Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
For Bitbucket Server 6.10 this upgrade is from 9.0.27 to 9.0.33 and includes the following fixes from 9.0.31:
- CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
- CVE-2020-1935 HTTP Request Smuggling
- CVE-2019-17569 HTTP Request Smuggling
For Bitbucket Server 7.0 the upgrade is from 9.0.30 to 9.0.33 and thus also includes the above fixes.
For Bitbucket Server 7.1 the upgrade is from 9.0.31 to 9.0.33, and while the above mentioned security fixes are thus already fixed in 7.1.0, we get the fix for this bug of interest: https://bz.apache.org/bugzilla/show_bug.cgi?id=64195