This documentation relates to an earlier version of Bamboo.
View

Unknown macro: {spacejump}

or visit the current documentation home.

As a distributed application, Bamboo's application-level security is important. This document contains links to version-specific security advisories and related documents for the Bamboo application.

This document is intended to provide information to system administrators about the security of the Bamboo application. It does not address Bamboo's internal security model – user management and permissions – except as it relates to the overall application security.

On this page:

Finding and Reporting a Security Vulnerability

Open an issue on http://jira.atlassian.com in the Bamboo project.

  • Set the priority of the bug to 'Blocker'
  • Provide as much information on reproducing the bug as possible
  • Set the security level of the bug to 'Developer and Reporters only'

All communication about the vulnerability should be performed through JIRA, so we can keep track of the issue and get a patch out as soon as possible.

Publication of Bamboo Security Advisories

When a security issue in Bamboo is discovered and resolved, we will inform customers through the following mechanisms:

  • A security advisory will be posted on this page
  • A copy of the advisory will be sent to the bamboo-users and bamboo-announce mailing-lists (subscribe here).
  • If the person who reported the issue wants to publish an advisory through some other agency (for example, CERT), we'll assist in the production of that advisory, and link to it from our own.

    Latest security advisory:

Severity Levels

Unable to render {include} The included page could not be found.

Our Patch Policy

When a security issue is discovered, we will endeavour to:

  • issue a new, fixed Bamboo version as soon as possible
  • issue a patch to the current stable version of Bamboo
  • issue patches for older versions of Bamboo if feasible

Patches will generally be attached to the relevant JIRA issue.

Security Advisories

Content by label

There is no content with the specified labels

  • No labels



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Tweet, blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.