Skip to content

Edit GitHub Security Advisories after publish

You can now edit GitHub Security Advisories after you publish them. This can be helpful if you’ve learned more about the scope or impact of the vulnerability you’re announcing, if the vulnerable version range has changed, or if you have other information you’d like to share as part of the advisory.

Edits of advisories in public repos are reviewed by GitHub. Upon review, we may use the updates to send security alerts to affected repositories and redistribute the advisory and its updates through GitHub Advisory Database, our API, and our Atom feed.

In 2016, GitHub introduced commit squashing when merging a pull request. Then in 2018, we added support for commit co-authors. Today, we’re combining these features to improve the squash-and-merge experience.

Before today, whoever opened the pull request became the sole author of the squash commit. Now, we will automatically credit every commit author in the pull request as a co-author on the squash commit.

See more

The GitHub Actions Runner is now open sourced. File issues and contribute to one of the most important components of GitHub Actions directly at:

The Runner is the application that runs a job from a GitHub Actions workflow. Jobs can be run in GitHub’s hosted virtual environments, or in your own self-hosted environment.  Learn more about using self-hosted runners with your workflows here.

See more