And they did not fix the code of their own runners (like GHA) to check the SHA sum either..
The e-mail they sent includes "Unfortunately, we can confirm that you were impacted by this security event." which means that they know. I guess there is an API endpoint that is specific to Bash Uploader and they use…
Can you please tell users which repositories were affected? This situation is ridiculous for users with dozens repositories, using various CIs and various code coverage providers. A lot of checking, cleaning, rotating.…
And they did not fix the code of their own runners (like GHA) to check the SHA sum either..
The e-mail they sent includes "Unfortunately, we can confirm that you were impacted by this security event." which means that they know. I guess there is an API endpoint that is specific to Bash Uploader and they use…
Can you please tell users which repositories were affected? This situation is ridiculous for users with dozens repositories, using various CIs and various code coverage providers. A lot of checking, cleaning, rotating.…