dev
Thread
Date
Earlier messages
Later messages
Messages by Thread
Re: [I] Finish-Phase Operations Executable During Any Release Phase (tooling-trusted-releases)
via GitHub
Re: [I] Finish-Phase Operations Executable During Any Release Phase (tooling-trusted-releases)
via GitHub
[I] API Policy Update Bypasses Form-Level Business Validation (tooling-trusted-releases)
via GitHub
[I] Tar Archive Extraction Uses Explicitly Insecure Default Filter (tooling-trusted-releases)
via GitHub
Re: [I] Tar Archive Extraction Uses Explicitly Insecure Default Filter (tooling-trusted-releases)
via GitHub
[I] Thread ID Parameter Lacks Format Validation Before Server-Side Request (tooling-trusted-releases)
via GitHub
Re: [I] Thread ID Parameter Lacks Format Validation Before Server-Side Request (tooling-trusted-releases)
via GitHub
[I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases)
via GitHub
Re: [I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases)
via GitHub
Re: [I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases)
via GitHub
Re: [I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases)
via GitHub
[I] HTTP Redirects Followed Without Target Domain Validation (tooling-trusted-releases)
via GitHub
Re: [I] HTTP Redirects Followed Without Target Domain Validation (tooling-trusted-releases)
via GitHub
[I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases)
via GitHub
Re: [I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases)
via GitHub
Re: [I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases)
via GitHub
Re: [I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases)
via GitHub
[I] Form Fields Bypass Safe Type Validation (Multiple Instances) (tooling-trusted-releases)
via GitHub
Re: [I] Form Fields Bypass Safe Type Validation (Multiple Instances) (tooling-trusted-releases)
via GitHub
[I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
Re: [I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
Re: [I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
Re: [I] Unsandboxed render_string_sync API Allows Arbitrary Jinja2 Template Compilation (tooling-trusted-releases)
via GitHub
[I] Sequential Template Substitution Allows Variable Injection in Email Templates (tooling-trusted-releases)
via GitHub
[I] LDAP Filter Injection in Account Lookup Function (Multiple Files) (tooling-trusted-releases)
via GitHub
Re: [I] LDAP Filter Injection in Account Lookup Function (Multiple Files) (tooling-trusted-releases)
via GitHub
[I] User Input Used Directly as RegExp Without Escaping in Project Directory Filter (tooling-trusted-releases)
via GitHub
Re: [I] User Input Used Directly as RegExp Without Escaping in Project Directory Filter (tooling-trusted-releases)
via GitHub
Re: [I] User Input Used Directly as RegExp Without Escaping in Project Directory Filter (tooling-trusted-releases)
via GitHub
[I] Missing `--` Separator and Unsafe Argument Order in `sbomqs` Execution (tooling-trusted-releases)
via GitHub
Re: [I] Missing `--` Separator and Unsafe Argument Order in `sbomqs` Execution (tooling-trusted-releases)
via GitHub
[I] Missing URL Protocol Validation for Third-Party Distribution URLs Rendered in HTML (tooling-trusted-releases)
via GitHub
Re: [I] Missing URL Protocol Validation for Third-Party Distribution URLs Rendered in HTML (tooling-trusted-releases)
via GitHub
[I] SSH Host Key Generated with RSA 2048-bit (~112 bits of security) (tooling-trusted-releases)
via GitHub
Re: [I] SSH Host Key Generated with RSA 2048-bit (~112 bits of security) (tooling-trusted-releases)
via GitHub
[I] No Validation of Uploaded OpenPGP Key Cryptographic Strength (tooling-trusted-releases)
via GitHub
Re: [I] No Validation of Uploaded OpenPGP Key Cryptographic Strength (tooling-trusted-releases)
via GitHub
Re: [I] No Validation of Uploaded OpenPGP Key Cryptographic Strength (tooling-trusted-releases)
via GitHub
[I] Distribution Operations Have No Audit Logging (tooling-trusted-releases)
via GitHub
Re: [I] Distribution Operations Have No Audit Logging (tooling-trusted-releases)
via GitHub
Re: [I] Distribution Operations Have No Audit Logging (tooling-trusted-releases)
via GitHub
[I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
Re: [I] Git Clone Operations Without Network Timeout (tooling-trusted-releases)
via GitHub
[I] Missing Centralized Documentation of Resource-Intensive Operations (tooling-trusted-releases)
via GitHub
[I] Archive Extraction Size Tracking Reset by Metadata Files (tooling-trusted-releases)
via GitHub
Re: [I] Archive Extraction Size Tracking Reset by Metadata Files (tooling-trusted-releases)
via GitHub
[I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
Re: [I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
Re: [I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
Re: [I] Unbounded Directory Traversal and File Hashing in Signature Provenance Endpoint (tooling-trusted-releases)
via GitHub
[I] rsync Subprocess Execution Without Timeout (tooling-trusted-releases)
via GitHub
Re: [I] rsync Subprocess Execution Without Timeout (tooling-trusted-releases)
via GitHub
Re: [I] rsync Subprocess Execution Without Timeout (tooling-trusted-releases)
via GitHub
[I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases)
via GitHub
[I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases)
via GitHub
Re: [I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases)
via GitHub
Re: [I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases)
via GitHub
[I] Missing Project-Level Access Control on Multiple GET Endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Missing Project-Level Access Control on Multiple GET Endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Missing Project-Level Access Control on Multiple GET Endpoints (tooling-trusted-releases)
via GitHub
[I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
Re: [I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
Re: [I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
Re: [I] Admin Token Revocation Does Not Terminate User Web Sessions (tooling-trusted-releases)
via GitHub
[I] IDOR in Check Ignore Operations via Numeric ID (tooling-trusted-releases)
via GitHub
Re: [I] IDOR in Check Ignore Operations via Numeric ID (tooling-trusted-releases)
via GitHub
Re: [I] IDOR in Check Ignore Operations via Numeric ID (tooling-trusted-releases)
via GitHub
[I] IDOR on check_id in Check Result Data Endpoint (tooling-trusted-releases)
via GitHub
Re: [I] IDOR on check_id in Check Result Data Endpoint (tooling-trusted-releases)
via GitHub
Re: [I] IDOR on check_id in Check Result Data Endpoint (tooling-trusted-releases)
via GitHub
[I] OAuth Authentication Does Not Terminate Prior Session Token (tooling-trusted-releases)
via GitHub
Re: [I] OAuth Authentication Does Not Terminate Prior Session Token (tooling-trusted-releases)
via GitHub
Re: [I] OAuth Authentication Does Not Terminate Prior Session Token (tooling-trusted-releases)
via GitHub
[I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
Re: [I] No Session Termination After PAT Deletion or Creation (tooling-trusted-releases)
via GitHub
[I] Documented Rate Limits Missing on Multiple API Endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Documented Rate Limits Missing on Multiple API Endpoints (tooling-trusted-releases)
via GitHub
Re: [I] Documented Rate Limits Missing on Multiple API Endpoints (tooling-trusted-releases)
via GitHub
[I] SBOM Task Functions Use File Paths Without Containment Validation (tooling-trusted-releases)
via GitHub
Re: [I] SBOM Task Functions Use File Paths Without Containment Validation (tooling-trusted-releases)
via GitHub
[I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases)
via GitHub
Re: [I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases)
via GitHub
Re: [I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases)
via GitHub
Re: [I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases)
via GitHub
Re: [I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases)
via GitHub
[I] Upload Staging Endpoint Ignores Authentication Context (tooling-trusted-releases)
via GitHub
Re: [I] Upload Staging Endpoint Ignores Authentication Context (tooling-trusted-releases)
via GitHub
Re: [I] Upload Staging Endpoint Ignores Authentication Context (tooling-trusted-releases)
via GitHub
[I] State-Changing API Endpoints Lack Per-Endpoint Rate Limits (tooling-trusted-releases)
via GitHub
Re: [I] State-Changing API Endpoints Lack Per-Endpoint Rate Limits (tooling-trusted-releases)
via GitHub
Re: [I] State-Changing API Endpoints Lack Per-Endpoint Rate Limits (tooling-trusted-releases)
via GitHub
[I] Release Vote Logic Validation Always Passes Due to Catch-All Pattern (tooling-trusted-releases)
via GitHub
Re: [I] Release Vote Logic Validation Always Passes Due to Catch-All Pattern (tooling-trusted-releases)
via GitHub
Re: [I] Release Vote Logic Validation Always Passes Due to Catch-All Pattern (tooling-trusted-releases)
via GitHub
[I] Missing Phase Validation in Vote Start Flow (tooling-trusted-releases)
via GitHub
Re: [I] Missing Phase Validation in Vote Start Flow (tooling-trusted-releases)
via GitHub
Re: [I] Missing Phase Validation in Vote Start Flow (tooling-trusted-releases)
via GitHub
[I] Trusted Publishing Cross-Field Validation Bypassed Via Web Form (tooling-trusted-releases)
via GitHub
Re: [I] Trusted Publishing Cross-Field Validation Bypassed Via Web Form (tooling-trusted-releases)
via GitHub
[I] Unsanitized Markdown-to-HTML Conversion Allows Stored XSS in SBOM Vulnerability Descriptions (tooling-trusted-releases)
via GitHub
Re: [I] Unsanitized Markdown-to-HTML Conversion Allows Stored XSS in SBOM Vulnerability Descriptions (tooling-trusted-releases)
via GitHub
[I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
Re: [I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
Re: [I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
Re: [I] Vote Policy Form Bypasses Minimum Hours Range Check (tooling-trusted-releases)
via GitHub
[I] OpenPGP Key Management Entirely Lacks Audit Logging (tooling-trusted-releases)
via GitHub
Re: [I] OpenPGP Key Management Entirely Lacks Audit Logging (tooling-trusted-releases)
via GitHub
Re: [I] OpenPGP Key Management Entirely Lacks Audit Logging (tooling-trusted-releases)
via GitHub
[I] Committee Key Bulk Deletion Bypasses Storage Layer and Audit (tooling-trusted-releases)
via GitHub
Re: [I] Committee Key Bulk Deletion Bypasses Storage Layer and Audit (tooling-trusted-releases)
via GitHub
Re: [I] Committee Key Bulk Deletion Bypasses Storage Layer and Audit (tooling-trusted-releases)
via GitHub
[I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases)
via GitHub
Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases)
via GitHub
Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases)
via GitHub
Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases)
via GitHub
Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases)
via GitHub
[I] No Global Anti-Caching Middleware (Architectural Gap) (tooling-trusted-releases)
via GitHub
Re: [I] No Global Anti-Caching Middleware (Architectural Gap) (tooling-trusted-releases)
via GitHub
Re: [I] No Global Anti-Caching Middleware (Architectural Gap) (tooling-trusted-releases)
via GitHub
Re: [I] No Global Anti-Caching Middleware (Architectural Gap) (tooling-trusted-releases)
via GitHub
[I] Admin Environment Variable Endpoint Exposes All Secrets Without Redaction (tooling-trusted-releases)
via GitHub
Re: [I] Admin Environment Variable Endpoint Exposes All Secrets Without Redaction (tooling-trusted-releases)
via GitHub
Re: [I] Admin Environment Variable Endpoint Exposes All Secrets Without Redaction (tooling-trusted-releases)
via GitHub
[I] SVN Operations Disable TLS Certificate Verification (Supply Chain Risk) (tooling-trusted-releases)
via GitHub
Re: [I] SVN Operations Disable TLS Certificate Verification (Supply Chain Risk) (tooling-trusted-releases)
via GitHub
Re: [I] SVN Operations Disable TLS Certificate Verification (Supply Chain Risk) (tooling-trusted-releases)
via GitHub
[I] Key-Committee Association Bypasses Storage Layer Authorization (tooling-trusted-releases)
via GitHub
Re: [I] Key-Committee Association Bypasses Storage Layer Authorization (tooling-trusted-releases)
via GitHub
Re: [I] Key-Committee Association Bypasses Storage Layer Authorization (tooling-trusted-releases)
via GitHub
[I] Global Session Validation Hook Checks Age But Not Account Status (tooling-trusted-releases)
via GitHub
Re: [I] Global Session Validation Hook Checks Age But Not Account Status (tooling-trusted-releases)
via GitHub
[I] SSH Authentication Completely Bypasses LDAP Account Status Checks (tooling-trusted-releases)
via GitHub
Re: [I] SSH Authentication Completely Bypasses LDAP Account Status Checks (tooling-trusted-releases)
via GitHub
Re: [I] SSH Authentication Completely Bypasses LDAP Account Status Checks (tooling-trusted-releases)
via GitHub
[PR] Bump actions/cache from 5.0.3 to 5.0.4 (tooling-trusted-releases)
via GitHub
Re: [PR] Bump actions/cache from 5.0.3 to 5.0.4 (tooling-trusted-releases)
via GitHub
[PR] Bump pygments from 2.19.2 to 2.20.0 (tooling-releases-client)
via GitHub
Re: [PR] Bump pygments from 2.19.2 to 2.20.0 (tooling-releases-client)
via GitHub
Re: [PR] Bump pygments from 2.19.2 to 2.20.0 (tooling-releases-client)
via GitHub
[PR] Bump actions/cache from 4.2.0 to 5.0.4 (tooling-actions)
via GitHub
Re: [PR] Bump actions/cache from 4.2.0 to 5.0.4 (tooling-actions)
via GitHub
[PR] Bump actions/cache from 5.0.3 to 5.0.4 (tooling-releases-client)
via GitHub
Re: [PR] Bump actions/cache from 5.0.3 to 5.0.4 (tooling-releases-client)
via GitHub
[PR] Possible LDAP implementation for review (tooling-trusted-releases)
via GitHub
Re: [PR] Possible LDAP implementation for review (tooling-trusted-releases)
via GitHub
Re: [PR] Possible LDAP implementation for review (tooling-trusted-releases)
via GitHub
[I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases)
via GitHub
Re: [I] Add a directory creation hint to the file management interface (tooling-trusted-releases)
via GitHub
[PR] Bump cryptography from 46.0.5 to 46.0.6 (tooling-trusted-releases)
via GitHub
Re: [PR] Bump cryptography from 46.0.5 to 46.0.6 (tooling-trusted-releases)
via GitHub
Re: [PR] Bump cryptography from 46.0.5 to 46.0.6 (tooling-trusted-releases)
via GitHub
[I] Improve vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Improve vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases)
via GitHub
[PR] DRAFT: #931 - moving file planner to compose phase (tooling-trusted-releases)
via GitHub
Re: [PR] DRAFT: moving file planner to compose phase (tooling-trusted-releases)
via GitHub
[PR] Audit docs, code, and reports (tooling-agents)
via GitHub
Re: [PR] Audit docs, code, and reports (tooling-agents)
via GitHub
[I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases)
via GitHub
Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases)
via GitHub
Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases)
via GitHub
Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases)
via GitHub
Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases)
via GitHub
Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases)
via GitHub
[I] Remove stict checking (tooling-trusted-releases)
via GitHub
Re: [I] Remove strict checking (tooling-trusted-releases)
via GitHub
Re: [I] Remove strict checking (tooling-trusted-releases)
via GitHub
[PR] #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
[GH] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
[GH] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
[GH] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
[GH] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
Re: [PR] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
[GH] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
Re: [PR] Not for merging (yet) #901 - add support for XML in sbom tooling (tooling-trusted-releases)
via GitHub
Earlier messages
Later messages