- Fixed issue where the plugin did not enable when the analytics plugins of the host application is disabled.
- Fixed NoClassDefFoundError during user export to Excel.
- Added option to enable inline Javascript in POST binding form.
- Less verbose default logging during login and plugin upgrade.
Version history
6.1.3Bitbucket Server 6.4.0 - 8.3.02022-08-03Bugfix release Version 6.1.3 • Released 2022-08-03 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial6.1.3Bitbucket Data Center 6.4.0 - 8.3.02022-08-03Bugfix release Version 6.1.3 • Released 2022-08-03 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed issue where the plugin did not enable when the analytics plugins of the host application is disabled.
- Fixed NoClassDefFoundError during user export to Excel.
- Added option to enable inline Javascript in POST binding form.
- Less verbose default logging during login and plugin upgrade.
6.1.2Bitbucket Server 6.4.0 - 8.3.02022-07-18Bugfix release Version 6.1.2 • Released 2022-07-18 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed "pick first non-empty attribute" transformer to not return empty strings.
- Allow disabling Content Security Policy "default-src 'self'" on the SAML POST binding form that caused issues in some situations where the application is accessed from different URLs.
- Fixed NullPointerException in Bitbucket during OIDC login.
6.1.2Bitbucket Data Center 6.4.0 - 8.3.02022-07-18Bugfix release Version 6.1.2 • Released 2022-07-18 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed "pick first non-empty attribute" transformer to not return empty strings.
- Allow disabling Content Security Policy "default-src 'self'" on the SAML POST binding form that caused issues in some situations where the application is accessed from different URLs.
- Fixed NullPointerException in Bitbucket during OIDC login.
6.1.1Bitbucket Server 6.4.0 - 8.3.02022-07-11App analytics, minor features and updates Version 6.1.1 • Released 2022-07-11 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.1.1:
- Fixed WebSudo (additional authentication) issue introduced in SAML Single Sign-On 6.1.0.
New in 6.1.0:
Together with minor fixes and updates, this version includes for the first time app analytics that collects anonymous configuration data with the purpose of improving the product. Learn more on the FAQs.
- SAML Single Sign-On 6.1.0 comes with the User Sync 2.5.0 release, see 2.5.x release notes
- When doing SP-initiated SSO, the SAML RelayState parameter now no longer contains the requested URL itself. Sending a deep link URL in the RelayState using IdP-initiated SSO is still working.
- When importing multi-IdP metadata, a certificate can be configured to validate the metadata against.
- Generating IdP names while importing multi-IdP metadata can now be customized using Groovy code.
- Fixed: the logout response for Single Logout now contains the original relay state.
- Several other minor fixes and improvements.
6.1.1Bitbucket Data Center 6.4.0 - 8.3.02022-07-11App analytics, minor features and updates Version 6.1.1 • Released 2022-07-11 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.1.1:
- Fixed WebSudo (additional authentication) issue introduced in SAML Single Sign-On 6.1.0.
New in 6.1.0:
Together with minor fixes and updates, this version includes for the first time app analytics that collects anonymous configuration data with the purpose of improving the product. Learn more on the FAQs.
- SAML Single Sign-On 6.1.0 comes with the User Sync 2.5.0 release, see 2.5.x release notes
- When doing SP-initiated SSO, the SAML RelayState parameter now no longer contains the requested URL itself. Sending a deep link URL in the RelayState using IdP-initiated SSO is still working.
- When importing multi-IdP metadata, a certificate can be configured to validate the metadata against.
- Generating IdP names while importing multi-IdP metadata can now be customized using Groovy code.
- Fixed: the logout response for Single Logout now contains the original relay state.
- Several other minor fixes and improvements.
6.0.11Bitbucket Server 6.4.0 - 8.3.02022-06-30Bugfix release Version 6.0.11 • Released 2022-06-30 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Removed inline JavaScript from hidden POST binding form to avoid issues with Content Security Policy and caching.
- Added progress logger for better debugging of login performance issues.
6.0.11Bitbucket Data Center 6.4.0 - 8.3.02022-06-30Bugfix release Version 6.0.11 • Released 2022-06-30 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Removed inline JavaScript from hidden POST binding form to avoid issues with Content Security Policy and caching.
- Added progress logger for better debugging of login performance issues.
6.0.10Bitbucket Server 6.4.0 - 8.3.02022-06-14Bugfix release Version 6.0.10 • Released 2022-06-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.10 comes with the User Sync 2.4.5 release, see 2.4.x release notes.
- Added option to make XML Schema validation optional for SAML responses.
- Added missing cache directive for POST binding form.
- Updated libraries.
6.0.10Bitbucket Data Center 6.4.0 - 8.3.02022-06-14Bugfix release Version 6.0.10 • Released 2022-06-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.10 comes with the User Sync 2.4.5 release, see 2.4.x release notes.
- Added option to make XML Schema validation optional for SAML responses.
- Added missing cache directive for POST binding form.
- Updated libraries.
6.0.9Bitbucket Server 6.4.0 - 8.3.02022-05-19Bugfix release Version 6.0.9 • Released 2022-05-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.9 comes with the User Sync 2.4.4 release, see 2.4.x release notes.
- Fixed issue with Single Logout where the logout URL was not used when using redirect binding.
6.0.9Bitbucket Data Center 6.4.0 - 8.3.02022-05-19Bugfix release Version 6.0.9 • Released 2022-05-19 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.9 comes with the User Sync 2.4.4 release, see 2.4.x release notes.
- Fixed issue with Single Logout where the logout URL was not used when using redirect binding.
6.0.6Bitbucket Server 6.4.0 - 8.3.02022-04-13Bugfix release Version 6.0.6 • Released 2022-04-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.6 comes with the User Sync 2.4.2 release, see 2.4.x release notes.
- Fixed possible XSS vulnerability on old browsers by injecting Javascript code in the redirectTo parameter.
- Fixed: exported support information could have contained sensitive information from the configured JVM arguments. The JVM arguments are no longer included in the support information.
- Fixed: enabling the option "Use Base URL from Request" caused wrong SAML request.
- Fixed slow logouts on Bitbucket Data Center setups.
6.0.6Bitbucket Data Center 6.4.0 - 8.3.02022-04-13Bugfix release Version 6.0.6 • Released 2022-04-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.6 comes with the User Sync 2.4.2 release, see 2.4.x release notes.
- Fixed possible XSS vulnerability on old browsers by injecting Javascript code in the redirectTo parameter.
- Fixed: exported support information could have contained sensitive information from the configured JVM arguments. The JVM arguments are no longer included in the support information.
- Fixed: enabling the option "Use Base URL from Request" caused wrong SAML request.
- Fixed slow logouts on Bitbucket Data Center setups.
6.0.4Bitbucket Server 6.4.0 - 7.21.32022-03-24Support for OpenID Connect (beta), improved SAML implementation Version 6.0.4 • Released 2022-03-24 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.4:
- Fixed: Use SHA-256 instead of SHA-1 as digest algorithm.
- Fixed: NameIDPolicy was missing in AuthnRequest.
- Fixed email preset in attribute mapping for Google Cloud Identity (G Suite).
New in 6.0.3:
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
New in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Several improvements and bugfixes, see our release notes.
6.0.4Bitbucket Data Center 6.4.0 - 7.21.32022-03-24Support for OpenID Connect (beta), improved SAML implementation Version 6.0.4 • Released 2022-03-24 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialNew in 6.0.4:
- Fixed: Use SHA-256 instead of SHA-1 as digest algorithm.
- Fixed: NameIDPolicy was missing in AuthnRequest.
- Fixed email preset in attribute mapping for Google Cloud Identity (G Suite).
New in 6.0.3:
- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, which fixes an issue with the Azure full sync, see 2.4.x release notes.
New in 6.0.2:
- Fixed generating metadata for Service Provider (organizations section).
New in 6.0.1:
- Fixed login issue when IdP sends multiple attributes with the same key.
- Added new preset "Use UPN and convert guest users" for the email attribute in the Azure connector.
New in 6.0.0:
- SAML Single Sign-On 6.0.0 comes with the User Sync 2.4.0 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- Several improvements and bugfixes, see our release notes.
6.0.3Bitbucket Server 6.4.0 - 7.21.32022-03-03Support for OpenID Connect (beta), improved SAML implementation Version 6.0.3 • Released 2022-03-03 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- If Idp-selection by email is enabled and a selection-cookie is present, the page to enter the email address can be shown.
- Remove "prevent login form" option from the configuration-UI. Use Deny Password Authentication to prevent users from using a password.
- Fixed IdP-dropdown width when many IdPs are configured.
- Fixed missing validation for invalid directory selection.
- Fixed configuration frontend issue when the logged in user had no email address configured.
- Metadata is no longer reloaded automatically when loaded from a file
- Fixed misleading warning message "Not initialized" in the logs on plugin startup
6.0.3Bitbucket Data Center 6.4.0 - 7.21.32022-03-03Support for OpenID Connect (beta), improved SAML implementation Version 6.0.3 • Released 2022-03-03 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 6.0.3 comes with the User Sync 2.4.1 release, see 2.4.x release notes.
- Support for OpenID Connect (beta)
- Replaced OpenSAML with OneLogin SAML/Java
- Removed separate SAMLWrapper-plugin
- If Idp-selection by email is enabled and a selection-cookie is present, the page to enter the email address can be shown.
- Remove "prevent login form" option from the configuration-UI. Use Deny Password Authentication to prevent users from using a password.
- Fixed IdP-dropdown width when many IdPs are configured.
- Fixed missing validation for invalid directory selection.
- Fixed configuration frontend issue when the logged in user had no email address configured.
- Metadata is no longer reloaded automatically when loaded from a file
- Fixed misleading warning message "Not initialized" in the logs on plugin startup
5.2.1Bitbucket Server 6.4.0 - 7.21.32021-10-25Bugfix release Version 5.2.1 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed deeplinking to repos with Javascript files.
- SAML Single Sign-On 5.2.1 comes with the User Sync 2.2.1 release, see 2.2.x release notes.
5.2.1Bitbucket Data Center 6.4.0 - 7.21.32021-10-25Bugfix release Version 5.2.1 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Fixed deeplinking to repos with Javascript files.
- SAML Single Sign-On 5.2.1 comes with the User Sync 2.2.1 release, see 2.2.x release notes.
5.2.0Bitbucket Server 6.4.0 - 7.17.62021-10-13Updated User Sync, bug fixes Version 5.2.0 • Released 2021-10-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.2.0 comes with the User Sync 2.2.0 release, see 2.2.x release notes.
- Some minor bugfixes.
5.2.0Bitbucket Data Center 6.4.0 - 7.17.62021-10-13Updated User Sync, bug fixes Version 5.2.0 • Released 2021-10-13 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.2.0 comes with the User Sync 2.2.0 release, see 2.2.x release notes.
- Some minor bugfixes.
5.1.2Bitbucket Server 6.7.0 - 7.21.32021-09-14Improved Groovy transformations and better Crowd support Version 5.1.2 • Released 2021-09-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Improved Groovy attribute transformations. If you're using custom Groovy based attribute transformations, please check that user attributes are assigned properly after upgrading. There may be edge cases where adjusting the Groovy code is beneficial or required. If unsure, please open a support ticket and attach your configuration before upgrading so we can validate it.
- When using Crowd directories backed by LDAP, triggering the LDAP update in Crowd uses a builtin REST endpoint, so our Crowd plugin is no longer required.
- SAML Single Sign-On 5.1.2 comes with the User Sync 2.1.1 bugfix release, see 2.1.x release notes.
5.1.2Bitbucket Data Center 6.7.0 - 7.21.32021-09-14Improved Groovy transformations and better Crowd support Version 5.1.2 • Released 2021-09-14 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- Improved Groovy attribute transformations. If you're using custom Groovy based attribute transformations, please check that user attributes are assigned properly after upgrading. There may be edge cases where adjusting the Groovy code is beneficial or required. If unsure, please open a support ticket and attach your configuration before upgrading so we can validate it.
- When using Crowd directories backed by LDAP, triggering the LDAP update in Crowd uses a builtin REST endpoint, so our Crowd plugin is no longer required.
- SAML Single Sign-On 5.1.2 comes with the User Sync 2.1.1 bugfix release, see 2.1.x release notes.
5.0.7Bitbucket Server 6.4.0 - 7.16.02021-09-06Bugfix release Version 5.0.7 • Released 2021-09-06 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.0.7 comes with the User Sync 2.0.5 bugfix release, see 2.0.x release notes.
5.0.7Bitbucket Data Center 6.4.0 - 7.16.02021-09-06Bugfix release Version 5.0.7 • Released 2021-09-06 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • Commercial- SAML Single Sign-On 5.0.7 comes with the User Sync 2.0.5 bugfix release, see 2.0.x release notes.
5.0.6Bitbucket Server 6.4.0 - 7.16.32021-08-12Improved Security Update Version 5.0.6 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
5.0.6Bitbucket Data Center 6.4.0 - 7.16.32021-08-12Improved Security Update Version 5.0.6 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
4.0.14Bitbucket Server 6.0.0 - 7.17.62021-10-25Bugfix release Version 4.0.14 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis update includes the bugfix release of User Sync 1.9.7, which fixes the synchronization with OneLogin.
4.0.14Bitbucket Data Center 6.0.0 - 7.17.62021-10-25Bugfix release Version 4.0.14 • Released 2021-10-25 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialThis update includes the bugfix release of User Sync 1.9.7, which fixes the synchronization with OneLogin.
4.0.13Bitbucket Server 6.0.0 - 7.16.02021-08-12Improved Security Update Version 4.0.13 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
4.0.13Bitbucket Data Center 6.0.0 - 7.16.02021-08-12Improved Security Update Version 4.0.13 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.6.7Bitbucket Server 5.12.4 - 7.16.02021-08-12Improved Security Update Version 3.6.7 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.6.7Bitbucket Data Center 5.12.4 - 7.16.02021-08-12Improved Security Update Version 3.6.7 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.5.0.2Bitbucket Server 5.6.0 - 6.10.172021-08-12Improved Security Update Version 3.5.0.2 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
3.5.0.2Bitbucket Data Center 5.6.0 - 6.10.172021-08-12Improved Security Update Version 3.5.0.2 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
2.5.10Bitbucket Server 5.5.0 - 6.10.52021-08-12Improved Security Update Version 2.5.10 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known
2.5.10Bitbucket Data Center 5.5.0 - 6.10.52021-08-12Improved Security Update Version 2.5.10 • Released 2021-08-12 • Supported By resolution Reichert Network Solutions GmbH • Paid via Atlassian • CommercialSorry! - We have to ask you to update (again!)
On July 29th, we released a "fix version" for a critical security vulnerability, however, due to researcher feedback & additional follow-up, we realized another attack vector.
This version (released August 12th) addresses this additional scenario. We expected this to be the final & complete fix.
To allow upgrades to a fix version without major upgrades in the Atlassian application, all public versions in the marketplace include the fix to the security vulnerability.
Please reference the version history for the most relevant version for your instance. https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-saml-sso-bitbucket/version-history
Please refer to this wiki page for the latest status: https://wiki.resolution.de/doc/saml-sso/latest/jira/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known