We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
Sidejack Prevention Phase 2: SSL Everywhere
Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were…
Last Tuesday, we rolled out a secure cookies for all SSL-protected pages. This meant that all private repositories, user dashboards, all admin settings (even for free users and repositories) were protected against sidejacking attempts. However, any user actions on gists and public repositories (such as issues, wikis, downloads) were still vulnerable.
Last night, we rolled out the next phase from our latest security audit: SSL everywhere. Every hit to the website, whether you’re logged in or not, is over HTTPS with a secure cookie.
This is a big step, but we’re still seeing some resources being served directly from other sites and giving SSL warnings. We’re going to address this issue next. In the meantime your browsers might give warnings that look like this.
Our next step will be to fix these insecure assets that you might see in commit and issue comments. We’re hoping to have the remaining issues fixed over the next few days.