GitLab pushes out patches for Workhorse bypass
The team behind DevOps platform GitLab strongly recommends that users update their installations to one of the just released bug-fix versions: 13.1.3, 13.0.9 and 12.10.14. The latter are supposed to mitigate an issue that allowed attackers to use the Maven package upload endpoint to override restrictions and thus grant read access for the /tmp directory. CVE-2020-15525 affects enterprise versions 11.3 to 13.1.2.
CNCF opens incubator to Contour
Heptio-bred Kubernetes ingress controller Contour is now part of the Cloud Native Computing Foundation’s incubator. The project is hailed for providing a control plane for the Envoy proxy and its secure ingress delegation. According to CNCF CTO Chris Aniszczyk, Contour makes Envoy easier to consume in cloud native, multi-team environments, which should amount to a large percentage of the proxy’s user base. Contour was first introduced in 2017 and celebrated its 1.0 release last November. Companies using it include Adobe and Kinvolk.
AWS builds bridge from .NET framework to Core
AWS has attended to one of old-school .NET devs’ major headaches, by releasing an assistant to help port applications to .NET Core. The free tool assesses all package dependencies, not just API incompatibilities, and calculates a portability score.
If the app is worth the trouble, the assistant goes on to help with porting by offering fitting package versions to upgrade and reminders of what else needs changing. Those looking to give it a go need to have the .NET Core 3.1 SDK installed, and a credential profile compatible to the AWS CLI (the CLI apparently isn’t used, though), which is used to collect compatibility information.
Load balancer HAProxy hits 2.2
A bit behind its projected schedule, HAProxy 2.2 is now available for download. The new version comes fitted with dynamic SSL certificate storage, TLS runtime certificate management improvements, and advanced ring buffer logging with syslog over TCP.
Other additions worth noting include dynamic error pages and return statements, refinements to the handling of idle connection pools, and scheduling for lower latency processing. Version 2.2 is a long-term support release and will receive security fixes until Q2 of 2025.
CLion takes care of dangling pointers in new EAP release
CLion 2020.2 is still in the works, providing the team behind the C/C++ IDE with ample opportunity to throw in the odd improvement here and there. In a recently released EAP build, users can for example find some enhancements to the tool’s remote mode, and an inspection to find dangling pointers, which will surely be appreciated.