DevOps Platform Updates
scanned 53d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Critical CVE-2026-3854 Remote Code Execution Vulnerability
Wiz Research disclosed a critical vulnerability (CVE-2026-3854, CVSS 8.7) affecting GitHub.com and Enterprise Server that allows authenticated users to achieve remote code execution with a single git push command. The flaw exploited an injection vulnerability in GitHub's internal protocol, potentially exposing millions of repositories on shared storage nodes. GitHub deployed a fix within two hours of disclosure on March 4, 2026, and confirmed no real-world exploitation occurred.
GitHub Copilot Moving to Usage-Based Billing June 1
GitHub announced all Copilot plans will transition to usage-based billing on June 1, 2026, replacing premium request units with GitHub AI Credits tied to token consumption. Base plan prices remain unchanged but agentic workflows, chat sessions, and code review will become more cost-sensitive. This represents a fundamental shift from flat-rate subscriptions to pay-per-use AI services across the industry.
GitLab Introduces Flat-Rate Code Reviews and AI Credits
GitLab 18.10 and 18.11 introduced flat $0.25 per automated code review pricing regardless of complexity, addressing 91% increase in code review times at AI-using companies. Free-tier users can now access Duo Agent Platform via GitLab Credits system with group-level allocation. SAST false positive detection reached GA to help security teams manage alert fatigue.
Azure DevOps Bitbucket Integration Issues Resolved
Microsoft resolved Azure DevOps integration issues with Bitbucket Cloud caused by Atlassian's API deprecation (CHANGE-2770) that affected pipeline connections. The service-side problem was identified on April 8, 2026, with a hotfix deployed for Azure App Service Bitbucket integration. Enterprise customers had to temporarily move away from Azure DevOps pipelines during the outage.
Atlassian Rovo Model Context Protocol Server GA
Atlassian's Rovo MCP Server reached general availability for Jira, Confluence, and Compass, enabling AI tools to securely read and write Atlassian Cloud data with enterprise-grade controls. The service includes domain allowlists, IP allowlist support, and comprehensive audit logging. This positions Atlassian to compete directly with emerging Data Command Center solutions by providing AI-native data access.
Jira Moves to Seasonal Release Cycle
Atlassian announced Jira Software and Jira Work Management will transition to seasonal releases starting May 2026, bundling user-facing features quarterly instead of continuous deployment. Security fixes remain immediate while AI capabilities like Rovo Chat continue updating independently. Premium customers receive sandbox preview one month before production deployment for testing critical integrations.