Hit enter to search

Credential leak fears raised following security breach at Travis CI

15-Sep-21

A forked public repository might submit a pull request (common feature in GitHub, BitBucket, and Assembla) and gain unlawful access to secret from the original public repository in exchange for printing some of the flies throughout the build process.

All public repositories were injected into PR [pull request] builds, and secrets were encrypted in the Travis CI database in this situation.

Read More...