Liquibase today unveiled Liquibase Change Intelligence and a new suite of Liquibase Secure Deployment Connectors, expanding how enterprises understand, govern, and operationalize database change across modern delivery environments.
The new capabilities are designed to help teams understand database changes, monitor delivery performance, identify risk earlier, resolve issues up to 95% faster, and centralize audit evidence, while extending governed database change into the systems where developers, DBAs, and change teams already work, including ServiceNow, GitHub, Harness, and Terraform.
The announcement addresses a persistent gap in enterprise delivery. While application and infrastructure changes have become more automated, observable, and standardized, database change still too often moves through ticket attachments, side-channel SQL, manual approvals, and inconsistent execution paths. The result is slower investigations, weaker auditability, and more risk around outages, data integrity, and compliance.
Change Intelligence helps teams see what changed and respond faster
Liquibase Change Intelligence is designed to give teams a clearer view of what changed, how changes are moving across environments, where drift is emerging, and what requires attention next.
It brings together deployment activity, environment-level change status, drift signals, policy outcomes, and operational history so teams can answer critical questions faster: What changed? Where did it fail? Which environments are out of sync? Is drift increasing? What needs to be fixed now?
When failures occur, Change Intelligence is designed to help teams investigate with greater speed and context through AI-driven analysis that identifies likely causes and provides remediation guidance. Instead of forcing teams to reconstruct events from scattered logs, tickets, and tribal knowledge, it gives them a more direct path from issue to understanding to action.
Change Intelligence is also designed to help organizations centralize audit evidence for what changed, who approved it, where it ran, and what happened. That gives engineering, security, and compliance teams a more structured and accessible record of database change activity, reducing reliance on screenshots, manual evidence gathering, and fragmented reporting.
New connectors extend governed database change into the tools teams already use
Liquibase also unveiled a new suite of Liquibase Secure Deployment Connectors designed to extend governed database change into the platforms many enterprises already use to plan, approve, and deliver work.
For teams using ServiceNow, the connector is designed to bring database change into the existing approval process so approved tickets can result in governed, auditable deployments instead of manual SQL execution and disconnected handoffs.
For teams using GitHub, the connector is designed to bring database change into the same pull request and workflow model already used for application code, adding policy checks, validation, and deployment history tied to commits and branches.
For teams using Harness, the connector is designed to preserve existing pipelines while adding stronger governance, centralized visibility, and compliance-grade auditability around database changes.
For teams using Terraform, the connector is designed to extend infrastructure as code to the database layer, connecting Liquibase Secure to Terraform-managed instances through existing pipelines while enforcing database policies, applying versioned changeSets, and maintaining a complete audit trail over time.
Together, the connectors are designed to remove one of the biggest barriers to stronger database governance: the belief that teams need to rebuild their workflows to get it. Instead, Liquibase is extending governed database change into the systems teams already use, while strengthening traceability, standardization, and audit evidence across the delivery lifecycle.
Built for a new era of AI, data integrity, and operational accountability
The new capabilities reflect a broader shift in how enterprises are thinking about AI readiness and operational risk.
As AI initiatives expand, more changes are being generated, reviewed, and pushed through delivery systems at higher speed and greater scale. But when database change remains inconsistent, weakly governed, or hard to trace, the resulting risk does not stay isolated at the database layer. It carries into applications, analytics, automation, and AI-driven systems.
By helping organizations better understand database changes, catch drift earlier, investigate failures faster, and centralize audit evidence, Liquibase is giving enterprises a stronger operational foundation for trusted applications, data products, and AI initiatives.
Availability
Liquibase Change Intelligence, Liquibase Secure Deployment Connectors, and related capabilities are expected to begin rolling out in fall 2026. Additional details will be shared closer to availability.
The CISA mandates federal patching of Citrix NetScaler flaw by Thursday
Posted in Commentary with tags CISA, Citrix on March 31, 2026 by itnerdThe CISA has added a new Citrix NetScaler appliance vulnerability to its Known Exploited Vulnerabilities catalog and is giving federal agencies till Thursday to remediate the flaw.
The vulnerability (CVE-2026-3055) is caused by inadequate input validation and can be exploited by unauthenticated remote attackers to extract sensitive data from Citrix ADC or Citrix Gateway appliances configured as SAML identity providers.
Denis Calderone, CTO, Suzu Labs provided this comment:
“Back in 2023 CISA, the FBI, and Australia’s ACSC put out a joint advisory related to CVE-2023-4966, CitrixBleed. That was the same class of vulnerability on the same product family as this new issue, CVE-2026-3055. The issues are memory leaks on NetScaler that let attackers steal session tokens and walk right past authentication, including MFA. We saw LockBit use it to devastating effect against ICBC, Boeing, and DP World, and now we’re looking at another critical memory disclosure flaw on NetScaler. Citrix themselves are warning that exploitation is likely once proof-of-concept code surfaces.
“An out-of-bounds read on a device like this is particularly dangerous because of where NetScaler sits in the environment. It’s at the network boundary, handling authentication and session management.
“NetScaler is often used to build a layer of abstraction between the untrusted, semi-trusted and fully trusted security zones within a network. When memory leaks on a device like that, what spills out isn’t random data. It’s potentially session tokens, authentication material, and credentials. These are the things that let attackers bypass every security control sitting behind it. That’s what made CitrixBleed so devastating, and this vulnerability has the same potential.
“The one piece of good news is that this only affects NetScaler instances configured as a SAML Identity Provider, not default configurations. SOC teams should check right now: search your NetScaler config for ‘add authentication samlIdPProfile’. If it’s there, you’re in scope and you need to patch immediately. If you can’t patch today, consider whether you can disable SAML IDP functionality as a temporary mitigation. Citrix has 21 entries in the CISA KEV catalog at this point. Waiting to see if this gets exploited is not a strategy that has historically worked out with this vendor.”
Jacob Warner, Director of IT, Xcape, Inc. adds this comment:
“Unpatched gateway appliances are the primary door for initial access brokers and nation-state actors, making this 48-hour remediation window a critical operational priority. This vulnerability allows unauthenticated attackers to bypass security boundaries and harvest credentials or session tokens, effectively turning your identity provider into a pivot point for lateral movement across the entire network. Organizations should immediately identify all Citrix ADC and Gateway instances acting as SAML IdPs and apply the vendor-provided firmware updates before the Thursday deadline.
“If immediate patching is not feasible, security teams must evaluate whether to disable SAML functionality or place these appliances behind a restrictive VPN to reduce the attack surface. This is not a drill for the weekend; the inclusion in the KEV catalog confirms that active exploitation is already occurring in the wild.
“Given the history of NetScaler vulnerabilities such as CitrixBleed, the blast radius of a successful exploit likely includes a full bypass of multi-factor authentication (MFA) for downstream applications. Priority should be placed on Internet-facing instances, followed by a comprehensive review of logs for unusual outbound traffic from these appliances.
“I appreciate CISA giving us a Tuesday warning for a Thursday deadline, though I suspect the “unauthenticated remote attackers” didn’t bother waiting for the official calendar invite.”
Rajeev Raghunarayan, Head of GTM, Averlon said this:
“Most organizations measure response in terms of time to patch. The real gap is time to decision. Teams often know about a vulnerability, but they don’t know whether it actually matters in their environment.
“We’ve seen environments with tens of thousands of vulnerabilities where only a handful created meaningful risk based on how they connected to critical systems, especially when identity infrastructure is involved. Without that clarity, everything looks urgent and ends up in the same queue.
“The organizations moving fastest don’t need external deadlines to act. They can quickly determine what matters and treat those cases as incidents. Others rely on external signals like KEV listings to prioritize, rather than identifying that urgency internally.”
If you organization is affected by this, you need to patch this ASAP because threat actors will not wait to exploit this.
Leave a comment »