Users of Apache Cassandra who haven’t updated their systems in the last couple of days should consider an upgrade, as JFrog identified a high severity remote code execution issue in the database project. The vulnerability affects all teams running Cassandra with the non-standard configuration of
enable_scripted_user_defined_functions: true, and
enable_user_defined_functions_threads: false and allows for arbitrary code execution on the host, should the attacker have the permission to create user defined functions.
AWS steps away from using Elasticsearch term
Elastic this week announced that as a result of a now-dismissed trademark infringement lawsuit, “the only Elasticsearch service on AWS and the AWS Marketplace is Elastic Cloud.” The lawsuit was started in 2019 to prevent confusion about the origin of a service when the term Elasticsearch was used on the AWS Marketplace. Elastic went on to change its licensing in 2021 to prevent companies like AWS from providing its projects as a service without giving anything back.
AWS however still provides a variant of the Elastic service, which uses its OpenSearch fork as the foundation. It will be interesting to see how the relationship progresses in the next couple of months, as Elastic CTO Shay Banon plans to “focus on collaborating with Amazon for the benefit of our shared customers who use Elastic on AWS”. Elastic recently tried to become more present on the AWS platform by pushing out a number of integrations for various AWS services.
GitHub pushes Enterprise Server RC, adds diagrams for all
Organisations who want to prepare for the next GitHub Enterprise Server update can try their hand at the v3.4 release candidate which was launched earlier this week. The current iteration includes a wide range of new features ranging from reusable workflows for GitHub Actions and automatically generated release notes, to security enhancements such as a secret scanning enterprise API.
A new feature available to all GitHub.com users is the option to create graphs in Markdown via the Mermaid diagramming and charting tool.
KubeOne 1.4 now available
Cluster lifecycle management tool KubeOne has become available in version 1.4, which sees the project gaining support for Kubernetes 1.23, a new Operating System Manager, the Cilium CNI, and Nutanix, amongst other things. The update also introduces a new KubeOneCluster API version, allowing users to configure things like registry mirrors, private registries, and Kubelet settings such as container maximum file site and resource reservation.
New Relic pushes reworked infra monitoring into GA
Observability company New Relic has deemed its reworked infrastructure monitoring experience to be ready for general use and pushed the product into general availability. Users will now have access to a new infrastructure UI in the Explorer, where they find information on their system’s entities, an estate view, and an activity stream, which are meant to help them to detect issues earlier and find bottlenecks in their processes.
CNCF takes closer look at 2021, welcomes new project
The technical oversight committee of the Cloud Native Computing Foundation has voted to push the chaos engineering platform Chaos Mesh from its sandbox into the CNCF incubator. The project is currently used by around 50 companies including ByteDance, DataStax, and RabbitMQ, and gets contributions from “60+” organisations.
Other than that the CNCF used February to take a closer look at how its projects were doing in 2021. According to the latest annual survey of the foundation, usage of flagship project Kubernetes has risen particularly in large businesses during the last year (though results have to be taken with a grain of salt, since the CNCF will largely reach people using its tech anyways).
Numbers also implied that the orchestrator has started to turn more into an “under the hood” project as more organisations decided to go with managed versions or packaged platforms, with Amazon Elastic Container Service for Kubernetes apparently being the most popular (75%). African regional numbers look a bit more interesting in this context and see AKS Engine for Azure Stack, Amazon, and Alibaba Cloud nearly lying level (48% vs 44% vs 42% respectively), signalling the strongest interest in Alibaba’s offerings overall.
Adoption of Prometheus went up by 43 per cent – though use of APIs and integrations often obscures the monitoring tool, making it hard for some respondents to correctly inform the CNCF about their use. Another interesting observation is that orgs seem to have gotten somewhat more experimental, as for instance Argo’s production use showed a year-on-year increase by 115 per cent for the relatively new project.