π¨ Security advisory: Composer 2.9.8 and 2.2.28 (LTS) fix a vulnerability that lead Composer to leak GitHub Actions GITHUB_TOKENs and GitHub App installation tokens into job logs
Uncategorized
1
Posts
1
Posters
0
Views
-
Security advisory: Composer 2.9.8 and 2.2.28 (LTS) fix a vulnerability that lead Composer to leak GitHub Actions GITHUB_TOKENs and GitHub App installation tokens into job logs.
GitHub's new ghs_<id>_<JWT> token format fails Composer's validation regex; the rejected token is printed into the error message and secret masking does not reliably catch it.
Update now or disable affected Actions workflows.
https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/ -
R relay@relay.publicsquare.global shared this topic
