InfoQ Homepage News
-
Zip Slip Directory Traversal Vulnerability Impacts Multiple Java Projects
Security monitoring company Snyk has disclosed Zip Slip, an arbitrary file overwrite vulnerability exploited using a specially crafted ZIP archive that holds path traversal filenames. The vulnerability affects thousands of projects including AWS CodePipeline, Spring Integration, LinkedIn's Pinot, Apache/Twitter Heron, Alibaba JStorm, Jenkins, Gradle, and Google Cloud Platform.
-
Ron Jeffries Says Developers Should Abandon "Agile"
Ron Jeffries, author, speaker, one of the creators of Extreme Programming (XP) and a signatory of the Agile Manifesto back in 2001, shared a post on his blog in which he advocates that developers should abandon “Agile”, meaning they should stay away from the “Faux Agile” or “Dark Agile” forms and get closer to the values and principles of the Manifesto.
-
Oracle Lays off Java Mission Control Team after Open Sourcing Product
The Java Mission Control suite of tools, also known as JMC, was open sourced by Oracle on May 3rd with much applause and excitement from the Java development community. The excitement was replaced with unease as sources reported that the entire JMC development team was laid off.
-
Entity Framework Core 2.1 Release Adds Improved SQL Query Generation
Entity Framework Core 2.1 has been released, bringing with it many features existing EF developers have long waited for. EF Core 2.1 adds support for SQL GROUP BY, support for Lazy Loading, and data seeding, among others.
-
Microsoft to Acquire GitHub for $7.5 Billion
Microsoft has announced an agreement to acquire GitHub, the software development platform and web-based hosting service for version control using Git. The deal should close later in the year, and both parties have stated that GitHub will remain an open platform that is committed to supporting developers using any tools and deploying to any platform.
-
Q&A with Martijn Verburg on AdoptOpenJDK and Nestmates
InfoQ recently sat down again with Martijn Verburg, leader of the London Java Community, co-founder of AdoptOpenJDK and CEO of jClarity, and discussed the overall aim of the AdoptOpenJDK build farm, his thoughts on Nestmates and Java 11, 2018 plans for AdoptOpenJDK, and how developers can get involved.
-
Git Vulnerability May Lead to Arbitrary Code Execution
A flaw in Git submodule name validation makes it possible for a remote attacker to execute arbitrary code on developer machines. Additionally, an attacker could get access to portion of system memory. Both vulnerabilities have been already patched in Git 2.17.1, 2.16.4, 2.15.2, and other versions.
-
Microservices to Not Reach Adopt Ring in ThoughtWorks Technology Radar
Whilst microservices come with many benefits over traditional monolithic applications, they can also introduce additional complexity into an organisation, writes Rebecca Parsons, chief technology officer at ThoughtWorks. Because of these tradeoffs, she does not believe that microservices should always be the default architecture choice for a software application.
-
Microsoft Announces Azure Event Hubs for Kafka Ecosystems in Public Preview
During Build 2018, Microsoft announced it would support Kafka clients to integrate with Azure Event Hubs. The Microsoft engineering team responsible for Azure Event Hubs made a Kafka endpoint available for users of their service to stream event data into it.
-
ASP.NET Core 2.1 Brings SignalR, Razor Class Libraries
ASP.NET Core 2.1 has been released, and brings a host of new features that include new templates, Razor Class Libraries, and SignalR for ASP.NET Core.
-
Google Kubernetes Engine 1.10 Is Generally Available and Enterprise Ready
Google has announced the general availability of the 1.10 version of their kubernetes engine. Furthermore, in parallel of the 1.10 release, Google will release several new features to support enterprise use cases with the engine like the Shared Virtual Private Cloud (VPC), Regional Persistent Disks and Regional Clusters, Node Auto-Repair and the Horizontal Pod Autoscaler.
-
eBay's Accelerator Data Processing Framework Provides Parallel Execution and Live Recommendations
eBay's Accelerator data processing framework provides parallel execution and automatic organization of source code, input data, and results. It can be used for data analysis, and algorithm development, as well as a live recommendation system.
-
Haskell Adoption and User Satisfaction Growing
The 2018 Haskell User Survey shows very high satisfaction with Haskell’s security, quality, reliability, maintainability, and advanced capabilities, writes FP Complete’s CEO Aaron Contorer. InfoQ has taken the chance to speak with him about Haskell’s current and future landscape.
-
TypeScript 2.9 Release Updates ES.Next Support
TypeScript 2.9 contains several improvements to the language. Support is now available for ES.Next's import.meta, as well as symbols and numeric literals in keyof and mapped object types.
-
2018 Node.js User Survey Report Shows Continued Rapid Growth
On May 31st, 2018, the Node.js Foundation released its 2018 User Survey Report, with insights from more than 1600 participants, spanning 100+ countries. Usage continues to grow rapidly, with over ¾ of participants expecting to expand their use of Node.js in the next year, and significant improvements in ease of learning Node reported, as compared to the 2017 version of the report.