I-GitHub idalule ukuba sengozini okuvumela ukufinyelela kokuqukethwe kwezinto eziguquguqukayo zemvelo ezivezwe kwiziqukathi ezisetshenziswa kungqalasizinda yokukhiqiza. Ukuba sengozini kutholwe umhlanganyeli we-Bug Bounty ofuna umklomelo wokuthola izinkinga zokuphepha. Inkinga ithinta kokubili isevisi ye-GitHub.com kanye ne-GitHub Enterprise Server (GHES) esebenza kumasistimu omsebenzisi.
Ukuhlaziywa kwamalogi nokuhlolwa kwengqalasizinda akuzange kuveze iminonjana yokuxhashazwa kokuba sengozini esikhathini esidlule ngaphandle komsebenzi womcwaningi obike inkinga. Kodwa-ke, ingqalasizinda yaqalwa ukuze imiselele bonke okhiye bokubethela nemininingwane engase ibe sengozini uma ubungozi buxhashazwe umhlaseli. Ukushintshwa kokhiye bangaphakathi kuholele ekuphazamisekeni kwamanye amasevisi kusukela ngomhla ka-27 kuya ku-29 Disemba. Abaphathi be-GitHub bazamile ukucabangela amaphutha enziwe ngesikhathi sokubuyekezwa kokhiye abathinta amaklayenti enziwe izolo.
Phakathi kwezinye izinto, ukhiye we-GPG osetshenziselwa ukusayina ngokwedijithali izivumelwano ezidalwe ngomhleli wewebhu we-GitHub lapho wamukela izicelo zokudonsa kusayithi noma ngekhithi yamathuluzi ye-Codespace ubuyekeziwe. Ukhiye omdala uyeka ukusebenza ngoJanuwari 16 ngo-23:23 isikhathi saseMoscow, futhi ukhiye omusha usetshenziswe esikhundleni kusukela izolo. Kusukela ngomhlaka-XNUMX Januwari, zonke izibophezelo ezintsha ezisayinwe ngokhiye odlule ngeke zimakwe njengeziqinisekisiwe ku-GitHub.
UJanuwari 16 uphinde wabuyekeza okhiye basesidlangalaleni abasetshenziselwa ukubethela idatha yomsebenzisi ethunyelwe nge-API ku-GitHub Actions, GitHub Codespaces, kanye ne-Dependabot. Abasebenzisi abasebenzisa okhiye basesidlangalaleni okungeyakho i-GitHub ukuze bahlole okwenziwayo endaweni futhi babhale ngemfihlo idatha ezokuthutha bayelulekwa ukuthi baqinisekise ukuthi babuyekeze okhiye babo be-GitHub GPG ukuze amasistimu abo aqhubeke nokusebenza ngemva kokushintshwa kokhiye.
I-GitHub isivele ilungisile ubungozi ku-GitHub.com futhi yakhipha isibuyekezo somkhiqizo we-GHES 3.8.13, 3.9.8, 3.10.5 kanye no-3.11.3, okuhlanganisa ukulungiswa kwe-CVE-2024-0200 (ukusetshenziswa okungaphephile kokubonisa okuholela ukwenza ikhodi noma izindlela ezilawulwa umsebenzisi ohlangothini lweseva). Ukuhlaselwa ekufakweni kwendawo kwe-GHES kungenziwa uma umhlaseli ene-akhawunti enamalungelo omnikazi wenhlangano.
Source: opennet.ru