The big story right now is the recently uncovered backdoor in liblzma (aka XZ) – a relatively obscure compression library that happens to be a dependency of OpenSSH.

This incident is noteworthy for so many reasons: the exploit itself, how it was deployed, how it was found, what it says about our industry & how the community reacted. Let’s dig in!

Leave us a comment

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Sponsors:

• Sentry – AI-powered Autofix debugs & fixes your code in minutes. Give it a try… oh, and don’t forget to use code CHANGELOG when you sign up for Sentry to get $100 off their team plan. ✊
• Tailscale – Adam loves Tailscale! Tailscale is programmable networking software that’s private and secure by default. It’s the easiest way to connect devices and services to each other, wherever they are. Secure, remote access to production, databases, servers, kubernetes, and more. Try Tailscale for free for up to 100 devices and 3 users at changelog.com/tailscale, no credit card required.

Featuring:

• Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn

Show Notes:

All links mentioned in this episode of Changelog News (and more) are in its companion newsletter.

Something missing or broken? PRs welcome!