Details
-
Bug
-
Resolution: Fixed
-
High
-
6.0.0
-
None
-
Severity 3 - Minor
-
Description
Issue Summary
Bitbucket Server's DMZ API (introduced in 6.0.0) is for internal use only and was not intended to be available to third party apps. Ability to OSGi import com.atlassian.bitbucket.dmz needs to be prevented just like other internal API.
Steps to Reproduce
In a P2 plugin import and use something from the com.atlassian.bitbucket.dmz namespace, such as the DmzStorageService.
Expected Results
The DmzStorageService should not be accessible, its functionality is even documented in the API changelog as being unavailable:
Removal of direct access to repositories on disk
In Bitbucket Server 5.10 direct access to the Bitbucket managed repositories on disk for plugins was deprecated. In 6.0 the deprecated API that permitted this has been removed. For further information please refer to the changelog entry for 5.10.
Actual Results
Plugin can use the DmzStorageService and other internal classes in the com.atlassian.bitbucket.dmz namespace.
Workaround
Plugins can be updated to not utilise com.atlassian.bitbucket.dmz
Attachments
Issue Links
- is related to
-
BSERV-11954 Addon install cannot resolve "com.atlassian.bitbucket.dmz.permission" on Bitbucket 6.6.1
- Closed
- relates to
-
BBSDEV-18105 Loading...