Bitbucket Data Center 8.18 リリース ノート

2024 年 2 月 6 日

Introducing Bitbucket Data Center 8.18. This release enhances the application’s security and optimizes collaboration on code with draft pull requests and quick adds for suggested reviewers.


最新バージョンを入手

主なハイライト

この Bitbucket リリースは Data Center ライセンスのみをサポートします。Server ライセンスを使用している場合に可能なオプションについては、こちらを参照してください

Comprehensive security enhancements

In Bitbucket Data Center 8.18, we’ve disabled a number of features that were previously enabled by default. This provides a more secure out-of-the-box instance configuration, while still allowing Bitbucket administrators to enable these features and use them as needed.

The following features are now disabled by default:

You can enable any of the features before or after upgrading to Bitbucket 8.18. To do this, set the relevant properties in the bitbucket.properties file.

If any of the features is an integral part of your workflow, we strongly recommend setting the relevant properties to enable the features prior to the upgrade.

If you decide to enable the features after the upgrade, make sure to restart your instance for the changes to take effect.

If you run a Bitbucket cluster, a rolling restart is enough to pick up the configuration properties you set to enable the features.

Public access

When the public access feature is enabled, repository administrators can allow anonymous access to their repositories. Public access also allows anonymous users to:

  • browse files and commits in a repository via the user interface

  • clone repositories via HTTP

Disabled public access eliminates the risk of accidentally making an internal repository public and thus, leaking the source code.

If you need to enable the feature, set the following property in the bitbucket.properties file:

feature.public.access=true

Hook script support

Bitbucket allows uploading and managing hook scripts that help you customize Git’s internal behavior and trigger customizable actions at key points when Bitbucket Data Center invokes backend Git processes.

When hook script support is enabled, a user with the system administrator permission can upload hook scripts and configure them to be triggered by various actions. When the feature is disabled, new hook scripts can’t be uploaded and existing scripts can’t be called, which prevents any malicious activity that could be performed through these scripts.

If you need to enable the feature, set the following property in the bitbucket.properties file:

feature.hook.scripts=true

Hook script support doesn’t affect plugins that provide Git hooks via Bitbucket’s Java API.

Universal Plugin Manager を利用したアプリのインストール

The Universal Plugin Manager (UPM) allows installing Atlassian and third-party apps on Bitbucket and the other Data Center products in three ways:

  • with the Upload app button on the Manage apps page where you provide a URL to the app or upload a file with the app

  • with the REST API (/rest/plugins)

  • with the Install button on the Find new apps page

In Bitbucket Data Center 8.18, you can install new apps only by selecting the Install button on the Find new apps page. Installing new apps with the Upload app button on the Manage apps page or with the REST API is now disabled by default. This limitation prevents unwanted uploads of potentially malicious files to your Bitbucket instance.

If you need to enable app installation with the Upload app button on the Manage apps page or with the REST API, set the following property in the bitbucket.properties file:

upm.plugin.upload.enabled=true

Keep your work in progress with draft pull requests

Are you working on a piece of code that you’d like to get some early feedback on but that still isn’t ready for the final review? You no longer have to bother about how to let the team know that your work is still in progress. Instead, you can simply create a draft!

You can work on a draft pull request as long as you need and add only wanted reviewers to it manually. Until you make the pull request ready for review, it can’t be merged. At the same time, with the help of webhooks, you can update your integrations with CI tools and other platforms to track draft pull requests, thus maintaining total control over your workflows.

Learn about draft pull requests

Check out the following screenshot to learn about the additional visual elements you’ll have in the user interface of a draft pull request:

Draft pull request user interface

  1. The information note lets you and the reviewers know that you’re viewing a draft. The Mark as ready button in the note allows you to submit your draft for further review and merge.

  2. The Draft lozenge (DRAFT) will be displayed on a draft pull request across the whole user interface until you mark the pull request as ready for review.

  3. The Mark as ready button allows you to submit your draft for further review and merge.

その他の改善

Add reviewers to pull requests with quick adds

Does it take you precious work time to find the names of the right reviewers for your pull requests? You can now use the quick add buttons to share your code with all the preconfigured default reviewers or code owners.

When you remove any of the automatically added reviewers from your pull request when creating or editing it, you can quickly add them back with the Default reviewers and Code owners buttons. The buttons will appear under the Reviewers field if any default reviewers or code owners, respectively, have been configured for the branches you’re working with. When hovering over the buttons, you can also check how many more reviewers from each group you can add.

Add pull request reviewers with quick add

Paste links right into the text of your comments

The text editor in pull request comments now also allows you to paste a copied link right into the text you highlighted by hitting CTRL+V or Command+V on your keyboard. No need to play around with brackets.

Add a table to your comment with one click

Adding tables to pull request comments is now faster and more convenient! When commenting on a pull request, you can now add a table to your message by simply selecting the table icon in the text editor and creating a scaffolding of a table with the Markdown syntax.

8.18 にアップグレードする前に

H2 データベース移行の要件

H2 データベース ドライバは、現在の最新バージョン 2.2.220 にアップグレードされました。アップグレードにより、データのセキュリティが強化されました。

Bitbucket 8.8 以降または Mesh 1.5 以降へのアップグレードの場合、次のいずれかに該当する場合は、手動でデータを移行する必要があります。

  • ミラーを利用している場合

  • Bitbucket Server を H2 データベースで利用している場合

  • Bitbucket Mesh をセットアップ済みの場合

H2 データベースの移行方法を確認する

Bitbucket Mesh sidecar

Starting from release 8.18, to run Bitbucket Data Center, you need the enabled Bitbucket Mesh sidecar.

If you previously disabled the sidecar with mesh.enabled=false or plugin.bitbucket-git.mesh.sidecar.enabled=false in the bitbucket.properties file, you need to remove these settings before upgrading to Bitbucket 8.18 or later.

サポート対象プラットフォームの更新

Bitbucket 8.18 では、サポート対象プラットフォームに以下のアップデートがあります。

(tick) OpenSearch 2.11 のサポートを追加しました。

(warning) Deprecated OpenSearch 1. Support for OpenSearch 1 will be removed in Bitbucket 9.0.

(warning) Deprecated Microsoft SQL Server 2014 and 2016. Support for these databases will be removed in Bitbucket 9.0.

詳細については、サポート終了のお知らせをご覧ください。

セキュリティアドバイザリー

アトラシアンでは、製品のセキュリティを優先し、 あらゆるセキュリティ問題を可能な限り迅速かつ包括的に特定して解決するための脆弱性管理プログラムを導入しています。最新のセキュリティ脆弱性とそれに対応する修正についての最新情報を入手するには、セキュリティ アドバイザリーをご覧ください


アップグレードの準備

以前のバージョンからのアップグレードをご検討の場合、アップグレード ガイドアップグレード マトリクスをご参照ください。また、アクティブなソフトウェア メンテナンス ライセンスが更新済みであることをご確認ください。 

いますぐ更新

バージョン 7.0 以降の新しいプル リクエスト エクスペリエンスの一環として、1 ページで確認できる新機能の一覧である「コード レビュー ワークフローの強化」ページをご用意しました。

変更履歴

Bitbucket Data Center 8.18.1 で解決済みの課題

Released 8 March 2024

T キー 要約
Loading...
Refresh

Bitbucket Data Center 8.18.0 で解決済みの課題

2024 年 2 月 6 日にリリース

T キー 要約
Loading...
Refresh

Last modified on Mar 8, 2024

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.