This blog describes a security vulnerability in the infrastructure that supports Germany’s COVID-19 contact tracing efforts. The mobile (Android/iOS) apps are not affected by the vulnerability and do not collect and/or transmit any personal data other than the device’s IP address. The infrastructure takes active measures to disassociate true positives from client IP addresses.
We’re here to bring you the latest and greatest releases for November 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech…
Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice (CVE-2020-16125, CVE-2020-16126, CVE-2020-16127)
On October 1, 2020, we published a CVE outlining a vulnerability in the set-env and add-path workflow commands feature of GitHub Actions, and announced that we would be deprecating those…
This is the second post in our series on DevOps fundamentals. For a guide to what DevOps is and answers to common DevOps myths check out part one. What role…
When a vulnerability is added to GitHub Advisory Database, the resulting Dependabot alert and security update notifications can be noisy. To help you focus on what matters, we’ve made a…
We have updated how webhooks on repositories, organizations, and apps can be configured via the API. We have a new configuration resource for full or partial updates to any or…
Sometimes, Dependabot security updates can’t create a pull request for you because any update we could make would break the requirements of another package that you depend on. When this…
How GitHub measures and improves reliability, security, and developer happiness with automated deployments.
November 3 is election day in the U.S. Early voting is available in most states. If you haven’t yet, make a plan to vote. If you’re an employer in the…
Outubro é um mês especial no mundo do desenvolvimento de software. Há 7 anos a Hacktoberfest — um festival que celebra a comunidade open source — incentiva pessoas desenvolvedoras a…
Like our global community, we’ve had a year of challenges and extremes at GitHub, and I’m grateful everyday for our culture as our foundation of strength and resilience. We started…
GitHub представляет нашу первую виртуальную встречу! Первая встреча пройдет во вторник, 17-го ноября, с 19:00 до 21:00 по Московскому времени. Наша ведущая и докладчик, Саша Розенбаум, менеджер по продукту из…
We changed the GitHub Actions self-hosted runner group default access to disable “Allow public repositories.” This change impacts runner groups created before Sep 4, 2020 and changes those runner groups…
It’s time for Major League Hacking’s (MLH) annual Local Hack Day: Learn, a worldwide celebration of learning. Do you have a framework that you have wanted to try? Or perhaps…
The ninth annual js13kGames competition wrapped up last weekend with over 220 games submitted. All created in a month and in less than 13kB of JavaScript. For anyone not in…
Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can…
Limit use of external actions within Actions workflow for enterprises, organizations, and repositories.
npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows. Previously, you could create an access token with one of two…
A moderate security vulnerability has been identified in the GitHub Actions runner that can allow environment variable and path injection in workflows that log untrusted data to STDOUT. This can…
You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions. You can limit external actions to…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
