About Craig Davies

Head of Security

Archives for Craig Davies

Atlassian Trust Center We have launched our new Trust @ Atlassian site to make it easier to find the information you need to trust Atlassian products and cloud services.  We have Security at the heart of that trust relationship but also know that Quality, Availability, Privacy and Compliance are important.  We have detailed information about our Security program, including how we run our Security Management Program, updated Privacy information, and, for the first time, have published our Atlassian

Continue reading »

We have reviewed the issues described in the Git vulnerabilities CVE‑2016‑2315 & CVE-2016-2324 and released updates to affected products to fix the vulnerabilities. The following products were affected SourceTree for Windows. Update to version 1.8.3 or later for a fix. You can find the latest version at https://www.sourcetreeapp.com/download/. SourceTree for Mac. Update to version 2.2.4 or later for a fix. You can find the latest version at https://www.sourcetreeapp.com/. Bitbucket

Continue reading »

CVE-2015-7547 Advisory

We have reviewed the issues described in Google's CVE-2015-7547 Advisory from February 17 and found that a very small part of our environment was affected. Within the Atlassian Cloud (including HipChat and Bitbucket) the small number of Atlassian systems affected have been upgraded to remove the vulnerability. For those using HipChat Server on their systems we have released an update and notified all customers impacted. If you have any questions, please contact Atlassian Support.

Continue reading »

OpenSSL Security Advisory

Following on from the announcement from the OpenSSL team today, we have been assessing the impact to Atlassian Cloud, and our customers, and are deploying updated SSL versions as needed. Our current state is as follows: Bitbucket - Not affected but patch deployment is complete HipChat - Not affected but have patched appropriate systems. Atlassian Cloud -Not affected but patch deployment complete. For those who run our Server versions, we recommend you deploy the supported patches

Continue reading »

SSL and POODLE

Another day, another SSL vulnerability. Following the announcement of the POODLE vulnerability, we have removed SSL V3 support from all of our Cloud platforms.  Our testing shows this should not affect any of our users, and we encourage everyone to use up to date browsers and clients. If you find a problem, please contact us at support.atlassian.com.

Continue reading »