RongtongJin opened a new pull request, #10212: URL: https://github.com/apache/rocketmq/pull/10212
The workflow_run triggered pr-e2e-test.yml downloads PR-built artifacts and pushes Docker images to official apache/rocketmq-ci DockerHub repo with secrets, allowing attackers to inject backdoored binaries via PRs. Remove the vulnerable workflow since push-ci.yml already provides full E2E test coverage after code is merged into develop/master. <!-- Please make sure the target branch is right. In most case, the target branch should be `develop`. --> ### Which Issue(s) This PR Fixes <!-- Please ensure that the related issue has already been created, and [link this pull request to that issue using keywords](<https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword>) to ensure automatic closure. --> - Fixes #issue_id ### Brief Description <!-- Write a brief description for your pull request to help the maintainer understand the reasons behind your changes. --> ### How Did You Test This Change? <!-- In order to ensure the code quality of Apache RocketMQ, we expect every pull request to have undergone thorough testing. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
