Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Fix Version/s: 6.10.3, 7.2.0, 7.0.2, 7.1.1
Component/s: Environment - Other
Labels:
None

Fixed in Long Term Support Release/s:

Download 6.10
Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

For Bitbucket Server 6.10 this upgrade is from 9.0.27 to 9.0.33 and includes the following fixes from 9.0.31:

CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
CVE-2020-1935 HTTP Request Smuggling
CVE-2019-17569 HTTP Request Smuggling

For Bitbucket Server 7.0 the upgrade is from 9.0.30 to 9.0.33 and thus also includes the above fixes.
For Bitbucket Server 7.1 the upgrade is from 9.0.31 to 9.0.33, and while the above mentioned security fixes are thus already fixed in 7.1.0, we get the fix for this bug of interest: https://bz.apache.org/bugzilla/show_bug.cgi?id=64195

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Ben Humphreys

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Apr/2020 5:01 AM

Updated:: 27/Jul/2020 9:39 PM

Resolved:: 01/Apr/2020 5:03 AM