Bitbucket Data Center 8.18 release notes
6 February 2024
Introducing Bitbucket Data Center 8.18. This release enhances the application’s security and optimizes collaboration on code with draft pull requests and quick adds for suggested reviewers.
Highlights include:
- Comprehensive security enhancements
- Keep your work in progress with draft pull requests
- Other improvements
This Bitbucket release supports only Data Center licenses. If you’re using a Server license, learn about your options.
Comprehensive security enhancements
In Bitbucket Data Center 8.18, we’ve disabled a number of features that were previously enabled by default. This provides a more secure out-of-the-box instance configuration, while still allowing Bitbucket administrators to enable these features and use them as needed.
The following features are now disabled by default:
Installing apps with the Universal Plugin Manager (with the Upload app button and the REST API)
You can enable any of the features before or after upgrading to Bitbucket 8.18. To do this, set the relevant properties in the bitbucket.properties file.
If any of the features is an integral part of your workflow, we strongly recommend setting the relevant properties to enable the features prior to the upgrade.
If you decide to enable the features after the upgrade, make sure to restart your instance for the changes to take effect.
If you run a Bitbucket cluster, a rolling restart is enough to pick up the configuration properties you set to enable the features.
Public access
When the public access feature is enabled, repository administrators can allow anonymous access to their repositories. Public access also allows anonymous users to:
browse files and commits in a repository via the user interface
clone repositories via HTTP
Disabled public access eliminates the risk of accidentally making an internal repository public and thus, leaking the source code.
If you need to enable the feature, set the following property in the bitbucket.properties file:
feature.public.access=trueHook script support
Bitbucket allows uploading and managing hook scripts that help you customize Git’s internal behavior and trigger customizable actions at key points when Bitbucket Data Center invokes backend Git processes.
When hook script support is enabled, a user with the system administrator permission can upload hook scripts and configure them to be triggered by various actions. When the feature is disabled, new hook scripts can’t be uploaded and existing scripts can’t be called, which prevents any malicious activity that could be performed through these scripts.
If you need to enable the feature, set the following property in the bitbucket.properties file:
feature.hook.scripts=trueHook script support doesn’t affect plugins that provide Git hooks via Bitbucket’s Java API.
Installing apps with the Universal Plugin Manager
The Universal Plugin Manager (UPM) allows installing Atlassian and third-party apps on Bitbucket and the other Data Center products in three ways:
with the Upload app button on the Manage apps page where you provide a URL to the app or upload a file with the app
with the REST API (
/rest/plugins)with the Install button on the Find new apps page
In Bitbucket Data Center 8.18, you can install new apps only by selecting the Install button on the Find new apps page. Installing new apps with the Upload app button on the Manage apps page or with the REST API is now disabled by default. This limitation prevents unwanted uploads of potentially malicious files to your Bitbucket instance.
If you need to enable app installation with the Upload app button on the Manage apps page or with the REST API, set the following property in the bitbucket.properties file:
upm.plugin.upload.enabled=trueKeep your work in progress with draft pull requests
Are you working on a piece of code that you’d like to get some early feedback on but that still isn’t ready for the final review? You no longer have to bother about how to let the team know that your work is still in progress. Instead, you can simply create a draft!
You can work on a draft pull request as long as you need and add only wanted reviewers to it manually. Until you make the pull request ready for review, it can’t be merged. At the same time, with the help of webhooks, you can update your integrations with CI tools and other platforms to track draft pull requests, thus maintaining total control over your workflows.
Learn about draft pull requests
Check out the following screenshot to learn about the additional visual elements you’ll have in the user interface of a draft pull request:
The information note lets you and the reviewers know that you’re viewing a draft. The Mark as ready button in the note allows you to submit your draft for further review and merge.
The Draft lozenge (DRAFT) will be displayed on a draft pull request across the whole user interface until you mark the pull request as ready for review.
The Mark as ready button allows you to submit your draft for further review and merge.
Other improvements
Add reviewers to pull requests with quick adds
Does it take you precious work time to find the names of the right reviewers for your pull requests? You can now use the quick add buttons to share your code with all the preconfigured default reviewers or code owners.
When you remove any of the automatically added reviewers from your pull request when creating or editing it, you can quickly add them back with the Default reviewers and Code owners buttons. The buttons will appear under the Reviewers field if any default reviewers or code owners, respectively, have been configured for the branches you’re working with. When hovering over the buttons, you can also check how many more reviewers from each group you can add.
Paste links right into the text of your comments
The text editor in pull request comments now also allows you to paste a copied link right into the text you highlighted by hitting CTRL+V or Command+V on your keyboard. No need to play around with brackets.
Add a table to your comment with one click
Adding tables to pull request comments is now faster and more convenient! When commenting on a pull request, you can now add a table to your message by simply selecting the table icon in the text editor and creating a scaffolding of a table with the Markdown syntax.
Before you upgrade to 8.18
H2 database migration requirement
The H2 database driver has been upgraded to the currently latest version 2.2.220. The upgrade has boosted data security.
For upgrades to Bitbucket 8.8 and later or Mesh 1.5 and later, manual data migration is required if any of the following applies:
you’re using a mirror
you’re using Bitbucket Server with a H2 database
you’ve set up Bitbucket Mesh
Bitbucket Mesh sidecar
Starting from release 8.18, to run Bitbucket Data Center, you need the enabled Bitbucket Mesh sidecar.
If you previously disabled the sidecar with mesh.enabled=false or plugin.bitbucket-git.mesh.sidecar.enabled=false in the bitbucket.properties file, you need to remove these settings before upgrading to Bitbucket 8.18 or later.
Updates to supported platforms
In Bitbucket 8.18, we’re introducing the following updates to supported platforms:
Added support for OpenSearch 2.11.
Deprecated OpenSearch 1. Support for OpenSearch 1 will be removed in Bitbucket 9.0.
Deprecated Microsoft SQL Server 2014 and 2016. Support for these databases will be removed in Bitbucket 9.0.
Learn more from the end of support announcements
Security advisories
At Atlassian, we prioritize the security of our products and have implemented a vulnerability management program to identify and resolve any security issues as quickly and comprehensively as possible. To stay informed about the latest security vulnerabilities and their corresponding fixes, visit Security Advisories.
Get ready to upgrade
Before upgrading from an earlier version, check out our upgrade guide and upgrade matrix. Remember to renew your active software maintenance license too.
As part of our new pull request experience from version 7.0 and higher, we have created a collection of new features for you to check out on one page, Enhancements to your code review workflow.
Change log
Resolved issues in Bitbucket Data Center 8.18.1
Released 8 March 2024
Resolved issues in Bitbucket Data Center 8.18.0
Released 6 February 2024