Welcome to 2020’s first edition of our monthly recurring blog post covering the highlights of Atlassian Server and Data Center product updates. For each product, we cover a selection of the most exciting new features, bug fixes and security advisories that were released in the last month.

In this months edition, the major highlight is the first Bitbucket Enterprise release.

As TMC ALM, we provide services for keeping your products up-to-date. We have a lot of experience with upgrading Atlassian environments safely and securely. Your data and business continuation has our top priority! When looking at Atlassian from a Platinum partner perspective we notice a significant trend at Atlassian. Although this is a monthly release update, when we zoom out and look at Atlassian (feature) development, in general, we see that the main focus is at data center and the cloud. To learn more about what this trend or the new releases mean for you and your organisation, please check out our services page or contact us.

Jira’s January Release Highlights

Jira 8.6.1

For Jira, Atlassian only released a small bugfix release in January, Jira 8.6.1; fixing the following two bugs:

• A major high priority bug that exists in Jira 8.5.2 – 8.6.0 that replaces some app dependencies with newer (unwanted) versions is fixed. The root cause is an updated OSGi plugin module (OSGi is a specification for modular platforms, more info here…).
• A bug with retrieving users with the REST API was fixed. Several bugs were related to this bug, fixing a total of 4 registered bugs.

Jira Service desk also received a bugfix release with the exact same fixes. No specific JSD bugs were fixed in this release.

Our advice

If you’ve upgraded Jira to Jira 8.5.2 – 8.6.0 and are using the Better PDF Exporter, then it might be useful to either upgrade to Jira 8.6.1 or apply the workaround described here. In all other cases, an upgrade is probably not worth the time and effort.

Confluence’s January Release Highlights

Confluence 7.2.1

This release of Confluence contains four bugfixes and one suggestion implementation, all of which are pretty minor.

• The inserting link dialog (Ctrl+K) does not activate the insert button when an URL is pasted in the address field of the web link functionality. This has been fixed (CONFSERVER-22287).
• The youtube widget connector now also accepts youtube-nocookie.com URLs (CONFSERVER-58983).
• A conflicting situation has been fixed which generated an error when a draft page with deleted user mentions is published (CONFSERVER-59098).
• The Twitter widget connector fails on page refresh on various Confluence 6 and 7 versions and generates an error. This has been fixed with Confluence 7.2.1 (CONFSERVER-59096).
• Existing WebDav configurations weren’t functional in Confluence 7 (CONFSERVER-59051).
  WebDav basically allows you to work with Confluence as if the pages are on a shared folder while keeping the version history an authoring intact. More information can be found here.

Our advice

This is basically the same as last months advice. If you haven’t upgraded to Confluence 7 yet and aren’t tied to Enterprise releases, Confluence 7.2.1 is a good release to upgrade to. Dependent on which Confluence 6 version you are coming from, a lot of bugs have been fixed and even some useful features have been added.

If you are already on Confluence 7 there’s no real need to upgrade. If you choose to not upgrade Confluence, make sure you either update the Confluence Previews plugin manually or disable the Companion App integration in the Confluence Previews plugin.

Bitbucket’s January Release Highlights

Enterprise for Bitbucket!

With the release of Bitbucket 6.10 on January 14th, Bitbucket received its first Enterprise release! This basically means that Atlassian promises to provide bug fix releases until 6.10 reaches end of life to address critical security, stability, data integrity, and performance issues. In practice, this means that when you are on the Enterprise release, you do not have to upgrade to a newer feature or major release when serious issues are found in the release you are on, but you can simply upgrade to a release within your current feature release.

More details on Enterprise releases can be read here…

Bitbucket Security Advisory

In our December 2019 edition, we discussed that Atlassian released a critical major security bugfix release for all supported Bitbucket releases, but did not put out security advisory. Which was odd, to say the least. But, on January 15th, the corresponding Security Advisory was sent out to the public.

To read more about the security vulnerabilities, check out:

• BSERV-12100 Remote Code Execution (RCE) via in Browser Editing
• BSERV-12099 Remote Code Execution (RCE) via Argument Injection
• BSERV-12098 Remote Code Execution (RCE) via certain user input fields

The following releases fix these vulnerabilities:

• 5.16.11
• 6.0.11
• 6.1.9
• 6.2.7
• 6.3.6
• 6.4.4
• 6.5.3
• 6.6.3
• 6.7.3
• 6.8.2
• 6.9.1
• 6.10.0

Bitbucket 6.10.0

Besides this being the first Enterprise release, it contains mostly the same fixes as Bitbucket 6.9.1 did, which was covered in our December 2019 edition.

Our advice

Definitely update Bitbucket to one of the releases that fix the security vulnerabilities discussed under the Security Advisory paragraph. We suggest upgrading to Bitbucket 6.10.0 which fixes a lot of bugs and security vulnerabilities whilst also being the new Enterprise release and prepares your instance for the upcoming Bitbucket 7 release.

If upgrading Bitbucket, make sure you also upgrade Git to at least version 2.20, but preferably version 2.24 to be able to make use of new functionality and mitigate any security vulnerabilities that have been fixed since.

Thanks for reading!

Remember to contact us if you have any (support) questions.