DevOps Pulse

Veeam disclosed 7 critical RCE vulnerabilities (CVSS 9.9) in Backup & Replication

with ransomware actors expected to reverse-engineer patches imminently—the tool meant to protect data is itself under attack. Azure DevOps blocked Global PAT creation as of March 15, requiring immediate migration of any Veeam integrations to organization-scoped or Entra-based authentication before the December 1 full decommission. Competitors are outpacing Veeam on AI governance: Rubrik launched Agent Cloud for AI agent rollback, Druva shipped graph-powered forensic compliance in 8-10 minutes, and Commvault acquired Satori for LLM security—while a DryRun Security study found AI coding agents introduce vulnerabilities in 87% of pull requests. The PM team should prioritize Veeam RCE patch communication, validate Azure DevOps PAT migration readiness, and assess the widening competitive gap in AI agent governance.

Signals
34
Sections
5/5
Threats
8
Fresh
0
Updated
107d ago

DevOps Platform Updates

scanned 107d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab Patches 15 Vulnerabilities Including Critical XSS Flaw

GitLab released versions 18.9.2, 18.8.6, and 18.7.6 fixing 15 security issues. The most severe is CVE-2026-1090 (CVSS 8.7), a high-severity XSS in Markdown placeholder processing that allows authenticated JavaScript injection. Three additional high-severity DoS vulnerabilities affect the GraphQL API, repository archive endpoint, and protected branches API.

gitlabGitLab Releases·11 Mar

Azure DevOps Blocks Global PAT Creation Starting March 15

Azure DevOps is retiring Global Personal Access Tokens. As of March 15, 2026, creation and regeneration of global PATs is blocked. All existing global PATs will be fully decommissioned on December 1, 2026. Veeam integrations using Azure DevOps global PATs must migrate to organization-scoped PATs or Entra-based authentication immediately.

azure-devopsMicrosoft Learn - Azure DevOps Sprint 270·15 Mar

GitHub REST API 2026-03-10 Introduces Breaking Changes

GitHub released REST API calendar version 2026-03-10, the first version to include breaking changes. Integrations must update the X-GitHub-Api-Version header and verify compatibility. Any Veeam tools or backup integrations that consume the GitHub REST API should be tested against the new version to ensure continued operation.

githubGitHub Changelog·12 Mar

GitHub Actions OIDC Tokens Support Repository Custom Properties

GitHub Actions OIDC tokens now include repository custom properties as claims (public preview). Admins can select properties to embed in tokens, prefixed with repo_property_, enabling attribute-based access control (ABAC) in AWS, Azure, and GCP without per-workflow changes. This strengthens keyless authentication governance at scale.

githubGitHub Changelog·12 Mar

GitHub Secret Scanning Adds 28 New Provider Detectors

GitHub added 28 new secret detectors covering 15 providers including Lark, Vercel, Snowflake, and Supabase. Additionally, 39 detectors now have push protection enabled by default, including Airtable, Databricks, Heroku, PostHog, and Shopify. This expands the scope of secrets that GitHub can automatically block from being committed.

githubGitHub Changelog·10 Mar

GitHub Pauses Self-Hosted Runner Minimum Version Enforcement

GitHub temporarily paused enforcement of the v2.329.0 minimum self-hosted runner version requirement that was scheduled for March 16, 2026. Runners below v2.329.0 can still register during the pause. An updated timeline will be published in coming weeks, but GitHub still plans to block older versions long-term.

githubGitHub Changelog·13 Mar

Bitbucket Cloud Workspace Organization Linking Deadline Reached

The March 15, 2026 deadline for linking Bitbucket Cloud workspaces to Atlassian organizations has passed. Starting March 16, Atlassian will auto-create organizations and auto-link eligible paid workspaces that weren't manually linked. This affects billing administration and is a prerequisite for Atlassian's unified identity and AI capabilities.

bitbucketAtlassian Support·15 Mar