OpenSSL
3.0.7 and “Text4Shell” might be the
most recent critical vulnerabilities to plague your development
team, but they won’t be the last.In 2021, critical vulnerabilities
reached a record
high.Attackers are even reusing their work, with over 50% of
zero-day attacks this year being variants of
previously-patched vulnerabilities. With each new
security vulnerability, we’re forced to re-examine our current
systems and processes.If you’re impacted by OpenSSL or Text4Shell
(aka CVE-2022-42889),
you’ve probably asked yourself, “Are we using
This month, we’ve got some new extensions so good, they’re
scary!Docker Extensions build new functionality into Docker
Desktop, extend its existing capabilities, and allow you to
discover and integrate additional tools that you’re already using
with Docker.Let’s take a look at some of the recent ones.And if
you’d like to see everything available, check out our full Extensions Marketplace!
Drone CI
Do you need to build and test a container friendly pipeline before
sharing with your team?Or do you need
The Technical Preview of Docker+Wasm is now available!Wasm has
been producing a lot of buzz recently, and this feature will make
it easier for you to quickly build applications targeting Wasm
runtimes.
As part of this release, we’re also happy to announce that
Docker will be joining the Bytecode Alliance as a
voting member.The Bytecode Alliance is a nonprofit organization
dedicated to creating secure new software foundations, building on
standards such as WebAssembly and WebAssembly System Interface
(WASI).
CVE-2022-42889, aka “Text4Shell”, is a vulnerability in the popular
Java library “Apache Commons Text” which can result in arbitrary
code execution when processing malicious input.More information can
be found at GitHub advisory or this
Apache thread.
What can an attacker do?
If you’re vulnerable, an attacker can inject malicious input
containing keywords which can trigger:
With the rise of remote-first and hybrid work models in the tech
world, promoting developer engagement has become more important
than ever.Maintaining a culture of engagement, productivity, and
collaboration can be a hurdle for businesses making this new shift
to remote work.But it’s far from impossible.
As a fully-remote, developer-focused company, Docker was thrilled
to join in a like-minded conversation with RedMonk and Miva.Jake
Levirne (Head of Product at Docker) was joined by Jon Burchmore
(CTO at Miva) for a talk led by RedMonk’s Sr.
