Strongly recommended security updates for GitLab CE and EE are available now. Versions 11.10.2, 11.9.10, and 11.8.9 are meant to mitigate privacy issues amongst other things. Namely they should fix the leaking of a private project’s namespace to unauthorised users if moved, as well as non-member users receiving emails about restricted events when subscribed to notifications of an internal project, and unprivileged project members being able to comment on confidential issues.
Other issues tackled by the releases are the ability of users to approve a merge request multiple times, which could get the approval count up and make a merge possible without the needed number of reviews, and unsanitized branch names in merge request notification emails.
Spring Cloud Open Service Broker bounces to v3.0
Spring Cloud’s Open Service Broker has hit the 3.0 mark, introducing support for Spring WebFlux via a new Reactive API as well as reactive life cycle hooks for additional operations. The new broker is able to work with Spring Boot 2.1 and v5.1 of the Spring Framework.
It has feature parity with the also newly released v2.1.2 of the broker, but new features will now only be added to the 3.x series. Version 2.1.2 mainly brings fixes to get rid of JSON problems and compatibility issues with Spring Boot DevTools. It also allows nulls in optional Boolean fields and no longer sets default values, and adds property binding support for CloudFoundry service plan metadata.
AWS gets Elastic Fabric Adapter ready for prime-time
A good half year after being introduced at re:Invent 2018, AWS’ Elastic Fabric Adapter (EFA for short) is now production ready. The product adds an access model to the Elastic Network Adapters, which lets applications connect to the network interface without extensive involvement of the operating system. This reduces overhead amongst other things.
In the future, EFA is planned to support additional EC2 instances as well as bare metal ones.