Security Advisory - Changes to how apps are installed by URL in Bitbucket Cloud effective 14 October 2019

Summary

To install apps from unknown sources you will need to enable development mode in your Bitbucket settings.

We're changing how to install Bitbucket Cloud apps using the URL of an app descriptor from an unknown source. Going forward, to install apps from unknown sources you will need to enable development mode in your Bitbucket settings.

To install apps by URL:

1. Enable development mode.
   1. Go to Bitbucket settings > Installed apps.
   2. Check Enable development mode.
2. Click Install app from URL.
3. Paste the URL of the app descritor, click Install.

Who is impacted by this change?

• Bitbucket Cloud app vendors who currently install the apps by URL, usually while testing an app they maintain.
• Bitbucket Cloud users with custom or private apps that are not from the Bitbucket Marketplace.

List your Bitbucket app in the Atlassian Marketplace

Development mode allows users to install app descriptors from unknown sources that are not from the Atlassian Marketplace. If you want users to install your Bitbucket app without having to enable development mode, you need to submit your app to be listed in the Atlassian Marketplace.

To list your app in the Atlassian Marketplace:###

1. Check that your app meets the criteria for Atlassian Marketplace apps.
2. Submit your app through the approval process (you’ll need a Marketplace vendor profile).
3. Once approved, update your app’s configuration to account for any changes made.