ci-cd
Browse all articles, tutorials, and guides about ci-cd
Posts
When the SSH Server Attacks the Client: libssh2 CVE-2026-55200
You spent years hardening sshd. This bug does not care. CVE-2026-55200 is a pre-auth heap overflow in libssh2 where a malicious SSH server takes over the client that connects to it, no credentials needed. And libssh2 is a client library hiding in curl, git tooling, and backup jobs all over your pipeline. Here is the bug, who is actually exposed, and how to find it in your stack.
Preview Environments That Include the Backend, Not Just the Frontend
Every PR gets a frontend preview URL. The backend is almost always one shared staging database, so previews quietly lie to you. On Neon a branch is the database, its data, and the functions together, so each PR can get a real isolated backend. Here is the workflow, tested end to end.
npm v12 Will Stop Running Install Scripts. We Audited Our Repos to See What Actually Breaks
Starting with npm v12 (estimated July 2026), dependency install scripts will not run unless you allowlist them. We ran the new audit tooling on our own production repos: 65 packages flagged, 4 that matter, and a surprising amount of nothing breaking.
CVE-2026-3854: A Single git push Owned GitHub
A semicolon in a git push option let any authenticated user run code on GitHub.com's backend and on 88% of self-hosted GitHub Enterprise installs. Here is how the bug worked and what to do.