We have reviewed the issues described in the Git vulnerabilities CVE‑2016‑2315 & CVE-2016-2324 and released updates to affected products to fix the vulnerabilities.
The following products were affected
- Sourcetree for Windows. Update to version 1.8.3 or later for a fix. You can find the latest version at https://www.sourcetreeapp.com/download/.
- Sourcetree for Mac. Update to version 2.2.4 or later for a fix. You can find the latest version at https://www.sourcetreeapp.com/.
- Bitbucket Server Docker images. Upgrade your Docker image as per the instructions found at https://hub.docker.com/r/atlassian/bitbucket-server/.
The following products are affected if the version of Git, on your operating system, has not been updated to 2.4.11, 2.5.5, 2.6.6, 2.7.4 or a later version.
- Bamboo
- Bitbucket Server
- Crucible
- Fisheye
Please check that the operating system you use has been updated to a fixed version of Git.
Atlassian Cloud and Bitbucket Cloud have been updated to use a fixed version of Git.
If you have any questions, please contact Atlassian Support.
