Tags
AeroGear
Arquillian
Bean Validation
Byteman
CDI
Ceylon
Commonhaus
Community
Develocity
Discussions
Eclipse
Elasticsearch
Events
GitHub
HANA
Hibernate Data Respositories
Hibernate OGM
Hibernate ORM
Hibernate Reactive
Hibernate Search
Hibernate Shards
Hibernate Validator
Hiring
Infinispan
Interview
JBoss AS
JBoss Asylum
JBoss Forge
JBoss Tools
JPA
JSF
JSR 352
Jakarta Data
Jakarta EE
Jakarta Persistence
Java EE
Lucene
Newsletter
Off topic
Performance
PicketLink
Quarkus
Releases
Rich Faces
Seam
Security
Supply Chain
Weld
WildFly
asylum
git
minishift
swarm
Authors
A few weeks ago, the GitHub Security Lab reported to the Hibernate team a vulnerability in GitHub Actions workflows used in some Hibernate projects, which could have (indirectly) impacted released artifacts.
Fortunately, that vulnerability wasn’t exploited and all Hibernate releases are perfectly safe.
However, considering the impact an exploit could have had, we thought it would be best to provide some transparency on what happened and how we made sure that Hibernate releases — past, present and future — are safe.