After last week’s update, the Git team has pushed another slew of security releases into the open, taking care of a pretty similar issue. Versions v2.26.2, v2.25.4, v2.24.3, v2.23.3, v2.22.4, v2.21.3, v2.20.4, v2.19.5, v2.18.4, and v2.17.5 all aim to remediate CVE-2020-11008.
According to the release notes, the vulnerability could let the credential helper machinery be fooled “into providing credential information that is not appropriate for the protocol in use and host being contacted” by using “a crafted URL that contains a newline or empty host, or lacks a scheme”.
Aqua Security starts preview for malware protection
Cloud native security company Aqua Security introduced a preview for a dynamic threat analysis (DTA)module to its platform and cloud security posture management products this week. The new addition, which is supposed to hit general availability “later this quarter”, is meant to “protect container-based environments against sophisticated malware that can only be detected using dynamic analysis of a running container”.
To do so, DTA is said to automatically run images in a sandbox, and analyse, trace, and classify the detected behaviour afterwards. The product is recommended for approving public and third party images, as a pre-production security gate, and for behaviour analysis.
HashiCorp fits Terraform Cloud and Enterprise with policy library
Since many customers seem to have asked for out of the box policy support, Terraform Cloud and Enterprise now sport a preview of the Terraform Foundational Policies Library. The first release comes with around 40 controls which supposedly align with the ones defined in the CIS Benchmars for the major cloud providers. The control selection should “secure the most commonly used cloud services such as networking, databases, storage and compute services”.
The news comes the same week, rival Pulumi announced version 2.0 of its infrastructure as code product which includes a policy as code component.
Google opens Anthos for multi-cloud
This week, Google’s application platform Anthos made the first real step into the direction of becoming a multi-cloud product. It is now meant to work with on-premises, Google Cloud, and AWS setups, while Azure support is still in preview.
Apart from that, the latest release saw the improvement of policy and configuration management for VMs on Google Cloud. For later this year, the team promised support for running apps in VMs in combination with the tool’s service mesh as well as the option of running Anthos without third-party hypervisors later this year.
Qt Creator 4.12 lands
The IDE of the Qt project, Qt Creator, is now available in version 4.12. The update is the first to allow browsing the Qt Marketplace for items. It also provides better project handling options, a way to change the default line ending style globally, auto-formatting via the language server protocol handling, and automatic Android tool downloading capabilities.