Skip to content

v46.0.1

Latest
Marketplace
Latest
Marketplace
Compare
Choose a tag to compare
@jackton1 jackton1 released this 16 Mar 04:12
· 7 commits to main since this release
v46.0.1
2f7c5bf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Warning

Security Alert: A critical security issue was identified in this action due to a compromised commit.

This commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.

Action Required:

  • Review your workflows executed between March 14 and March 15. If you notice unexpected output under the changed-files section, decode it using the following command: echo 'xxx' | base64 -d | base64 -d
    If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.
  • If your workflows reference this commit directly by its SHA, you must update them immediately to avoid using the compromised version.
  • If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

Additionally, as a precaution, we recommend rotating any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

What's Changed

  • update: sync-release-version.yml to use signed commits by @jackton1 in #2472
  • Updated README.md by @github-actions in #2473

Full Changelog: v46...v46.0.1

Contributors

jackton1
Assets 2
Loading