Will SourceTree 1.x continue to receive security updates?

Scott R. Frost May 11, 2017

I received the security alert email about SourceTree.

I tried SourceTree 2.x and it's absolutely unusable in it's current state. The removal of the left side repository bar makes it a non-starter for me.  You can't tell which repos is currently select or which repos have available pulls etc.

Will SourceTree 1.x receive any updates to resolve the security issue? If so, is there an ETA?

I'd rather not continue using a product with a known / disclosed security issue in production, but since 2.x is unusable, I need to know if 1.x will be updated so I can plan accordingly.

1 answer

1 accepted

0 votes
Answer accepted
Scott R. Frost May 11, 2017

Just received this on my helpdesk ticket I put in:

___________________________________________________

Hello,

We will not be updating version 1.0 of SourceTree to address the security issue, however, as a workaround, you can download the latest version of Git at https://git-scm.com/downloads, and then switch to using System GIT in your preferences menu for SourceTree.

We do not test older versions of SourceTree against the latest versions of GIT, so we cannot guarantee that you will not run in to future issues.

Alternatively, you can uncheck the option "Use this version of SourceTree for UIR Association" in the Tools/Options/General Tab and remove the following registry key "HKEY_CURRENT_USER\SOFTWARE\Classes\sourcetree\shell\opencommand" - this disables the handling of the "sourcetree://" protocol.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events