Is there a roadmap for when the SourceTree security update will be available for MacOSX Yosemite?
Also, is there some guidance as to mitigating the chance of the sourcetree:// injection attack in the interim? I'd like to continue using SourceTree until you get it updated for Yosemite, but I'm not keen on having my system pwned.
Hi Kurt, the new version of SourceTree requires that you're on OSX 10.11 or later. We support two versions of MacOS and don't support older versions of SourceTree. For more information you can see the response from Rahul at SRCTREE-4738.
In response to your second question, we don't have any official workaround. One of our users provided one (in the previous link too) but it comprises app security signature in exchange, which is just trading one risk for another.
As many people have pointed out in the other threads (with no response from Atlassian), asking people to upgrade their OS is not a reasonable response to a critical security flaw in your product. It's a major undertaking in time and effort, it has the potential to break other products that are being used, and may not even be possible based on hardware or corporate policy.
Yosemite (OSX 10.10) is not end of life, and Apple is still releasing security updates for it. It's less than 3 years old. It's really just feels like Atlassian does not give a sh*t about security.
Supported Platforms macOS Windows To make using Sourcetree as simple yet powerful as possible we embed (bundle) dependencies such as Git, Git LFS, and Mercurial. We strive to keep these...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs