Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[] Security Alert: CircleCI has been breached

Dear committers,

Yesterday, CircleCI published a security report that has caused concern. The report can be found at Our team is currently working with projects that utilize CircleCI to rotate their secrets. If you are using CircleCI for your project and have not yet been contacted, you can expect to be contacted by the end of the day. If you have not received contact by tomorrow, you may want to consider opening a confidential helpdesk ticket for further assistance.

Even if you are not directly using CircleCI for your project, it is important to be aware that some of your dependencies may be using it. It is important to be vigilant when it comes to new releases of third-party dependencies and to stay informed about the potential consequences of this security incident, as it could have far-reaching effects.


Mikaël Barbero 
Head of Security | Eclipse Foundation
🐦 @mikbarbero
Eclipse Foundation: The Platform for Open Innovation and Collaboration

Attachment: signature.asc
Description: Message signed with OpenPGP

Back to the top