Bitbucket Data Center and Server 8.13 release notes
15 August 2023
Introducing Bitbucket Data Center and Server 8.13. This release is packed with multiple security boosters and user experience improvements – from support for AWS Secrets Manager to video viewing from pull requests.
Highlights include:
- Discover unsigned commits and inspect-committers' identities
- Support for security key based SSH keys
- Search for projects quickly by their names
- Stream video files with a built-in video player
- Use AWS Secrets Manager to manage Bitbucket configuration
- Improvements to the support zip creation
- Bitbucket 8.13.6 security enhancement
Commit signature at a glance: Identifying signed and unsigned commits
SERVER DATA CENTER
While signing commits with GPG keys have been available in Bitbucket Server and Data Center, you can now check if a commit has a verified signature or not on the Commits page. A quick glance at the page will help you find signed and unsigned commits and identify their authors. So you can monitor the security of commits at a glance and timely react to any suspicious changes to your code.
A dedicated icon beside a commit hash will inform you about a signature:
- The
tick icon indicates that a commit has a verified signature. If you click on the icon, the information about the author and their key will show up. - The
warning icon indicates that the commit has been signed but the signature can’t be verified. In this case, an admin should check the signature and decide if the commit is safe. - If there’s no icon, it means that the commit hasn’t been signed.
Administrators can enforce signed commits for projects and repositories by enabling the Verify Commit Signature pre-receive hook.
In the following screenshot, check the updates to the Commits page.
Learn more about the verification of commit signatures
Support of security keys for Git over SSH
SERVER DATA CENTER
We now support the ED25519-SK and ECDSA-SK SSH keys designed to work with FIDO2/U2F hardware authenticators like YubiKey, SoloKey, etc.
Security keys are a safer substitute for passwords or traditional SSH keys to protect your code, offering a reliable way to improve your security posture and implement multifactor authentication for Git operations.
To start using ED25519-SK or ECDSA-SK, you need to create a public and private key pair, as for any other SSH key type. The difference is that the private key file isn’t stored on your computer, but references the private key stored on the FIDO2/U2F hardware authenticator.
For every Git operation, a Git client will ask a user to touch the hardware key to confirm their physical presence. Even if the private key file is stolen from the computer, it’ll be useless without pairing the hardware key.
Learn more about how to create the new security keys
Search for projects quickly by their names
SERVER DATA CENTER
On the Projects page, you can now use the filter to find a project you want by its name. No more need for quick search or page scrolling!
Stream video files with a built-in video player
SERVER DATA CENTER
With a new built-in video player, you don’t need to download video attachments to your computer anymore. Just hit Play in the player and videos will be streamed directly to your browser. We support the mp4, mov, and webm formats.
Use AWS Secrets Manager to manage Bitbucket configuration
SERVER DATA CENTER
Avoid storing plaintext values in product configuration files and rest assured that Bitbucket Data Center is protected from any credentials leakage. Bitbucket Data Center 8.13 now supports AWS Secrets Manager as an additional encryption method that system administrators can use to protect the values in the bitbucket.properties file.
Learn more about how to use AWS Secrets Manager in Bitbucket
Improvements to the support zip creation
SERVER DATA CENTER
In this release, we’ve revamped the process of creating a support zip in the Atlassian Troubleshooting and Support Tools (ATST) app. The Create a support zip page got a new design and enhanced functionality:
Users are now able to pick one of 4 file size limitation options (25/100/500 MB per file)
Added an option to select logs based on the last file modification date: any time, today, or in the past 3/5/10 days
The default maximum file size is now 100 MB per file
Added new API parameters to support File modification date and Maximum file size options
After creating a zip, the customization preferences are saved and shared across the instance
Verify the contents of your zip file.
Customize the contents of your zip file.
Create a new support zip on this node.
Learn more about creating a support zip
Bitbucket 8.13.6 security enhancement: App upload through UPM and REST API disabled by default
In Bitbucket Data Center 8.18.0, two ways of app installation through UPM (the Universal Plugin Manager) became disabled by default:
- with the Upload app button on the Manage apps page
- with the REST API
We've also backported this change to Bitbucket 8.13.6. So in Bitbucket 8.13.6 and all the next bugfix releases of Bitbucket 8.13.x, you can install new apps only by selecting the Install button on the Find new apps page. This limitation prevents unwanted uploads of potentially malicious files to your Bitbucket instance.
If you need to enable app installation with the Upload app button on the Manage apps page or with the REST API, set the following property in the bitbucket.properties file:
upm.plugin.upload.enabled=trueIf app installation from files and through the REST API is an integral part of your workflow, we strongly recommend setting the relevant property to enable it prior to the upgrade.
If you decide to enable the feature after the upgrade, make sure to restart your instance for the changes to take effect.
If you run a Bitbucket cluster, a rolling restart is enough to pick up the configuration properties you set to enable the features.
Before you upgrade to 8.13
SERVER DATA CENTER
H2 database migration requirement
The H2 database driver has been upgraded to the currently latest version 2.2.220. The upgrade has boosted data security.
If you’re upgrading to Bitbucket 8.8 and later or Mesh 1.5 and later, you’ll need to migrate the data manually to the upgraded Bitbucket or Mesh instance if:
you’re using a mirror
you’re using Bitbucket Server with a H2 database
you’ve set up Bitbucket Mesh
Get ready to upgrade
Before upgrading from an earlier version, check out our upgrade guide and upgrade matrix. Remember to renew your active software maintenance license too.
As part of our new pull request experience from version 7.0 and higher, we have created a collection of new features for you to check out on one page, Enhancements to your code review workflow.
Change log
Resolved issues in Bitbucket Server 8.13.6
Released 7 February 2024
Resolved issues in Bitbucket Server 8.13.5
Released 8 January 2024
Resolved issues in Bitbucket Server 8.13.4
Released 11 December 2023
Resolved issues in Bitbucket Server 8.13.3
Released 13 November 2023
Resolved issues in Bitbucket Server 8.13.2
Released 8 October 2023
Resolved issues in Bitbucket Server 8.13.1
Released 11 September 2023
Resolved issues in Bitbucket Server 8.13.0
Released 15 August 2023