You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by "AdnaneKhan (via GitHub)" <gi...@apache.org> on 2023/12/31 17:47:35 UTC

[PR] fix(ci): Sanitize PR head.ref [camel-k]

AdnaneKhan opened a new pull request, #5013:
URL: https://github.com/apache/camel-k/pull/5013

   <!-- Description -->
   
   This fixes a minor GitHub Actions workflow injection vulnerability by sanitizing the branch name from the PR head.
   
   I'm just making a PR because most risk is mitigated as the workflow does not use secrets and the `GITHUB_TOKEN` permissions are restricted to `pull-requests: write` and `issues: write`. The worst an attacker could do is modify other PR descriptions, titles, mess with issues - a nuisance but not a supply chain attack.
   
   <!--
   Enter your extended release note in the below block. If the PR requires
   additional action from users switching to the new release, include the string
   "action required". If no release note is required, write "NONE". 
   
   You can (optionally) mark this PR with labels "kind/bug" or "kind/feature" to make sure
   the text is added to the right section of the release notes. 
   -->
   
   **Release Note**
   ```release-note
   NONE
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] fix(ci): Sanitize PR head.ref [camel-k]

Posted by "oscerd (via GitHub)" <gi...@apache.org>.

oscerd commented on PR #5013:
URL: https://github.com/apache/camel-k/pull/5013#issuecomment-1873005417

   Thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] fix(ci): Sanitize PR head.ref [camel-k]

Posted by "oscerd (via GitHub)" <gi...@apache.org>.

oscerd merged PR #5013:
URL: https://github.com/apache/camel-k/pull/5013


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org