Dear all, this is to point out that SageMath is one of GitHub orgs affected by
"tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs" https://github.com/advisories/GHSA-mrrh-fwg8-r2c3 we are working to fix this in sagemath GitHub org repos (sagemath/sage, etc) https://github.com/sagemath/sage/pull/39722 However, if you enabled GitHub's Actions on your fork of any of sagemath's repo, I assume our GitHub secrets might have gotten compromised too. So you'd need to disable Actions on your forks for the time being, and change your secrets/tokens. Dima -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-support+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/sage-support/CAAWYfq2TrSDoedH9Ye%2BLVPpfB1FwqqR7qfvgqdOG%3D_Vw-Ob_yA%40mail.gmail.com.
