[innoying]

But that's not what happened here at all. Bitbucket has responded explaining why this (self-inflicted) bug exists (a security decision in an underlying framework) and deferred to the framework maintainers for further discussion because they have the best context on why that decision was initially made and under what scenarios it might be changed.

[nickpsecurity]

They chose to use a framework without understanding the implications of its security issues. When one comes up, they tell their users it's someone else's problem. Maybe they're an impoverished company that can't afford to pay to solve the problem. Or they dont care much.

[cortesoft]

It is an open source framework. They are free to patch the code.