DevOps Platform Updates
scanned 109d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Azure DevOps Global PAT Creation Blocked Starting March 15
Azure DevOps Sprint 270 enforces the retirement of Global Personal Access Tokens starting March 15, 2026, blocking creation and regeneration. All existing global PATs will be fully decommissioned on December 1, 2026. Any Veeam integrations using global PATs for Azure DevOps backup or data protection must migrate to organization-scoped PATs or Entra-based authentication immediately.
GitHub REST API v2026-03-10 Introduces Breaking Changes
GitHub released REST API calendar version 2026-03-10, the first version to include breaking changes. Integrators must update the X-GitHub-Api-Version header and verify their integrations work with the new version. Veeam products calling GitHub REST APIs for repository backup or metadata protection need regression testing against this version.
Atlassian OAuth 1.0 Fully Disabled After March 14 Brownout
Atlassian's OAuth 1.0 and implicit grant flow brownout schedule completes on March 14, 2026, after which existing access tokens will no longer be usable. All integrations must migrate to a supported OAuth 2.0 flow. This is a hard breaking change affecting any Veeam Jira/Confluence connectors that still rely on legacy OAuth 1.0 authentication.
GitLab Releases Critical Security Patches 18.9.2, 18.8.6, 18.7.6
GitLab published patch releases 18.9.2, 18.8.6, and 18.7.6 containing important bug and security fixes for both Community and Enterprise editions. Self-managed installations should upgrade immediately. Veeam customers running self-managed GitLab instances need to be advised to patch, and any Veeam backup integrations should be validated against the new versions.
GitHub Secret Scanning Adds 28 New Detectors in March
GitHub added 28 new secret scanning detectors from 15 providers including Lark, Vercel, Snowflake, and Supabase, with 39 detectors now having push protection enabled by default. This expands coverage for providers like Airtable, Databricks, Heroku, PostHog, and Shopify. Signals growing investment in pre-commit secret detection that complements Veeam's data protection posture.
GitHub Actions Self-Hosted Runner Version Enforcement Paused
GitHub paused enforcement of the minimum self-hosted runner version requirement (v2.329.0) that was scheduled for March 16, 2026. Runners below v2.329.0 can still register during this period. This gives teams more time to upgrade but signals that enforcement will resume; organizations should still plan to update their CI infrastructure.
Azure DevOps Adds Push Protection Bypass Audit Logging
Azure DevOps Sprint 270 introduces audit log entries for push protection bypass events, recording the repository, secret type, and user identity. This gives security teams a complete record of when developers bypass secret detection during git push. Relevant for Veeam customers who need compliance-grade audit trails across their DevOps toolchain.