Hi there, I'm running SourceTree v220.127.116.11 on Windows. I am using embedded Git v1.8.3 which appears to be dated 20130601. The security folks at work are concerned that the version of bash included in this software might be vulnerable to shellshock ... anyone know how I should respond to them? THanks!
Disclaimer: I'm not a security expert.
I would assume the bash version does have the vulnerability, until @Steve Streeting or someone at Atlassian can say differently.
However, unless you provide remote access to this bash installation, I'm not sure how it would be taken advantage of. If a malicious third party gains enough access to your computer to execute commands with SourceTree's bash, you're already screwed.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
Supported Platforms macOS Windows To make using Sourcetree as simple yet powerful as possible we embed (bundle) dependencies such as Git, Git LFS, and Mercurial. We strive to keep these...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs