Bitbucket Data Center 8.19 release notes
12 March 2024
The Bitbucket Data Center 8.19 Long Term Support release is now available for upgrade. Get the most of dozens of handy features: from the support for SSH keys and X.509 certificates to dark theme and draft pull requests!
Highlights include:
- Bitbucket Data Center 8.19 is a Long Term Support release
- Developer and admin experience
- Security and compliance
- Monitoring, insights, and troubleshooting
Introducing Software Bill of Materials (SBOMs) in Bitbucket Data Center
Bitbucket Data Center 8.19 is a Long Term Support release
This means we’ll continue to backport critical security and product bug fixes to 8.19 throughout its standard 2-year support window. In addition, when architecturally possible, we’ll also backport all other security bug fixes.
This allows you to get the maximum value from our continuous product development without strictly keeping up with the frequent release cadence.
Long Term Support releases are designed specifically for larger, more complex instances – ones that require significant planning and effort to upgrade. We understand that upgrades for such instances can be few and far between, and so every one of them needs to count. So, if you can manage only one feature release upgrade every year, make sure it is to the latest LTS release.
Check out the Atlassian Data Center Bug Fix Policy and Security Bug Fix policies for more information.
Long Term Support release roundup
It's been almost a year since Bitbucket 8.9 was released as a Long Term Support release. In that time, we've shipped a huge amount of value!
Here's the list of next-level enterprise features to support your critical needs. The features marked with a star (
) are implemented feature suggestions that collected the biggest number of your votes.
Developer and admin experience
8.10Check out stricter controls for hooks, merge checks, merge strategies, and branch settings8.11Have the announcement banner displayed in the terminal window for git push operations8.12Create a custom template for a commit message in your pull requests8.15Embed videos from Loom, YouTube, and Vimeo to your pull requests
Security and compliance
8.11Encryption of properties in the Bitbucket configuration file8.13AWS Secrets Manager for managing Bitbucket configuration8.15 X.509 (S/MIME) certificates support for signing commits and tags8.15Trusted build status8.18 Comprehensive security enhancements: public access, hook script support, and app installation through file upload or REST API are disabled by default
Monitoring, insights, and troubleshooting
8.10New SSH, HTTP, and SCM ticket metrics via JMX monitoring and log file8.13The Create a support zip page got a new design and enhanced functionality
We've also resolved over 100 issues since Bitbucket 8.9. For an overview of all the changes, check out the Long Term Support Release Change Log.
Before you upgrade to 8.19
End-of-life policy
Atlassian supports feature versions for two years after the first major iteration of that version was released. Once a version reaches its end of life (EOL), we’ll no longer provide support for it. Here are the EOL dates for Bitbucket 8.19, 8.9, and 7.21:
Bitbucket 8.19: 12 March 2026
Bitbucket 8.9: 12 April 2025
Bitbucket 7.21: 2 March 2024
For more information, check the Atlassian Support End-of-Life Policy.
End of support for Bitbucket Server licenses
On February 15, 2024, Atlassian ended support for Server licenses. Bitbucket 8.14 was the last Bitbucket feature release that continued to support Server licenses until that date. Bitbucket 8.15.0 became the first Data Center only release starting from which Server licenses are no longer supported.
Bitbucket 8.19 Long Term Support release supports only Data Center licenses and includes all Data Center features rolled out from 8.9 to 8.14 along with all the features presented in 8.15-8.18 and a few brand-new updates.
H2 database migration requirement
The H2 database driver has been upgraded to the currently latest version 2.2.220. The upgrade has boosted data security.
For upgrades to Bitbucket 8.8 and later or Mesh 1.5 and later, manual data migration is required if any of the following applies:
you’re using a mirror
you’re using Bitbucket Server with a H2 database
you’ve set up Bitbucket Mesh
Updates to supported platforms
In Bitbucket 8.19, we’re introducing the following updates to supported platforms:
Added support for Git 2.43 and backported to Bitbucket 8.9.11+.
Added support for Git 2.44 in Bitbucket 8.19.1 and backported to Bitbucket 8.9.12+.
Added support for Git 2.45 in Bitbucket 8.19.6 and backported to Bitbucket 8.9.17+.
Added support for Git 2.46 in Bitbucket 8.19.9 and backported to Bitbucket 8.9.19+.
Git 2.43.x, 2.44.x, and 2.45.x may contain a performance regression, so we don't recommend using these versions of Git. The performance issue in Git is fixed in 2.46.x which is supported by Bitbucket 8.19.9 and later 8.19.x bugfix releases.
Deprecated support for Elasticsearch. In Bitbucket 9.0, support for Elasticsearch will be removed, and OpenSearch will be the only search server distribution supported.
Deprecated Git 2.31.x - 2.33.x. Support for these Git versions will be removed in Bitbucket 9.0.
Learn more from the end of support announcements
Changes to the Security Bug Fix Policy
We are updating the Atlassian Security Bug Fix Policy. Changes will take effect across all Data Center products on March 15, 2024.
Previously, we delivered bug fix releases for any supported Long Term Support release in accordance with the Atlassian Support End-of-Life Policy, and for all product versions that are no older than 6 months.
With our new policy, we will continue to deliver a bug fix release for any supported Long Term Support release in accordance with the Atlassian Support End-of-Life Policy, but we are updating our policy to only support the most recently shipped feature release.
In the event of a critical vulnerability, we will take all of the following steps:
Ship a bug fix for the latest feature release of the product affected by the vulnerability.
Ship a new feature release for the affected product according to the release schedule.
Ship a bug fix release for all supported Long Term Support releases of the affected product, adhering to the Atlassian Support End of Life Policy.
We aim to develop the most effective methods for enhancing the security of our software and delivering updates faster and more frequently. When considering an upgrade, you can be sure that the latest feature release is the most secure and stable product version as it contains the most up-to-date security fixes and feature enhancements.
If you have any concerns or if you require clarification on any aspect of the updated bug fix policy, please do not hesitate to reach out to our support team.
Find more details of the new process at Security Bug Fix Policy.
Introducing Software Bill of Materials (SBOMs) in Bitbucket Data Center
Continuing our commitment to providing the most secure products for our customers, we’re introducing Software Bill of Materials (SBOMs) for Bitbucket Data Center.
What is SBOM and why are we adding them?
SBOM is a detailed list or inventory of all the components in a piece of software. These components can include open-source software, proprietary code, libraries, frameworks, and other elements used in the software.
SBOM is essential for ensuring compliance with different regulations and standards; for example, the United States Executive Order on Improving the Nation's Cybersecurity, the European Union NIS 2 Directive and Cyber Resilience Act. It enhances transparency and facilitates a deeper understanding of software components, their versions, dependencies, and updates to their security vulnerabilities.
Furthermore, SBOM can help app developers and admins identify potential security risks, manage licenses, and maintain software more effectively. For example, if a vulnerability is discovered in a specific open-source component, anyone with access to SBOM can quickly check if their software is affected.
How SBOM is generated?
We use Syft, an open-source tool, to automatically generate SBOM files during the product build process. Syft scans the code, identifies dependencies, and compiles a JSON file with the results. Syft supports various SBOM formats, with CycloneDX being Atlassian's current choice due to its popularity.
Where to find SBOM?
To locate the SBOM, go to the sbom/ folder in the installation directory of your Atlassian product and search for a file named with either of the following patterns: <product_name>-<version>-cyclonedx-sbom.json or <product_name>-<version>-sbom.cdx.json.
Important to know
Due to the complex, plugin- and component-based architecture of our product suite, we are gradually revealing all front-end dependencies. Our current SBOMs cover a portion of these dependencies.
For more information about Atlassian SBOM, check out Introducing Software Bill of Material (SBOM) in our DC products.
Security advisories
At Atlassian, we prioritize the security of our products and have implemented a vulnerability management program to identify and resolve any security issues as quickly and comprehensively as possible. To stay informed about the latest security vulnerabilities and their corresponding fixes, visit Security Advisories.
Get ready to upgrade
Before upgrading from an earlier version, check out our upgrade guide and upgrade matrix. Remember to renew your active software maintenance license too.
As part of our new pull request experience from version 7.0 and higher, we have created a collection of new features for you to check out on one page, Enhancements to your code review workflow.
Change log
Resolved issues in Bitbucket Data Center 8.19.13
Released 9 December 2024
Resolved issues in Bitbucket Data Center 8.19.12
Released 18 November 2024
Resolved issues in Bitbucket Data Center 8.19.11
Released 8 November 2024
Resolved issues in Bitbucket Data Center 8.19.10
Released 9 October 2024
Resolved issues in Bitbucket Data Center 8.19.9
Released 9 September 2024
Resolved issues in Bitbucket Data Center 8.19.8
Released 27 August 2024
Resolved issues in Bitbucket Data Center 8.19.7
Released 11 August 2024
Breaking change for some third party plugins
Atlassian Data Center products Jira, JSM, Confluence, Bitbucket, Bamboo and Crowd include org.springframework:spring-web third party dependency.
In response to CVE-2016-1000027 - GitHub Advisory Database being filed on org.springframework:spring-web, we have taken the following actions:
Ensured no usage of vulnerable classes in our codebase
Forked spring and removed indicated packages (this is the fix used by Spring on its 6.0.x line)
Ensured usage of the safe version in our products.
The consequence of this change is removal of the following packages:
org.springframework.ejb.accessorg.springframework.remoting
org.springframework.remoting.caucho
org.springframework.remoting.httpinvoker
org.springframework.remoting.jaxws
org.springframework.remoting.rmi
org.springframework.remoting.soap
org.springframework.remoting.support
The impact of this removal is that any plugin that makes use of these packages will need to be modified.
Resolved issues in Bitbucket Data Center 8.19.6
Released 9 July 2024
Resolved issues in Bitbucket Data Center 8.19.5
Released 17 June 2024
Resolved issues in Bitbucket Data Center 8.19.4
Released 11 June 2024
Resolved issues in Bitbucket Data Center 8.19.3
Released 8 May 2024
Resolved issues in Bitbucket Data Center 8.19.2
Released 24 April 2024
Resolved issues in Bitbucket Data Center 8.19.1
Released 3 April 2024
Resolved issues in Bitbucket Data Center 8.19.0
Released 12 March 2024