Thanks. Several people have pointed this out to me today and it's kind of embarrassing. It looks like git commit -m interpreted a variable but I can't figure out what. I've invalidated the various tokens.
Rich On Wed, Apr 8, 2026, 04:17 Jonathan Gallimore <[email protected]> wrote: > Hi Rich, > > I hope you don't mind me reaching out, and apologies if others have > already mentioned this. It looks like a commit to the HTTPD project > potentially has potentially leaked a GitHub credential in the commit > message: > > > https://github.com/apache/httpd/commit/3ad6cba4b484b166fd3b1c6272e383052bc95624 > > Someone has picked up on this and posted it on X (which I how I saw it: > https://x.com/hacker_/status/2041698657880121630) > > Apologies if you're already aware of this - I just happened to see it and > recognized your name from the Apache mailing lists. Thank you for > everything you do at Apache - I'm very grateful to have been able to > participate in a number of Apache projects and have always been made to > feel very welcome by the community. > > Best wishes, > > Jon >
