GitLab dropped its monthly slew of security fixes this week. In particular, teams using the tool’s DataDog integration should consider updating to now available versions 14.2.2, 14.1.4, or 14.0.9 since the releases include a fix for a high severity stored XSS vulnerability recently discovered there. It also comes with eight more adjustments to get rid of medium-severity bugs that could be used to orchestrate denial of service attacks, escalate privileges, or reveal confidential information.
Linux Foundation gains new entity framework
Developed by Facebook in 2019 as a means to simplify building and maintaining applications with large data models, entity framework Ent has become the latest addition to the Linux Foundation’s project pool. The move goes hand in hand with the hope that the new governing body will lead to additional contributors and a surge in adoption.
The LF’s interest in Ent might be down to the fact that it has been created especially for Go, which makes it a reasonable choice for cloud native projects that often rely on the language. Flagship projects of that space are largely housed in the CNCF, which is a subsidiary of the Linux Foundation.
Kuma and Kong Mesh get fitted with permissive mTLS mode for easier migration
Service mesh Kuma is now available in version 1.3, which sees the project gaining a new datasource for install metrics, configurers for simple HTTP connections and virtual host domain names, a permissive mTLS mode, and support for intermediate CA. Kong Mesh, which uses Kuma as its base, meanwhile bumped its version number up to 1.4 and now provides users with automated CA rotation when mTLS is enabled and a service map topology view on top of the new Kuma features.
Databricks announces Serverless SQL
Databricks has started the public preview of its Serverless SQL feature. With it, admins are said to be able to create Serverless SQL endpoints that can be used like regular SQL endpoints for querying but utilise computer clusters in the Databricks AWS account. The new feature is meant to help in scenarios where resource utilisation is hard to foresee, since it automatically provides cloud computing capacity when needed and automatically shuts down clusters that have been idle for ten minutes to keep costs down.
Interested organisations can request access now. However, the documentation suggests this might currently only be a real option for those working in AWS regions us-east-1, us-west-2, and ap-southeast-2.
Pyston team finds new home at Anaconda
The two-person team behind fast Python implementation Pyston has joined data science platform Anaconda. According to Anaconda, the step makes the company a Pyston sponsor, though the maintainers are promised to keep their “freedom to make independent decisions about their project, and grow their user, contributor, and maintainer community independent of Anaconda”.
Initial interest in the project came from Anaconda’s own work on a fast compiler and Pyston’s potential “to quickly bring faster Python to a mainstream audience”. Pyston might be added to the Anaconda package distribution or incorporated into other products at a later stage, “but that work will be separate from the Pyston open-source project”.
Docker updates product subscriptions
Container expert Docker has reworked its pricing model and come up with a new Business subscription. It is introduced at a price of $21 per user per month billed annually, and meant to cover medium to large businesses looking for “centralized management and advanced security capabilities”. The latter include soon to come SAML SSO and image access management. Business also is the only package that can be purchased via invoice — which might come in handy for more traditional organisations.
Docker also updated the terms for using Docker Desktop. While small businesses and those using it for personal or educational use will continue to be able to do so for free, businesses larger than 250 employees that make more than $10 million in annual revenue now require a paid subscription to make use of the tool, effective immediately.