Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Groups
Explore all groups
Community resources

Regarding the command injection issue.

Dual Wielder
Dual Wielder Jun 08, 2017

Greating,



I am new to sourcetree, I was checking it before installing it and I read about the command injection issue. I've also checked the question in this link: 


https://community.atlassian.com/t5/SourceTree-questions/More-info-on-the-Command-Injection-issue/qaq-p/585845





I would like to know if this: SourceTreeSetup-2.0.20.1

is the latest and has the issue solved?

Answer
Watch
Like Be the first to like this

2 answers

0 vote
Ana Retamal Ortiz
Ana Retamal Ortiz Atlassian Team Jun 09, 2017

Hi! Yes, SourceTree 2.0.20.1 is the latest one for Windows and it's not affected by the injection issue, it was fixed :)

Let us know if you need anything else!

Cheers,

Ana

Reply
0 vote
Dual Wielder
Dual Wielder Jun 09, 2017

Thanks for your reply, I am really glad to hear.



I have one last question though:

according to: https://www.cvedetails.com/vulnerability-list.php?vendor_id=3578



the version effected was 2.5c and prior, the one in SourceTree offical site is 2.0.20.1. This is confusing since 2.0 is prior to 2.5?





Thanks in advance,

View More Comments
Ana Retamal Ortiz
Ana Retamal Ortiz Atlassian Team Jun 09, 2017

Hi! For official information regarding the vulnerability, my recommendation is that you check our official source. You can find it at SourceTree Security Advisory.

Note that the site you linked is not even differentiating between Mac and Windows versions. Whilst this is not mentioned in that website, they're probably referring to the Mac version of SourceTree (which is currently 2.5.2).

Hope this clears your concerns :)

Ana

Dual Wielder
Dual Wielder Jun 10, 2017

Yes, Thank you very much! =)

Reply

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Brian Ganninger
Brian Ganninger
Published May 30, 2018 in Sourcetree

Tip from the team: configuring Git or Mercurial in Sourcetree

Supported Platforms macOS Windows To make using Sourcetree as simple yet powerful as possible we embed (bundle) dependencies such as Git, Git LFS, and Mercurial. We strive to keep these...

545 views 1 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you