"Fatal: unsafe repository" error when using Git 2.35.2 or newer on Windows server

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Issue Summary

When Fisheye is installed on Windows with Git 2.35.2 or newer versions, new commits and branches in Git are not visible in Fisheye. This issue occurs due to a security update in Git, as detailed in Error "fatal: unsafe repository" occurs when accessing a repository.

Changes made in Git repositories are not visible in Fisheye. During incremental indexing of a Git repo the warning below is thrown in the atlassian-fisheye.log file:

1 2 3 4 5 6 7 2022-08-12 00:22:46,288 WARN [IncrPing3 repo ] fisheye IndexingPingRequest-doRequest - Exception during Fisheye Incremental Indexing of repo (repo): com.cenqua.fisheye.config.ConfigException: com.atlassian.fisheye.dvcs.handler.DvcsProcessException: Error while communicating with VCS: fatal: detected dubious ownership in repository at 'D:/Crucible/data/var/cache/repo/clone' To add an exception for this directory, call: git config --global --add safe.directory D:/Crucible/data/var/cache/repo/clone Set the environment variable GIT_TEST_DEBUG_UNSAFE_DIRECTORIES=true and run again for more information.

Workaround

There are two workarounds available:

1) Downgrade Git to a version before 2.35.2. And to protect against the vulnerability in Git versions prior to 2.35.2:

Create the folder .git on all drives where Git commands are run, and remove read/write access from those folders:

mkdir \.git icacls \.git /inheritance:r

2) Alternatively, define or extend GIT_CEILING_DIRECTORIES to cover the parent directory of the user profile, e.g. C:\Users if the user profile is located in C:\Users\my-user-name.

Updated on April 11, 2025
Platform
Data Center only
Products
Fisheye Data Center
Crucible Data Center
On this pageIssue SummaryWorkaround

Still need help?

The Atlassian Community is here for you.
Ask the Community