You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi. I am a maintainer of the Homebrew package manager.
We noticed that the checksum of the 1.1.3 release has changed from 8aab7c6 to baa70eb
This is a major security issue as upstream release checksums are not supposed to change. Did you retag the release (which is something that should never be done, see https://git-scm.com/docs/git-tag#_discussion). Or did someone gain access to your repo?
Describe the bug
Hi. I am a maintainer of the Homebrew package manager.
We noticed that the checksum of the 1.1.3 release has changed from 8aab7c6 to baa70eb
This is a major security issue as upstream release checksums are not supposed to change. Did you retag the release (which is something that should never be done, see https://git-scm.com/docs/git-tag#_discussion). Or did someone gain access to your repo?
See Homebrew/homebrew-core#95106 for the issue on our side.
To Reproduce
Compare the checksum of the old and new release.
Expected behavior
No checksum change
Logs
NA
Desktop (please complete the following information):
All OSes
Additional context
NA
The text was updated successfully, but these errors were encountered: