DevOps platform provider GitLab has pushed out a series of security updates to mitigate two high and 15 medium severity vulnerabilities. Upgrading to versions 14.0.2, 13.12.6, and 13.11.6 is strongly recommended, given that one issue with a GitLab Webhook feature can be used for denial of service attacks in all previous versions.
The other high severity issue is a cross-site request forgery vulnerability in the GraphQL API which allows the execution of mutations through GET requests and concerns all versions since 13.12. Details can be found in the announcement blog.
Boundary reaches out to Vault
Version 0.4 of HashiCorp’s access management tool Boundary has just been made available, providing improvements for handling sessions when unstable connections are used. The update should be especially useful for teams that combine Boundary with secret management project Vault, since it also brings credential stores and libraries, which are used in an integration for brokering Vault secrets to Boundary clients.
JetBrains brings Datalore on-premises
IDE company JetBrains presented customers with an on-premises version of its data science tool Datalore this week. Datalore for Enterprise is said to be pretty similar to the regular Datalore Jupyter notebook environment, but offers the option of connecting an organisation’s own hardware, and configuring custom team environments. For the price of $125 per user per month, subscribers also get a say in what feature will be added next. The team currently works on ways to turn notebooks into interactive reports, for instance.
Weaveworks turns Kubernetes platform into GitOps product
Cloud native company Weaveworks took the wraps off their previously announced line of GitOps products. The main news here is Weave GitOps Core, a Flux-based tool to help devs new to Kubernetes and the GitOps concept to get their applications running in a cluster with two commands. There’s also an Enterprise version which is meant to help with the management of large numbers of Kubernetes clusters, though this is mainly a rebrand of what Weaveworks has been selling as the Weave Kubernetes Platform for a while.
Buoyant launches managed Linkerd service
Buoyant, the company behind service mesh Linkerd, has opened the beta program for their managed Linkerd service Buoyant Cloud. The product was dreamed up to make the project easier to handle and promises help in the form of a dashboard to show the state of the service mesh across clusters, alerting for health issues, and metrics for the associated workloads.
Since it’s still in beta, there are a couple of things missing one would expect from such a cloud service, however the management of Linkerd installs and upgrades is already on Buoyant’s agenda. Upcoming features are also said to include mesh TLS certificate rotations, and ways to set security and traffic policies across a cluster.
Solo.io pushes Gloo Edge and Portal updates
API management project Gloo Portal has reached its first major release, meaning it’s now ready for production and allows users to work with all features in Gloo Edge directly through the web portal. Since the last release, the Portal has been improved to simplify the publication and sharing of APIs and gained capabilities to track who uses which API how often.
Gloo Edge, which is now fully integrated with the portal, meanwhile has made a version jump to 1.8. The update includes helpful additions such as support for SOAP/XSLT, schemas to validate CRD functions, and the option to redact access logs. The Solo.io team also made it easier to use Gloo Edge together with Helm and delivery operator Flagger, details for which can be found in the company blog.