DevOps Platform Updates
scanned 27d ago4Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitLab Patches Critical Duo AI Security Vulnerabilities
GitLab released emergency patches (19.0.1, 18.11.4, 18.10.7) addressing CVE-2026-4868, a high-severity access control flaw in Duo AI workflow runners allowing authenticated users to execute workflows under another user's identity. Additional fixes include DoS vulnerabilities in Wiki components and authorization bypasses in GraphQL APIs.
GitHub Extends Secret Scanning to AI Coding Agents
GitHub shipped 37 new secret detectors and extended scanning capabilities to AI coding agents via MCP Server. Push protection now covers 39 token types by default. This addresses the growing security gap as AI agents generate code at scale, providing detection earlier in the pipeline than commit-time protection.
Azure DevOps Bitbucket Integration Breaks After API Deprecation
Microsoft's Azure DevOps integration with Bitbucket failed after Atlassian deprecated APIs (CHANGE-2770), affecting pipelines and workers. A hotfix was deployed on April 8 for App Service integration, but broader Azure DevOps connectivity remains impacted, forcing organizations to consider pipeline migrations.
GitLab Expands Agentic AI with Automated Security Remediation
GitLab 18.11 introduced agentic SAST vulnerability resolution, allowing AI agents to analyze confirmed vulnerabilities, generate code fixes, and open merge requests automatically. New subscription-level spending caps provide cost controls for enterprise-wide GitLab Duo Agent Platform rollouts.