back to article Remote code execution vulns hit Atlassian kit

Software development software house Atlassian has patched critical vulnerabilities found in all versions of its Confluence, Bamboo, FishEye, and Crucible products. The company sent an email to its customers alerting them of the flaw that affected versions of Confluenceup to 5.6.5, Bambooup to 5.7, and FishEye and Crucible up …

  1. Christian Berger

    Seems plausible

    Atlassian software, as least the parts I've seen, was incredibly complex. Probably much more complex than what you'd actually need.

    Remember, high complexity means more code, and more code means more bugs, and more bugs mean more security critical bugs.

    As for features you need to distinguish between "explicit features" which need to be coded explicitly, and "implicit features" which emerge from already existing features combined in new ways. Ideally you have the later with a small and orthogonal set of explicit features combining into lots of implicit ones with as little code as possible.

  2. StuartCRyan

    ASM for Atlassian Script

    Hi Team,

    Thanks for the mention, I actually work at the University of Technology Sydney (but this was developed outside of work and completely in my own time), however that aside, the latest version of ASM does work with all the latest releases from Atlassian, if anyone has any issues they can log a support call using the details listed here --> http://technicalnotebook.com/wiki/display/ATLASSIANMGR/Support.

    Hope that it helps a few people out... OK people GET UPGRADING!

    Stuart

  3. Anonymous Coward
    Anonymous Coward

    Seems the patched versions have been around for a while.

    Just checked ours, we patched Bamboo back in early December, and it's the latest and not vulnerable.

    Seems they put the patches in place months ago, and this is the disclosure. In other words, if you keep up on patches, you will be fine.

    We are REALLY pleased with how Atlassian products are working for out for us. JIRA/Stash/Bamboo/Confluence really is the development magic bullet that handles the complete development cycle. It takes a while to get your workflows and branching strategies tweaked to how you want it, and you will surely make (and learn from) mistakes along the way. But when you are there, it's brilliant. We have full traceability from original requirement, to coding, to commits, to builds, issues, sprints etc.

    As mentioned, It is a complicated product, but it's extremely powerful, and rock solid reliable (for us), and the open APIs and extensions ensures that you can get it working precisely how your company (and even your particular project) works.

    GIT in the Enterprise has come of age with Stash.

  4. VinceH
    Coat

    "Software development software house Atlassian..."

    That opening leaves me unclear about what they do. I'm guessing they are perhaps somehow involved in developing software - in which case you could have clarified it thusly: "Software development software house Atlassian, a software company, ..."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like