Bash vulnerability patched and verified

Posted by Chris Nagele

Today, a vulnerability in SSH (CVE-2014-6271) was made public. The vulnerability addresses a weakness in Bash that allows for arbitrary code execution when initializing environment variables. Attackers could exploit the vulnerability if they had SSH access to our Git servers.

Once alerted, we quickly patched every Git front-end in our system and verified that the patch fixed the problem. After fixing Git, we continued patching every server in all of our data centers for good measure.

We’ve audited our systems and currently have no indications of any unauthorized access or malicious activity.

Modular webhooks integration

Posted by Artem Chistyakov

Today we’re launching Modular webhooks — a new way to connect your Beanstalk repository to external services. We launched our existing Webhooks integration in early 2009 and have learned a lot since then. The new integration offers more flexibility and simplifies the setup process for both webhook developers and repository owners. Let me guide you through the most important changes.

A fresh coat of paint

Posted by Eugene Fedorenko

It’s a beautiful summer here in Philadelphia and our team started to get tired of all the dark brown backgrounds in Beanstalk. So what can be a better time to give it a slight facelift? Those of you with a sharp eye might have noticed that some things changed this morning.

Wizards are bigger and lighter:

Wizards before and after redesign

All other pages lost some weight too. The dark background was removed and the footer is hidden below the fold now:

Pages before and after redesign

Hope you’ll like the fresh new look!

Reinventing Subversion Branches

Posted by Chris Nagele

It’s well known that Subversion branching has lacked functionality compared to Git. It’s something our SVN customers have often struggled with. Since we support both Subversion and Git, we wanted to give the same powerful tools to our growing Subversion customers that our Git customers have come to love. Chris Ledet and Eugene teamed up and delivered something amazing.

I’m very happy to introduce the Subversion Branches page. It’s now possible to create a productive branching workflow for your team, directly from the Beanstalk interface. You can create, merge, reintegrate and even compare Subversion branches in Beanstalk.

Branches page

Instantly create new branches

From the branches page, you can view all current branches that reside under the /branches directory, or a directory of your choice. You can then quickly create a new branch from the interface. This makes it easier to start a new update or feature in a new branch, isolating your work from the main trunk.

Create new branches

Merge and Reintegrate

As you work in branches, it’s important to keep your branch up to date as changes are made to trunk. This avoids further conflicts as you continue to make changes. Merging changes from trunk can be initiated directly from the Branches page as often as you’d like.

In addition, when a feature is tested and ready, you need to reintegrate it back into the stable branch or trunk. With the new Branches page, this is a one-click operation. Everything happens automatically without ever touching command line.

Compare view for Subversion branches

The ability to compare branches in Git is taken for granted. In Subversion however, it was mostly regarded as impossible. There are no native tools to make this happen. We feel that comparing is an essential tool for teams to work in branches, so we we made it possible. You can now compare the differences between any branch, including lines of code, contributors, tickets from integrations and files changed.

To learn more about branches in Subversion, read our in depth guide.

While Git is growing fast, we still consider Subversion a worthy system for managing code. Our commitment to Subversion is here to stay and we’ll continue to innovate on features like the Branches page. We’re really excited about this update and would love to hear your feedback.

Update on Heartbleed vulnerability

Posted by Natalie Nagele

We’ve been spending the last two days auditing and responding to the OpenSSL vulnerability that’s known as Heartbleed. This bug is notable because it is widespread (around 70% of the Internet uses Apache and Nginx, and by extension, OpenSSL) and can cause disclosure of sensitive data, including private keys and passwords. The issue has been assigned the following CVE identifier: CVE-2014-0160.

On Tuesday, April 8th, our initial action was to promptly begin applying security updates as they became available for the varying types of systems we use. As a precaution, we also cleared all logged in sessions for all accounts and users, this required everyone to login again.

We’ve audited our systems and currently have no indications of any unauthorized access, however as a precaution, we rekeyed and reissued all of our SSL certificates. Because of the SSL certificate update, if you’re using SVN you will most likely have to accept the new certificate next time you connect to the repository.

Out of an abundance of precaution, we do recommend resetting your password. And as a reminder, Beanstalk supports and encourages 2-step verification. Please enable it in your account.

We know this is affecting an incredible amount of apps and websites, many run by our own customers. If we can help you based on our own knowledge, please get in touch. And of course, if you have any concerns, please email support.