Skip to content

Launch assignment in GitHub Codespaces

GitHub verified teachers using GitHub Classroom get access to GitHub’s groundbreaking, browser-based IDE, Codespaces. Teachers can enable Codespaces in GitHub Classroom and then choose it as the preferred editor when creating assignments.

We heard your feedback and from today, students can directly launch existing or new Codespaces from the Open in Codespaces button in readme.
student-codespaces-readme-link

For more information check out our documentation. Your feedback is welcome at our Education Community Forum.

Permissions filtering for organization fine-grained PATs

Organization administrators can now filter fine-grained personal access tokens (PATs) by their permissions in the organization settings UI. Both pending token requests and active tokens can be filtered by permission, such as issues_write and members_read.

image

After setting a filter, only tokens with that permission will be shown in the table.

To learn more about fine-grained PATs, see "Reviewing fine-grained personal access tokens" and "Managing requests for fine-grained personal access tokens".

See more

Fixed bug that allowed OAuth tokens improper access to SAML SSO protected organization resources when used with the `/issues` API endpoint

On September 15, 2022, we fixed a bug on GitHub.com that allowed OAuth tokens (such as personal access tokens) to bypass SAML single sign-on (SSO) requirements to view organization issue data using the /issues GitHub API endpoint.

The SAML SSO bypass could only happen when the token owner was a member of a SAML SSO protected organization, had the necessary permissions to view the issue data, and was using an OAuth token that was not authorized for use with SAML SSO. Integrations using an OAuth token matching the above criteria would also bypass SAML SSO requirements when making requests to the /issues API endpoint.

The accessible data included the title, body, labels, and assignee of the issue, but did not include comments on the issue itself. The bug did not allow organization members to view repository, issue, or other organization data that they did not have permission to view.

See more
View all changes