6.9.x

6.9.2

Repository Administrator Sandbox Escape Vulnerability

SRBITB-854 - A security vulnerability for escaping the repository administrator code sandbox has been fixed.

The vulnerability allowed a malicious repository administrator to run arbitrary code inside the instance.

This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.2 (for Bitbucket Server 5.13+) and 6.9.2 (for Bitbucket Server 6+); it is recommended all customers upgrade to 6.5.2+ where possible.

Bug Fixes

  • SRBITB-853 - Calls to mergeRequest#veto in merge check conditions were ignored.

6.9.0

Bug Fixes

  • SRBITB-836 - The compilation of the Clone Repository Configuration built-in script significantly slowed downloading scripts.

On this page