GitHub, Microsoft and OpenAI oppose lawsuit over GitHub Copilot
GitHub, its parent company Microsoft and nonprofit OpenAI are opposing a class action lawsuit by independent developers over possible copyright abuse in GitHub Pilot.
According to the three software specialists, the accusation by the independent developers is unjustified. The lawsuit now pendin... Read more
15-year-old Python bug puts 350,000 open-source projects at risk
Researchers at Trellix said they have patched nearly 62,000 open-source projects susceptible to a 15-year-old path traversal vulnerability in the Python ecosystem.
The bug, tracked under CVE-2007-4559, was discovered by Trellix's team in Python’s tarfile module late last year. It was first rep... Read more
GitHub reaches 100 million user milestone
The platform grew from three million to one hundred million users in less than a decade. GitHub is clearly loved.
Exactly ten years ago, three million developers used the platform. That number had grown to 28 million by the time Microsoft acquired GitHub in 2018. Three months ago, the 90 millio... Read more
‘GitHub Codespaces can be used for malware delivery’
Researchers warn that hackers can use GitHub Codespaces to host and deliver malware.
According to a new report from Trend Micro, threat actors can abuse the port forwarding feature in GitHub Codespaces to host and distribute malware and malicious scripts.
GitHub Codespaces became widely avai... Read more
GitHub simplifies code vulnerability scanning
With only a few clicks, developers can configure code scanning for a repository using the new default setup introduced by GitHub.
Although GitHub's code scanning is powered by the CodeQL code analysis engine, which supports a wide range of languages and compilers, the new option is only availabl... Read more
Slack loses code repositories to unauthorized user
An unauthorized user gained access to Slack's GitHub repositories. The user managed to download the repositories before Slack plugged the leak.
The damage appears limited, as none of the stolen repositories involve Slack's source code or user data. The organization stresses that source code and... Read more
Ruby 3.2.0 includes a host of new features
The new release features WebAssembly support, production-ready YJIT optimization and more.
Ruby 3.2.0 was recently made available. The release includes major features like WASI-based WebAssembly support.
As maintainer Yui Naruse explained in his release announcement, it's "an initial port of... Read more
Okta’s source code has been stolen
An internal memo indicates that Okta's source code has been stolen by one or more unauthorized users. The organization claims the breach does not affect customers.
BleepingComputer obtained the internal memo from an anonymous source. Okta CSO David Bradbury writes that one or more unauthorized ... Read more
GitHub introduces free secret scanning for all repositories
The new service allows developers to find exposed secrets and credentials.
In a move to secure the global software supply chain, GitHub plans to allow developers to scan their repositories for exposed secrets and credentials for free. The new service was announced in a Tweet this week.
Mariam... Read more
GitHub will require two-factor authentication from all users in 2023
The new policy applies to anyone who contributes code to the platform.
GitHub announced this week that it will require all users to enable two-factor authorization (2FA) by the end of 2023. To be clear, the policy will apply not just to developers who contribute code to the GitHub website, but t... Read more