Security Fixes

This update fixes a critical security vulnerability in ScriptRunner for Bitbucket discovered during an internal review. We strongly recommend all customers apply this update at their earliest opportunity. Further details will be released in the coming weeks as part of Adaptavist’s responsible disclosure approach.

All versions of ScriptRunner for Bitbucket from 3.0.17 are affected. Below are instructions on which version we recommend you upgrade to:

  • If you have Bitbucket 5.0 or above, upgrade to 5.3.31

  • If you have Bitbucket 4.1 to 4.14.12, inclusive upgrade to 5.3.30

  • If you have Bitbucket 4.0 to 4.0.6, upgrade to 5.3.29

  • If you have Stash 3.7 to 3.11.6 inclusive, upgrade to 5.3.28

For how-to questions please ask on Atlassian Answers where there is a very active community. Adaptavist staff are also likely to respond there.

Ask a question about ScriptRunner for JIRA, for for Bitbucket Server, or for Confluence.