← back NO. #0eb28110

NO.: #0eb28110
Topic: INFRA & SAAS
Source: RevenueCat Blog
Published: 2026-05-20 01:39:35
Importance: ★ 8/10 — radar 80
Original: www.revenuecat.com/blog/engineering/play-billing-v9/

`Google Play Billing Library` `9.0`, billing and console updates from I/O 2026

Billing, analytics, protection, and Play Console all moved at once. Android subscription code should be reviewed now, not after a build rejection.

[ KEY POINTS ]

Play Billing Library 9.0.0 is a major version, so billing code deserves a compatibility pass before the next Android release.
The update bundle includes AI, Play Console, analytics, and protection changes. Store operations are expanding beyond payment integration.
RevenueCat coverage matters because it usually translates Google Play billing changes into SDK and migration impact.
Apps with Android subscriptions should watch RevenueCat and Google timelines together. Late migration turns into release risk.

Originalwww.revenuecat.com/blog/engineering/play-billing-v9/Read original →

// related

#0001
#0001Infra & SaaS GeekNews3 hours ago
CISA Contractor Leaked `AWS GovCloud` Keys on GitHub
40radar
A public repo exposed high-privilege cloud and internal credentials. Treat secret scanning as a production control, not a checkbox.
- The public Private-CISA repo exposed high-privilege AWS GovCloud credentials, plaintext passwords, tokens, and logs.
- Default protections that block secret publishing appear to have been disabled; one bad repo setting can bypass the whole safety net.
- Immediate takeaway: enforce secret scanning, pre-commit checks, and key rotation even on private or internal repos.
Source: news.hada.io/topic?id=29689Read original →
FIG-0011:1
40radar
FIG-0011:1
#0002
#0002Infra & SaaS GeekNews4 hours ago
`FileBrowser Quantum`: Free Open-Source Self-Hosted Web File Manager
50radar
FileBrowser QuantumSelf-hosted file manager — stronger auth and directory ACLs
A self-hosted file UI adds serious auth and access-control layers beyond basic browsing. Useful when a small product needs internal asset/admin file handling without paying for another SaaS.
- Supports OIDC, LDAP, JWT, password plus 2FA, and proxy auth, so it can fit both simple admin panels and heavier internal setups.
- Directory-level permissions can be set by user or group. That is the real upgrade over a plain shared file browser.
- Runs on SQLite, keeping deployment lightweight. Good fit for a single VPS or sidecar service in an existing stack.
Source: news.hada.io/topic?id=29680Read original →
FIG-0021:1
50radar
FIG-0021:1
#0003
#0003Infra & SaaS GitHub Changelog11 hours ago
GitHub expands OIDC for `Dependabot` and code scanning private registries
50radar
Org-level private registry auth now covers two more artifact providers. Useful if your supply-chain checks already pull private packages; otherwise low urgency.
- Cloudsmith and Google Artifact Registry join org-level OIDC auth support for private registries, reducing long-lived secret handling.
- Coverage applies to Dependabot and code scanning, so dependency updates and security analysis can access private packages with the same auth model.
- Best fit is repos already using private artifacts. For public-package-only projects, this is a cleanup item, not a roadmap changer.
Source: github.blog/changelog/2026-05-19-expanded-oidc-support-fRead original →
FIG-0031:1
50radar
FIG-0031:1

`Google Play Billing Library` `9.0`, billing and console updates from I/O 2026

// related

CISA Contractor Leaked `AWS GovCloud` Keys on GitHub

`FileBrowser Quantum`: Free Open-Source Self-Hosted Web File Manager

GitHub expands OIDC for `Dependabot` and code scanning private registries