DevOps Pulse

GitHub patched a critical RCE vulnerability (CVE-2026-3854)

that allowed single git push commands to compromise millions of repositories, while DevOps platform incidents surged 40% in 2025 costing enterprises $740K+ in lost productivity. Veeam launched Agent Commander combining AI risk management with data resilience, directly competing with its own positioning as competitors consolidate security+AI capabilities. Private equity eyes weakened Commvault after 30% stock decline, while HYCU and Keepit lead specialized SaaS backup markets that Veeam has yet to penetrate.

Signals
33
Sections
5/5
Threats
8
Fresh
14
Updated
61d ago
Show

DevOps Platform Updates

scanned 61d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Critical GitHub RCE Vulnerability CVE-2026-3854 Disclosed

Wiz researchers discovered a critical remote code execution vulnerability in GitHub's git push pipeline (CVE-2026-3854, CVSS 8.7). The flaw allowed a single git push with crafted options to execute code on GitHub's servers outside any sandbox. GitHub patched the vulnerability within 75 minutes of disclosure on March 4, but public disclosure was held until April 28 to allow Enterprise Server customers to patch.

githubDEV Community·28 AprRecent

GitHub Advanced Security Standalone Products for Azure DevOps

Microsoft announced GitHub Secret Protection and GitHub Code Security are now available as standalone products for Azure DevOps, separate from the bundled Advanced Security package. The move allows customers to purchase specific security capabilities independently, with Secret Protection covering secret scanning and push protection, while Code Security handles dependency and code scanning features.

azure-devopsMicrosoft Learn·25 AprRecent

Jira 2026 Spring Release with Space Insights

Atlassian launched the Jira 2026 Spring Release featuring new Space Insights capabilities and improved beta feature management in the admin interface. The release addresses user feedback about difficulty tracking changes and includes enhanced reporting options, though some users report rollout inconsistencies between admin interfaces and actual feature availability.

jiraAtlassian Community·29 AprNEW

Atlassian Security Bulletin: 38 Vulnerabilities Patched

Atlassian published a comprehensive security bulletin addressing 31 high-severity and 7 critical third-party vulnerabilities across Jira, Confluence, and Bitbucket products. The April 21 bulletin emphasizes upgrading to latest versions, with particular focus on RCE vulnerabilities in Confluence Data Center and Server platforms that could impact DevOps data protection workflows.

confluenceAtlassian Security·21 Apr

Bitbucket Issues and Wikis Sunset Announced

Atlassian announced the complete retirement of Bitbucket Issues and Wikis features, effective August 20, 2026. Starting April 2026, these features can no longer be enabled for new repositories. The move aims to improve reliability and integrate Bitbucket data into the unified Atlassian platform including Rovo, though it eliminates simple issue tracking capabilities that competed with more complex Jira workflows.

bitbucketAtlassian Community·25 AprRecent

Confluence AI Remix and MCP Partner Agents Launch

Atlassian introduced Confluence Remix and Model Control Protocol (MCP) compatible partner agents that can transform documentation into executable outputs across connected tools like Replit and Lovable. The feature leverages the Teamwork Graph with over 100 billion data points to maintain context and relationships when content moves between platforms, representing a significant AI integration for knowledge management workflows.

confluenceReleasebot·10 Apr

Microsoft GitHub Repository CI/CD Vulnerability Exposed

Tenable disclosed a critical vulnerability in a popular Microsoft GitHub repository that could allow attackers to execute arbitrary code and access secrets through vulnerable GitHub workflows. The flaw highlights growing security risks in CI/CD pipelines as they become central to software development, with the affected repository having 5,000+ forks and 7,700+ stars, demonstrating significant developer exposure.

githubDevOps.com·21 Apr