EscalateAnonymous2LOFilter in Bitbucket Server

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

The purpose of EscalateAnonymous2LOFilter in Bitbucket

Environment

Bitbucket server and Datacenter

Diagnosis

The below message is seen in Bitbucket logs located at $BITBUCKET_HOME/logs in DEBUG mode -

1 <Date-Timestamp> DEBUG <thread_id> <request_id> <IP_address> "POST /rest/build-status/latest/commits/<commit_id> HTTP/1.1" c.a.s.i.r.p.EscalateAnonymous2LOFilter Escalating permissions to [LICENSED_USER] for anonymous 2LO REST call to AbstractSubResourceMethod(BuildStatusResource#addBuildStatus)"

Cause

Bitbucket integrations with the Bamboo CI/CD server are authenticated through oAuth authentication. When integrations do not have the necessary permissions, EscalateAnonymous2LOFilter gives the permissions to process the request. This privilege is given to limited services like

  1. Pull Requests Resource with Bamboo so that it could create build plans

  2. Build Status resource for Bamboo

  3. Code Insight resources

Solution

When the debug message is seen in Bitbucket logs, there is no security risk as the request is not coming from anonymous users; authentication is happening between Bitbucket and Bamboo to process the request. The message can be safely ignored.

Updated on March 21, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community