- Released 01 May 2018.
This update fixes a critical security vulnerability in ScriptRunner for Bitbucket discovered during an internal review. We strongly recommend all customers apply this update at their earliest opportunity. Further details will be released in the coming weeks as part of Adaptavist’s responsible disclosure approach.
All versions of ScriptRunner for Bitbucket from 3.0.17 are affected. Below are instructions on which version we recommend you upgrade to:
If you have Bitbucket 5.0 or above, upgrade to 5.3.31
If you have Bitbucket 4.1 to 4.14.12, inclusive upgrade to 5.3.30
If you have Bitbucket 4.0 to 4.0.6, upgrade to 5.3.29
If you have Stash 3.7 to 3.11.6 inclusive, upgrade to 5.3.28
- Released 24 April 2018.
This just contains a single fix to deletion of repository level items.
If you installed 5.3.15 or 5.3.14 we recommend upgrading to this version as soon as possible.
- [SRBITB-316] - Some admin level items can be deleted if some repo level ones are deleted
In case you missed it, here is what was released in 5.3.15:
- Released 24 April 2018.
Conditional Merge Check
We’ve made it even easier for you to write your own custom merge check based on a condition, allowing you to customize your pull request workflow.
See the documentation for an example of blocking a pull request from being merged if one of the reviewers marks the pull request as needing more work.
Security Vulnerability Fix
We’ve fixed a security vulnerability that existed for repository and project admins when using ScriptRunner. We recommend you upgrade to this version as soon as possible.
- [SRBITB-216] - Merge check to block a merge based on a condition
- [SRBITB-297] - Size limit hook doesn't reject pushes where an oversized file was added then deleted
- [SRBITB-298] - Require Jira issue key should allow a custom issue key regex
- [SRBITB-305] - All events are handled asynchronously
- [SRBITB-314] - Fix repo and project level security vulnerability
- Released 06 March 2018.
Project Level Admin Scripts
Project Level Admin allows administrators to run a subset of ScriptRunner’s administrative scripts for their projects. This gives administrators the power to perform common housekeeping tasks that only instance wide administrators would be able to do so.
These housekeeping scripts include:
Repository size report for all repositories in a project
Clone a repository in projects they have admin access to
To get started go to
Project Settings → ScriptRunner → Built-in Scripts in Bitbucket Server.
- [SRBITB-261] - Support abstract/interface event classes
- [SRBITB-265] - Restrict file size hook consumes large amount of heap space when excluding large LFS files
- [SRBITB-270] - Event Handlers have duplicate runs when multiple events of the same type are published and handled asynchronously
- [SRBITB-271] - Send mail post-receive hook cause STC error when using bindings
- [SRBITB-272] - Custom Web Item - Static Type checker won't return result
- [SRBITB-273] - Git LFS check fails when pushing changes from Git submodules
- [SRBITB-274] - Syntax error when pasting sample scripts from documentation
- [SRBITB-290] - Configure mirrored repos table does not refresh after repo has been removed
- [SRBITB-292] - Clicking run in some built-in scripts makes fields disappear
- [SRBITB-293] - Repository actions custom web item doesn't trigger flag or dialog
- [SRBITB-295] - Upgrading above 5.0.13 causes upgrade to hang in the UPM when using some databases
- [SRBITB-256] - Project Level Admin for Bitbucket
- [SRBITB-34] - Alter the Repository size report and give an option to run this as a project admin
- [SRBITB-257] - Create Clone Repository administrative script for all Project admins of Bitbucket