The GitHub Blog

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library is key for maintaining privacy between servers and clients, and confirming that Internet servers are who they say they are.

This vulnerability, known as Heartbleed, would allow an attacker to steal the keys that protect communication, user passwords, even the system memory of a vulnerable server. This represents a major risk to large portions of private traffic on the Internet, including github.com.

Note: GitHub Enterprise servers are not affected by this vulnerability. They run an older OpenSSL version which is not vulnerable to the attack.

As of right now, we have no indication that the attack has been used against github.com. That said, the nature of the attack makes it hard to detect so we're proceeding with a high level of caution.

What is GitHub doing about this?

UPDATE: 2014-04-08 16:00 PST - All browser sessions that were active prior to the vulnerability being addressed have been reset. See below for more info.

We've completed a number of measures already and continue to work the issue.

1. We've patched all our systems using the newer, protected versions of OpenSSL. We started upgrading yesterday after the vulnerability became public and completed the roll out today. We are also working with our providers to make sure they're upgrading their systems to minimize GitHub's exposure.

2. We've recreated and redeployed new SSL keys and reset internal credentials. We have also revoked our older certs just to be safe.

3. We've forcibly reset all browser sessions that were active prior to the vulnerability being addressed on our servers. You may have been logged out and have to log back into GitHub. This was a proactive measure to defend against potential session hijacking attacks that may have taken place while the vulnerability was open.

Prior to this incident, GitHub made a number of enhancement to mitigate attacks like this. We deployed Perfect Forward Secrecy at the end of last year, which makes it impossible to use stolen encryption keys to read old encrypted communication. We are working to find more opportunities like this.

What should you do about Heartbleed right now?

Right now, GitHub has no indication that the vulnerability has been used outside of testing scenarios. However, out of an abundance of caution, you can:

1. Change your GitHub password. Be sure your password is strong; for more information, see What is a strong password?
2. Enable Two-Factor Authentication.
3. Revoke and recreate personal access and application tokens.

Stay tuned

GitHub works hard to keep your code safe. We are continuing to respond to this vulnerability and will post updates as things progress. For more information as it's available, keep an eye on Twitter or the GitHub Blog.

Computer science professor, Armando Fox, is one of the thousands of teachers who use GitHub to give their students hands-on experience writing software in teams.

On a recent trip to UC Berkeley, we spoke with Armando and some of his students about open source, education, and the essential experience gained by building software for a real customer.

Teachers and students are eligible for free private repositories on GitHub. Learn more at education.github.com.

Sometimes when you’re in the zone, you get a ton of work done before you have a chance to pause and commit. You want to break the commit down to describe the logical changes you’ve made, and it doesn’t always break down cleanly file by file. You want to select some parts of your changes to commit at a time. That’s easy in GitHub for Mac.

Select one or more lines to commit by clicking on the line numbers in the gutter. In the latest release, you can select a block of changes at a time. Hover over the right hand side of the line numbers to get a preview of what will be selected, and click to select.

You can select multiple lines or blocks of changes by clicking and dragging. The left of the line numbers will select line by line, and the right will select block by block.

Now you can commit your selected changes, leaving the rest for a later commit.

We've added support for editing labels on existing issues with the l hotkey.

You can also edit milestones and assignees the same way.

At GitHub, we use lists for collaborating on software development, because lists are a simple and powerful tool for collaborating on anything. That's why we're introducing better visualization of list arrangements in our rendered prose diff view.

In Markdown, making a list is incredibly easy. You can make an unordered list by preceding list items with either a * or a -.

* Item
* Item
* Item

Nested lists are very useful for associating supplementary information such as notes to an item. To nest a list, indent the nested items:

* A list item
  * A nested list's first item
  * A nested list's second item
  * A nested list's third item
* Another list item

For example, many teams use issues and pull requests to keep track of what they're working on right now, and use a Backlog to keep track of features that haven't been scheduled yet:

Tracking Changes Over Time

Being able to see changes over time gives teams a perspective on the features and requirements that have been added to projects. We can see at a glance when features are added:

Removed:

Or changed:

Whether numbered or not, the order of items is usually significant. Rendered prose diffs show you when items have been moved up or down:

Work together, better

It's easy to see when list items have been added, removed, changed, or moved, just as it's easy to review changes to all of your documents in GitHub.

And unlike other products that place your documents in their own "silos," you can use as much or as little of the GitHub toolset to manage and track your documents. Pull requests, organizations, commits, repos, issues, comments, source diffs, and rendered prose diffs: Everything is available and everything works together with your development tools.

GitHub makes collaborating with lists 1,337% more awesome by tracking and visualizing the changes over time using the same powerful tools your team already uses to manage your code.

Join us for GitHub's first-ever drinkup in Budapest on Tuesday, April 1!

@jhosman and @emilyistoofunky will be in town for the Write the Docs EU conference. Come join them at Lokál for on GitHub!

The Facts:

• Tuesday, April 1 at 7 pm
• Lokál Kávézó és Bár, Dob u. 18., Budapest

Egészségedre!

We're excited to be in town for the first ever Ruby Conference in the Philippines, and possibly even more excited to be hosting the after party!

On the last night of the conference, we'd like to invite you to come to Bugsy's Bar & Bistro and hang out with @michaeltwofish, @calavera, @rubiojr, and local lad @meatcoder.

This is open to everyone, even if you didn't make it to the conference, so come along. We'll buy you your favorite drink and we can all talk tech. Kita-kita tayo doon.

The Facts:

• Saturday, 29 March at 7 pm
• Bugsy's Bar & Bistro

If you're anything like us, you get involved in lots of conversations on GitHub over the course of your day. Sometimes, a good conversation from earlier in the day is left behind and forgotten about, and you don't know if anyone else has commented after you (to tell you they completely agree with your well-written opinion, of course!).

To make sure you're always up-to-date, the page title now lets you know how many comments have been added since you last peeked at the conversation.

When you come back to the conversation, any unread comments will be highlighted, making it easy to pick up right where you left off:

We're excited to welcome Sahra to the sales team as an Account Manager! Sahra will work to develop, manage and grow relationships with our existing customer base of businesses.

Fun Facts:

• Former jobs as a telephone psychic and doula
• Practices acro yoga
• Amazing poodle/bichon mix named Teddy

Sahra in her spare time also roasts her own coffee beans and cures her own bacon.

You can follow Sahra on GitHub.

Welcome Sahra!

Good news, everyone! Changing your public profile picture just got easier.

1. Click the "Account Settings" icon in the header.
2. Upload a picture of your awesome new haircut.
3. Crop the picture and save it.

You can keep using Gravatar; we just want to make it easier to update when the time comes to rebrand yourself.

GitHub is coming to Oxford!

Come join @arfon at Raoul's on Tuesday, March 25th at 7:30pm and enjoy some of the finest in Oxford (UK).

The Facts:

• Tuesday, March 25th, 7:30pm-10pm
• Raoul's Bar, Walton St, Oxford OX2 6AA, United Kingdom

Next Thursday, March 27th, we're hosting another Patchwork night at GitHub HQ! Patchwork nights are hands-on learning Git and GitHub.

Patchwork night is great for people new to Git and GitHub. By the end of the night you'll have your first pull request on an open source project merged and green squares on your contribution graph!

If you want to help mentor future open sourcers, this night is for you, too. You and Hubbers will help attendees with questions throughout the workshop. If you completed the workshop in January, you're ready to mentor, and we'd love to see you again!

We got great feedback from the last event and are going to build time into the night to talk about getting involved in open source and workflows. Myself, @muan, @alysonla, @mdo, @chrissiebrodigan, other Hubbers and the mentors will all be on hand to answer your queries!

Also, no coding experience required! RSVP here.

Details:

• For: Git and GitHub beginners
• When: Thursday, March 27th, 2014 6p - 9p
• Where: GitHub HQ, 88 Colin P. Kelly Jr. St., San Francisco, CA

Photo by takempf

Our marketing and community efforts recently grew in strength and size with the addition of Chris Kelly to our team.

Chris got his start with computers in 1993, learning to write HTML and viewing his work in Lynx. From there he studied philosophy, attempted to modernize the publishing industry, and perhaps most importantly, worked at a company that printed Star Wars and Disney scenes...on window blinds. About the only thing he hasn't done is pioneer one of the 90's most important fashion trends. We'll try to forgive him.

You can follow Chris on GitHub and Twitter.

Welcome, Chris!

In addition to seeing your browser session activity, you can now view activity for your SSH keys and OAuth tokens as well.

SSH key activity

Find the most recent activity for each key in the SSH keys section of your account settings.

OAuth token activity

For OAuth tokens, check out the Applications section of your account settings.

As always, we recommend that you keep an eye on these credentials and remove any keys or tokens that you no longer need.

We love watching trending repositories on GitHub every day. All kinds of interesting projects bubble up and there is always something new to catch your eye. We want to collect repositories we find interesting into categories for you.

Showcases are a new way to discover related repositories on GitHub. We take the most interesting trending repositories and curate lists to explore by topic. A lot like the staff shelf at your local book store.

On a showcase page, you'll find the full list of repositories that we're showcasing, including why we think they're special. On the right you will have a place to search all showcases, view related showcases, and any newly created showcases.

You can browse the showcase listing page to read through them all. You can also subscribe to the atom feed and stay up-to-date.

Thanks for reading and happy Exploring!