Open issues

Order by Priority
  1. Suggestion
    BSERV-12926Support Bitbucket with Oracle multitenant mode
  2. Suggestion
    BSERV-9635As an administrator, I would like to configure LFS to store files in an alternate location
  3. Suggestion
    BSERV-13049Local group memberships disappear after re-login for users created by JIT in Bitbucket Datacenter
  4. Suggestion
    BSERV-14280Create mechanism to link commit/branch/PR to particular JIRA instance if the same issue key is present in multiple Jira instances
  5. Suggestion
    BSERV-8393Allow changing the SSH Base URL of a mirror
  6. Suggestion
    BSERV-9252Ability to tag default reviewers as mandatory or optional
  7. Suggestion
    BSERV-9558Show search indexing progress to administrators
  8. Suggestion
    BSERV-11008As an admin, I want to be able to restore a repository from a backup including all its details (e.g. pull requests, permission configuration, hook configuration)
  9. Suggestion
    BSERV-12589Support external Git LFS object storage
  10. Suggestion
    BSERV-10772Prohibit access to repository granted by project-level permissions
  11. Suggestion
    BSERV-7277Add support for GlusterFS in Bitbucket Data Center
  12. Suggestion
    BSERV-11703As a user I want to see when my last successful and unsuccessful logins happened so that I can detect suspicious activity
  13. Suggestion
    BSERV-20104Enable Git Clone to Work with PAT by Default When Basic Authentication is Disabled
  14. Suggestion
    BSERV-11547Add option to not clear "needs work" flag on PR commit
  15. Suggestion
    BSERV-4603Committer alias management
  16. Suggestion
    BSERV-7284Promote branch model API to public API
  17. Suggestion
    BSERV-10589Bitbucket support CORS
  18. Suggestion
    BSERV-12432Allow event level selection for Audit logging
  19. Suggestion
    BSERV-13059Ability to clear/disable pull request suggestions on personal dashboard
  20. Suggestion
    BSERV-19362Get Notifications when users are blocked by Captcha
  21. Suggestion
    BSERV-19563Update Bitbucket version 8.13 documentation with mirror backward incompatibility details
  22. Suggestion
    BSERV-20058Multi-region support for Mesh nodes
  23. Suggestion
    BSERV-4037Add possibility to inherit read permissions, hooks, branch model and other settings to forked repositories
  24. Suggestion
    BSERV-5025Annotated tag support (Java and REST APIs, UI)
  25. Suggestion
    BSERV-8361Reject pushes containing new branches that differ in case only from an existing branch
  26. Suggestion
    BSERV-9076Option to disable CAPTCHA for directory users
  27. Suggestion
    BSERV-9588As an admin, I would like to run a disk access speed test so that I can be assured that Bitbucket Server will be well performing
  28. Suggestion
    BSERV-10771Show sync status on smart mirror repo list, create sync button to force sync mirror with primary.
  29. Suggestion
    BSERV-10912"Error looking up submodules" warning is misleading in case of nested Git repositories
  30. Suggestion
    BSERV-11856As an admin, I want the users to be able to clear their own CAPTCHA when SAML is enabled
  31. Suggestion
    BSERV-12338Mirror status in the upstream should change when it loses connection
  32. Suggestion
    BSERV-12391Add Jira issue details directly on the Pull request view
  33. Suggestion
    BSERV-12438Notify the user about existing forks before the deletion
  34. Suggestion
    BSERV-3527Display implicit Project/Global permissions on repository permissions page
  35. Suggestion
    BSERV-8906In Bitbucket, make it possible to limit Pull Requests between specific branches
  36. Suggestion
    BSERV-10715Labels for pull requests
  37. Suggestion
    BSERV-12410Abilty to add groups to Reviewers list and have a minimum of 1 approval from each group for merge
  38. Suggestion
    BSERV-13385Forward the configuration to disable basic authentication on API calls to Bitbucket mirror
  39. Suggestion
    BSERV-14277Allow users with SYS Admin privileges to enable debugging using the API and bearer tokens when Basic Auth is disabled
  40. Suggestion
    BSERV-14421Terraform provider for Bitbucket DC
  41. Suggestion
    BSERV-19252Pull Request description dynamic templating
  42. Suggestion
    BSERV-10840Different email recipient per Team
  43. Suggestion
    BSERV-7812Promote the user & group selector component to the web UI API
  44. Suggestion
    BSERV-11747Open up internal js events in bitbucket
  45. Suggestion
    BSERV-12849TAR.GZ and ZIP packages should include an installation script
  46. Suggestion
    BSERV-10900Track Or limit admin user to access code
  47. Suggestion
    BSERV-12257Show cascading merges in Push log
  48. Suggestion
    BSERV-12832Restore Client should offer to create the database specified if it doesn't exist
  49. Suggestion
    BSERV-12884Making the messages blocking the pull request from being merged more clear
  50. Suggestion
    BSERV-3934Branch list: Delete branch without reloading the page
Refresh results
226 of 2323
Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-9076

Option to disable CAPTCHA for directory users

    • 6
    • 6
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      In -BSERV-3001-, an option was created to turn of CAPTCHA completely. However, in an ideal world it seems you could disable CAPTCHA for specific types of users.

      Consider a setup where you have two types of users

      1. Users managed by an external system such as Active directory. Active directory already has a policy of locking the account after X attempts, so bitbucket server does not need CAPTCHA to protect against brute force attacks for these users.
      2. Users built inside bitbucket server's internal directory (such as Atlassian's recommendation that you always keep an administrator or sysadmin account active in the Bitbucket Server internal directory) You would like CAPTCHA to protect these accounts.

      For users in group #1, the CAPTCHA is a huge annoyance. If they get locked out of AD, there is now a two step process

      1. Unlock AD account
      2. Fill out bitbucket server CAPTCHA

      This approach really doesn't scale if every Atlassian tool uses it. A locked password could potentially require you to

      1. Unlock in AD
      2. CAPTCHA for bitbucket server
      3. CAPTCHA for bamboo
      4. CAPTCHA for jira
      5. ... (at some point you lose the point of having a centralized ID unlock mechanism)

      At this point you would be tempted to turn off CAPTCHA entirely, but it's a bad idea because people could then brute force the accounts built in the internal directory.

      The ideal solution seems to be the ability to turn off CAPTCHA only for users that are managed by an external user directory - is that possible?

            SET Analytics Bot made changes -
            UIS Original: 5 New: 6
            SET Analytics Bot made changes -
            UIS Original: 9 New: 5
            SET Analytics Bot made changes -
            Support reference count Original: 7 New: 6
            SET Analytics Bot made changes -
            Support reference count Original: 6 New: 7
            SET Analytics Bot made changes -
            UIS Original: 5 New: 9
            SET Analytics Bot made changes -
            UIS Original: 6 New: 5
            SET Analytics Bot made changes -
            Support reference count New: 6
            SET Analytics Bot made changes -
            UIS Original: 5 New: 6
            SET Analytics Bot made changes -
            UIS Original: 47 New: 5
            SET Analytics Bot made changes -
            UIS Original: 5 New: 47

              Unassigned Unassigned
              7dfa1c531037 PaulV
              Votes:
              24 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated: