DevOps Platform Updates
scanned 100d ago4Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Azure DevOps Retires Global PATs; New Creation Blocked March 15
Azure DevOps Sprint 270 announced retirement of Global Personal Access Tokens (PATs), which grant overly broad cross-organization access contrary to modern security best practices. As of March 15, 2026, creation and regeneration of global PATs is blocked; all existing tokens will be fully decommissioned on December 1, 2026. Any Veeam connector, backup automation, or CI/CD integration relying on global PATs must migrate immediately to organization-scoped PATs or Microsoft Entra-based authentication to avoid disruption.
Atlassian March 2026 Security Bulletin: Jira and Confluence DC Flaws
Atlassian's March 17, 2026 security bulletin discloses multiple vulnerabilities in self-hosted Jira Data Center and Confluence Data Center, including high-severity path traversal, file overwrite, and denial-of-service flaws. Atlassian-hosted cloud products are unaffected, but all self-managed installations must apply the published fixed versions immediately. The path traversal and file overwrite issues are especially relevant for data protection teams, as they could allow unauthorized access to or manipulation of repository artifacts stored on-premises.
GitLab Patch Release 18.9.2, 18.8.6, 18.7.6 Fixes CE/EE Vulnerabilities
GitLab issued a security advisory on March 11, 2026 releasing patches for CE and EE across all supported version tracks, covering versions prior to 18.9.2, 18.8.6, and 18.7.6; the advisory was independently flagged by multiple national CERTs including Canada's CCCS. GitLab.com and Dedicated instances are already running the patched code, but all self-managed installations must upgrade immediately. Self-managed GitLab — the most common target for enterprise backup tools — carries the full risk until patched.
GitHub REST API Version 2026-03-10 Released with Breaking Changes
GitHub released a new calendar-versioned REST API dated 2026-03-10 on March 12, 2026, advancing its calendar-based versioning model introduced to give integrators structured guidance on upgrades. Integrators must update the X-GitHub-Api-Version request header and review the documented breaking changes for this version before adoption. Veeam GitHub integrations and backup tooling calling GitHub REST endpoints should audit affected endpoints now, as older API versions will eventually be sunset.