Hello,
there have been security problem fixed in copr-frontend today. Basically by forking, you could get to webhook secrets of an original project being forked. Also the integration page where you can insert pagure api token was actually available under certain URL if you knew how this URL should be structured. Both of these problems are now fixed. See full details here: https://lists.fedoraproject.org/archives/list/copr-devel@xxxxxxxxxxxxxxxxxxxxxx/thread/VOOOVQ4VOZIB4GKXZWSX7REWCX3WVTLN/
We will do full security audits now to prevent any future problems like this.
Sorry for this trouble
Copr team
_______________________________________________ devel-announce mailing list -- devel-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@xxxxxxxxxxxxxxxxxxxxxxx/message/JJ3T74WRH63AMZB6TS3S72KUME2IUT7H/
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/JJ3T74WRH63AMZB6TS3S72KUME2IUT7H/
