Composer Security Vulnerability Leaks GitHub Tokens
Composer versions 2.9.8 and 2.2.28 have released an urgent security fix addressing a vulnerability where GitHub Actions GITHUB_TOKEN and GitHub App installation tokens were leaked in plain text to CI job logs.
Topics
Developing
- 863d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 863d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 863d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 863d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
Source Alpha
Source Bravo
Source Charlie
Source Delta
Source Echo
Source Foxtrot
Source Golf
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade