GitHub app for Microsoft Teams is now generally available. With this release, we have added the following additional features:
- Personal Chat notifications.
- Schedule reminders for pending pull requests in your channels and personal chat.
We changed the REST API authorization logic for maintainer fork collaborators to address an improper write access control bug identified by an independent bug bounty researcher. Under certain circumstances, this bug could have allowed unauthorized commits to be merged without further review or validation. This change impacts the following:
At this time there is no evidence to suggest that this bug was exploited to compromise GitHub.
GitHub recommends the use of branch protections for important branches. The use of branch protections, such as required pull request reviews or status checks, where it was enforced prevented unauthorized commits from being merged without further review or validation.
Learn more about branch protection settings
If you have additional questions please contact us