[SECURITY]: Child processes spawned by Renovate incorrectly have full access to environment variables (since 2025-12-30) #41149
jamietanna
announced in
Maintainer announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Today we're announcing a Moderate security advisory, which will affect self-hosted users.
More details can be found in GHSA-8wc6-vgrq-x6cf.
There are patched versions available for Renovate 42.x and 43.x, and the Mend Renovate Self-Hosted Community and Enterprise edtions (CE and EE).
Beta Was this translation helpful? Give feedback.
All reactions