|[eclipse.org-committers] Security notice about projects hosted on GitHub and using codecov|
(cross-posted to cbi-dev)
The codecov github app has recently issued a security notice https://about.codecov.io/security-update/. You can also read about it on Ars Technica https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
If you host some code of your eclipse project at GitHub and use codecov in any CI environment (Jenkins, Github actions, Circle CI, ...), we ask you to carefully read the above security notice.
The recommended action is re-roll all of your credentials, tokens, or keys located in the environment variables in your CI processes that used one of Codecov’s Bash Uploaders.
If you have any doubt, questions or need assistance with this, feel free to either reach out to webmaster@xxxxxxxxxxx, releng-team@xxxxxxxxxxxxxxxxxxxxxx or open a ticket at https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=GitHub
Manager — Release Engineering and Technology | Eclipse Foundation
Eclipse Foundation: The Platform for Open Innovation and Collaboration
Description: Message signed with OpenPGP
Back to the top