GitHub patches “high” severity security flaw after 104 days

Found 12 days ago at WinBeta

104 days later, GitHub has finally patched the flaw. The flaw surrounded GitHubs workflow commands functionality, which is the community between the Action Runner and executed actions. Its part of GitHubs Actions feature. Googles Project Zero claimed the feature is fundamentally insecure, and the member of the group who reported the flaw, Felix Wilhelm, offered up 2 possible solutions, one being...

Read the article at WinBeta

More Developer News