Operations | Monitoring | ITSM | DevOps | Cloud

By now you’ve probably gotten the message – multi-cloud DevOps (or a hybrid on-prem/cloud approach) is the future of development and deployment architectures. The benefits of this approach are pretty clear: future proofing your business, optimizing for performance and availability, avoiding vendor lock-in, leveraging the best tools/elements of each cloud provider, and more.

The new world is “always-on,” hyper-connected, massively distributed, and moving at an accelerated “near-real-time” pace.

A new zero-day exploit in the spring-web package called “SpringShell” (nicknamed “Spring4Shell”) was just leaked and is threatening the internet and the community. The JFrog security research team is investigating the exploit and continuously updating our blog post with technical details on the SpringShell vulnerability.

On March 29th, the cyberkendra security blog posted a sensational post about a Log4Shell-equivalent zero-day vulnerability in Spring Framework, but without any solid details about the vulnerability itself.

If you’re one of the growing number of client app developers embracing the Dart programming language and Flutter and AngularDart toolkits, we’ve got some exciting news for you! JFrog can now welcome Dart developers to the empowerment of Artifactory’s robust binaries management and the ways that it contributes to continuous integration.

Not long ago, developers built applications with little awareness about security and compliance. Checking for vulnerabilities, misconfigurations and policy violations wasn’t their job. After creating a fully-functional application, they’d throw it over the proverbial fence, and a security team would evaluate it at some point – or maybe never. Those days are gone – due to three main shifts.

A few days ago, security researcher Max Kellermann published a vulnerability named DirtyPipe which was designated as CVE-2022-0847. This vulnerability affects the Linux kernel and if exploited, can allow a local attacker to gain root privileges. The vulnerability gained extensive media follow-up, since it affects all Linux-based systems with a 5.8 or later kernel, without any particular exploitation prerequisites.

When automated software delivery runs smoothly, it can whisper, and quietly attend to itself. But when your delivery and distribution pipeline runs into a problem, it must shout. Boosting the volume of Artifactory and Distribution change events and issues through PagerDuty can help ensure they’re heard by everyone whose job it is to monitor your software delivery pipeline.

JFrog’s Security Research team is constantly looking for new and previously unknown security vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered 5 security vulnerabilities in PJSIP, a widely used open-source multimedia communication library developed by Teluu. By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library.

In cloud native computing (Kubernetes in our case), there is a requirement to automatically scale the compute resources used for performing a task. The autoscaling cloud computer strategy allows to dynamically adjust the active number of application servers and allocated resources instead of responding manually in real-time to traffic surges that necessitate more resources and instances.