6.5.2

Repository Administrator Sandbox Escape Vulnerability

  • SRBITB-854 - A security vulnerability for escaping the repository administrator code sandbox has been fixed.

The vulnerability allowed a malicious repository administrator to run arbitrary code inside the instance.

This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.2 (for Bitbucket Server 5.13+) and 6.9.2 (for Bitbucket Server 6+); it is recommended all customers upgrade to 6.5.2+ where possible.

6.5.1

Remote Code Execution Vulnerability

  • SRBITB-816 - A security vulnerabilty for Remote Code Execution has been fixed.

The vulnerability allowed a malicious authenticated user to run arbitrary code inside the instance without administrative permissions.

This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.1 / 6.5.1-p5; it is recommended all customers upgrade to 6.5.1+ where possible.

6.5.0

Bug Fixes

  • SRPLAT-1213 - Test on Borrow should be the default for LDAP connections.