DevOps Platform Updates
scanned 69d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Atlassian Security Bulletin Addresses Critical Vulnerabilities
Atlassian published a comprehensive security bulletin on April 21, 2026, addressing vulnerabilities across multiple products including Bamboo, Bitbucket, Confluence, and Jira. The bulletin includes 32 security patches for critical and high-severity vulnerabilities, with most affecting third-party dependencies. This impacts DevOps data protection as teams need immediate patches.
GitHub Actions Adds OIDC Custom Properties and VNET Failover
GitHub updated Actions with new security features including OIDC custom properties as claims for granular trust policies and Azure private networking VNET failover capabilities. The update also includes service container entrypoint overrides. These changes enhance DevOps security and infrastructure resilience for enterprise workflows.
Vercel Security Incident Exposes DevOps Supply Chain Risks
On April 19, 2026, Vercel disclosed a security breach originating from a compromised AI tool Context.ai that spread through Google Workspace OAuth to internal systems and customer environment variables. This highlights new attack vectors in DevOps through SaaS tool supply chains rather than traditional code dependencies.
GitLab Patches High-Severity Websocket Vulnerability CVE-2026-5173
GitLab released versions 18.10.3, 18.9.5, and 18.8.9 addressing CVE-2026-5173, a high-severity vulnerability with CVSS score 8.5 affecting websocket connections. The flaw allows authenticated attackers to bypass access controls and invoke unintended server-side methods. Immediate updates recommended for all self-managed installations.
GitHub Secret Scanning Expands with 28 New Patterns
GitHub deployed 28 new secret detection patterns across 15 providers in April 2026, expanding push protection to 39 token types by default. Notable additions include Cloudflare, Vercel (6 types), and improved enterprise API controls for secret scanning campaigns. This strengthens DevOps security against credential leaks.
Bitbucket OAuth Security Changes Take Effect May 2026
Bitbucket Cloud announces OAuth 2.0 migration completion with brownout beginning in April 2026. OAuth 1.0 and implicit grants will be fully disabled on March 14, 2026. Client credentials grants will stop issuing refresh tokens on May 4, 2026 to improve security alignment with RFC standards.
GitHub Reorganizes Security Tab to Include Code Quality
GitHub renamed the Security tab to 'Security & quality' across repositories, organizations, and enterprises to colocate code quality findings with security alerts. This change supports the upcoming GitHub Code Quality general availability and provides unified triage for all code-related issues in one place.
AWS DevOps and Security Agents Reach General Availability
AWS announced general availability of DevOps Agent and Security Agent on April 6, 2026. These frontier agents work autonomously across multiple steps to investigate incidents, reduce resolution time, and prevent issues. Major customers like United Airlines and T-Mobile are already using these agents to accelerate incident response.