I prefer to use an older version of SourceTree (and moreover the latest version of SourceTree requires a newer OS version than I am using). People who are using an older version of SourceTree on OS X (macOS) can easily avoid this vulnerability by using the RCDefaultApp preference pane to disable the sourcetree URI. John Gruber described the procedure in his 2004 blog post "Disabling Unsafe URI Handlers With RCDefaultApp": <a href="https://daringfireball.net/2004/05/unsafe_uri_handlers" rel="nofollow">https://daringfireball.net/2004/05/unsafe_uri_handlers</a>