GitLab’s monthly security updates are in, with the company strongly recommending a switch to versions 13.8.2, 13.7.6, or 13.6.6 to keep your system safe from seven issues including XSS and accidental information disclosure.
Since the last big security update, the GitLab team discovered two medium severity issues that could disclose an internal IP address through error messages (CVE-2021-22169) and lead to an exposition of sensitive GraphQL variables to users with server log access. Outside reporters meanwhile pointed the company to CVE-2021-22172, which can be used to access tag data in private projects, and some cross-site scripting issues making installations vulnerable via merge requests (13.7+) or interactions with the epics page (11.8+).
SauceLabs keeps growing
SauceLabs, a company co-founded by Selenium developer Jason Huggins and mainly known for its continuous testing platform, is continuing its buying spree by announcing its plan to acquire autonomous testing platform provider AutonomIQ. SauceLabs only recently bagged API testing company API Fortress to bolster its portfolio. AutonomIQ is meanwhile meant to help it add features like scriptless test automation to its product. Financial details of the transaction haven’t been shared yet. SauceLabs hopes to close the deal this month.
HashiCorp puts managed Consul forward
DevOps tooling company HashiCorp has announced general availability of a fully managed service version of its service mesh and service discovery tool Consul. For now, HCP Consul is only usable for AWS environments in selected US (Oregon and Virginia) and European (London, Frankfurt, Ireland) regions, though other options are supposed to follow “in the near future”.
More code, faster: Kite code completion engine gets enterprise-y
The team behind code completion engine Kite has come up with a self-hosted version of its project which it now looks to sell amongst enterprises. Compared with the regular free version, Kite Team Server is meant to provide better completions since it uses a company’s code base to learn often used patterns and a larger model to get better accuracy. The engine is said to support 16 languages and IDEs, ranging from C/C++ to Ruby, Bash, Python, and Go and Vim to VS Code, IntelliJ IDEA, and JupyterLab respectively.
Netflix makes GraphQL for Spring Boot a thing
A couple of engineering teams at Netflix have decided to give back to the open source community by releasing the code to their Domain Graph Service (DGS) framework into the world. The project is meant to simplify the “implementation of GraphQL, both for standalone and federated GraphQL services” and grew around the backend team’s need to adopt GraphQL into a Java ecosystem following an initiative to improve API scalability. Features waiting to be explored include an annotation-based Spring Boot programming model, a test framework, a GraphQL client for Java, and a Gradle Code Generation plugin.
Docker donates container registry in hope to find more maintainers
New Docker CTO Justin Cormack has taken to the company blog to share the news that Docker Distribution is now a Cloud Native Computing Foundation sandbox project. The container registry – which is part of Docker Hub and serves as a reference implementation for other registries – will from now on be only known as Distribution. It can already be found in a new GitHub home, reflecting the change.
According to Cormack, many companies already provide registries based on the project, however Docker found that “many people had small forks and changes that they were not contributing to the upstream version, and the project needed a broader group of maintainers”. Under the new CNCF roof, Distribution is supposed to become “clearly an industry wide collaboration” with maintainers from Docker, GitHub, GitLab, Digital Ocean, Mirantis and the Harbor project, which is another CNCF registry project.
Just one more! Apache Software Foundation turns DataSketches into a top-level project
The stream of projects making its way into the Apache Software Foundation’s top level keeps on flowing, as the org welcomes Apache DataSketches into its highest tier. The big data analysis library is used in companies such as Yahoo and Verizon Media for processing massive scale data in cases where approximate results are good enough to work with. DataSketches spent a good two years in the incubator and is now deemed “well-governed under the ASF’s meritocratic, consensus-driven process and principles”.