
SourceTree Security Advisory: Command Injection - mwnivek
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-05-10-900820365.html
======
easy-as-pie
I prefer to use an older version of SourceTree (and moreover the latest
version of SourceTree requires a newer OS version than I am using). People who
are using an older version of SourceTree on OS X (macOS) can easily avoid this
vulnerability by using the RCDefaultApp preference pane to disable the
sourcetree URI. John Gruber described the procedure in his 2004 blog post
"Disabling Unsafe URI Handlers With RCDefaultApp":
[https://daringfireball.net/2004/05/unsafe_uri_handlers](https://daringfireball.net/2004/05/unsafe_uri_handlers)

