Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Regarding the command injection issue.

Dual Wielder
Dual Wielder June 8, 2017

Greating,



I am new to sourcetree, I was checking it before installing it and I read about the command injection issue. I've also checked the question in this link: 


https://community.atlassian.com/t5/SourceTree-questions/More-info-on-the-Command-Injection-issue/qaq-p/585845





I would like to know if this: SourceTreeSetup-2.0.20.1

is the latest and has the issue solved?

Answer
Watch
Like Be the first to like this
510 views

2 answers

0 votes
Dual Wielder
Dual Wielder June 9, 2017

Thanks for your reply, I am really glad to hear.



I have one last question though:

according to: https://www.cvedetails.com/vulnerability-list.php?vendor_id=3578



the version effected was 2.5c and prior, the one in SourceTree offical site is 2.0.20.1. This is confusing since 2.0 is prior to 2.5?





Thanks in advance,

View More Comments
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 9, 2017

Hi! For official information regarding the vulnerability, my recommendation is that you check our official source. You can find it at SourceTree Security Advisory.

Note that the site you linked is not even differentiating between Mac and Windows versions. Whilst this is not mentioned in that website, they're probably referring to the Mac version of SourceTree (which is currently 2.5.2).

Hope this clears your concerns :)

Ana

Like
Dual Wielder
Dual Wielder June 10, 2017

Yes, Thank you very much! =)

Like
Reply
0 votes
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 9, 2017

Hi! Yes, SourceTree 2.0.20.1 is the latest one for Windows and it's not affected by the injection issue, it was fixed :)

Let us know if you need anything else!

Cheers,

Ana

Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security