dev  

Messages by Thread

• Re: [PR] Drop admin privileges (tooling-trusted-releases) via GitHub
  • Re: [PR] Drop admin privileges (tooling-trusted-releases) via GitHub
• [PR] Add check access controls for committers (tooling-trusted-releases) via GitHub
  • Re: [PR] Add check access controls for committers (tooling-trusted-releases) via GitHub
  • Re: [PR] Add check access controls for committers (tooling-trusted-releases) via GitHub
  • Re: [PR] Add check access controls for committers (tooling-trusted-releases) via GitHub
  • Re: [PR] Add has post access check for controls for committers (tooling-trusted-releases) via GitHub
• [PR] Fix manual vote resolution configuration (tooling-trusted-releases) via GitHub
  • Re: [PR] Fix manual vote resolution configuration (tooling-trusted-releases) via GitHub
  • Re: [PR] Fix manual vote resolution configuration (tooling-trusted-releases) via GitHub
• [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases) via GitHub
  • Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases) via GitHub
  • Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases) via GitHub
  • Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases) via GitHub
  • Re: [I] Add CSP sandbox directive for directory listing responses (tooling-trusted-releases) via GitHub
• [I] Make CSRF token required in Form base class (tooling-trusted-releases) via GitHub
  • Re: [I] Make CSRF token required in Form base class (tooling-trusted-releases) via GitHub
  • Re: [I] Make CSRF token required in Form base class (tooling-trusted-releases) via GitHub
• [I] Test whether `csrf: str` works (tooling-trusted-releases) via GitHub
  • Re: [I] Test whether `csrf: str` works (tooling-trusted-releases) via GitHub
• [I] Test whether `quart_wtf` works (tooling-trusted-releases) via GitHub
  • Re: [I] Test whether `quart_wtf` works (tooling-trusted-releases) via GitHub
  • Re: [I] Test whether `quart_wtf` works (tooling-trusted-releases) via GitHub
• [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Verify CSRF coverage for `@post.empty()` decorated endpoints (tooling-trusted-releases) via GitHub
• [I] ShellResponse and JWT endpoint missing Content-Disposition headers (tooling-trusted-releases) via GitHub
  • Re: [I] ShellResponse and JWT endpoint missing Content-Disposition headers (tooling-trusted-releases) via GitHub
• [I] Add Origin header validation for API endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases) via GitHub
  • Re: [I] Add Origin header validation for API endpoints (tooling-trusted-releases) via GitHub
• [I] Implement Sec-Fetch-* header validation middleware (tooling-trusted-releases) via GitHub
  • Re: [I] Implement Sec-Fetch-* header validation middleware (tooling-trusted-releases) via GitHub
• [I] Move test routes to a separate blueprint (tooling-trusted-releases) via GitHub
  • Re: [I] Move test routes to a separate blueprint (tooling-trusted-releases) via GitHub
  • Re: [I] Move test routes to a separate blueprint (tooling-trusted-releases) via GitHub
  • Re: [I] Tidy test route blueprints (tooling-trusted-releases) via GitHub
• [I] `/test/login` performs session creation via GET request (tooling-trusted-releases) via GitHub
  • Re: [I] `/test/login` performs session creation via GET request (tooling-trusted-releases) via GitHub
  • Re: [I] `/test/login` performs session creation via GET request (tooling-trusted-releases) via GitHub
  • Re: [I] `/test/login` performs session creation via GET request (tooling-trusted-releases) via GitHub
• [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Logout is accessible via GET, enabling forced-logout attacks (tooling-trusted-releases) via GitHub
• [I] `/admin/test` performs state-changing write via GET request (tooling-trusted-releases) via GitHub
  • Re: [I] `/admin/test` performs state-changing write via GET request (tooling-trusted-releases) via GitHub
• [I] Pagination validation only checks upper bound (tooling-trusted-releases) via GitHub
• [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
  • Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
  • Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
  • Re: [I] Upload file path validation bypass when file_name parameter is provided (tooling-trusted-releases) via GitHub
• [I] JWT subject (ASF UID) lacks format validation (tooling-trusted-releases) via GitHub
  • Re: [I] JWT subject (ASF UID) lacks format validation (tooling-trusted-releases) via GitHub
  • Re: [I] JWT subject (ASF UID) lacks format validation (tooling-trusted-releases) via GitHub
• [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
  • Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
  • Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
  • Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
  • Re: [I] Create centralized input validation documentation (tooling-trusted-releases) via GitHub
• [I] Distribution data model uses lax schema allowing extra fields (tooling-trusted-releases) via GitHub
  • Re: [I] Distribution data model uses lax schema allowing extra fields (tooling-trusted-releases) via GitHub
• [I] Email validation insufficient across codebase (tooling-trusted-releases) via GitHub
  • Re: [I] Email validation insufficient across codebase (tooling-trusted-releases) via GitHub
  • Re: [I] Email validation insufficient across codebase (tooling-trusted-releases) via GitHub
• [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
  • Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
• [I] Also check for null bytes (tooling-trusted-releases) via GitHub
  • Re: [I] Also check for null bytes (tooling-trusted-releases) via GitHub
  • Re: [I] Also check for null bytes (tooling-trusted-releases) via GitHub
• [I] Vote email body construction lacks input sanitization (tooling-trusted-releases) via GitHub
  • Re: [I] Vote email body construction lacks input sanitization (tooling-trusted-releases) via GitHub
• [I] Task arguments lack schema validation in worker pipeline (tooling-trusted-releases) via GitHub
  • Re: [I] Task arguments lack schema validation in worker pipeline (tooling-trusted-releases) via GitHub
  • Re: [I] Task arguments lack schema validation in worker pipeline (tooling-trusted-releases) via GitHub
• [I] GitHub workflow arguments lack key/value validation (tooling-trusted-releases) via GitHub
  • Re: [I] GitHub workflow arguments lack key/value validation (tooling-trusted-releases) via GitHub
• [I] Manual vote resolution bypasses required vote verification (tooling-trusted-releases) via GitHub
  • Re: [I] Manual vote resolution bypasses required vote verification (tooling-trusted-releases) via GitHub
  • Re: [I] Manual vote resolution bypasses required vote verification (tooling-trusted-releases) via GitHub
• [I] Allow `.gitkeep` as a temporary workaround (tooling-trusted-releases) via GitHub
  • Re: [I] Allow `.gitkeep` as a temporary workaround (tooling-trusted-releases) via GitHub
  • Re: [I] Allow `.gitkeep` as a temporary workaround (tooling-trusted-releases) via GitHub
• [I] Add protocol validation for external vulnerability URLs in SBOM display (tooling-trusted-releases) via GitHub
  • Re: [I] Add protocol validation for external vulnerability URLs in SBOM display (tooling-trusted-releases) via GitHub
• [I] Refactor confirm dialog from inline JavaScript to data attributes (tooling-trusted-releases) via GitHub
  • Re: [I] Refactor confirm dialog from inline JavaScript to data attributes (tooling-trusted-releases) via GitHub
• [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
  • Re: [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
  • Re: [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
  • Re: [I] Apply URL encoding to mailing list API query parameters (tooling-trusted-releases) via GitHub
• [I] Apply URL encoding to distribution platform API URL parameters (tooling-trusted-releases) via GitHub
  • Re: [I] Apply URL encoding to distribution platform API URL parameters (tooling-trusted-releases) via GitHub
  • Re: [I] Apply URL encoding to distribution platform API URL parameters (tooling-trusted-releases) via GitHub
  • Re: [I] Apply URL encoding to distribution platform API URL parameters (tooling-trusted-releases) via GitHub
• [I] Semgrep XML security rules in pre-commit (tooling-trusted-releases) via GitHub
  • Re: [I] Semgrep XML security rules in pre-commit (tooling-trusted-releases) via GitHub
  • Re: [I] Semgrep XML security rules in pre-commit (tooling-trusted-releases) via GitHub
• [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
  • Re: [I] Check XML parsing to prevent XXE attacks (tooling-trusted-releases) via GitHub
• [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) Alastair McFarlane
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
  • Re: [I] SVN import URL lacks scheme validation — SSRF and local file read risk (tooling-trusted-releases) via GitHub
• [I] Open redirect via unvalidated OAuth login redirect parameter (tooling-trusted-releases) via GitHub
  • Re: [I] Open redirect via unvalidated OAuth login redirect parameter (tooling-trusted-releases) via GitHub
• [I] User Identity Trust Boundary in Background Tasks (tooling-trusted-releases) via GitHub
  • Re: [I] User Identity Trust Boundary in Background Tasks (tooling-trusted-releases) via GitHub
  • Re: [I] User Identity Trust Boundary in Background Tasks (tooling-trusted-releases) via GitHub
• [I] Authorization Bypass via Exception Handling (tooling-trusted-releases) via GitHub
• [I] Allow more flexible naming for npm artifacts (tooling-trusted-releases) via GitHub
• [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
  • Re: [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
  • Re: [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
  • Re: [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
  • Re: [I] Allow deleting of DOT files (tooling-trusted-releases) via GitHub
• [I] Add the ability to add zero or more CI reference URLs to the compose phase (tooling-trusted-releases) via GitHub
• Re: [I] Investigate how to import Arrow checks output from GitHub CI (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate how to import Arrow checks output from GitHub CI (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate how to import Arrow checks output from GitHub CI (tooling-trusted-releases) via GitHub
• [PR] Explicit ldap tls configuration (tooling-trusted-releases) via GitHub
  • Re: [PR] Explicit ldap tls configuration (tooling-trusted-releases) via GitHub
• [PR] Refactor Dockerfile to streamline Apache RAT installation (tooling-trusted-releases) via GitHub
  • Re: [PR] Refactor Dockerfile to streamline Apache RAT installation (tooling-trusted-releases) via GitHub
• [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
  • Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
  • Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
  • Re: [I] Make the user interface clearer in the finish phase (tooling-trusted-releases) via GitHub
• [I] Fix Litestream backups (tooling-trusted-releases) via GitHub
  • Re: [I] Fix Litestream backups (tooling-trusted-releases) via GitHub
  • Re: [I] Fix Litestream backups (tooling-trusted-releases) via GitHub
• [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
  • Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
• [PR] Improve curl download scripting (tooling-trusted-releases) via GitHub
  • Re: [PR] Improve curl download scripting (tooling-trusted-releases) via GitHub
• Re: [I] Improve the accuracy and UI for the OSV vulnerability scanner (tooling-trusted-releases) via GitHub
  • Re: [I] Improve the accuracy and UI for the OSV vulnerability scanner (tooling-trusted-releases) via GitHub
  • Re: [I] Improve the accuracy and UI for the OSV vulnerability scanner (tooling-trusted-releases) via GitHub
• [PR] Bump werkzeug from 3.1.5 to 3.1.6 (tooling-trusted-releases) via GitHub
  • Re: [PR] Bump werkzeug from 3.1.5 to 3.1.6 (tooling-trusted-releases) via GitHub
  • Re: [PR] Bump werkzeug from 3.1.5 to 3.1.6 (tooling-trusted-releases) via GitHub
• [PR] Bump flask from 3.1.2 to 3.1.3 (tooling-trusted-releases) via GitHub
  • Re: [PR] Bump flask from 3.1.2 to 3.1.3 (tooling-trusted-releases) via GitHub
  • Re: [PR] Bump flask from 3.1.2 to 3.1.3 (tooling-trusted-releases) via GitHub
• [I] Fix the form to move files in the finish phase, and add regression tests (tooling-trusted-releases) via GitHub
  • Re: [I] Fix the form to move files in the finish phase, and add regression tests (tooling-trusted-releases) via GitHub
  • Re: [I] Fix the form to move files in the finish phase, and add regression tests (tooling-trusted-releases) via GitHub
• [PR] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
  • [GH] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
  • [GH] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
  • [GH] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
  • Re: [PR] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
  • Re: [PR] Updated implementation of check hash checks for caching (tooling-trusted-releases) via GitHub
• [PR] Introduce ATR_STATUS and control recipient lists (tooling-trusted-releases) via GitHub
  • Re: [PR] Introduce ATR_STATUS and control recipient lists (tooling-trusted-releases) via GitHub
• [PR] Return 404 when project is unknown in api endpoint call (tooling-trusted-releases) via GitHub
  • Re: [PR] Return 404 when project is unknown in api endpoint call (tooling-trusted-releases) via GitHub
• [PR] Invalidate pats manually 598 (tooling-trusted-releases) via GitHub
  • Re: [PR] Invalidate pats manually 598 (tooling-trusted-releases) via GitHub
• [PR] Block SCM directories (tooling-trusted-releases) via GitHub
  • Re: [PR] Block SCM directories (tooling-trusted-releases) via GitHub
• [PR] Redact sensitive configurations (tooling-trusted-releases) via GitHub
  • Re: [PR] Redact sensitive configurations (tooling-trusted-releases) via GitHub
• [PR] Assure debug mode is only set in development (tooling-trusted-releases) via GitHub
  • Re: [PR] Assure debug mode is only set in development (tooling-trusted-releases) via GitHub
• [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
  • Re: [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
  • Re: [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
  • Re: [I] Bug: RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
  • Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub
  • Re: [I] RAO / maven upload only works for single release artifact (+classifiers) (tooling-trusted-releases) via GitHub

• Earlier messages
• Later messages