4 May 2010
The Atlassian Bamboo team is proud to announce the release of Bamboo 2.5.5. This point release is a highly recommended upgrade as it contains important fixes to security vulnerabilities in Bamboo (listed below). For more information about these security vulnerabilities, please refer to the Bamboo Security Advisory 2010-05-04.
Please also refer to the Bamboo 2.5.5 Upgrade Guide for important changes in Bamboo, which are designed to minimise the risk of security attacks.
Bamboo 2.5.5 is of course free to all customers with active Bamboo software maintenance.
Don't have Bamboo 2.5 yet?
Take a look at all the new features in the Bamboo 2.5 Release Notes and see what you are missing out on!

Upgrading from a Previous Version of Bamboo
If you are upgrading, please read the Bamboo 2.5.5 Upgrade Guide.
Updates and Fixes in this Release
The issues addressed in Bamboo 2.5.5 are shown below. To view the list in JIRA, please refer to our main JIRA site.
JIRA Issues (6 issues) | |||||||||
---|---|---|---|---|---|---|---|---|---|
Type | Key | Summary | Assignee | Reporter | Priority | Status | Resolution | Created | Updated |
![]() |
BAM-5668 | Make sessionID a HttpOnly cookie | Anatoli Kazatchkov [Atlassian] | Anatoli Kazatchkov [Atlassian] |
![]() |
![]() |
Fixed | Apr 21, 2010 | May 27, 2010 |
![]() |
BAM-5400 | SVN checkouts are not based on the global repository revision number | Marek Went [Atlassian] | Wilfried Weissmann |
![]() |
![]() |
Fixed | Mar 01, 2010 | Apr 28, 2010 |
![]() |
BAM-5308 | Revert BAM-5006 - it has broken the functionality of ${bamboo.custom.svn.revision.number} | Marek Went [Atlassian] | Dan Harrell |
![]() |
![]() |
Fixed | Feb 09, 2010 | Apr 28, 2010 |
![]() |
BAM-5775 | Fixed file path vulnerabilities | Marek Went [Atlassian] | Mark Chaimungkalanont [Atlassian] |
![]() |
![]() |
Fixed | May 10, 2010 | May 10, 2010 |
![]() |
BAM-5714 | XSS vulnerabilities | Unassigned | Mark Chaimungkalanont [Atlassian] |
![]() |
![]() |
Fixed | May 02, 2010 | May 02, 2010 |
![]() |
BAM-5708 | Brute force protection | Slawek Ginter [Atlassian] | Mark Chaimungkalanont [Atlassian] |
![]() |
![]() |
Fixed | Apr 28, 2010 | May 03, 2010 |