security fix that should have been there in the first place. In my experience, an OS upgrade is a decision not to be taken lightly because it is frequently a 1-2 day chunk of work to then deal with all the underlying incompatibilities from 3 party software.  In some cases, entirely new workflows need to be developed because the 3rd party software was custom or doesn't support the new OS version.  

The problem is worse for enterprise with many clients.  Even worse for small businesses without and IT department.  

Second that. One of my dev machines needs to be kept on Mac OS X Mavericks. Latest SourceTree for that is 2.1, would appreciate a patch to fix the critical vulnerability.

Arg!  Atlassian - did you not make huge profits last year? Please oh please could you just make a little patch for this?

I'm in the same boat as many of the posters here.  It is not trivial to upgrade my operating system. There's a huge overhead of time to reinstall 3rd party software and then a risk things may not work again. 

Edit: And now 3 colleagues are in the same boat. Anyway, I deleted SourceTree.  Bye SourceTree!  I will miss you!  Not sure I'll go back, since this EXACT SAME THING could happen again ... and again ...

Unless of course Atlassian would fix this issue???

0 votes
Gary Sackett Atlassian Team May 10, 2017

Hi Penny,

Unfortunately, the only way is to upgrade to the latest version of SourceTree. The latest versions only support OSX 10.11 or later.

Without upgrading, you run the risk of actively keeping your system open to this issue.



Seriously!?! You've got a critical security issue and you are not going to do a release for older OSX? I guess you don't take security very seriously. Not everyone can just upgrade their OS on a whim, especially in a corporate environment. OSX 10.10 is not end of life, and Apple is still releasing security updates for it. It's less than 3 years old.

Gary, it is a ridiculously entitled expectation to assume that all your users on older OSX versions will perform a major OS upgrade to close a security hole in your utility application.

My solution is far easier: delete SourceTree off my drive entirely, and label Atlassian as incompetent when it comes to handling security issues, bug fixes, application updates, and user experience consideration. Disgraceful.

Ditto. Running 10.10 and am not in a position to upgrade. I love SourceTree, but if Atlassian refuses to release a patch for older versions, I will have to move to an alternative app or perhaps even the command line.

Same here, running 10.10 and not going to upgrade OS for a bug in SourceTree. I've just uninstalled SourceTree and am going to delete my account on Atlassian in 3... 2... 1.


Edit: it seems that it is not possible to completely delete one's account from SourceTree. Specifically, I could not delete my free license: I could only change the billing contact, but the license is still there. This is beyond my comprehension.

Ditto. Running osx 10.10 ... and there is still software that I need in 10.10

A Patch for sourcetree 2.4.1 would be great....

I'm also on OSX 10.10 and very dissapointed that I can not download the update for a critcal security issue.

Are there any plans on releasing the security patch for users on OSX 10.10?

Please correct me if I'm wrong, but I have not seen any statements about SourceTree officially dropping support for OSX 10.10.

Check for updates tells me "SourceTree 2.4.1 is currently the newest version available." Come on on guys, you can't get your auto-update tool to provide the latest version to fix a critical security issue?

Gary Sackett Atlassian Team May 10, 2017

Hi Dan,

Which version of OSX are you using?  2.5.1 only supports OSX 10.11, or later.



OSX 10.10, which I will point out is is not end of life, and Apple is still releasing security updates for it, and is less than 3 years old. It seems that something you describe as a critical security issue would warrant a release.

Hi Gary, I'm on OSX 10.11.3 and also get the "SourceTree 2.4.1 is currently the newest version available".

Those of you who are having problems on 10.11.x might want to start a new thread for that, I don't think you can expect Atlassian to respond in this one.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Oct 23, 2018 in Sourcetree

Tip from the team: configure your repos for hosting goodness!

Supported Platforms macOS Windows We recently introduced support for additional hosting services such as GitHub Enterprise, GitLab (Cloud, Community Edition, Enterprise Edition), and...

1,230 views 4 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you