API gateway Kong Gateway has rolled out its 2.3 release. In addition to finally allowing teams to name their routes and services in a native character set by introducing UTF-8 support, the project has improved its HTTP Log plugin for easy integration with observability systems, and reworked its defaults to be more secure out of the box. As a consequence, users relying on the old defaults might experience some breakage, though the announcement notes have tried to give pointers as to how to make them work.

Pip turns 21, adds switch for ancient issue

Python Package Installer pip 21 is now ready for downloading. The new version includes an –ignore-requires-python option for pip download, a feature which has been discussed since 2014, as well as an improvement to the resolver that should help handling inconsistent metadata. Support for Python 2 and 3.5 has been dropped with the release of pip 21.

Apache Software Foundation (ASF) welcomes new top-level projects

The ASF has added projects Superset and ECharts to the top-level tier of its portfolio. Superset, a data exploration platform, entered the foundation’s incubator in 2017 and is known to be used at companies including Netflix and American Express, although it only officially reached production maturity last week. Charting and visualisation library ECharts can be found in projects at Amazon, GitLab, and Intel.

Devs interested in the state of security at the ASF can swing over to the foundation’s blog to give the recently released 2020 security report a read. In it, the org has provided an overview of the security email threads for the last year, pointing out noteworthy events and giving insight into their issue handling process.

Vitess team finalises online DDL syntax

The Vitess team reckons that version 8 of the database clustering project was good enough not to require any patches, so it was able to go from one major release to the next, pushing out version 9 this week. Since October, Vitess devs have worked on and finalised the syntax for online DDL in a bid to streamline online schema changes. They also tried to improve MySQL compatibility to ensure the software will soon be able to accept the same queries, and added logging and metrics to debug VReplication workflows, which also received some CLI command updates.

OpenShift Container Storage 4.6 drops

Red Hat has updated its OpenShift Container Storage project to version 4.6. The latest iteration includes CSI-orchestrated snapshot functionality and APIs meant to correctly restore data and applications that run in container pods. It should also have a slightly improved security pasture, as it allows teams to set OAuth tokens to expire after being inactive for a certain amount of time and provides a secure OAuth token storage format alongside a compliance operator. The Operator helps by using OpenSCAP tools “to check that a deployment complies with security standards and provides remediation options”. 

Docker gets new CTO, establishes new ties and improves reporting

Justin Cormack has been named CTO of Docker. The company’s former senior security engineer and Docker maintainer will follow in the footsteps of Docker founder Solomon Hykes and Kal De, who filled that position last. 

The news landed just after Docker announced a partnership with artifact management tooling provider JFrog this week. The deal will try to “ensure developers can get the images they want and trust, and make sure they can access them in whatever development process they are using from a centralized platform”, Docker said. For now, users can expect to see better integration of Docker Hub and Artifactory, though new features are also expected to grow from the partnership.

In the meantime, Docker’s development team fitted the tool with a new Audit Log feature. It was built to provide admins of team subscription accounts “with a chronological report of their team activities”.