Hello, there have been security problem fixed in copr-frontend today. Basically by forking, you could get to webhook secrets of an original project being forked. Also the integration page where you can insert pagure api token was actually available under certain URL if you knew how this URL should be structured. Both of these problems are now fixed. See full details here: https://lists.fedoraproject.org/archives/list/[email protected]/thread/VOOOVQ4VOZIB4GKXZWSX7REWCX3WVTLN/
We will do full security audits now to prevent any future problems like this. Sorry for this trouble Copr team
_______________________________________________ devel-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/JJ3T74WRH63AMZB6TS3S72KUME2IUT7H/
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/JJ3T74WRH63AMZB6TS3S72KUME2IUT7H/
