The Git project this week released a slew of patches for vulnerabilities in v2.24.1 and earlier. These plug “various security flaws”, which allowed an attacker “to overwrite arbitrary paths, remotely execute code, and/or overwrite files in the .git/ directory etc”. GitHub said the updates were “especially critical” for Windows users, and “If you clone untrusted repositories, there is no workaround that avoids the risk of any vulnerabilities disclosed in this post, except for updating.”
JetBrains builds a TeamCity in the Cloud…
JetBrains has launched a beta of TeamCity Cloud, which it described as a CI/CD service that will be completely hosted and supervised by…JetBrains. Details are scant, but the firm promised VCS integration, build and test automation and real time feedback on builds.
…and gets educational with IntelliJ IDEA
JetBrains has also announced IntelliJ IDEA EDU 2019.3, which it describes as a free and open-source version of IntelliJ IDEA Community 2019.3, “with special functionality for learners and educators provided by the latest EduTools plugin v3.2” to encourage hands on learning of Java, Kotlin and Scala.
Puppet issues CD
Puppet has announced availability of Continuous Delivery for Puppet Enterprise 3.0. The release includes Impact Analysis for Hiera, which the firm says was the number one requested feature by users. Also new is the ability to define pipelines as code, and a beta feature, custom deployment policie,s with helper functions to work with Git, node groups, the Puppet Enterprise orchestrator, and Code Manager.
Spring Boot 2.1x on final countdown
Spring Boot 2.1x will unwind for good as of November 1, 2020, the firm has announced. Users can expect “the occasional maintenance release” between now and the official end of life, but the team are encouraging users to make the jump to Spring Boot 2.2 as soon as possible.