Bamboo 2.5.5 Upgrade Guide

Bamboo 2.5.5 Release Notes

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Upgrade Notes

A few changes to Bamboo's behavior have resulted as a consequence of some important fixes to security vulnerabilities in Bamboo 2.5.5. For more information about these security vulnerabilities and their fixes, please refer to the Bamboo Security Advisory 2010-05-04.

Setting File Paths in Bamboo

When modifying Bamboo's 'File Path' option on the Export or Import administration pages or the 'Backup Path' option on the Scheduled Backup page, you can only change the name of files associated with these options (not the the actual file path component itself). To change these file path components, you must explicitly run Bamboo with the following system property:

bamboo.paths.set.allowed=true

Please refer to Starting Bamboo for details on how to run Bamboo with system properties.

Brute Force Attack Prevention

By default, if you attempt to log in to Bamboo three times unsuccessfully, then for subsequent login attempts, Bamboo will require you recognize a distorted picture of a word and type that word into a text field. For more information, please refer to Using Captcha for failed logins.

HttpOnly Session ID Cookies

In the Bamboo distribution, session ID cookies now use the HttpOnly flag by default. This makes it more difficult for malicious (JavaScript) code on a client's browser to gain access to these session ID cookies, thereby minimizing the risk of common XSS attacks.

If you are running the Bamboo EAR-WAR distribution, then to minimize the risk of common XSS attacks, we strongly recommend that you configure the application server (Tomcat) running Bamboo to transmit session ID cookies using the HttpOnly flag. Please refer to Securing Bamboo with Tomcat using SSL for more information.

Upgrading from Bamboo 2.5.3 to 2.5.5

Please follow the Bamboo upgrade guide.
(info) No additional upgrade tasks are required to upgrade from Bamboo 2.5.3 to 2.5.5.

Upgrading from Bamboo 2.4.x or earlier

In addition to the above, please read the Bamboo 2.5 Upgrade Guide and the Upgrade Guide for every version you are skipping during the upgrade. 

Last modified on May 26, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.