dev

Messages by Date

2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Add SHA512 generation to attestations (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Improve error reporting when /resolve/tabulated data is unavailable (tooling-trusted-releases) via GitHub
2026/04/17 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Document what moving files in the compose phase does (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Document what moving files in the compose phase does (tooling-trusted-releases) via GitHub
2026/04/17 Re: [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Document what moving files in the compose phase does (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Add filetype warning checks (tooling-trusted-releases) via GitHub
2026/04/17 [PR] #1177 - allow zip format archives (jar, war, apk, vsix, whl, nar, nbm) to be quarantine checked (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Documentation Does Not Describe Failed Authentication Monitoring and Alerting (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Documentation Does Not Describe Failed Authentication Monitoring and Alerting (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Remove the ability to generate test JWT tokens (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
2026/04/17 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Starting server with env var for expected secret crashes server (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Allow error check results to be turned into a TODO list (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Discuss integrations with ECMA standards (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Discuss: Session contents (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Discuss: Session contents (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Allow more flexible naming for npm artifacts (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Allow more flexible naming for npm artifacts (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Unbounded PGP Key Block Processing in Bulk Operations (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] SSH Server Lacks Connection and Idle Timeouts (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] SSH Server Lacks Connection and Idle Timeouts (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Pre-Extraction Safety Checks Do Not Verify Total Uncompressed Size (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Tar Archive Extraction Uses Explicitly Insecure Default Filter (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Record votes in the database (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/16 Re: [PR] #997 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
2026/04/16 [I] Record votes in the database (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Authorization Code Not URL-Encoded in Token Exchange Request (tooling-trusted-releases) via GitHub
2026/04/16 Re: [PR] Update audience values in jwtoken.py (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Authorization Code Not URL-Encoded in Token Exchange Request (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] JWT Audience Values Contain 'test' Identifier (tooling-trusted-releases) via GitHub
2026/04/16 [PR] Update audience values in jwtoken.py (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Ensure that at least one archive is classified as source in path checks (tooling-trusted-releases) via GitHub
2026/04/16 Re: [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] TLS: Add explicit cipher suite configuration for defense-in-depth (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Inconsistent CSRF Enforcement Pattern on Admin POST Endpoints (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Inconsistent CSRF Enforcement Pattern on Admin POST Endpoints (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Vote Tabulation Authorization Check Commented Out (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases) via GitHub
2026/04/16 [GH] #997 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
2026/04/16 [I] Cover more types of archive in quarantine code (tooling-trusted-releases) via GitHub
2026/04/16 [GH] #997 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] ATR JWTs Lack Explicit Token Type Identification (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] Admin Route Uses Insufficient Authorization Context for Storage Layer (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] ZIP Download Streaming Without Size or Time Guards (tooling-trusted-releases) via GitHub
2026/04/16 [PR] #977 and #1022 - rework extraction and quarantine logic to rely on exarch (tooling-trusted-releases) via GitHub
2026/04/16 Re: [I] SBOM Conformance External HTTP Requests Without Explicit Timeout (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Require passing vote and time period before allowing vote completion (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Require passing vote and time period before allowing vote completion (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Invalidate SSH keys (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Invalidate all SSH keys when user account is disabled (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Invalidate SSH keys (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Inconsistent Defense-in-Depth in Distribution Endpoints (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] API Error Responses Leak Internal Error Details (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Only show exception detail in dev environments (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] innerHTML Read Used Where textContent Is Appropriate (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Inconsistent Defense-in-Depth in Distribution Endpoints (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Only show exception detail in dev environments (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Only show exception detail in dev environments (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Project filter use textContent and not innerHTML plus cheap redos protection (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Project filter use textContent and not innerHTML plus cheap redos protection (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Ensure that at least one archive is classified as source in path checks (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] User Input Used Directly as RegExp Without Escaping in Project Directory Filter (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Ensure that at least one archive is classified as source in path checks (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] LICENSE validation fails with https instead of http (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Inconsistent Defense-in-Depth in Distribution Endpoints (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Session Cookie Contains PII and Authorization Data in Readable (Signed-But-Not-Encrypted) Format (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Session Cookie Contains PII and Authorization Data in Readable (Signed-But-Not-Encrypted) Format (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update hypercorn[uvloop] requirement from <1.0.0,>=0.17 to >=0.18.0,<1.0.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update quart-schema[pydantic] requirement from <1.0.0,>=0.21 to >=0.23.0,<1.0.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update cyclonedx-python-lib[json-validation] requirement from >=11.0.0 to >=11.7.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update hypercorn[uvloop] requirement from <1.0.0,>=0.17 to >=0.18.0,<1.0.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update hypercorn[uvloop] requirement from <1.0.0,>=0.17 to >=0.18.0,<1.0.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] SSH Authentication Pathway Lacks Rate Limiting (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update quart-schema[pydantic] requirement from <1.0.0,>=0.21 to >=0.23.0,<1.0.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update cyclonedx-python-lib[json-validation] requirement from >=11.0.0 to >=11.7.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update cyclonedx-python-lib[json-validation] requirement from >=11.0.0 to >=11.7.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update quart-schema[pydantic] requirement from <1.0.0,>=0.21 to >=0.23.0,<1.0.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] SSH Authentication Pathway Lacks Rate Limiting (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Admin Blueprint post Decorator Bypasses LDAP Active Account Check (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update quart-schema[pydantic] requirement from ~=0.21 to ~=0.23 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update cyclonedx-python-lib[json-validation] requirement from >=11.0.0 to >=11.7.0 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [PR] Update hypercorn[uvloop] requirement from ~=0.17 to ~=0.18 (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] LICENSE validation fails with https instead of http (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] LDAP Filter Injection in Account Lookup Function (Multiple Files) (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Add SWHID identifiers for release verification (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Unauthenticated /api/tasks/list Endpoint Exposes Internal Error Details (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Session Cache Persists Sensitive Data Indefinitely Without TTL (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Principal Authorization Cache Lacks Purge for Inactive Users (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Missing URL Protocol Validation for Third-Party Distribution URLs Rendered in HTML (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] PAT Creation Not Audit-Logged (Inconsistency) (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Unverified JWT Subject Claim Used for Logging Before Signature Verification (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] PAT Creation Not Audit-Logged (Inconsistency) (tooling-trusted-releases) via GitHub
2026/04/15 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 [I] LICENSE validation fails with https instead of http (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] LDAP state in dev/debug/test modes and users (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Bugs in vote counting algorithm (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] User Input Used Directly as RegExp Without Escaping in Project Directory Filter (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Use textContent and not innerHTML (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] PAT Creation Not Audit-Logged (Inconsistency) (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Update quart-schema[pydantic] requirement from ~=0.21 to ~=0.23 (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Update cyclonedx-python-lib[json-validation] requirement from >=11.0.0 to >=11.7.0 (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Update hypercorn[uvloop] requirement from ~=0.17 to ~=0.18 (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Only show exception detail in dev environments (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Review Maven ATR plugin and make recommendations (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
2026/04/14 [I] Add explicit authentication level decorators for API endpoint functions (tooling-trusted-releases) via GitHub
2026/04/14 Re: [PR] Do not log the email message body (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Full Email Content Logged at INFO Level (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Do not log the email message body (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Add a podling disclaimer to podling release announcements (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Add a podling disclaimer to podling release announcements (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Fix bugs in the vote page for second round podling votes (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Fix bugs in the vote page for second round podling votes (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Full Email Content Logged at INFO Level (tooling-trusted-releases) via GitHub
2026/04/14 Re: Cannot prepare candidate draft Craig Russell
2026/04/14 Re: [I] Votes cast on ATR by IPMC members may fail in the second podling round (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Votes cast on ATR by IPMC members may fail in the second podling round (tooling-trusted-releases) via GitHub
2026/04/14 Re: Cannot prepare candidate draft Dave Fisher
2026/04/14 Re: [I] Do not allow first round podling votes to be sent to private lists (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Do not allow first round podling votes to be sent to private lists (tooling-trusted-releases) via GitHub
2026/04/14 Cannot prepare candidate draft Craig Russell
2026/04/14 Re: [PR] Invalidate SSH keys (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Apply path ignores to implicitly classified source archives (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Apply path ignores to implicitly classified source archives (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Use a prefix for all secret tokens, and inform selected third party scanners (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Vote content fields lack length and content validation (tooling-trusted-releases) via GitHub
2026/04/14 [GH] Adding endpoint to list projects using CI staging (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Hard link files in the incubator directory for podling releases (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Send form validation errors through the database, not through flash cookies (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] WorkflowSSHKey Entries Not Purged After Expiration (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Add user configuration for navigation pinning and colour blindness mode (tooling-trusted-releases) via GitHub
2026/04/14 Re: [PR] Allow character limits on forms, move form error handling to database, add 50k limit to vote form, add workflowsshkey expiry purge (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Hard link files in the incubator directory for podling releases (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Tabulate votes from the IPMC in the second podling vote round only (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Tabulate votes from the IPMC in the second podling vote round only (tooling-trusted-releases) via GitHub
2026/04/14 Re: [I] Resolve security issues with Mermaid dependencies (tooling-trusted-releases) via GitHub
2026/04/14 Re: [PR] Adding ssh specifics to docs (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Allow character limits on forms, move form error handling to database, add 50k limit to vote form (tooling-trusted-releases) via GitHub
2026/04/14 Re: [PR] #1158 - move error handling to database (tooling-trusted-releases) via GitHub
2026/04/14 [PR] #1158 - move error handling to database (tooling-trusted-releases) via GitHub
2026/04/14 [PR] Adding endpoint to list projects using CI staging (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Make build-bootstrap error (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Make build-bootstrap error (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Investigate remote promotion of artifacts on third party platforms (tooling-trusted-releases) via GitHub
2026/04/13 [PR] Adding mermaid back in (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] SSH Authentication Surface Not Covered in Authentication Security Documentation (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Internal Documentation Publicly Exposed (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Internal Documentation Publicly Exposed (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Archive Extraction Does Not Inspect or Sanitize SVG Files (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] JWT API Authentication Success Not Logged (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] JWT API Authentication Success Not Logged (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] SSH Authentication Surface Not Covered in Authentication Security Documentation (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] No SVG Sanitization Library or Function Exists in Codebase (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Form Validation Error Messages Rendered as Unescaped HTML (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Form Validation Error Messages Rendered as Unescaped HTML (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] OAuth Authentication Does Not Terminate Prior Session Token (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] OAuth Authentication Does Not Terminate Prior Session Token (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Dynamic Field Assignment Without Explicit Allowlist in Policy Updates (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Resource-Committee Validation Control Not Applied Across Storage Writers (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] Dynamic Field Assignment Without Explicit Allowlist in Policy Updates (tooling-trusted-releases) via GitHub
2026/04/13 Re: [I] IDOR on check_id in Check Result Data Endpoint (tooling-trusted-releases) via GitHub

Earlier messages