What’s the point: Git, Jira for GitHub, Facebook Login checks, TeamCity

What’s the point: Git, Jira for GitHub, Facebook Login checks, TeamCity

Git Maintainer Junio C Hamano has released security updates (2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1) for the repository management tool, that should fix a flaw which allowed the execution of arbitrary code by crafting a malicious .gitmodules file in a project cloned with –recurse-submodules.

Some of the updates (2.17.2, 2.18.1 and 2.19.) also include checks to detect such content when accepting a push for example. GitLab released security fixes to reflect the update.

The exploit shouldn’t affect those using Git for Windows, since the path required cannot be created by Windows according to “folks at Microsoft”. Hamano doesn’t want people to be too sure about that, though, since it could very well be that they might have missed something.

GitHub users fond of the Jira Software Cloud now have a new integration available to them. It updates Jira with GitHub data and should reduce the need to switch between the two cloud offerings by adding Jira references to issues and pull requests. Users of the old integration – which will be deprecated – can migrate by installing the new app, which should then do the rest.

Since Facebook announced it was attacked at the beginning of the month, third party developers might wonder if their users’ data has been compromised in the process. According to the company, those using Facebook Login for their services via the official SDK and those regularly checking the validity of people’s access tokens should be safe.

If that’s not you, you might want to have a look at your app dashboard – developers with users likely to have been impacted will see an alert there. They’ll also find some security check scripts they might want to run to get information on who might be affected and take necessary further steps.

TeamCity users waiting for a way to better integrate GitHub pull requests are in luck: there now is a pre-release version of a plugin doing exactly that. Not yet ready to use in a production environment, mind you, but you’ve been heard and it’s on its way, and that counts for something, right?

The plugin comes with a build feature that lets users filter pull requests they want to build. Like that, they can choose if all requests are accepted or only those from the same organisation, or from members and external collaborators respectively.