Between the 3 Sept and 10 Sept, secure env vars of *all* public @email@example.com repositories were injected into PR builds. Signing keys, access creds, API tokens.
Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!