Storia in 2 fonti

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger defaults.

Raccontata da

infoworld.com

thehackernews.com

Confronto fonti

2 prospettive sulla stessa storia

AI · summaries

infoworld.comStai leggendo3 g fa

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

GitHub released actions/checkout v7 to block 'pwn request' attacks exploiting pull_request_target; July 16 rollout hits all versions. This closes a known gap enabling attacks like TanStack Router (170 npm packages); teams now must explicitly opt-in to unsafe PR checkout.

originale

thehackernews.com2 g fa

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Leggi questa versione → originale

Timeline cronologica

lunedì 22 giugno 2026·infoworld.com
GitHub Actions hardens checkout security to block ‘pwn request’ attacks
After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger defaults.
martedì 23 giugno 2026·thehackernews.com
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.