Put the knife down and take a green herb, dude. (c) Ruffin Bailey 2001-2021

I can't believe how bad SourceTree has become [on Windows] over the last year or two. It's gone from buggy as crud to downright unusable at times. While setting up a new box for development today, I tried the most recent version, and it wouldn't stop asking me for my bitbucket password, even though I had zero tabs for repos that pointed to bitbucket. I'm also not a big fan of all the UI changes. I mean, it's just ugly now. The worst of iOS 7 style flattening plus a color palette from the Limited Edition Fluorescent Crayola Box.

I give up again.

What I did the last time I got absolutely fed up with SourceTree is to go back to version 1.7, the last version that looked great and seemed stable. I've been using that on my main dev box for months without incident.

But I do need to remember how to fix the security hole SourceTree 1.7 has, namely that they thought it'd be a good idea to open special SourceTree app URLs. Brilliant.

Luckily, the fix is a pretty straightforward registry hack. Here's a quick sum:

so fwiw, the vulnerability was...

SourceTree for Mac and Windows are affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface.

Versions of SourceTree for Mac starting with 1.4.0 but before 2.5.1 are affected by this vulnerability.

Versions of SourceTree for Windows starting with 0.8.4b but before 2.0.20.1 are affected by this vulnerability. (edited)

but you can edit the registry entry to ignore any urls.
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\sourcetree\shell\open\command]
@="\"C:\\Program Files (x86)\\Atlassian\\SourceTree\\SourceTree.exe\""

Save those contents in a .reg file, open it, and profit.

The old value, in case you were interested, was...

"C:\Program Files (x86)\Atlassian\SourceTree\SourceTree.exe" -url "%1"

The deal here is that SourceTree will open, but it won't get fed the URL, so nothing adverse should happen. Guess you could just remove it all, or write the %1 to notepad or something similar, but since I don't really want to open SourceTree from a URL, this is fine by me.

And we're nicely back to SourceTree 1.7, its pretty obvious peak from where I'm sitting.

EDIT 20180330: And here's a link to where the SourceTree UI designers talk about how what they have now is an improvement.

Labels: git, sourcetree

title: Put the knife down and take a green herb, dude.	descrip: One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for www.myfreakinfirst-andlast-name.com Using 89% of the same design the blog had in 2001.
FOR ENTERTAINMENT PURPOSES ONLY!!! Back-up your data and, when you bike, always wear white. As an Amazon Associate, I earn from qualifying purchases. Affiliate links in green.
x MarkUpDown is the best Markdown editor for professionals on Windows 10. It includes two-pane live preview, in-app uploads to imgur for image hosting, and MultiMarkdown table support. Features you won't find anywhere else include... MarkUpDown Multiline Table & Bootstrap Grid support. Beautiful Easy Actions that keep the Markdown flowing. HTML paste to paste HTML source into your documents. You've wasted more than $15 of your time looking for a great Markdown editor. Stop looking. MarkUpDown is the app you're looking for. Learn more or head over to the 'Store now!

Monday, November 20, 2017
Go back to SourceTree 1.7. Enough madness. I can't believe how bad SourceTree has become [on Windows] over the last year or two. It's gone from buggy as crud to downright unusable at times. While setting up a new box for development today, I tried the most recent version, and it wouldn't stop asking me for my bitbucket password, even though I had zero tabs for repos that pointed to bitbucket. I'm also not a big fan of all the UI changes. I mean, it's just ugly now. The worst of iOS 7 style flattening plus a color palette from the Limited Edition Fluorescent Crayola Box. I give up again. What I did the last time I got absolutely fed up with SourceTree is to go back to version 1.7, the last version that looked great and seemed stable. I've been using that on my main dev box for months without incident. But I do need to remember how to fix the security hole SourceTree 1.7 has, namely that they thought it'd be a good idea to open special SourceTree app URLs. Brilliant. Luckily, the fix is a pretty straightforward registry hack. Here's a quick sum: so fwiw, the vulnerability was... SourceTree for Mac and Windows are affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. Versions of SourceTree for Mac starting with 1.4.0 but before 2.5.1 are affected by this vulnerability. Versions of SourceTree for Windows starting with 0.8.4b but before 2.0.20.1 are affected by this vulnerability. (edited) but you can edit the registry entry to ignore any urls. `Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\sourcetree\shell\open\command] @="\"C:\\Program Files (x86)\\Atlassian\\SourceTree\\SourceTree.exe\""` Save those contents in a .reg file, open it, and profit. The old value, in case you were interested, was... `"C:\Program Files (x86)\Atlassian\SourceTree\SourceTree.exe" -url "%1"` The deal here is that SourceTree will open, but it won't get fed the URL, so nothing adverse should happen. Guess you could just remove it all, or write the `%1` to notepad or something similar, but since I don't really want to open SourceTree from a URL, this is fine by me. And we're nicely back to SourceTree 1.7, its pretty obvious peak from where I'm sitting. EDIT 20180330: And here's a link to where the SourceTree UI designers talk about how what they have now is an improvement. Labels: git, sourcetree posted by ruffin at 11/20/2017 07:22:00 PM

<< Older \| Newer >>