Warning
Security Alert: A critical security issue was identified in this action due to a compromised commit.
This commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.
Action Required:
- Review your workflows executed between March 14 and March 15. If you notice unexpected output under the
changed-filessection, decode it using the following command:echo 'xxx' | base64 -d | base64 -d
If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately. - If your workflows reference this commit directly by its SHA, you must update them immediately to avoid using the compromised version.
- If you are using tagged versions (e.g.,
v35,v44.5.1), no action is required as these tags have been updated and are now safe to use.
Additionally, as a precaution, we recommend rotating any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.
What's Changed
- docs: update docs to highlight security issues by @jackton1 in #2465
- fix: update github workflow update-readme.yml by @jackton1 in #2466
- fix: update permission in update-readme.yml workflow by @jackton1 in #2467
- fix: update update-readme.yml to sign-commits by @jackton1 in #2468
- Updated README.md by @github-actions in #2469
- update: sync-release-version.yml by @jackton1 in #2471
New Contributors
- @github-actions made their first contribution in #2469
Full Changelog: v45.0.5...v46.0.0
What's Changed
- docs: update docs to highlight security issues by @jackton1 in #2465
- fix: update github workflow update-readme.yml by @jackton1 in #2466
- fix: update permission in update-readme.yml workflow by @jackton1 in #2467
- fix: update update-readme.yml to sign-commits by @jackton1 in #2468
- Updated README.md by @github-actions in #2469
- update: sync-release-version.yml by @jackton1 in #2471
Full Changelog: v45.0.5...v46.0.0
Contributors
jackton1