Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Authentication Bypass in ruby-saml

2025-03-15
Critical Authentication Bypass in ruby-saml

Researchers at GitHub Security Lab discovered two critical authentication bypass vulnerabilities (CVE-2025-25291 and CVE-2025-25292) in the ruby-saml library. Attackers can use a single valid signature to forge SAML assertions, allowing account takeover by logging in as any user. The vulnerability stems from ruby-saml's use of two different XML parsers (REXML and Nokogiri), creating a parser differential exploited by attackers. Version 1.18.0 fixes the vulnerability; all users are urged to update immediately.

Read more
(github.blog)
Development

GitHub Copilot Gets a Major Upgrade: Agent Mode and GA Copilot Edits

2025-02-06
GitHub Copilot Gets a Major Upgrade: Agent Mode and GA Copilot Edits

GitHub Copilot has received a significant update! The new agent mode empowers Copilot with greater autonomy, enabling it to iterate on code, identify and fix errors, and even infer and complete unspecified subtasks. Copilot Edits is now generally available, offering multi-file code editing with a smooth, conversational flow. Furthermore, GitHub teased Project Padawan, an autonomous software engineer agent that will handle GitHub issues, automatically generate and test code, and even assign reviewers. These updates aim to free developers from mundane tasks, allowing them to focus on more creative work.

Read more
(github.blog)
Development

GitHub Issues Major Update: Sub-issues, Issue Types, and Advanced Search

2025-01-19
GitHub Issues Major Update: Sub-issues, Issue Types, and Advanced Search

GitHub has released a major update to Issues, including sub-issues, issue types, and advanced search. Sub-issues allow breaking down problems into smaller units for better progress tracking. Issue types help teams classify and manage issues with a consistent language. Advanced search enables more complex filtering to find specific issues. The Issues UI has also been updated for improved efficiency and usability. Additionally, CodeQL Action v2 is officially retired, requiring users to upgrade to v3. Secret scanning default patterns now support more secret types, enhancing security.

Read more
(github.blog)
Development Update

GitHub Now Offers Free arm64 Hosted Runners!

2025-01-16
GitHub Now Offers Free arm64 Hosted Runners!

GitHub has announced the free availability of Linux arm64 hosted runners in public repositories (currently in public preview). These runners, powered by Cobalt 100 processors, offer 4 vCPUs and up to a 40% performance boost compared to the previous generation of Arm-based VMs. Arm-native developers can now build, test, and deploy entirely within the arm64 architecture without virtualization. Simply add the `ubuntu-24.04-arm` or `ubuntu-22.04-arm` labels to your public repository workflow to get started.

Read more
(github.blog)
Development hosted runners