As more commercial companies have begun to use Bitbucket, and with tools such as Firesheep coming out, we’ve heard a running theme of requests to require SSL when accessing private repositories. To support these requests, starting today, all traffic to Bitbucket will be over HTTPS.
It should be noted there are three side affects to this change you’ll want to be aware of:
- All users will need to re-authenticate.
- Over the next few days we will be rolling out a secure cookie that your browser will only send over SSL. This was originally part of our weekly deployment, however it has issues with custom domain names.
- Users who have custom domains will continue to be able to serve their repositories up over standard HTTP for public repositories. This is due to SSL certificate limitations, where each SSL certificate requires a unique IP address.
Building on last week’s revamped user picker, we’ve improved the repository access control panels to match the Plans and Billing panel. Here’s how the interface was laid out before:
Depending on which access level you needed to administrate (readers, writers, or admins), you’d use one of the three panels. With the new UI, you can modify all repository users, their access rights, and search for new users to invite to a repository from a single input panel:
Until next week, here’s the full list of changes:
- All of Bitbucket.org now runs over SSL
- All email will now be addressed from ‘Bitbucket’
- The email diff broker now sends one plain text email per push (instead of one email per changeset)
- The email and email diff brokers now mention named branches
- Changes to repository permissions via the API now send notifications
- Closed branches are now hidden from the branches drop down
- Revamped the repository access control panel to mirror the plans and billing panel from the personal account page
- When creating a repository, wiki creation events will now mention the user creating it
- Added a dedicated form for creating new wiki pages that doesn’t require linking to or browsing to pages that aren’t yet created
- Further improved the reliability of repository brokers
- Fixed an issue where deleted repositories would stay in the repository and favorites lists
- Fixed an issue with repositories having more than 2 GB of data not being modifiable through the repository admin page
- Fixed an issue where forking an empty repository could result in an indefinite cloning wait period
- Fixed an issue with Optimizely that would sometimes hang page loads
- Fixed an issue where changesets that have non-ASCII author names would fail to fire hooks
- Fixed a rendering issue with global messages
- Fixed a rendering issue in the repository header when “mini” mode is activated