Managing Bamboo Security

As a distributed application, Bamboo's application-level security is important. This document contains links to version-specific security advisories and related documents for the Bamboo application.

このページの内容

セキュリティ脆弱性の発見と報告

Open an issue on http://jira.atlassian.com in the Bamboo project.

• Set the priority of the bug to 'Blocker'
• Provide as much information on reproducing the bug as possible
• Set the security level of the bug to 'Developer and Reporters only'

All communication about the vulnerability should be performed through JIRA, so we can keep track of the issue and get a patch out as soon as possible.

Publication of Bamboo Security Advisories

When a security issue in Bamboo is discovered and resolved, we will inform customers through the following mechanisms:

• A security advisory will be posted on this page
• A copy of the advisory will be sent to the bamboo-users and bamboo-announce mailing-lists (subscribe here). These lists are mirrored on our forums.
• If the person who reported the issue wants to publish an advisory through some other agency (for example, CERT), we'll assist in the production of that advisory, and link to it from our own.

  Latest security advisory:

  • Bamboo Security Advisory 2008-02-08 (Bamboo 2.0 Beta)

セキュリティレベル

Our Patch Policy

When a security issue is discovered, we will endeavour to:

• issue a new, fixed Bamboo version as soon as possible
• issue a patch to the current stable version of Bamboo
• issue patches for older versions of Bamboo if feasible

Patches will generally be attached to the relevant JIRA issue.

セキュリティ勧告