]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 33ec173) | patch
remove workflow_run trigger in quic workflows
authorDmitry Misharov <dmitry@openssl.org>
Thu, 23 Oct 2025 10:26:31 +0000 (12:26 +0200)
committerTomas Mraz <tomas@openssl.org>
Fri, 7 Nov 2025 09:46:57 +0000 (10:46 +0100)
commitaeb5975f9bd8023b3ea8a3d21948ea46562316ad
treef5b643a5d291bb6731c60a6d074551593e52a68dtree | snapshot
parent33ec173876c409c3be4c3a7aef0f13b5d0c133b6commit | diff
remove workflow_run trigger in quic workflows

workflow_run runs in the context of the target
repository rather than the fork repository, while
also being typically triggerable by the latter.
This can lead to attacker controlled code execution
or unexpected action runs with context controlled
by a malicious fork.

https://docs.zizmor.sh/audits/#dangerous-triggers

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28982)
.github/workflows/build_quic_interop_container.yml [deleted file] blob | blame | history
.github/workflows/run_quic_interop.yml diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git