JupyterLab and Jupyter Notebook users are strongly encouraged to jump on a deployment of the projects’ latest versions, as recent releases seem to be susceptible to a remote code execution attack. The vulnerabilities, which have been assigned CVE-IDs CVE-2021–32797 and CVE-2021–32798, are mostly down to improper input sanitisation when working with untrusted notebooks and allow attackers to execute arbitrary code on the victim computer.
Patch releases are now available.
The reporting and fixing process, however, unveiled some shortcomings in the communication process to the Jupyter team. As a consequence, it is now “attempting to form a new security-focused subproject/workgroup to educate and have procedures for everything security related.”
Operator SDK bumps up Kubernetes 1.22 support
Operator SDK, a toolkit for managing Kubernetes native applications and part of the Operator Framework, has reached version 1.11 this week. The update adds a
containerPort protocol field to support Kuberenetes’s recently matured server-side apply feature, a predicate to filter events based on labels when using Helm, and support for test/template expansion of override values for Helm-based operators.
HashiCorp Boundary introduces new event-logging system
HashiCorp’s identity-based access management nestling Boundary is now available in version 0.5. The most highlighted change is a new event-logging mechanism that is meant to provide better insight than the former approach of writing
hclog entries. Boundary events span error, system, observation, and audit types, which currently seem to be in very different development stages and are emitted in the CloudEvents format.
Other enhancements that can be found in version 0.5 include a way to configure credential brokering through the admin console as opposed to the tool’s CLI, reworked shutdowns, and additional information in account read outputs — which should help when creating managed groups.
Google shares data validation tool
Google’s PSO data team announced a new Python project for automatic data validation this week. The expressively named Data Validation Tool promises to perform multi-leveled data validation functions from table to row level on platforms ranging from BigQuery, PostgreSQL, and Impala to Oracle databases. Results will be either printed to stdout or Google’s BigQuery, though validation configs can also be saved in a YAML file for further use.
GitHub pushes cloud IDE into Team and Enterprise Cloud subs
After teasing it for quite a while and even making the jump to cloud development environments themselves, the GitHub team is currently rolling out its Codespaces feature to users on GitHub Team and Enterprise Cloud subscriptions. Org owners should be able to activate the tool via the settings to test it for free until 10 September, 2021. Individuals who’d like to give it a go as well can still try to get access to the extended beta programme, though there currently isn’t any information on how they’ll be able to use it in the future.
Puppet updates contributor agreement
IT automation project Puppet will be updating its Contributor License Agreement on 1 September 2021. The new CLA is based on the one used for projects of the Apache Software Foundation and was chosen for better alignment with other projects. Developers who already signed a contributor agreement will be reminded by a bot to put their name under the new agreement as well. Small catch: apparently Puppet’s CLA assistant doesn’t support organisation signatures yet, so those who have been contributing on their company’s behalf will now have to sign an individual agreement.