Language Selection

English French German Italian Portuguese Spanish

Git 2.26.0

Filed under
  • Git v2.26.0 released
    The latest feature release Git v2.26.0 is now available at the
    usual places.  It is comprised of 504 non-merge commits since
    v2.25.0, contributed by 64 people, 12 of which are new faces.
    The tarballs are found at:
    The following public repositories all have a copy of the 'v2.26.0'
    tag and the 'master' branch that the tag points at:
      url =
      url = git://
      url =
    New contributors whose contributions weren't in v2.25.0 are as follows.
    Welcome to the Git development community!
      Abhishek Kumar, Benno Evers, Emir Sarı, Eyal Soha, Harald
      van Dijk, Jacques Bodin-Hullin, Kir Kolyshkin, Lucius Hu,
      Luke Bonanomi, Peter Kaestle, Rasmus Jonsson, and Shourya Shukla.
    Returning contributors who helped this release are as follows.
    Thanks for your continued support.
      Alban Gruin, Alessandro Menti, Alexander Shopov, Alexandr
      Miloslavskiy, Beat Bolli, Bert Wesarg, brian m. carlson,
      Christian Stimming, Christopher Diaz Riveros, David Turner,
      Denton Liu, Derrick Stolee, Đoàn Trần Công Danh, Elijah
      Newren, Emily Shaffer, Eric Sunshine, Fangyi Zhou, Hans
      Jerry Illikainen, Hariom Verma, Heba Waly, Jean-Noël Avila,
      Jeff King, Jiang Xin, Johan Herland, Johannes Berg, Johannes
      Schindelin, Johannes Sixt, Jonathan Nieder, Jonathan Tan, Jordi
      Mas, Junio C Hamano, Kevin Willford, Kyle Meyer, Luke Diamand,
      Martin Ågren, Masaya Suzuki, Matheus Tavares, Matthew Rogers,
      Matthias Rüster, Miriam Rubio, Paolo Bonzini, Peter Krefting,
      Philippe Blain, Pranit Bauva, Pratyush Yadav, Ralf Thielow,
      René Scharfe, SZEDER Gábor, Tanushree Tumane, Taylor Blau,
      Trần Ngọc Quân, and Yi-Jyun Pan.
    Git 2.26 Release Notes
    Updates since v2.25
    Backward compatibility notes
     * "git rebase" uses a different backend that is based on the 'merge'
       machinery by default.  There are a few known differences in the
       behaviour from the traditional machinery based on patch+apply.
       If your workflow is negatively affected by this change, please
       report it to so that we can take a look into
       it.  After doing so, you can set the 'rebase.backend' configuration
       variable to 'apply', in order to use the old default behaviour in
       the meantime.
    UI, Workflows & Features
     * Sample credential helper for using .netrc has been updated to work
       out of the box.
     * gpg.minTrustLevel configuration variable has been introduced to
       tell various signature verification codepaths the required minimum
       trust level.
     * The command line completion (in contrib/) learned to complete
       subcommands and arguments to "git worktree".
     * Disambiguation logic to tell revisions and pathspec apart has been
       tweaked so that backslash-escaped glob special characters do not
       count in the "wildcards are pathspec" rule.
     * One effect of specifying where the GIT_DIR is (either with the
       environment variable, or with the "git --git-dir=<where> cmd"
       option) is to disable the repository discovery.  This has been
       placed a bit more stress in the documentation, as new users often
       get confused.
     * Two help messages given when "git add" notices the user gave it
       nothing to add have been updated to use advise() API.
     * A new version of fsmonitor-watchman hook has been introduced, to
       avoid races.
     * "git config" learned to show in which "scope", in addition to in
       which file, each config setting comes from.
     * The basic 7 colors learned the brighter counterparts
       (e.g. "brightred").
     * "git sparse-checkout" learned a new "add" subcommand.
     * A configuration element used for credential subsystem can now use
       wildcard pattern to specify for which set of URLs the entry
     * "git clone --recurse-submodules --single-branch" now uses the same
       single-branch option when cloning the submodules.
     * "git rm" and "git stash" learns the new "--pathspec-from-file"
     * "git am --show-current-patch" is a way to show the piece of e-mail
       for the stopped step, which is not suitable to directly feed "git
       apply" (it is designed to be a good "git am" input).  It learned a
       new option to show only the patch part.
     * Handling of conflicting renames in merge-recursive have further
       been made consistent with how existing codepaths try to mimic what
       is done to add/add conflicts.
    Performance, Internal Implementation, Development Support etc.
     * Tell .editorconfig that in this project, *.txt files are indented
       with tabs.
     * The test-lint machinery knew to check "VAR=VAL shell_function"
       construct, but did not check "VAR= shell_function", which has been
     * Replace "git config --bool" calls with "git config --type=bool" in
       sample templates.
     * The effort to move "git-add--interactive" to C continues.
     * Improve error message generation for "git submodule add".
     * Preparation of test scripts for the day when the object names will
       use SHA-256 continues.
     * Warn programmers about pretend_object_file() that allows the code
       to tentatively use in-core objects.
     * The way "git pack-objects" reuses objects stored in existing pack
       to generate its result has been improved.
     * The transport protocol version 2 becomes the default one.
     * Traditionally, we avoided threaded grep while searching in objects
       (as opposed to files in the working tree) as accesses to the object
       layer is not thread-safe.  This limitation is getting lifted.
     * "git rebase -i" (and friends) used to unnecessarily check out the
       tip of the branch to be rebased, which has been corrected.
     * A low-level API function get_oid(), that accepts various ways to
       name an object, used to issue end-user facing error messages
       without l10n, which has been updated to be translatable.
     * Unneeded connectivity check is now disabled in a partial clone when
       fetching into it.
     * Some rough edges in the sparse-checkout feature, especially around
       the cone mode, have been cleaned up.
     * The diff-* plumbing family of subcommands now pay attention to the
       diff.wsErrorHighlight configuration, which has been ignored before;
       this allows "git add -p" to also show the whitespace problems to
       the end user.
     * Some codepaths were given a repository instance as a parameter to
       work in the repository, but passed the_repository instance to its
       callees, which has been cleaned up (somewhat).
     * Memory footprint and performance of "git name-rev" has been
     * The object reachability bitmap machinery and the partial cloning
       machinery were not prepared to work well together, because some
       object-filtering criteria that partial clones use inherently rely
       on object traversal, but the bitmap machinery is an optimization
       to bypass that object traversal.  There however are some cases
       where they can work together, and they were taught about them.
     * "git rebase" has learned to use the merge backend (i.e. the
       machinery that drives "rebase -i") by default, while allowing
       "--apply" option to use the "apply" backend (e.g. the moral
       equivalent of "format-patch piped to am").  The rebase.backend
       configuration variable can be set to customize.
     * Underlying machinery of "git bisect--helper" is being refactored
       into pieces that are more easily reused.
    Fixes since v2.25
     * "git commit" gives output similar to "git status" when there is
       nothing to commit, but without honoring the advise.statusHints
       configuration variable, which has been corrected.
     * has_object_file() said "no" given an object registered to the
       system via pretend_object_file(), making it inconsistent with
       read_object_file(), causing lazy fetch to attempt fetching an
       empty tree from promisor remotes.
     * Complete an update to tutorial that encourages "git switch" over
       "git checkout" that was done only half-way.
     * C pedantry ;-) fix.
     * The code that tries to skip over the entries for the paths in a
       single directory using the cache-tree was not careful enough
       against corrupt index file.
     * Reduce unnecessary round-trip when running "ls-remote" over the
       stateless RPC mechanism.
     * "git restore --staged" did not correctly update the cache-tree
       structure, resulting in bogus trees to be written afterwards, which
       has been corrected.
     * The code recently added to move to the entry beyond the ones in the
       same directory in the index in the sparse-cone mode did not count
       the number of entries to skip over incorrectly, which has been
     * Rendering by "git log --graph" of ancestry lines leading to a merge
       commit were made suboptimal to waste vertical space a bit with a
       recent update, which has been corrected.
     * Work around test breakages caused by custom regex engine used in
       libasan, when address sanitizer is used with more recent versions
       of gcc and clang.
     * Minor bugfixes to "git add -i" that has recently been rewritten in C.
     * "git fetch --refmap=" option has got a better documentation.
     * "git checkout X" did not correctly fail when X is not a local
       branch but could name more than one remote-tracking branches
       (i.e. to be dwimmed as the starting point to create a corresponding
       local branch), which has been corrected.
       (merge fa74180d08 am/checkout-file-and-ref-ref-ambiguity later to maint).
     * Corner case bugs in "git clean" that stems from a (necessarily for
       performance reasons) awkward calling convention in the directory
       enumeration API has been corrected.
     * A fetch that is told to recursively fetch updates in submodules
       inevitably produces reams of output, and it becomes hard to spot
       error messages.  The command has been taught to enumerate
       submodules that had errors at the end of the operation.
       (merge 0222540827 es/fetch-show-failed-submodules-atend later to maint).
     * The "--recurse-submodules" option of various subcommands did not
       work well when run in an alternate worktree, which has been
     * Futureproofing a test not to depend on the current implementation
     * Running "git rm" on a submodule failed unnecessarily when
       .gitmodules is only cache-dirty, which has been corrected.
     * C pedantry ;-) fix.
     * "git grep --no-index" should not get affected by the contents of
       the .gitmodules file but when "--recurse-submodules" is given or
       the "submodule.recurse" variable is set, it did.  Now these
       settings are ignored in the "--no-index" mode.
     * Technical details of the bundle format has been documented.
     * Unhelpful warning messages during documentation build have been squelched.
     * "git rebase -i" identifies existing commits in its todo file with
       their abbreviated object name, which could become ambiguous as it
       goes to create new commits, and has a mechanism to avoid ambiguity
       in the main part of its execution.  A few other cases however were
       not covered by the protection against ambiguity, which has been
     * Allow the rebase.missingCommitsCheck configuration to kick in when
       "rebase --edit-todo" and "rebase --continue" restarts the procedure.
       (merge 5a5445d878 ag/edit-todo-drop-check later to maint).
     * The way "git submodule status" reports an initialized but not yet
       populated submodule has not been reimplemented correctly when a
       part of the "git submodule" command was rewritten in C, which has
       been corrected.
       (merge f38c92452d pk/status-of-uncloned-submodule later to maint).
     * The code to automatically shrink the fan-out in the notes tree had
       an off-by-one bug, which has been killed.
     * The index-pack code now diagnoses a bad input packstream that
       records the same object twice when it is used as delta base; the
       code used to declare a software bug when encountering such an
       input, but it is an input error.
     * The code to compute the commit-graph has been taught to use a more
       robust way to tell if two object directories refer to the same
       (merge a7df60cac8 tb/commit-graph-object-dir later to maint).
     * "git remote rename X Y" needs to adjust configuration variables
       (e.g. branch.<name>.remote) whose value used to be X to Y.
       branch.<name>.pushRemote is now also updated.
     * Update to doc-diff.
     * Doc markup fix.
     * "git check-ignore" did not work when the given path is explicitly
       marked as not ignored with a negative entry in the .gitignore file.
     * The merge-recursive machinery failed to refresh the cache entry for
       a merge result in a couple of places, resulting in an unnecessary
       merge failure, which has been fixed.
     * Fix for a bug revealed by a recent change to make the protocol v2
       the default.
     * In rare cases "git worktree add <path>" could think that <path>
       was already a registered worktree even when it wasn't and refuse
       to add the new worktree. This has been corrected.
       (merge bb69b3b009 es/worktree-avoid-duplication-fix later to maint).
     * "git push" should stop from updating a branch that is checked out
       when receive.denyCurrentBranch configuration is set, but it failed
       to pay attention to checkouts in secondary worktrees.  This has
       been corrected.
       (merge 4d864895a2 hv/receive-denycurrent-everywhere later to maint).
     * "git rebase BASE BRANCH" rebased/updated the tip of BRANCH and
       checked it out, even when the BRANCH is checked out in a different
       worktree.  This has been corrected.
       (merge b5cabb4a96 es/do-not-let-rebase-switch-to-protected-branch later to maint).
     * "git describe" in a repository with multiple root commits sometimes
       gave up looking for the best tag to describe a given commit with
       too early, which has been adjusted.
     * "git merge signed-tag" while lacking the public key started to say
       "No signature", which was utterly wrong.  This regression has been
     * MinGW's poll() emulation has been improved.
     * "git show" and others gave an object name in raw format in its
       error output, which has been corrected to give it in hex.
     * "git fetch" over HTTP walker protocol did not show any progress
       output.  We inherently do not know how much work remains, but still
       we can show something not to bore users.
       (merge 7655b4119d rs/show-progress-in-dumb-http-fetch later to maint).
     * Both "git ls-remote -h" and "git grep -h" give short usage help,
       like any other Git subcommand, but it is not unreasonable to expect
       that the former would behave the same as "git ls-remote --head"
       (there is no other sensible behaviour for the latter).  The
       documentation has been updated in an attempt to clarify this.
     * Other code cleanup, docfix, build fix, etc.
       (merge d0d0a357a1 am/update-pathspec-f-f-tests later to maint).
       (merge f94f7bd00d am/test-pathspec-f-f-error-cases later to maint).
       (merge c513a958b6 ss/t6025-modernize later to maint).
       (merge b441717256 dl/test-must-fail-fixes later to maint).
       (merge d031049da3 mt/sparse-checkout-doc-update later to maint).
       (merge 145136a95a jc/skip-prefix later to maint).
       (merge 5290d45134 jk/alloc-cleanups later to maint).
       (merge 7a9f8ca805 rs/parse-options-concat-dup later to maint).
       (merge 517b60564e rs/strbuf-insertstr later to maint).
       (merge f696a2b1c8 jk/mailinfo-cleanup later to maint).
       (merge de26f02db1 js/test-avoid-pipe later to maint).
       (merge a2dc43414c es/doc-mentoring later to maint).
       (merge 02bbbe9df9 es/worktree-cleanup later to maint).
       (merge 2ce6d075fa rs/micro-cleanups later to maint).
       (merge 27f182b3fc rs/blame-typefix-for-fingerprint later to maint).
       (merge 3c29e21eb0 ma/test-cleanup later to maint).
       (merge 240fc04f81 ag/rebase-remove-redundant-code later to maint).
       (merge d68ce906c7 rs/commit-graph-code-simplification later to maint).
       (merge a51d9e8f07 rj/t1050-use-test-path-is-file later to maint).
       (merge fd0bc17557 kk/complete-diff-color-moved later to maint).
       (merge 65bf820d0e en/test-cleanup later to maint).
  • Git v2.26.0 released

    Version 2.26.0 of the Git source-code management system is out. Significant changes include a reimplementation of the "rebase" mechanism, improvements to sparse checkouts, performance improvements, and more.

  • Git 2.26 Released With Transport Protocol V2 Default, Continued Work Towards SHA256 Hashes

    Git 2.26 is out as the newest feature release for this distributed revision control system.

Git 2.26 fetches faster by default

  • Git 2.26 fetches faster by default

    With the recent release of Git 2.26, the open source distributed version control system uses version 2 of Git’s network fetch protocol by default.

    This protocol, introduced in 2018, addresses a problem with the old protocol, whereby a server would immediately list all of the branches, tags, and other references in the repository before the client could send anything. Use of the old protocol could mean sending megabytes of extra data for some repositories, even when the client only wanted to know about the master branch.


    New config options, including the ability to use wildcards when matching credential URLs. Git config options can be set for all connections or only connections to specific URLs.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security and Proprietary Issues

  • Surprise Capital One court decision spells trouble for incident response

    Break in case of emergency: Language is everything. Delineate clearly in all written comms between a ‘potential incident’ - and an actual one. Don’t start turning one of the hundreds of security events you see into a ‘security incident’ before the most essential facts are understood. Halpert’s threshold for incidents that need to be covered by legal privilege are: a) An incident that gives rise to an obligation to notify a regulator, or a contractual obligation to notify a business partner; or b) An incident that exposed trade secrets or otherwise would affect the share price of a company; or c) An incident that would cause significant reputational hit to the company; or d) An incident in which a crime is committed.

  • Judge rules Capital One must hand over Mandiant's forensic data breach report

    It’s a significant ruling that effectively affords the attorneys suing Capital One with a breakdown of which bank behaviors were successful, and which failed. It’s common for Fortune 500 companies to keep incident response firms like Mandiant on retainer, though it’s rare for those firms’ insights on high profile breaches to be made public. Similar rulings in the future could provide aggrieved customers with ammunition to seek higher pay-outs in court.

  • Retrotech: The Novell NetWare Experience

    In the simplest terms possible, NetWare was a dedicated network operating system. It was designed around fast and reliable network operations at the expense of almost everything else. Novell had invested massive amounts of research in figuring out how to do fast I/O and minimizing any delays from hardware related sources. The end result was a very lean system that remained stable and performant with a large number of clients attached. As networking was Novell's bread and butter, NetWare had excellent support for everything: clients were available for DOS, Windows, UNIX, Macintosh, OS/2 and probably other platforms I've never even heard of.

    The early history of NetWare is very muddled, and pre-2.0 versions have been lost to time. This compounded with poor documentation has made it very difficult to trace the early history of the product. However, while NetWare was not the first (or only) network product for IBM PCs, it quickly became the largest, displacing IBM's PC Network, and laughed at Microsoft's LAN Manager, and IBM OS/2 LAN Server.

    While NetWare did compete on UNIX, Sun had already gotten their foot in the door by porting NFS and making it the de-facto solution for all UNIXs of the era, as well as Linux. Meanwhile, Apple held onto AppleTalk which itself survived well into the early 2000s when NetWare had already disappeared into the aether. The explosion of Wintel PCs throughout the 90s had given NetWare a market position that should have been very difficult to dislodge.

    The full story of NetWare's fall from grace is a story for another time, but I do want to go into the more technical aspects that were both the boon and bane of NetWare. Much of NetWare's success can be attributed to its own IPX protocol which made networking plug and play and drastically lowered latencies compared to NetBIOS or even TCP/IP.

  • Polish malspam pushes ZLoader malware

    When enabling macros on the malicious Excel spreadsheet, the victim host retrieved the ZLoader DLL as shown in the previous section, saved the DLL to the victim's Documents folder, and ran it using rundll32.exe.

  • Microsoft Defender SmartScreen is hurting independent developers

    But what is SmartScreen?

    SmartScreen collects installation data from all Windows users in order to establish “reputation”. If the program does not have an established good reputation, you get this big warning message. By this time most users have deleted the .exe already thinking it is a malware, but SmartScreen can be bypassed by clicking on “More info” then “Run anyway”.

    The digital signature racket

    But let’s say you bite the bullet, you buy yourself an overpriced piece of prime numbers generated by a computer, sign your code and re-publish your application. You can now start getting users to install your app right? Wrong.

    But how do you build reputation? First of all, Microsoft needs to be able to gather information on who has published the app, and this is done by a code signing certificate. The most obvious implication is that unsigned apps will always trigger SmartScreen. The more insidious implication is that acquiring a code signing certificate is a big expense for an individual developer. There is currently no “Let’s Encrypt” equivalent to code signing certificates; so you have to purchase it from trusted authorities. The price range is wide but a certificate only valid for a year will typically go for about $100.

  • #Privacy: Michigan State University struck by ransomware attack

    It remains unclear as to how and when the attack happened, and what the ransom demand is.

    NetWalker is one of twelve ransomware gangs who threaten to publish data in revenge if organisations refuse to pay the ransom demand.

    MSU have not official disclosed the incident, however, an MSU spokesperson, Dan Olsen shared the following statement to EdScoop: “We are aware of a possible intrusion and we are actively looking into it.”

  • MSU: We won't pay [attacker] demanding ransom, threatening university over records

    University officials believe the latest breach occurred on Memorial Day and took relevant computer systems offline within hours of the intrusion, according to a news release. It compromised data associated with the Department of Physics and Astronomy, and information technology teams are coordinating with law enforcement to understand the scope of the breach. Investigators are notifying and providing support to affected MSU affiliates as they are identified.

    The cybersecurity breach, known as a ransomware attack, first became public May 27 when a [cr]acker-affiliated blog posted screenshots of files allegedly belonging to MSU affiliates. Images circulating on social media include a redacted passport and a list of transactions related to physics and astronomy projects. They also show a countdown clock that warns of “secret data publication” less than one week from when the screenshots were taken.

  • Michigan State target of ransomware attack threatening to release university data

    The ransom demanded was not specified, but the ransomware gang is prepared to release the university's documents.

    The NetWalker, a newer form of ransomeware sometimes labeled as Mailto, blog post threatened publication of 'secret' documents dated with a countdown clock with close to a week remaining.

  • Malware Team NetWalker Launches Ransomware Attack Against Weiz

    The Malware team NetWalker launched a new ransomware attack against the Austrian village of Weiz which affected the public service system and leaked a lot of the stolen data from building applications as we are about to read more in the following latest cryptocurrency news.

    According to the cybersecurity firm Panda Security, the Malware team managed to enter the town’s public network through phishing emails related to the Coronavirus pandemic. The subject of the emails which was ‘’information about the coronavirus’’ was used to bait the employees of the public infrastructure of the city into clicking on malicious links which triggered the ransomware.

    Panda Security claims that the ransomware attack belongs to a new version of a ransomware family that spreads by using VBScripts. If the infection is successful, it will spread through the entire windows network to which the infected machine is related. The report details that the ransomware terminates and services under Windows which encrypts files on all available disks thus eliminating the backups.

  • Inside a ransomware gang’s attack toolbox

    The crooks deployed a pirated copy of the Virtual Box virtual machine (VM) software to every computer on the victim’s network, plus a VM file containing a pirated copy of Windows XP, just to have a “walled garden” for their ransomware to sit inside while it did its cryptographic scrambling.

    But that’s far from everything that today’s crooks bring along for a typical attack, as SophosLabs was able to document recently when it stumbled upon a cache of tools belonging to a ransomware gang known as Netwalker.

  • Researchers Dive Into Evolution of Malicious Excel 4.0 Macros

    For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 (XL4) macros, observing the fast pace at which malware authors change them to stay ahead of security tools.

    A central part of many organizations’ productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities.

    During their five-month research, Lastline observed thousands of malicious samples, clustered into waves that provide a comprehensive picture of how the threat has evolved in both sophistication and evasiveness.

  • MSU won't pay ransom to [cr]acker who stole financial documents, personal information

    EdScoop reported the ransomware attack on May 27 and provided screenshots from a blog on the dark web, showing what appear to be a student's passport, MSU financial documents and files from the MSU network, as well as a countdown that had about one week remaining as of May 27.

  • Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

    Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

    The attacks were aiming to download wp-config.php, a file critical to all WordPress installations. The file is located in the root of WordPress file directories and contains websites’ database credentials and connection information, in addition to authentication unique keys and salts. By downloading the sites’ configuration files, an attacker would gain access to the site’s database, where site content and credentials are stored, said researchers with Wordfence who spotted the attack.

    Between May 29 and May 31, researchers observed (and were able to block) over 130 million attacks targeting 1.3 million sites.

  • Denial of service attacks against advocacy groups skyrocket

    Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S.

    In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. The company did not disclose which websites were affected, specifically.

Reading about open source in French

English speakers have so many wonderful open source resources that it's easy to forget that communications in English aren't accessible to everyone everywhere. Therefore, I've been looking for great open source resources in Spanish and French, so I can recommend them when the need arises. One I've been looking at recently is, which seems to be a fine "agora" for all sorts of interesting conversations in French about open source specifically and open everything else as well. Read more

Open Source Password Manager Bitwarden Introduces Two New Useful Features: Trash Bin & Vault Timeout

Bitwarden is unquestionably one of the best password managers available for Linux. It’s also a cross-platform solution — so you can use it almost anywhere you like. You can also read our review of Bitwarden if you want to explore more about it. Now, coming back to the news. Recently, Bitwarden introduced two new major features that makes it even better. Read more

6 Kubernetes Security Best Practices Every Linux Administrator Should Know

Kubernetes is a popular container orchestration platform used by many professionals around the world. It’s an open-source platform that enables you to manage containerization, providing you with feature-rich controls. However, Kubernetes is not easy to learn and maintain. To properly secure Kubernetes operations, you need to adopt certain best practices. Read more