Earlier today we permanently removed support for the following weak cryptographic standards on github.com and api.github.com: TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and Git connections to…
Earlier today we permanently removed support for the following weak cryptographic standards on github.com and api.github.com:
Patrick Toomey TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.diffie-hellman-group1-sha1: This applies to all SSH connections to github.comdiffie-hellman-group14-sha1: This applies to all SSH connections to github.comThis change was originally announced last year, with the final timeline for the removal posted three weeks ago. If you run into any issues or have any questions, please don’t hesitate to let us know.
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
