Break point: GitLab Security Release, new Amazon EC2 instances, SUSE acquires NeuVector, Azure DevOps Server patched

GitLab 13.8

GitLab has released versions 14.4.1, 14.3.4, and 14.2.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) with some important security fixes. GitLab strongly recommends that all GitLab installations are upgraded to one of these versions immediately.

For a full list of the issues addressed, see the GitLab blog post regarding these releases.

Some of the issues include improper validation of ipynb files in GitLab CE/EE version 13.5 and above, which allows an attacker to execute arbitrary JavaScript code on the victim’s behalf. This is a high severity issue.

Most of the other issues are medium severity, including one flaw through which an attacker can set the pipeline schedules to be active in a project export – so when an unsuspecting owner imports that project, pipelines are active by default. A potential DOS vulnerability has also been discovered in GitLab CE/EE starting with version 13.7, whereby the stripping of EXIF data from certain images results in high CPU usage.

Amazon introduces new instances powered by latest Intel chips

Amazon’s AWS has made available compute-optimised Amazon EC2 C6i instances, which are powered by Intel third-generation Xeon Scalable processors (Ice Lake). These are intended for compute-intensive workloads and offer up to 15 per cent better compute price performance over C5 instances for a wide variety of workloads, according to AWS.

The Xeon Scalable processors have an all-core turbo frequency of 3.5GHz, and boast capabilities such as always-on memory encryption using Intel Total Memory Encryption (TME). Suitable workloads for the new instances include batch processing, machine learning, high-end gaming, high-performance computing (HPC) workloads, ad serving, and video encoding.

As with Amazon’s M6i instances, C6i instances are available in nine sizes. Also like M6i, customers using the new instances should upgrade their Elastic Network Adapter (ENA) drivers to version 3 for optimal networking performance.

The new instances are currently available in Amazon’s US East (Northern Virginia, Ohio), US West (Oregon), and Europe (Ireland) Regions.

SUSE acquires NeuVector to boost container security

Enterprise Linux specialist SUSE has acquired NeuVector, a firm specialising in container security for DevOps pipelines and production environments. The aim is to significantly enhance the enterprise-grade security capabilities in the SUSE Rancher container management platform.

NeuVector describes its platform as the only Kubernetes-native security suite that delivers complete end-to-end security for modern container infrastructures. The acquisition by SUSE follows that of Rancher Labs last year, for its open source container management platform.

For SUSE Rancher customers, NeuVector offers the key enterprise security capabilities needed to run Kubernetes at scale, according to SUSE. The firm said that NeuVector will now be positioned as a core pillar of a cloud-native, open source security effort based on best practices, guidance and reference architectures within the movement toward zero trust security adoption.

Microsoft patches Azure DevOps Server

Microsoft has released fixes for Azure DevOps Server, its collaborative software development platform, deployed on the customer’s own infrastructure.

The patch fixes a number of issues. For example, Azure DevOps Server can only create connections to GitHub Enterprise Server. With this patch, project administrators will be able to create connections between Azure DevOps Server and repositories on GitHub.com.

Also fixed is an issue with Test Plan widget, where the test execution report was showing an incorrect user on results. Other issues include the Project Overview summary page failing to load, and emails not being sent to confirm product upgrade.

If customers are running Azure DevOps Server 2020.1.1, they should install Azure DevOps Server 2020.1.1 Patch 2. Customers running Azure DevOps Server 2020.0.1 should install Azure DevOps Server 2020.0.1 Patch 7. See the Azure DevOps blog for full details.

Spring Tools 4.12.1 released

The Spring project team has announced the 4.12.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

For Eclipse, this release includes important updates such as the embedded runtime upgraded to JDK17, and early-access builds for the upcoming Eclipse 2021-12 release and the Apple Silicon platform.

Full details of the changes can be found in the GitHub changelog. Users can visit the Spring Tools 4 site to download the distribution for Eclipse and find links to the marketplace entries for Visual Studio Code and Theia.