Bitbucket Data Center 9.0 release notes
23 July 2024
The Bitbucket Data Center 9.0 platform release is now available for upgrade. With this release, you’re getting many features that will enhance your developer experience along with important security updates introduced with the upgrade to Atlassian Data Center Platform 7.
Highlights include:
Bitbucket Data Center 9.0 is a platform release
We’re excited to announce Bitbucket Data Center 9.0 – the newest platform release since May 2022. Platform releases drive compelling value as they allow us to include multiple breaking changes, which establish a foundation for continuous improvement and value in future Data Center releases.
Based on Bitbucket 8.19, the latest long-term release, Bitbucket 9.0 includes loads of useful features for:
improving the individual developer experience
streamlining team collaboration
providing more flexibility for administration
enhancing security and compliance on your end.
With Bitbucket 9.0, you’re getting dark theme, draft pull requests, code owners, auto-merge, support for SSH keys and X.509 certificates, websudo for secure administrator sessions, and more.
As a platform release, Bitbucket 9.0 also includes an upgrade to Atlassian Data Center Platform 7. It enhances the security of the Bitbucket application and ensures its compliance with the latest industry standards. DC Platform 7 is introducing a number of under-the-hood changes and improvements, including but not limited to Java 17 as the minimum supported JDK, the removal of some third-party libraries, and the revised definition of Java API.
We're introducing Data Center security checklist and best practices for admins. This guide will provide valuable insights on safely deploying and administering Atlassian self-managed software.
Secure administrator sessions (websudo)
For: ADMINS
Strengthen your data protection and instance sustainability with secure administrator sessions (websudo), which require administrators to reauthenticate before performing sensitive operations or accessing the Global administration settings page.
Configure secure administrator sessions
User directory password encryption
For: ADMINS
As part of enhancing Bitbucket’s security posture, we’ve introduced robust encryption for storing plaintext external user directory passwords, like LDAP passwords, in the database.
When configuring user directories, the supplied password will be automatically AES encrypted. For existing instances that have user directories already configured, passwords will be encrypted automatically upon upgrade to Bitbucket 9.0.
Bitbucket will automatically generate encryption keys and store them in the shared home directory. Make sure these keys are included in your backup strategy.
Check your backup and restore options
Add reviewer groups as code owners
For: END USERS ADMINS
You can now set reviewer groups as code owners instead of manually adding each reviewer. Having a whole group of experts who own the particular code will ensure a higher quality of code review and feedback, improve the integrity of the team’s input, and just save you time in selecting the right reviewers.
Add a reviewer group to code owners
Other improvements
Administrator page redesign
For: ADMINS
Bitbucket Data Center admins can check out a more modern, consistent, and convenient view of the Administrator page.
Filter out merge commits to view commits only
For: END USERS ADMINS
Tired of figuring out where is a commit and a merge commit on the Commits page? Just uncheck the new Show merge commits box, and you’ll see your teams' commits only.
Atlassian Data Center Platform 7
Bitbucket 9.0 includes an upgrade to Atlassian Data Center Platform 7. This upgrade improves the quality of our response to security changes with reduced disruption and breaking changes for Atlassian Marketplace apps.
As part of the upgrade to Platform 7 and with the focus on enhanced security and performance, we’ve made the following updates:
Removed Gray APIs from Bitbucket Data Center, thus reducing the scope of third-party libraries and improving dependency management
Upgraded numerous Atlassian and third-party components to benefit from the latest security patches and bug fixes
Improved the overall definition of the Java API
Implemented the minimum required support for Java 17.
Prepare your app for the upgrade to Platform 7
Before you upgrade to 9.0
IMPORTANT Platform releases allow us to incorporate multiple significant changes (often called “breaking changes”) that aren't compatible with previous versions. These changes establish a strong foundation for more extensive development in future releases.
To increase security and performance, we’ve made changes in our core architecture that require apps to bundle their libraries. We're collaborating with our Marketplace partners on these changes, however, some apps may not be immediately compatible with the new platform upon release.
We recommend that you review your apps before upgrading to reduce the risk of disruption for your organization.
To check app compatibility, visit Checking app compatibility with application updates, or the Atlassian Marketplace to see if your app hosting is compatible with your product version.
Check the compatibility of your Marketplace apps
As a major release, Bitbucket Data Center 9.0 introduces backward-incompatible changes to the apps' API. If you build custom in-house apps, you need to test their compatibility and update them.
If you have installed apps from the Atlassian marketplace or another source, you also need to check their compatibility and update them before performing the upgrade.
For more details, check the API changelog.
Upgrade your internal apps
Before you upgrade your Bitbucket instance to 9.0, make sure you’ve upgraded your internal apps. For more details, check the Bitbucket Data Center upgrade guide.
Upgrade other Atlassian products to latest bugfix releases
An attempt to create a new application link between Bitbucket 9.x and older versions of Atlassian products causes the following issue: BSERV-19533 - Getting issue details... STATUS
Existing application links aren't affected.
Upgrade Bitbucket mirrors
If you’re using mirrors, make sure you upgrade both your primary instance and mirrors to Bitbucket 9.0. Otherwise, mirrors won’t work in the new version. Check how to upgrade mirrors
Actual user avatars disabled in email notifications
Starting from Bitbucket Data Center 9.0, anonymous avatar access is disabled by default due to a reported security vulnerability. This means that in email notifications, you’ll see default user avatars instead of actual ones.
If you’d like to continue showing actual user avatars in email notifications, set the following configuration property before upgrading to Bitbucket 9.0:
avatar.anonymous.access=trueH2 database migration requirement
The H2 database driver has been upgraded to the currently latest version 2.2.220. The upgrade has boosted data security.
For upgrades to Bitbucket 8.8 and later or Mesh 1.5 and later, manual data migration is required if any of the following applies:
you’re using a mirror
you’re using Bitbucket Server with the H2 database
you’ve set up Bitbucket Mesh
Updates to supported platforms
In Bitbucket 9.0, we’re introducing the following updates to supported platforms:
Added support for OpenSearch 2.11 and 2.14
Ended support for:
Java 8 and 11
PostgreSQL 10, 11, and 12
MariaDB 10.3.7+
MySQL 5.7.9+
Microsoft SQL Server 2014 and 2016
Oracle 12c R2 and 18c
Amazon Aurora PostgreSQL 10, 11, and 12
Git 2.31.x - 2.33.x
OpenSearch 1
Elasticsearch 7 (Elasticsearch is no longer supported.)
Learn more from the end of support announcements
Security advisories
At Atlassian, we prioritize the security of our products and have implemented a vulnerability management program to identify and resolve any security issues as quickly and comprehensively as possible. To stay informed about the latest security vulnerabilities and their corresponding fixes, visit Security Advisories.
Get ready to upgrade
Before upgrading from an earlier version, check out our upgrade guide and upgrade matrix. Remember to renew your active software maintenance license too.
As part of our new pull request experience from version 7.0 and higher, we have created a collection of new features for you to check out on one page, Enhancements to your code review workflow.
Change log
Resolved issues in Bitbucket Data Center 9.0.1
Released 11 August 2024
Breaking change for some third party plugins
Atlassian Data Center products Jira, JSM, Confluence, Bitbucket, Bamboo and Crowd include org.springframework:spring-web third party dependency.
In response to CVE-2016-1000027 - GitHub Advisory Database being filed on org.springframework:spring-web, we have taken the following actions:
Ensured no usage of vulnerable classes in our codebase
Forked spring and removed indicated packages (this is the fix used by Spring on its 6.0.x line)
Ensured usage of the safe version in our products.
The consequence of this change is removal of the following packages:
org.springframework.ejb.accessorg.springframework.remoting
org.springframework.remoting.caucho
org.springframework.remoting.httpinvoker
org.springframework.remoting.jaxws
org.springframework.remoting.rmi
org.springframework.remoting.soap
org.springframework.remoting.support
The impact of this removal is that any plugin that makes use of these packages will need to be modified.
Resolved issues in Bitbucket Data Center 9.0.0
Released 23 July 2024