We have reviewed the issues described in the Git vulnerabilities CVE‑2016‑2315 & CVE-2016-2324 and released updates to affected products to fix the vulnerabilities.

The following products were affected

The following products are affected if the version of Git, on your operating system, has not been updated to 2.4.11, 2.5.5, 2.6.6, 2.7.4 or a later version.

  • Bamboo
  • Bitbucket Server
  • Crucible
  • Fisheye

Please check that the operating system you use has been updated to a fixed version of Git.

Atlassian Cloud and Bitbucket Cloud have been updated to use a fixed version of Git.

If you have any questions, please contact Atlassian Support.

Git – CVE‑2016‑2315 and CVE-2016-2324 Advisory