I-GitHub ibhengeze ukuba semngciphekweni okuvumela ukufikelela kwimixholo yezinto eziguquguqukayo zendalo eziveziweyo kwizikhongozeli ezisetyenziswa kwiziseko zophuhliso. Ukuba sesichengeni kufunyenwe ngumthathi-nxaxheba weBug Bounty efuna ibhaso lokufumana imiba yokhuseleko. Umba uchaphazela zombini inkonzo ye-GitHub.com kunye ne-GitHub Enterprise Server (GHES) ulungelelwaniso olusebenza kwiinkqubo zabasebenzisi.
Uhlalutyo lweelogi kunye nophicotho lweziseko zophuhliso aluzange luveze nayiphi na imiqondiso yokusetyenziswa kobuthathaka kwixesha elidlulileyo ngaphandle komsebenzi womphandi ochaze ingxaki. Nangona kunjalo, iziseko zophuhliso zaqaliswa ukuba zithathe indawo yazo zonke izitshixo zoguqulelo oluntsonkothileyo kunye neziqinisekiso ezinokuthi zibe sengozini ukuba ubuthathaka buxhatshazwe ngumhlaseli. Ukutshintshwa kwezitshixo zangaphakathi kubangele ukuphazamiseka kwezinye iinkonzo ukusuka kwi-27 kuDisemba ukuya kwi-29. Abalawuli beGitHub bazame ukuthathela ingqalelo iimpazamo ezenziweyo ngexesha lohlaziyo lwezitshixo ezichaphazela abathengi abenziwe izolo.
Phakathi kwezinye izinto, iqhosha le-GPG elisetyenziselwa ukusayina ngokwedijithali izibophelelo ezenziwe ngomhleli wewebhu we-GitHub xa usamkela izicelo zokutsalwa kwindawo okanye nge-Codespace toolkit ihlaziywe. Isitshixo esidala sayeka ukusebenza ngoJanuwari 16 kwi-23: 23 ixesha laseMoscow, kwaye isitshixo esitsha sisetyenziswe endaweni yoko izolo. Ukuqala nge-XNUMX kaJanuwari, zonke izibophelelo ezintsha ezisayinwe ngesitshixo sangaphambili aziyi kumakishwa njengeziqinisekisiweyo kwi-GitHub.
I-16 kaJanuwari iphinde yahlaziya izitshixo zoluntu ezisetyenziselwa ukubethela idatha yomsebenzisi ethunyelwe nge-API kwi-GitHub Actions, GitHub Codespaces, kunye ne-Dependabot. Abasebenzisi abasebenzisa izitshixo zikawonke-wonke ezizezabo ze-GitHub ukujonga ukuzibophelela kwasekhaya kunye nokufihla idatha kwindlela yokuhamba bayacetyiswa ukuba baqinisekise ukuba bahlaziye izitshixo zabo ze-GitHub GPG ukuze iinkqubo zabo ziqhubeke nokusebenza emva kokuba izitshixo zitshintshiwe.
I-GitHub sele ilungisile ubuthathaka kwi-GitHub.com kwaye yakhupha uhlaziyo lwemveliso yeGHES 3.8.13, 3.9.8, 3.10.5 kunye ne-3.11.3, ebandakanya ukulungiswa kwe-CVE-2024-0200 (ukusetyenziswa okungakhuselekanga kokubonisa okukhokelela ukwenziwa kwekhowudi okanye iindlela ezilawulwa ngumsebenzisi kwicala lomncedisi). Ukuhlaselwa kofakelo lwe-GHES lwendawo lunokwenziwa ukuba umhlaseli une-akhawunti enamalungelo omnini wombutho.
umthombo: opennet.ru