ORM Search Validator OGM Tools Reactive Others Blog Forums Follow us

Skip to navigation
Skip to content

ORM Search Validator Reactive Tools Others

Blog Forums Community Follow us

In Relation To

Develocity

Tags

AeroGear Arquillian Bean Validation Byteman CDI Ceylon Commonhaus Community Develocity Discussions Eclipse Elasticsearch Events GitHub HANA Hibernate Data Respositories Hibernate OGM Hibernate ORM Hibernate Reactive Hibernate Search Hibernate Shards Hibernate Validator Hiring Infinispan Interview JBoss AS JBoss Asylum JBoss Forge JBoss Tools JPA JSF JSR 352 Jakarta Data Jakarta EE Jakarta Persistence Java EE Lucene Newsletter Off topic Performance PicketLink Quarkus Releases Rich Faces Seam Security Supply Chain Weld WildFly asylum git minishift swarm

Authors

Christian Beikov

Emmanuel Bernard

Fabio Massimo Ercoli

Hardy Ferentschik

Marco Belladelli

Sanne Grinovero

Stephane Epardaud

On the safe use of GitHub Actions' `pull_request_target`

Posted by Yoann Rodière | Nov 12, 2024

A few weeks ago, the GitHub Security Lab reported to the Hibernate team a vulnerability in GitHub Actions workflows used in some Hibernate projects, which could have (indirectly) impacted released artifacts.

Fortunately, that vulnerability wasn’t exploited and all Hibernate releases are perfectly safe.

However, considering the impact an exploit could have had, we thought it would be best to provide some transparency on what happened and how we made sure that Hibernate releases — past, present and future — are safe.

Projects

Hibernate ORM Hibernate Search Hibernate Validator Hibernate OGM Hibernate Tools Other projects

Follow us

Blog Twitter Google+

Contribute and community

Community resources Our GitHub organization Submit a bug Our forums Report a security issue