Atlassian, trust, and the Cloud Security Alliance

Atlassian Trust Center We have launched our new Trust @ Atlassian site to make it easier to find the information you need to trust Atlassian products and cloud services.  We have Security at the heart of that trust relationship but also know that Quality, Availability, Privacy and Compliance are important.  We have detailed information about our Security program, including […]

Git – CVE‑2016‑2315 and CVE-2016-2324 Advisory

We have reviewed the issues described in the Git vulnerabilities CVE‑2016‑2315 & CVE-2016-2324 and released updates to affected products to fix the vulnerabilities. The following products were affected Sourcetree for Windows. Update to version 1.8.3 or later for a fix. You can find the latest version at https://www.sourcetreeapp.com/download/. Sourcetree for Mac. Update to version 2.2.4 or later for a fix. You can […]

CVE-2015-7547 Advisory

We have reviewed the issues described in Google’s CVE-2015-7547 Advisory from February 17 and found that a very small part of our environment was affected. Within the Atlassian Cloud (including Hipchat and Bitbucket) the small number of Atlassian systems affected have been upgraded to remove the vulnerability. For those using Hipchat Server on their systems we have released an update and […]

SSL and POODLE

Another day, another SSL vulnerability. Following the announcement of the POODLE vulnerability, we have removed SSL V3 support from all of our Cloud platforms.  Our testing shows this should not affect any of our users, and we encourage everyone to use up to date browsers and clients. If you find a problem, please contact us at support.atlassian.com.

Bash Vulnerability and Atlassian

Following the disclosure of CVE-2014-6271, we have updated Bitbucket to address this possible issue by ensuring bash is not used. All other Atlassian products and services, including Stash, have been tested and are not affected. No Atlassian Server products are affected by this bug.