This week we have some security concerns as well as some general cool new things in DevOps to talk about.
Security Flaw in NGINX Ingress Controller
There are some general new CVEs that have some pretty high scores on them. This is just some no path sanitization, annotation injection, and code injection. These are overall some major concerns that are certainly something to be aware of. There are currently some things that can be done to help prevent things around enabling strict-validate-path-type. Ultimately the hope is for a full fix soon.
Executive Order on Artificial Intelligence
The White Hosue has released an executive order around Artificial Intelligence. We are still reviewing this internally and hope to have a full write up next week detailing some thoughts and opinions on it.
SolarWinds RCE
SolarWinds has a new RCE that can enable a Network takeover. This is something that you need to ensure all of your current patches are up to date and be prepared to patch the moment this one is fixed.