June 2022

High-quality Git commits are the key to a maintainable and collaborative open- or closed-source project. Learn strategies to improve and use commits to streamline your development process.

Maintainers answer your questions about how to manage an open source project that grows into a community.

Meet the 2022 MLH Fellowship cohort! This 12-week internship alternative is for aspiring software engineers, and powered by GitHub.

In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.

Monorepo performance can suffer due to the sheer number of files in your working directory. Git’s new builtin file system monitor makes it easy to speed up monorepo performance.

The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.

We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.

The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release.

To celebrate Maintainer Month, GitHub has invested an additional $500,000 to help sponsor the open source projects that it depends on.

We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces.

We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects.

GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.

Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities

Each month, we highlight open source projects that have shipped major updates. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. We cover what the…

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.