GitLab, Boundary, Datalore Enterprise, Weave GitOps, Buoyant Cloud and Gloo Edge • DEVCLASS
DevOps platform provider GitLab has released a series of security updates to mitigate two High Severity and 15 Medium Severity vulnerabilities. Upgrading to versions 14.0.2, 13.12.6, and 13.11.6 is highly recommended, as an issue with a GitLab Webhook feature can be used for denial of service attacks in all previous versions.
The other high severity issue is a cross-site request forgery vulnerability in the GraphQL API that allows mutations to be performed through GET requests and affects all versions since 13.12. Details can be found in the announcement blog.
Boundary reaches out to Vault
Version 0.4 of the HashiCorp Boundary Access Management Tool has just been released, providing improvements for session management when unstable connections are used. The update should be especially useful for teams that combine Boundary with the Vault Secret Management project, as it also brings credential stores and libraries, which are used in an integration for secret brokerage. Vault to Boundary customers.
JetBrains brings Datalore to site
IDE company JetBrains this week presented customers with an on-premises version of its data science tool Datalore. Datalore for Enterprise is said to be quite similar to the classic Datalore Jupyter notebook environment, but offers the ability to connect an organization’s own hardware and set up custom team environments. For the price of $ 125 per user per month, subscribers also have a say in what next feature will be added. The team is currently working on ways to turn notebooks into interactive reports, for example.
Weaveworks transforms the Kubernetes platform into a GitOps product
Cloud-native company Weaveworks has unveiled its previously announced GitOps product line. The main novelty here is Weave GitOps Core, a Flux-based tool to help developers new to Kubernetes and the GitOps concept to run their applications in a cluster with two commands. There is also an Enterprise version which is intended to help manage a large number of Kubernetes clusters, although this is primarily a re-image of what Weaveworks has been selling for some time as the plate. -form Weave Kubernetes.
Buoyant launches a Linkerd managed service
Buoyant, the company behind the Linkerd Service Mesh, has opened the beta program for its Linkerd Buoyant Cloud managed service. The product was designed to make the project more manageable and promises help in the form of a dashboard to show the status of the service mesh across clusters, alerts for health issues and metrics for associated workloads.
As it’s still in beta, it lacks a few things one would expect from such a cloud service, but managing Linkerd’s installations and upgrades is already on Buoyant’s agenda. Upcoming features should also include TLS mesh certificate rotations and ways to set traffic and security policies on a cluster.
Solo.io pushes updates to Gloo Edge and Portal
The Gloo Portal API management project has reached its first major release, which means it is now production ready and allows users to work with all Gloo Edge functionality directly through the web portal. Since the last version, the portal has been enhanced to make it easier to publish and share APIs, and has gained capabilities to track who uses which API how often.
Gloo Edge, which is now fully integrated into the portal, has meanwhile made a version jump to 1.8. The update includes useful additions such as support for SOAP / XSLT, schemas to validate CRD functions, and the option to write access logs. The Solo.io team also made Gloo Edge easier to use with Helm and delivery operator Flagger, details of which are available on the company’s blog.