This blog describes a security vulnerability in the infrastructure that supports Germany’s COVID-19 contact tracing efforts. The mobile (Android/iOS) apps are not affected by the vulnerability and do not collect and/or transmit any personal data other than the device’s IP address. The infrastructure takes active measures to disassociate true positives from client IP addresses.
The GitHub Archive Program announces its latest milestone: storing collections of the most popular and depended upon open source repositories in beautiful art cases featuring 3D-printed and AI-generated artwork in significant libraries around the world.
GitHub will recommend you unwatch repositories that you are no longer interacting with. You will see these recommendations when: You check your notifications on GitHub You search for notifications on…
Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice (CVE-2020-16125, CVE-2020-16126, CVE-2020-16127)
Along with the release of version 7 of the npm CLI, we have updated the npm documentation site to add the documentation for the new release. In addition, we’ve made…
An introduction to our blog series on GitHub’s investments in technical excellence.
In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE in Chrome by a single click (and perhaps a 2 minute wait) on a malicious website.
November 3 is election day in the U.S. Early voting is available in most states. If you haven’t yet, make a plan to vote. If you’re an employer in the…
Outubro é um mês especial no mundo do desenvolvimento de software. Há 7 anos a Hacktoberfest — um festival que celebra a comunidade open source — incentiva pessoas desenvolvedoras a…
The open source Git project just released Git 2.29 with features and bug fixes from over 89 contributors, 24 of them new. Last time we caught up with you, Git 2.28 had just been…
The ninth annual js13kGames competition wrapped up last weekend with over 220 games submitted. All created in a month and in less than 13kB of JavaScript. For anyone not in…
We’re here to bring you the latest and greatest releases for October 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech,…
Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can…
Earlier this month we were thrilled to welcome the OpenJDK Community to GitHub. The communities migration effort, codenamed Project ‘Skara’, brought JDK 16 main-line development into GitHub. The JDK project is at the…
We recently shipped support for the origin-bound draft standard for security codes delivered via SMS. This standard ensures security codes are entered in a phishing-resistant manner. It accomplishes this by binding an SMS with…
Logs for GitHub Actions have gotten a significant update. Some major enhancements and new features include: Styling changes to improve readability An improved search experience for large logs Auto-scrolling and…
It’s now even easier to review logs from your GitHub Actions workflow runs. We’ve introduced several improvements to make the experience more performant, precise, and pleasing to use. Why these…
Security is a complex area. One software component may break the assumptions made by another component and it is not always clear who should fix the code to remediate the security implications.
The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.
Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.
Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
