Warning
Security Alert: A critical security issue was identified in this action due to a compromised commit.
This commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.
Action Required:
- Review your workflows executed between March 14 and March 15. If you notice unexpected output under the
changed-filessection, decode it using the following command:echo 'xxx' | base64 -d | base64 -d
If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately. - If your workflows reference this commit directly by its SHA, you must update them immediately to avoid using the compromised version.
- If you are using tagged versions (e.g.,
v35,v44.5.1), no action is required as these tags have been updated and are now safe to use.
Additionally, as a precaution, we recommend rotating any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.
What's Changed
- update: sync-release-version.yml to use signed commits by @jackton1 in #2472
- Updated README.md by @github-actions in #2473
Full Changelog: v46...v46.0.1