Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Fix SourceTree security vulnerability for Mac OS X Mavericks

pmrowe
pmrowe May 10, 2017

In response to a security alert for SourceTree: I cannot upgrade SourceTree to 2.5.1 because I am using Mac OS X Mavericks.  Is there a patch I can use to fix this security issue?

Answer
Watch
Like # people like this
1848 views

6 answers

7 votes
Darren Overby
Darren Overby May 10, 2017

I agree with Dan.  Updating to 10.11 is a lot for Atlassian to ask of users for a security fix that should have been there in the first place. In my experience, an OS upgrade is a decision not to be taken lightly because it is frequently a 1-2 day chunk of work to then deal with all the underlying incompatibilities from 3 party software.  In some cases, entirely new workflows need to be developed because the 3rd party software was custom or doesn't support the new OS version.  

The problem is worse for enterprise with many clients.  Even worse for small businesses without and IT department.  

Reply
2 votes
michaelx
michaelx May 10, 2017

Second that. One of my dev machines needs to be kept on Mac OS X Mavericks. Latest SourceTree for that is 2.1, would appreciate a patch to fix the critical vulnerability.

Reply
1 vote
pmrowe
pmrowe June 1, 2017

Arg!  Atlassian - did you not make huge profits last year? Please oh please could you just make a little patch for this?

I'm in the same boat as many of the posters here.  It is not trivial to upgrade my operating system. There's a huge overhead of time to reinstall 3rd party software and then a risk things may not work again. 

Edit: And now 3 colleagues are in the same boat. Anyway, I deleted SourceTree.  Bye SourceTree!  I will miss you!  Not sure I'll go back, since this EXACT SAME THING could happen again ... and again ...

Unless of course Atlassian would fix this issue???

Reply
0 votes
Dan Lipofsky
Dan Lipofsky May 11, 2017

Those of you who are having problems on 10.11.x might want to start a new thread for that, I don't think you can expect Atlassian to respond in this one.

Reply
0 votes
Dan Lipofsky
Dan Lipofsky May 10, 2017

Check for updates tells me "SourceTree 2.4.1 is currently the newest version available." Come on on guys, you can't get your auto-update tool to provide the latest version to fix a critical security issue?

View More Comments
Gary
Gary
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 10, 2017

Hi Dan,

Which version of OSX are you using?  2.5.1 only supports OSX 10.11, or later.

Cheers,

Gary

Like
Dan Lipofsky
Dan Lipofsky May 10, 2017

OSX 10.10, which I will point out is is not end of life, and Apple is still releasing security updates for it, and is less than 3 years old. It seems that something you describe as a critical security issue would warrant a release.

Like
marmor007
marmor007 May 11, 2017

Hi Gary, I'm on OSX 10.11.3 and also get the "SourceTree 2.4.1 is currently the newest version available".

Like
Reply
0 votes
Gary
Gary
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 10, 2017

Hi Penny,

Unfortunately, the only way is to upgrade to the latest version of SourceTree. The latest versions only support OSX 10.11 or later.

Without upgrading, you run the risk of actively keeping your system open to this issue.

Cheers,
Gary

 

View More Comments
Dan Lipofsky
Dan Lipofsky May 10, 2017

Seriously!?! You've got a critical security issue and you are not going to do a release for older OSX? I guess you don't take security very seriously. Not everyone can just upgrade their OS on a whim, especially in a corporate environment. OSX 10.10 is not end of life, and Apple is still releasing security updates for it. It's less than 3 years old.

Like
yoknapatawpha
yoknapatawpha May 11, 2017

Gary, it is a ridiculously entitled expectation to assume that all your users on older OSX versions will perform a major OS upgrade to close a security hole in your utility application.

My solution is far easier: delete SourceTree off my drive entirely, and label Atlassian as incompetent when it comes to handling security issues, bug fixes, application updates, and user experience consideration. Disgraceful.

Like
ptabak
ptabak May 11, 2017

Ditto. Running 10.10 and am not in a position to upgrade. I love SourceTree, but if Atlassian refuses to release a patch for older versions, I will have to move to an alternative app or perhaps even the command line.

Like
Giacomo Dossena
Giacomo Dossena May 12, 2017

Same here, running 10.10 and not going to upgrade OS for a bug in SourceTree. I've just uninstalled SourceTree and am going to delete my account on Atlassian in 3... 2... 1.

https://id.atlassian.com/manage/close-account

Goodbye.

Edit: it seems that it is not possible to completely delete one's account from SourceTree. Specifically, I could not delete my free license: I could only change the billing contact, but the license is still there. This is beyond my comprehension.

Like
am_eichhorn
am_eichhorn May 12, 2017

Ditto. Running osx 10.10 ... and there is still software that I need in 10.10

A Patch for sourcetree 2.4.1 would be great....

Like
Kassandra
Kassandra May 12, 2017

I'm also on OSX 10.10 and very dissapointed that I can not download the update for a critcal security issue.

Are there any plans on releasing the security patch for users on OSX 10.10?

Please correct me if I'm wrong, but I have not seen any statements about SourceTree officially dropping support for OSX 10.10.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
TAGS
AUG Leaders

Atlassian Community Events

    See all events