September 2021

Manage your company in the cloud with more control and governance using enterprise managed users.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

This release brings over 70 new features and changes that improve developer experience and deliver new security capabilities.

As part of GitHub’s strong commitment to developer privacy, we are excited to announce updates to our privacy agreements in line with new legal requirements and our own robust data protection practices.

This post is a technical analysis of a recently disclosed Chrome JIT vulnerability (CVE-2021-30632) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 13, 2021 in Chrome version 93.0.4577.82. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

In 2019, to meet GitHub’s growth and availability challenges, we set a plan in motion to improve our tooling and ability to partition relational databases.

npm access tokens will now follow the established format of GitHub authentication tokens.

We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!

During an audit of Apache Dubbo v2.7.8 source code, I found multiple vulnerabilities enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers. In this blog post I detailed how I leveraged CodeQL as an audit oracle to help me find these issues.

If you’re a GitHub Enterprise Cloud customer, you can now set up a stream of audit log and Git events to Splunk or an Azure Event Hub.

In August of 2020, we started highlighting stories that showcase how developers, maintainers, and organizations are moving humanity forward through The ReadME Project.

What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.

Announcing recipients of the GitHub Open Source Grants and opening of GitHub Sponsors in India.

GitHub Enterprise Server 3.2 is available today as a release candidate.

We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here’s what we found.