How to patch Hipchat Server for CVE-2015-7547

Still need help?

The Atlassian Community is here for you.

Ask the community

This article only applies to Atlassian's server products. Learn more about the differences between cloud and server.

This version of Hipchat Server is no longer supported

This article applies to a version of Hipchat Server which is beyond the Atlassian End of Life policy, and is no longer supported.

When was my version deprecated?

The following versions have been deprecated:

  • Hipchat Server 1.3 (EOL Date: Aug 17, 2017)

The following versions will be deprecated soon:

  • Hipchat Server 2.0 (EOL Date: Jun 17, 2018)
  • Hipchat Server 2.1 (EOL Date: Dec 8, 2018)
  • Hipchat Server 2.2 (EOL Date: May 30, 2019)

You can read more about Atlassian's End of Life policy here

You should upgrade to a more recent version of Hipchat Server as soon as you can to take advantage of new features, and security and bug fixes. If possible, you should also consider deploying Hipchat Data Center instead.

Purpose

To describe the proper method of patching Hipchat Server for the CVE-2015-7547 vulnerability.

Note that Hipchat Server version 2.0 build 1.4.1 is available as a Production Release and already includes the resolution for the issue described on this page.

(Please Watch the Hipchat Server Release Notes page to be informed of new releases).

These instructions are for patching build 1.3.7 or 1.3.4 if you are unable to use beta releases by policy. 

Solution

This patch requires restarting the Hipchat Server virtual machine to fully apply changes.

This has only been verified against Hipchat Server v1.3.7 and v1.3.4.

Please see Upgrading Hipchat Server to determine the current Hipchat Server version and steps to upgrade, if necessary.

  1. Back up the Hipchat Server 
  2. Log into the Hipchat Server terminal/command-line interface
  3. Copy and execute the following command to download and apply the patch:

    sudo dont-blame-hipchat -c \
    "wget https://s3.amazonaws.com/hipchat-server-stable/utils/cve-2015-7547/cve-2015-7547-patch.sh; \
    chmod +x cve-2015-7547-patch.sh; \
    ./cve-2015-7547-patch.sh"
  4. Reboot the Hipchat Server virtual machine to fully apply the changes

 

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.