GitHub Desktop 1.5 to be Rolled Out

New release includes a lot of features and improvements, based on the users' feedback
15 November 2018   657

GitHub has updated GitHub Desktop, the desktop application of its service, to version 1.5.

This release includes:

  • the feature to initiate the merging of branches, create and clone repositories through the drop-down menu;
  • automatic search for conflicting merge files;
  • alert on completion of the merge.

In previous versions, the application reported whether a merge conflict would occur. The user had to solve the problem on his own.

In GitHub Desktop 1.5, this process is automated. Now, the application will notify the developer of the presence of conflicting files, list them, run the code editor to fix the problem, and even report when the branches are ready to merge. 

GitHub listened to users' feedback. GitHub Desktop 1.5 will allow you to start a merge through a drop-down menu, and also notify you when the process is complete. Using the repository drop-down list, you can now create or clone repositories.

Full working version of the application GitHub launched in September 2017.

Ruby and Rails to Get New Updates

Six vulnerabilities in the RubyGems package management system are now fixed and three in Rails framework
14 March 2019   124

There are corrective versions of the Ruby 2.6.2 and 2.5.4 programming language, which eliminate six vulnerabilities in the RubyGems package management system:

  • CVE-2019-8324: the ability to execute code when installing an untested package (an attacker can place the code on the gemspec and this code will be executed via a call to eval to ensure_loadable_spec at the verification stage before installation);
  • CVE-2019-8320: the ability to delete directories through manipulations with symbolic links when unpacking tar files;
  • CVE-2019-8321: the ability to substitute escape sequences through the handler Gem :: UserInteraction # verbose;
  • CVE-2019-8322: the ability to substitute escape sequences through the command "gem owner";
  • CVE-2019-8323: Ability to substitute escape sequences in the API handler (Gem :: GemcutterUtilities # with_response);
  • CVE-2019-8325: The ability to substitute escape sequences through error handlers (Gem :: CommandManager # run calls alert_error without escaping characters).

In addition, an update was provided to the Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2 framework. and 6.0.0.beta3 with the elimination of three vulnerabilities:

  • CVE-2019-5420 - potentially allows you to remotely execute your code on the server, when Rails is running in Development Mode. If there is information about the attacked application, you can predict the automatically generated mode token for developers, knowledge of which allows you to achieve the execution of your code;
  • CVE-2019-5418 is a vulnerability in the Action View that allows you to get the contents of arbitrary files from the server's file system by sending a specially crafted HTTP Accept header if the code in the "render file:" handler is present.
  • CVE-2019-5419 - DoS-vulnerability in Action View (MODULE / COMPONENT), allowing to achieve 100% load on the CPU through manipulations with the contents of the HTTP-header Accept;