Repository managing service GitLab has released versions 11.7.4 and 11.6.9 of their Community and Enterprise Editions. The updates include important security fixes, so installing them is strongly recommended.
One of the issues mitigated affects v11.7 and later and could allow users to view confidential issue and merge request titles of other projects. Another one makes v11.6 susceptible to cross site scripting attacks in user status. Details on both vulnerabilities will be made public in about 30 days as has become usual with GitLab security fixes.
The results of the first ever Python Steering Council Election are in, which means Barry Warsaw, Brett Cannon, Carol Willing, Guido van Rossum, and Nick Coghlan are now the ones controlling the fate of the programming language until the next feature release. 69 of 96 eligible voters cast ballots to choose between the 17 nominated candidates.
The voter list was restricted to active Python core team members. Council members are able to resign any time – if they drop out and can’t be contacted for longer than a month, the council may vote for a replacement. The election had become necessary, because language creator Guido van Rossum stepped down as Benevolent Dictator for Life in 2018.
Initially he wanted to remove himself entirely from the decision process back then, since he needed “a very long break” and didn’t “ever want to have to fight so hard for a PEP [Python Enhancement Proposal] and find that so many people despise my decisions”. It therefore remains to be seen how often he’ll make his way onto the candidate list before he’ll withdraw from the core team.
KubeVirt, an add-on for virtual machine management for Kubernetes, is now available in v0.14. The project can be used to, for example, declaratively schedule a VM on a Kubernetes cluster or create, stop and delete a predefined one.
With the version number bump comes support for generating cloud-init network configurations as well as ready and created conditions for operators. Other than that the team has updated CDI and the Kubernetes version used to 1.12, updated the documentation, and worked on stabilising the project.