Atlassian, trust, and the Cloud Security Alliance
Atlassian Trust Center We have launched our new Trust @ Atlassian site to make it easier to find the information you need to trust Atlassian products and cloud services. We have Security at the heart of that trust relationship but also know that Quality, Availability, Privacy and Compliance are important. We have detailed information about our Security program, including […]
Git – CVE‑2016‑2315 and CVE-2016-2324 Advisory
We have reviewed the issues described in the Git vulnerabilities CVE‑2016‑2315 & CVE-2016-2324 and released updates to affected products to fix the vulnerabilities. The following products were affected Sourcetree for Windows. Update to version 1.8.3 or later for a fix. You can find the latest version at https://www.sourcetreeapp.com/download/. Sourcetree for Mac. Update to version 2.2.4 or later for a fix. You can […]
CVE-2015-7547 Advisory
We have reviewed the issues described in Google’s CVE-2015-7547 Advisory from February 17 and found that a very small part of our environment was affected. Within the Atlassian Cloud (including Hipchat and Bitbucket) the small number of Atlassian systems affected have been upgraded to remove the vulnerability. For those using Hipchat Server on their systems we have released an update and […]
SSL and POODLE
Another day, another SSL vulnerability. Following the announcement of the POODLE vulnerability, we have removed SSL V3 support from all of our Cloud platforms. Our testing shows this should not affect any of our users, and we encourage everyone to use up to date browsers and clients. If you find a problem, please contact us at support.atlassian.com.
Bash Vulnerability and Atlassian
Following the disclosure of CVE-2014-6271, we have updated Bitbucket to address this possible issue by ensuring bash is not used. All other Atlassian products and services, including Stash, have been tested and are not affected. No Atlassian Server products are affected by this bug.
Encryption and Atlassian
Our values push us to keep improving in providing great solutions and helping every team. We support the SSL practices defined by the EFF in their Encrypt the Web report and we’re excited to update you on our progress. All Atlassian Cloud platforms now have: Encryption of Data links between centres. HTTPS enforced HTTPS Strict Transport […]
OpenSSL and Atlassian
Since the announcement of the Heartbleed bug, our teams have been assessing the impact to our products and infrastructure and deploying fixes as needed. We’ve confirmed that this is not an issue within our products but is an infrastructure issue. We have reissued the SSL certificates across all our hosted infrastructure. This bug has been […]