Introducing security alerts on GitHub
Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for…
Category
Security
Weak cryptographic standards deprecation update
Earlier this year, we announced the deprecation of several weak cryptographic standards. As noted during our initial announcement, the vast majority of HTTPS clients connect to GitHub using TLSv1.2 and…
Protect your organization’s repositories with new security settings
Organization owners can now limit the ability to delete repositories. The new repository deletion setting is available for all plans hosted by GitHub and will be coming to GitHub Enterprise…
Discontinue support for weak cryptographic standards
Cryptographic standards are ever evolving. It is the canonical game of security cat and mouse, with attacks rendering older standards ill-suited, and driving the community to develop newer and stronger…
GitHub’s post-CSP journey
Last year we shared some details on GitHub's CSP journey. A journey was a good way to describe it, as our usage of Content Security Policy (CSP) significantly changed from…
GitHub Enterprise 2.7 is now available with enhanced security and more powerful APIs
A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…
GitHub Security Update: Reused password attack
What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…
GitHub’s CSP journey
We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…
Public Key Security Vulnerability and Mitigation
At 8:49am Pacific Time this morning a GitHub user exploited a security vulnerability in the public key update form in order to add his public key to the rails organization.…