-
Bug
-
Resolution: Fixed
-
High
-
6.0.0
-
None
-
3
-
Severity 2 - Major
-
4
-
Issue Summary
Specific data streams can cause Bitbucket nodes to become unresponsive.
The following can be found in the logs:
WARN [hz.hazelcast.IO.thread-Acceptor] c.h.nio.tcp.SocketAcceptorThread [<ip>]:5701 [<cluster name>] [3.7.4-atlassian-43] java.io.UTFDataFormatException: Rejecting request to read 16908289 UTF characters
Leading to this:
2019-02-21 02:22:53,698 WARN [hz.hazelcast.cached.thread-5] com.hazelcast.nio.tcp.TcpIpAcceptor [<ip>]:5701 [<cluster name>] [3.11.1] com.atlassian.stash.internal.cluster.NodeConnectionException: Cannot verify whether the nodes connect to the same database and shared home
Workaround
Block any traffic that is not from another Bitbucket node on port 5701 (i.e. set up a firewall).
- relates to
-
SECURITY-1121 Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[BSERV-11598] Sending a specific stream of data on the Hazelcast 5701 port can lead to Bitbucket being unavailable
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Labels | Original: breaches-security-sla cvss-medium security | New: breaches-security-sla cvss-medium security security-misconfiguration |
| Fix Version/s | New: 6.2.1 [ 86693 ] | |
| Fix Version/s | New: 6.1.4 [ 86692 ] | |
| Fix Version/s | New: 6.0.5 [ 86691 ] | |
| Fix Version/s | New: 6.3.0 [ 86291 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 430120 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 429002 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 429002 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 422156 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Review [ 10051 ] | New: Closed [ 6 ] |
| Fix Version/s | New: 5.16.4 [ 86015 ] |
| Support reference count | Original: 2 | New: 3 |