DevOps Pulse

GitHub patched critical RCE vulnerability CVE-2026-3854 allowing authenticated users to execute remote code

while Copilot moves to usage-based billing creating cost pressure for AI workflows. GitProtect launched first GitHub Enterprise Cloud data residency backup targeting regulated industries, directly entering Veeam's DevOps protection space. Supply chain attacks compromised five major DevOps security tools in March including Trivy vulnerability scanner, validating the urgent need for DevOps security convergence.

Signals
32
Sections
5/5
Threats
7
Fresh
11
Updated
52d ago
Show

DevOps Platform Updates

scanned 53d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Critical CVE-2026-3854 Remote Code Execution Vulnerability

Wiz Research disclosed a critical vulnerability (CVE-2026-3854, CVSS 8.7) affecting GitHub.com and Enterprise Server that allows authenticated users to achieve remote code execution with a single git push command. The flaw exploited an injection vulnerability in GitHub's internal protocol, potentially exposing millions of repositories on shared storage nodes. GitHub deployed a fix within two hours of disclosure on March 4, 2026, and confirmed no real-world exploitation occurred.

githubWiz Blog·28 Apr

GitHub Copilot Moving to Usage-Based Billing June 1

GitHub announced all Copilot plans will transition to usage-based billing on June 1, 2026, replacing premium request units with GitHub AI Credits tied to token consumption. Base plan prices remain unchanged but agentic workflows, chat sessions, and code review will become more cost-sensitive. This represents a fundamental shift from flat-rate subscriptions to pay-per-use AI services across the industry.

githubGitHub Blog·26 Apr

GitLab Introduces Flat-Rate Code Reviews and AI Credits

GitLab 18.10 and 18.11 introduced flat $0.25 per automated code review pricing regardless of complexity, addressing 91% increase in code review times at AI-using companies. Free-tier users can now access Duo Agent Platform via GitLab Credits system with group-level allocation. SAST false positive detection reached GA to help security teams manage alert fatigue.

gitlabInfoQ·26 AprRecent

Azure DevOps Bitbucket Integration Issues Resolved

Microsoft resolved Azure DevOps integration issues with Bitbucket Cloud caused by Atlassian's API deprecation (CHANGE-2770) that affected pipeline connections. The service-side problem was identified on April 8, 2026, with a hotfix deployed for Azure App Service Bitbucket integration. Enterprise customers had to temporarily move away from Azure DevOps pipelines during the outage.

azure-devopsMicrosoft Q&A·10 Apr

Atlassian Rovo Model Context Protocol Server GA

Atlassian's Rovo MCP Server reached general availability for Jira, Confluence, and Compass, enabling AI tools to securely read and write Atlassian Cloud data with enterprise-grade controls. The service includes domain allowlists, IP allowlist support, and comprehensive audit logging. This positions Atlassian to compete directly with emerging Data Command Center solutions by providing AI-native data access.

confluenceAtlassian Cloud Changes·22 Dec

Jira Moves to Seasonal Release Cycle

Atlassian announced Jira Software and Jira Work Management will transition to seasonal releases starting May 2026, bundling user-facing features quarterly instead of continuous deployment. Security fixes remain immediate while AI capabilities like Rovo Chat continue updating independently. Premium customers receive sandbox preview one month before production deployment for testing critical integrations.

jiraUC Today·29 Jan