Dear EasyBuilders,
Through GitHub we have requested a CVE identifier for the GitHub token
leak bug that was fixed in EasyBuild v4.1.2 (see the release
announcement I sent out last Monday [1]): CVE-2020-5262 .
This is the first real security problem that has been uncovered in
EasyBuild, so we're still learning how to deal with issues like this...
Please make sure you update to the latest EasyBuild version or update
your clone of the easybuild-framework repository.
In addition, please revoke your GitHub personal access token(s) via
https://github.com/settings/tokens and install new ones (using "eb
--install-github-token --force").
More information is available in the security advisory we created for
this issue:
https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm
regards,
Kenneth
[1] https://lists.ugent.be/wws/arc/easybuild/2020-03/msg00030.html
