Skip to content

Update update-container-tags.yaml #473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vivian-rook merged 3 commits into from
Jan 9, 2025
Merged

Update update-container-tags.yaml #473

vivian-rook merged 3 commits into from
Jan 9, 2025

Conversation

@yeger00
Copy link
Contributor

@yeger00 yeger00 commented Dec 19, 2024

@yeger00
Copy link
Contributor Author

yeger00 commented Jan 2, 2025

Hi,
Any update on this?
This is the same flaw as in the ultralytics attack about 2 weeks ago:
Here is the exploit
And here is the fix PR
I found this issue by searching the same code in GitHub search, and used the same fix also suggested by GitHub as mentioned in the description.

Thanks,

vivian-rook
vivian-rook approved these changes Jan 9, 2025
View reviewed changes
Copy link
Collaborator

@vivian-rook vivian-rook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the patch

@vivian-rook vivian-rook merged commit b346814 into toolforge:main Jan 9, 2025
4 checks passed
vivian-rook pushed a commit that referenced this pull request Jan 9, 2025
Revert "Update update-container-tags.yaml (#473)"
8d95132 
This reverts commit b346814.

Seemed to be trying to checkout main
@vivian-rook
Copy link
Collaborator

vivian-rook commented Jan 9, 2025
edited
Loading

I revert this as it seemed to be trying to run a literal
git checkout "$GITHUB_REF"

https://github.com/toolforge/paws/actions/runs/12691704677/job/35375371175?pr=476

This is a legitimate concern, thank you for bringing it to our attention.

https://phabricator.wikimedia.org/T383334

@vivian-rook
Copy link
Collaborator

vivian-rook commented Jan 9, 2025

#479 might do it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivian-rook vivian-rook vivian-rook approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yeger00 @vivian-rook